“Standards and Interoperability” is a task in the GÉANT 3+ SA7 activity titled “Support to clouds.” By starting this activity GÉANT recognizes that a major portion of traffic in the European research and education networks will be generated by clouds in the near future. Formulating a common strategy towards clouds, which could be adopted by most or all participating NRENs, is the main goal of the activity.
Task 2 “Standards and Interoperability” is charged with surveying the cloudscape for applicable standards and best practices to be adhered to when procuring, providing, or brokering cloud services.
The authors are aware that the term Cloud or Cloud Service can refer to many different levels and flavors of a service, which are potentially very different and many classes of standards can be inapplicable, with the possible exception of authentication-related standards, which should apply to all. The authors acknowledge that major parts of this Document have been written with IaaS (Infrastructure as a Service) clouds in mind.
This principal output document is intended as a commented map of various relevant standards, best practices, activities and use cases. It is a container collecting contributions from all members of the SA7 Activity, who have in any way obtained experience with any of the listed standards or solutions. High-level recommendations meant primarily for procurers of cloud services are given based on the survey of the cloudscape and the existing resources.
This Document does by no means aim to replace existing general directories of standards, but rather to collect references and add value to standards relevant to the target community, i.e., NRENs or GÉANT as a whole.
Task 2 “Interoperability and Standardization” is continuously surveying the cloudscape for applicable standards, best practices and other examples to follow. This document, including the Executive Summary, is likewise being continuously updated.
There are three distinct roles an NREN – a GÉANT member – can play with respect to the formulated cloud strategy. They are:
For Procurers, it is best practice to dwell on standardization in at least the most basic areas, which are authentication and cloud management. Given GÉANT’s long-term activities in the field of authentication, standards should be chosen from among the SAML (Security Assertion Markup Language) family, currently SAML2. For cloud management, the emerging standard being widely adopted by many providers is OCCI (Open Cloud Computing Interface). Therefore, for cloud services procurement, these two (SAML2 and OCCI) are considered the reasonable minimum.
As far as cloud service providers or brokers are concerned, they should shape their services to meet that requirement for SAML2 and OCCI on their end, too.
One must not forget that there are other groups, often powerful standardization bodies, who perform evaluation of cloud standards. A comprehensive list is given in Section Related Work. Most relevant results are currently expected from ETSI (European Telecommunications Standards Institute).
Reiterating what has already been said in the Introduction; it is also important to stress that this Document is by no means finite. At this point, it has yet to be submitted to other members of GN3+’s SA7 members, and other interested parties. Non-trivial feedback, contributions, and recommendations as to which standards or use cases deserve most attention, must arrive from them!
The Standardization chapter gives an overview of standardization bodies, evaluation of (potentially) applicable standards and related work by other teams. It is mainly a repository of acquired knowledge. All readers are invited to give their input, based on their experience, study or impressions of any of the standards!
Standardization bodies identified as having done work wrt. clouds.
| Activity | British Standards |
| URL | http://www.standardsuk.com/bsi/ |
| Source | EGI TF 2013 |
| Standards | ISO 27001 CCM/CSA |
From the BSI WebSite: The BSI are the national standards organization for the UK and an influential member of the ISO (International Standards Organization). The main objective of the BSI is to publish and proliferate standards and standardisation both domestically and internationally.
| Activity | International Standardization Council |
| URL | https://cloudsecurityalliance.org/isc/ |
| Source | CloudScape V participant |
| Standards |
From the ICS WebSite: The International Standardization Council (ISC) within the Cloud Security Alliance (CSA) has been designated to coordinate all aspects of standardization efforts within CSA. Efforts are jointly executed by CSA Global, standard developing organizations (SDOs), and relevant working groups. Specifically, working groups refers to those working groups whose work is instrumental in global standardization efforts or whose work has been identified as an offering that will be instrumental in bridging the gap existing in current global standardization efforts. Thus, the council is formed with the purpose to coordinate execution of this work. Additionally, ISC provides an avenue for corporate members to participate and influence standardization efforts worldwide represented under the CSA banner.
| Activity | Distributed Management Task Force |
| URL | http://www.dmtf.org/ |
| Source | CSCC (Cloud Standards Customer Council) |
| Standards | CIMI (Cloud Infrastructure Management Interface) |
From the DMTF WebSite: Founded in 1992, the Distributed Management Task Force, Inc. (DMTF) is the organization bringing the IT industry together to collaborate on systems management standards development, validation, promotion and adoption.
