====== Task 2 Principal Document ====== ====== Introduction ====== ====== Executive Summary ====== Task 2 “//Interoperability and Standardization//” is continuously surveying the cloudscape for applicable standards, best practices and other examples to follow. This document, including the Executive Summary, is likewise being continuously updated. There are three distinct roles an NREN – a GÉANT member – can play with respect to the formulated cloud strategy. They are: * Procurer * Provider * Mediator/broker/integrator/consultant For **Procurers**, it is best practice to dwell on standardization in at least the most basic areas, which are authentication and cloud management. Given GÉANT’s long-term activities in the field of authentication, standards should be chosen from among the [[SAML|SAML (Security Assertion Markup Language)]] family, currently **SAML2**. For cloud management, the emerging standard being widely adopted by many providers is **[[OCCI|OCCI (Open Cloud Computing Interface)]]**. Therefore, for cloud services procurement, these two (SAML2 and OCCI) are considered the reasonable minimum. As far as cloud service providers or brokers are concerned, they should shape their services to meet that requirement for SAML2 and OCCI on their end, too. One must not forget that there are other groups, often powerful standardization bodies, who perform evaluation of cloud standards. A comprehensive list is given in Section Related Work. Most relevant results are currently expected from ETSI (European Telecommunications Standards Institute). Reiterating what has already been said in the Introduction; **it is also important to stress that this Document is by no means finite. At this point, it has yet to be submitted to other members of GN3+’s SA7 members, and other interested parties. Non-trivial feedback, contributions, and recommendations as to which standards or use cases deserve most attention, must arrive from them!** ====== Actions and Work Packages ====== This section sums up actions taken within the tasks. DELETEME ===== NREN Services and Plans ===== A survey of services currently used or provided by NRENs, including services planned or envisioned, is being taken. ===== Basic IaaS – vm management, data management (WP1) ===== Describing currently used protocols, problems with OpenStack/Amazon proprietary/defacto standard; for interoperability suggest also libraries which already support several cloud providers/standards and therefore provide interoperability ===== Federated Identity Integration into Clouds (WP2) ===== ===== Cloud Brokerage (WP3) ===== There is related work already done. Checking on the progress is required. ===== Cloud Service Procurement (WP4) ===== Seen as a completely different use case. The Task needs at least to evaluate best practices, standards and policies. ====== Standardization ====== The Standardization chapter gives an overview of standardization bodies, evaluation of (potentially) applicable standards and related work by other teams. It is mainly a repository of acquired knowledge. ===== Standardization Bodies ===== Standardization bodies identified as having done work wrt. clouds. ===== Standards ===== How do we sort standards? [[CSCC]], for instance, sorts standards by the originating body. Sorting by area of application may be worth considering, perhaps. ==== Authentication and Authorization ==== ==== Storage ==== ==== Resource Management ==== ==== Security ==== ===== Related Work ===== This subsection includes references to work done by various other teams, working groups or task forces within the field of cloud standardization and interoperability. ====== Interoperability ====== This Section explains how not only standards but also best practices and other tools can be applied to achieve interoperability. ===== Widely Adopted IOp Solutions (De-Facto Standards) ===== This Section collects experience, recommendations and evaluation of wide-spread solutions, which are not true standards but are often presented and used as such. ===== Case Studies ===== There were already several projects on a different scale, which had to address interoperability issues. There are certainly lessons to be learned from them. ===== Best Practices and Recommendations ===== This subsection provides guidelines and tips based on the evaluation of the standards and use cases outlined above. It is divided by service model. ==== SaaS & PaaS ==== FIXME ==== IaaS ==== FIXME ==== FaaS ==== FIXME ==== Storage ==== The area of cloud storage is covered by standards even less than others. There is CDMI (Cloud Data Management Interface) for management but there is a lack of standards for access. Apart of Amazon’s S3 with several competing implementations, most providers offer specific protocols or -- in the case of storage services such as DropBox or BOX -- even closed-source clients. An emerging solution supported by many public as well as private storage service providers is perhaps WebDAV (Web Distributed Authoring and Versioning). ===== Tools ===== There are tools intended to overcome lack of standardization in different cloud solutions by implementing different backends for different providers, and presenting the user with a unified frontend to access the different providers in a unified way. In some cases they promise to implement a standard. In other cases, they strive to become a de-facto standard by themselves simply by attracting a wide enough user base. ====== Non-Technical Considerations ====== Aside of the matters of standardization and interoperability, there is the other, non-technical angle to consider when procuring cloud services. It needs to be kept in mind while preparing tenders or writing up service agreements. Although these mostly legal matters may not be the main focus of Task 2 at first sight, it is not unreasonable to image a template legal document such as an SLA or a section on personal data protection being considered a de-facto standard, and as such made use of by multiple GÉANT members. Along the track, Task 2 has collected a sampling of such documents, which are presented as case studies below. ===== Tenders ===== General advice for those who open tenders for cloud services is being collected in this Section, based on the interpretation of existing standards and evaluation of case studies ==== SLAs ==== ==== Case Studies ==== ==== Cloud Strategies across GÉANT ==== This section links to cloud strategy documents by GÉANT partners. ^ Institute ^ Description ^ Internal Link ^ External Link ^ | SURF | | [[surf_legal_framework)|SURF – Legal Framework for Cloud Services in Research and Education]] | |