DMTF enables a more integrated and cost effective approach to management through interoperable solutions.
DMTF standards provide common management infrastructure components for instrumentation, control and communication in a platform-independent and technology neutral way.
| Activity | The FedSM Project |
| URL | http://www.fedsm.eu/about-fedsm-project |
| Source | EGI TF 2013 |
| Standards | FitSM |
From the FedSM Web Site: The FedSM project is funded by the European Commission in order to create a new, lightweight approach to service management suitable for providers new to IT Service Management and federated e-Infrastructures such as Grids and Federated Clouds. It created the FitSM standard to achieve this, which is being adopted in a broad range of sectors.
| Activity | Google Developers |
| URL | https://developers.google.com/opensocial/ |
| Source | SURFconext |
| Standards | OpenSocial |
Google is a technology company offering numerous services, often programmatically accessible – hence the need for standards.
| Activity | Standards in Cloud Computing |
| URL | http://cloudcomputing.ieee.org/standards |
| Source | CloudScape V |
| Standards | SIIF (Standard for Intercloud Interoperability and Federation) CPIP (Guide for Cloud Portability and Interoperability Profiles) |
From IEEE WebSite: IEEE is the world's largest professional association dedicated to advancing technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community through IEEE's highly cited publications, conferences, technology standards, and professional and educational activities.
| Activity | IETF |
| URL | http://www.ietf.org/ |
| Source | Common knowledge |
| Standards | OAuth SCIM (System for Cross-domain Identity Management) WebDAV (Web Distributed Authoring and Versioning) |
From IETF WebSite: The Internet Engineering Task Force is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.
| Activity | Study Group on Cloud Computing |
| URL | http://isotc.iso.org/livelink/livelink/fetch/-8913189/8913214/8913373/Study_Group_on_Cloud_Computing_final_report.pdf?nodeid=12096352&vernum=-2 |
| Source | Web search |
| Standards | ISO 27001 |
From the ISO WebSite: ISO (International Organization for Standardization) is the world’s largest developer of voluntary International Standards. International Standards give state of the art specifications for products, services and good practice, helping to make industry more efficient and effective. Developed through global consensus, they help to break down barriers to international trade.
ISO develops International Standards. We were founded in 1947, and since then have published more than 19 500 International Standards covering almost all aspects of technology and business. From food safety to computers, and agriculture to healthcare, ISO International Standards impact all our lives.
| Activity | ITU Telecommunication Standardization Sector |
| URL | http://www.itu.int/en/ITU-T/Pages/default.aspx |
| Standards | X.509 |
ITU (International Telecommunication Union) is the United Nations specialized agency for information and communication technologies.
| Activity | NIST Cloud Computing Program |
| URL | http://www.nist.gov/itl/cloud/index.cfm |
| Source | CloudScape V participant |
| Standards | NSTIC (National Strategy for Trusted Identities in Cyberspace) |
From NIST WebSite: Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
| Activity | Cloud Category Committees |
| URL | https://www.oasis-open.org/committees/tc_cat.php?cat=cloud |
| Source | CloudScape V participant |
| Standards | SAML (Security Assertion Markup Language) SPML (Service Provisioning Markup Language) TOSCA (Topology and Orchestration Specification for Cloud Applications) |
From the OASIS WebSite: OASIS promotes industry consensus and produces worldwide standards for security, Cloud computing, SOA, Web services, the Smart Grid, electronic publishing, emergency management, and other areas. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology.
OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in more than 65 countries.
| Activity | Developing Standards at the OGF |
| URL | http://www.ogf.org/gf/page.php?page=Standards::developing |
| Source | CloudScape V participant |
| Standards | OCCI (Open Cloud Computing Interface) |
| Activity | SIENA |
| URL | http://www.sienainitiative.eu/Default.aspx |
| Source | CloudScape V participant |
| Standards |
The main strategic objective of SIENA is to accelerate and co-ordinate the adoption and evolution of interoperable DCIs through engagement with other SDOs and major stakeholders to forge community agreements on best practices and standards for distributed computing.
Specifically, SIENA seeks to:
The main output of the project will be the roadmap on “Grids and Clouds for Research and for Public Services” through close liaison with the EC.
| Activity | Cloud Data Management Interface (CDMI) Storage Management SMI-S Conformance Testing Program (CTP) |
| URL | http://www.snia.org/ |
| Source | CloudScape V participant |
| Standards | CDMI (Cloud Data Management Interface) SMI-S (Storage Management Initiative Specification) |
Based on the SNIA WebSite: SNIA, an association for advancing IT technologies, standards, and education programs for IT professionals. Made up of some 400 member companies spanning the global storage market, the SNIA connects the IT industry with end-to-end storage and information management solutions.
| Activity | The Open Group Cloud Computing Work Group |
| URL | http://www.opengroup.org/getinvolved/workgroups/cloudcomputing |
| Source | Web search |
| Standards |
From the Open Group’s WebSite: The Open Group Cloud Computing Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include Cloud Computing technology in a safe and secure way in their architectures to realize its significant cost, scalability and agility benefits. It includes some of the industry’s leading Cloud providers and end-user organizations, collaborating on standard models and frameworks aimed at eliminating vendor lock-in for enterprises looking to benefit from Cloud products and services.
| Activity | Guide Books Cloud & News Services |
| URL | http://www.tmforum.org/browse.aspx |
| Source | ETSI (European Telecommunications Standards Institute) |
| Standards |
The TM Forum (formerly TeleManagement Forum and the Network Management Forum) is a global, non-profit industry association, for service providers and their suppliers in the telecommunications and entertainment industries.
How do we sort standards? CSCC (Cloud Standards Customer Council), for instance, sorts standards by the originating body. Sorting by area of application may be worth considering, perhaps.
| Status | Released |
| Body | IETF (Internet Engineering Task Force) |
| URL | http://tools.ietf.org/html/rfc6749 |
| Source |
OAuth is an open standard for authorization, providing methods to access server resources on behalf of a resource owner. The OAuth 2.0 authorization framework enables third-party applications to obtain limited access to HTTP services, either on behalf of resource owners by orchestrating approval interaction between the resource owner and the HTTP service, or by allowing third-party applications to obtain access on their own behalf.
| Status | Released |
| Body | OASIS (Organisation of the Advancement of Structured Information Standards) |
| URL | https://www.oasis-open.org/committees/security |
| Source | SURFconext |
SAML defines the syntax and processing semantics of assertions made about a subject by a system entity. SAML assertions and protocol messages are encoded in XML and use XML namespaces (XMLNS), typically embedded in other structures for transport, such as HTTP POST requests or XML-encoded SOAP messages.
SAML addresses primarily single-sign-on functionality in Web-based application interfaces.
| Status | Released |
| Body | IETF (Internet Engineering Task Force) |
| URL | http://www.simplecloud.info/ |
| Source | ETSI (European Telecommunications Standards Institute) |
The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations.
| Status | Released |
| Body | ITU (International Telecommunication Union) |
| URL | http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.509 |
Quoting from Wikipedia: X.509 is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.
| Status | Released |
| Body | SNIA (Storage Networking Industry Association) |
| URL | http://www.snia.org/cdmi |
| Source | Web search |
CDMI specifies a protocol for self-provisioning, administering and accessing cloud storage, defining the functional interface that applications use to create, retrieve, update and delete data elements from the Cloud.
| Status | Released |
| Body | SNIA (Storage Networking Industry Association) |
| URL | http://www.snia.org/forums/smi/tech_programs/smis_home |
| Source | ETSI (European Telecommunications Standards Institute) |
From the SNIA Website: The SMI-S (Storage Management Initiative Specification) is a standard that has been developed by the SNIA Storage Management Initiative (SMI), its “Member Companies,” and the SNIA’s Technical Working Groups (TWGs) in association with additional standards and technical bodies strategically aligned with the SNIA.
| Status | Released, RFC4918 |
| Body | IETF (Internet Engineering Task Force) |
| URL | http://tools.ietf.org/html/rfc4918 |
| Source | MR |
WebDAV is an extension of the HTTP protocol, which makes remote files accessible as files stored on a web server regardless of the actual architecture of the storage element.
| Status | Released |
| Body | DMTF (Distributed Management Task Force) |
| URL | http://dmtf.org/standards/cloud |
| Source | ETSI (European Telecommunications Standards Institute) |
The Cloud Infrastructure Management Interface is a standard released by DMTF (Distributed Management Task Force). Similarly to OCCI (Open Cloud Computing Interface), it also consists of multiple specifications:
CIMI is a highly specific IaaS protocol, defining a wide range of attributes applicable in the context of IaaS. This is what mainly distinguishes it from OCCI (Open Cloud Computing Interface), which is a much more light-weight, generic boundary-level protocol, relying on its extensibility to cover specific areas.
From the IEE Web site: The purpose of the guide is to assist cloud computing vendors and users in developing, building, and using standards-based cloud computing products and services, which should lead to increased portability, commonality, and interoperability. Cloud Computing systems contain many disparate elements. For each element there are often multiple options, each with different externally visible interfaces, file formats, and operational conventions. In many cases these visible interfaces, formats, and conventions have different semantics. This guide enumerates options, grouped in a logical fashion called “profiles,” for such definitions of interfaces, formats, and conventions, from a variety of sources. In this way, cloud ecosystem participants will tend towards more portability, commonality, and interoperability, growing the cloud computing adoption rate overall.
| Status | Released in part, extensions in preparation |
| Body | OGF (Open Grid Forum) |
| URL | http://occi-wg.org/ |
| Source | EGI (European Grid Infrastructure) |
OCCI is a boundary protocol and API that acts as a service front-end to a provider’s internal management framework by exposing its resources. As of this writing (early 2015) the specification consist of three documents.
The OCCI Working Group is also working on additional specification, currently in various stages of progress:
Standard implementation status overview is maintained at: http://occi-wg.org/community/implementations/
| Status | Released (v. 2) |
| Body | DMTF (Distributed Management Task Force) |
| URL | http://dmtf.org/standards/ovf |
| Source | CSCC (Cloud Standards Customer Council) |
The Open Virtualization Format (OVF) Specification describes an open format for the packaging and distribution of software to be run in virtual machines.
OVF introduces the OVF file format for software packages containing the OVF descriptor, OVF manifest, certificate, disk images and possibly other resource files. The OVF specification prescribes the syntax of the OVF descriptor, envelope, virtual hardware description, metadata, internationalization bundles, and the contents of the application’s runtime environment.
From the IEEE Web site: This standard creates an economy amongst cloud providers that is transparent to users and applications, which provides for a dynamic infrastructure that can support evolving business models. In addition to the technical issues, appropriate infrastructure for economic audit and settlement must exist.
Taken from Wikipedia: Service Provisioning Markup Language (SPML) is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations.
The Service Provisioning Markup language is the open standard for the integration and interoperation of service provisioning requests. SPML is an OASIS standard based on the concepts of Directory Service Markup Language. SPML version 1.0 was approved in October 2003. SPML version 2.0 was approved in April 2006. Security Assertion Markup Language exchanges the authorization data.
From the ODCA Website: The Open Data Center Alliance recognizes the need to develop Standard Units of Measure (SUoM) to describe the quantitative and qualitative attributes of services to enable an easier and more precise comparison and discovery of the marketplace. This usage model is designed to provide subscribers of cloud services with a framework and associated attributes used to describe and measure the capacity, performance, and quality of a cloud service, and this webcast aims at providing a high level overview of this important document.
| Status | Release Candidate |
| Body | OASIS (Organisation of the Advancement of Structured Information Standards) |
| URL | https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca |
| Source | Web Search |
From the OASIS Web Site: TOSCA will enable the interoperable description of application and infrastructure cloud services, the relationships between parts of the service, and the operational behavior of these services (e.g., deploy, patch, shutdown)–independent of the supplier creating the service, and any particular cloud provider or hosting technology. TOSCA will also make it possible for higher-level operational behavior to be associated with cloud infrastructure management.
By increasing service and application portability in a vendor-neutral ecosystem, TOSCA will enable:
| Status | Released |
| Body | BSI (British Standards Institute) |
| URL | http://www.27000.org/ismsprocess.htm |
| Source | EGI TF 2013 |
An information security system management standard
This subsection includes references to work done by various other teams, working groups or task forces within the field of cloud standardization and interoperability.
| Activity | Cloud Accelerator Toolbox |
| URL | http://www.cloudcatalyst.eu/ |
| Source | AS OpenNebula Conf 2014 |
The Cloud Accelerator Toolbox will be a collection of management tools, bundling together trend analysis, use cases, and practical recommendations in the form of printable report templates and instructional videos.
Exactly how or if the Cloud Catalyst Project aims to tackle interoperability is not yet clear.
| Activity | Cloud Interoperability Plugfest project |
| URL | http://www.cloudplugfest.org/ |
| Activity | Interoperability Testing |
| URL | http://www.cloudplugfest.org/cloud-interoperability-week/test-descriptions |
| Source | CWDG (FF) EGI (European Grid Infrastructure) |
From CPf Web site: The Cloud Interoperability Plugfest project (or “Cloud Plugfests” for short) is a co-operative community series designed to promote interoperability efforts on cloud-based software, frameworks, and standards among vendors, products, projects and implementations. The series supports ongoing and continuing interoperability efforts among and between the sponsoring organizations, and with the cloud community at large. These efforts include organized software demonstrations, in-person developer gatherings, and continuous access to professional-grade cloud testing frameworks and tools.
| Activity | Cloud Standards Wiki |
| URL | http://cloud-standards.org/wiki/index.php?title=Main_Page |
| Source | Web search |
| Authors | SNIA (Storage Networking Industry Association) |
| URL | http://www.snia.org/ctp/ |
| Source | ETSI (European Telecommunications Standards Institute) |
From the SNIA Web Site: SNIA (Storage Networking Industry Association) validates that a member company's products (software or hardware) conform to a particular version of the SMI-S specification for storage management. By the implementation of the SMI-S Conformance Testing Program (SMI-S CTP), SNIA can provide an impartial validation of a storage management software product, or affirm that an item of storage networking infrastructure conforms to a version of SMI-S.
SMI-S CTP began in March of 2004. The SMI-S CTP has released multiple versions of test suites to validate conformance of SMI-S enabled products since the program's beginning. The SMI-S CTP is an integral step towards bringing third party standards conformance to the marketplace. It consists of master test suites that are developed, owned, and operated by the SNIA. The SMI-S CTP has testing for storage device management software which conforms to the Storage Management Initiative Specification. This set of tests is known as the SMI-Provider test. The SMI-S CTP also provides testing for software which manages the overall storage environment using the Storage Management Initiative Specification. This sets of tests is known as the SMI-Client Test.
| Activity | FedCloud |
| URL | https://www.egi.eu/infrastructure/cloud/ |
| Source | EGI (European Grid Infrastructure) |
From the FedCloud Web page: The EGI Federated Cloud is a seamless grid of academic private clouds and virtualised resources, built around open standards and focusing on the requirements of the scientific community.
The result is a new type of research e-infrastructure, based on the mature federated operations services that make EGI a reliable resource for science.
| Activity | Cloud Computing Standards, recommendations |
| URL | http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing |
| Source | EGI TF 2013 |
| Activity | CSC (Cloud Standards Coordination) |
| URL | http://www.etsi.org/csc http://www.etsi.org/news-events/events/723-2013-12-cloud-standards-coordination http://www.etsi.org/technologies-clusters/technologies/grid-and-cloud-computing |
| Source | MR |
The CSC has released its report in early December 2013: http://eurocloudnl.eu/wp-content/uploads/2013/12/ETSI-CSC-Deliverable-008-Final_Report-V1_0.pdf
The report focuses on the identification of stakeholders, use cases and applicable standards for procuring cloud services. Standards are identified in three areas: SLAs, Interoperability and Security, and sorted by use case.
The following standards are invoked:
The Final Cloud Standards Coordination Report is available at: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=3988
Another noteworthy resource by ETSI (European Telecommunications Standards Institute) is the Grid and Cloud Computing Section: http://www.etsi.org/technologies-clusters/technologies/grid-and-cloud-computing, which goes on to identify applicable standards in their Initial Analysis of Standardization Requirements for Cloud Services (http://www.etsi.org/deliver/etsi_tr/102900_102999/102997/01.01.01_60/tr_102997v010101p.pdf)
| Activity | GRyCAP Infrastructure Manager RADL (Resource and Application Description Language) |
| URL | http://www.grycap.upv.es/im/index.php |
| Source | EGI (European Grid Infrastructure) PaaS Meeting |
From the GRyCAP Web Site: The IM system offers a web-based GUI that allows the users to launch an monitor the status of the virtual infrastructures. It also enables the user to manage and share a list RADLs with the infrastructure descriptions, considering the user credentials and the Access Control Lists (ACLs) imposed by the RADL owner. It also enables to manage the user credential to access the cloud deployments.
| Activity | Helix Nebula |
| URL | http://helix-nebula.eu/ |
| Source | EGI (European Grid Infrastructure) |
From the HN Web Site: The project aims to pave the way for the development and exploitation of a Cloud Computing Infrastructure, initially based on the needs of European IT-intense scientific research organisations, while also allowing the inclusion of other stakeholders’ needs (governments, businesses and citizens).
The Cloud Computing Infrastructure will ultimately provide physical and organisational structures and assets needed for the IT-related operation of research institutions, enterprises, governments and society. This pan-European partnership across academia and industry is working to establish a sustainable European cloud computing infrastructure, supported by industrial partners, which will provide stable computing capacities and services that elastically meet demand.
| Activity | Guidance on the Use of Cloud Computing |
| URL | http://www.ico.org.uk/for_organisations/data_protection/topic_guides/online/~/media/documents/library/Data_Protection/Practical_application/cloud_computing_guidance_for_organisations.ashx |
| Source | Karl Meyer, DANTE |
From ICO Web site: The Information Commissioner’s office (ICO) is the UK’s independent public authority set up to uphold information rights. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.
| Activity | Recommendations for Safe Use of Cloud Services |
| URL | http://www.ipa.go.jp/security/ https://documents.egi.eu/public/RetrieveFile?docid=1642&version=1&filename=EGI2013CF_BoA_web.pdf |
| Source | IPA Booklet |
From IPA Web site: IPA: INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN was established originally as a Specially-Approved Corporation, based on the Law on Promotion of Information Processing (enacted May 22,1970,Law No.90). By amendments enacted on December 11,2002(Low No. 144), lPA was reorganized to become an incorporated Administrative Agency dated January 5, 2004.
| Activity | Formulation of the national strategy, performed by NIST (National Institute of Standards and Technology) |
| URL | http://nist.gov/nstic/ |
| Source | EurOpen, fall 2013 |
Formulation of a national ecosystem of trusted identities.
| Activity | ODCA |
| URL | http://www.opendatacenteralliance.org/docs/Virtual_Machine_(VM)_Interoperability_in_a_Hybrid_Cloud_Environment_Rev1.2.pdf |
| Source | EGI FedCloud |
From ODCA’s Web Site: The Open Data Center Alliance was formed in 2010 as a unique consortium of leading global IT organizations. We are led by a steering committee of senior IT executives from BMW, China Unicom, Deutsche Bank, JPMorgan Chase, Lockheed Martin, Marriott International, Inc., National Australia Bank, Terremark, Disney Technology Solutions and Services, and UBS. Intel Corporation serves as the organization’s technical advisor. We came together to deliver a unified voice for emerging data center and cloud computing requirements. Our mission is to speed the migration to cloud computing by enabling the solution and service ecosystem to address IT requirements with the highest level of interoperability and standards. This includes:
| Activity | REFEDS |
| URL | https://refeds.org/ https://refeds.terena.org/index.php/Main_Page |
| Source | GN3+ SA7 Kickoff |
This Section explains how not only standards but also best practices and other tools can be applied to achieve interoperability.
This Section collects experience, recommendations and evaluation of wide-spread solutions, which are not true standards but are often presented and used as such.
| Authors | Amazon |
| URL | http://aws.amazon.com/ec2/ |
| Source | public domain |
EC2 is an Amazon cloud computing platform, which defines its own management interface. Although not codified as an open standard, it is widely used due to the popularity of the Amazon service, and subsets of it are implemented by various other cloud management frameworks. This makes it a widely used de-facto standard (or industrial standard).
The main disadvantage of EC2 when compared to open standards such as OCCI (Open Cloud Computing Interface) is the fact that it is subject to frequent one-sided modifications, which complicates maintenance of other EC2-(partly-)compliant products.
| Authors | OpenStack |
| Status | Released, V2 |
| URL | v. 1.1: https://wiki.openstack.org/wiki/OpenStackAPI_1-1 v. 2: http://developer.openstack.org/api-ref.html |
| Source | public domain |
The OpenStack API enables control of the OpenStack cloud framework manager. Due to OpenStack's popularity, certain other cloud management framework also partly implement the API.
| Authors | GRyCAP |
| URL | http://www.grycap.upv.es/im/doc/radl.html |
| Source | EGI (European Grid Infrastructure) PaaS meeting |
RADL is an early attempt at a resource description language, developed before related open standards such as OCCI (Open Cloud Computing Interface) were introduced. It is used in the GRyCAP Infarstructure Manager.
From the GryCAP Web site: The main purpose of the Resource and Application description Language (RADL) is to specify the requirements of the scientific applications needed to be deployed in a virtualized computational infrastructure (cloud). Using a declarative scheme RADL considers distinct features related to
RADL is intended to be more abstract that other standards to specify virtual appliances, like OVF, and easily extensible with other tools, like contextualization languages such as Ansible.
There were already several projects on a different scale, which had to address interoperability issues. There are certainly lessons to be learned from them.
This subsection provides guidelines and tips based on the evaluation of the standards and use cases outlined above. It is divided by service model.
| Activity | NORDUnet tender for a mobile device and desktop synchronisation service |
| URL | https://portal.nordu.net/display/NORDUtender/NORDUnet+tender+for+a+mobile+device+and+desktop+syncronisation+service |
| Source | Per |
This is a case study of the NORDUnet tender for a mobile device and desktop synchronisation service, which ran in December 2012, representing jointly DeiC, CSC-IT, Center for Science, SUNET and UNINETT. Standards invoked in the tender are:
| Activity | Microsoft links to Janet to boost cloud access at universities |
| URL | http://www.v3.co.uk/v3-uk/news/2269321/microsoft-links-to-janet-to-boost-cloud-access-universities |
| Source | AS V3.co.uk |
| Activity | SUNET Tender Portal |
| URL | https://portal.nordu.net/display/SUNETtender/Home |
| Source | Per |
This is the home for SUNET’s service procurement tenders, currently covering tenders for:
| Activity | SURFconext |
| URL | http://www.surfnet.nl/en/Thema/coin/Pages/Default.aspx http://www.surfnet.nl/Documents/flyer_SURFconextSP.EN.pdf |
| Source | GN3+ SA7 Kickoff |
| Related Standards | SAML (Security Assertion Markup Language) OpenSocial |
| Tools | Grouper |
The area of cloud storage is covered by standards even less than others. There is CDMI (Cloud Data Management Interface) for management but there is a lack of standards for access. Apart of Amazon’s S3 with several competing implementations, most providers offer specific protocols or – in the case of storage services such as DropBox or BOX – even closed-source clients. An emerging solution supported by many public as well as private storage service providers is perhaps WebDAV (Web Distributed Authoring and Versioning).
There are tools intended to overcome lack of standardization in different cloud solutions by implementing different backends for different providers, and presenting the user with a unified frontend to access the different providers in a unified way. In some cases they promise to implement a standard. In other cases, they strive to become a de-facto standard by themselves simply by attracting a wide enough user base.
| Authors | CompatibleOne Contributors |
| URL | http://www.compatibleone.org/ |
| Source | OpenNebula Conf |
From the CompatibleOne Web Site: CompatibleOne is an open source project which provides a model, CORDS (CompatibleOne Resource Description System), and a platform, ACCORDS (Advanced Capabilities for CORDS), for the description and federation of different clouds comprising resources provisioned by heterogeneous cloud service providers. CompatibleOne's flexible service architecture makes it independent from any Cloud Service Provider (from OpenStack to OpenNebula, from Azure to Vcloud) and can address all types of cloud services (IaaS, PaaS, SaaS , XaaS, BpaaS, …) and any type of cloud service deployment (public, private, community and hybrid).
The goals of CompatibleOne are to:
| Authors | Fog |
| URL | https://github.com/fog/fog |
| Source | EGI (European Grid Infrastructure) Cloud platform |
Fog.io is an attempt to implement a common front end as a library for the Ruby programming language, providing different backends for different cloud stacks. It was investigated as an interoperability solution for instance in rOCCI, but rejected.
Unfortunately front-end functions tend to diverge significantly depending on the actual back-end of choice, providing very little actual interoperability.
| Authors | CESNET |
| URL | https://github.com/EGI-FCTF/jOCCI-core/wiki https://github.com/EGI-FCTF/jOCCI-api/wiki |
| Source | EGI (European Grid Infrastructure) Cloud platform |
jOCCI is a Java library implementing the OCCI standard. The jOCCI-core component implements OCCI class structures and methods for rendering, parsing and verification of OCCI data, while jOCCI-api implements transport. It is a generic Java library for implementing client applications that control IaaS services over OCCI.
| Authors | IBM |
| URL | unofficial: http://slashdot.org/topic/datacenter/ibm-to-ship-free-middleware-to-link-openstack-aws/ |
| Source | MR |
An effort by IBM to provide OpenStack interface to public cloud services, currently in alpha stage.
| Authors | CESNET, GWDG |
| URL | https://wiki.egi.eu/wiki/rOCCI:ROCCI |
| Source | EGI (European Grid Infrastructure) Cloud platform |
rOCCI is a Ruby framework implementing the OCCI standard in Ruby. rOCCI Server is an interoperability tool, which interprets OCCI queries and communicates with the local cloud stack through a solution-specific backend. The status of backend development is currently as follows:
| Authors | https://shibboleth.net/consortium/ Shibboleth Consortium |
| URL | https://shibboleth.net |
| Source | Public domain |
| Standards implemented | OAuth |
From the Shibboleth WebSite: Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
| Authors | SixSq |
| URL | http://sixsq.com/products/slipstream.html |
| Source | OpenNebula Conf |
From the SixSq Web Site: Developed by SixSq, SlipStream™ is a multi-cloud coordinated provisioning and image factory engine. In other words, it is an engineering Platform as a Service (PaaS) solution to support production deployment in the cloud, as well as development, testing, certification and deployment processes into Infrastructure as a Service (IaaS) cloud environments.
Aside of the matters of standardization and interoperability, there is the other, non-technical angle to consider when procuring cloud services. It needs to be kept in mind while preparing tenders or writing up service agreements. Although these mostly legal matters may not be the main focus of Task 2 at first sight, it is not unreasonable to image a template legal document such as an SLA or a section on personal data protection being considered a de-facto standard, and as such made use of by multiple GÉANT members.
Along the track, Task 2 has collected a sampling of such documents, which are presented as case studies below.
General advice for those who open tenders for cloud services is being collected in this Section, based on the interpretation of existing standards and evaluation of case studies
| Activity | Cloud Select Industry Group |
| URL | https://ec.europa.eu/digital-agenda/en/news/cloud-service-level-agreement-standardisation-guidelines |
| Source | MR |
From the EC Web Site: Guidelines to help business users save money and get the most out of cloud computing services are being presented to the European Commission today.
| Activity | SURF |
| URL | N/A, currently a draft proposal |
| Source | AS |
An outline of a ready-made legal framework for procurement of cloud services by Dutch institutes of higher education, the document focuses mainly on data protection and availability aspects of contracted cloud services. It provides comprehensive templates for relevant legal documents under the Dutch law for personal data protection, and suggestions (incl. checklists) for the procurement conduct. It could potentially be made more generic for use outside Dutch jurisdiction, but would not ease of use suffer?
This section links to cloud strategy documents by GÉANT partners.
| Institute | Description | Internal Link | External Link |
|---|---|---|---|
| SURF | SURF – Legal Framework for Cloud Services in Research and Education |
Theoretical work on cloud standards and interoperability is partly funded through the GN3plus Project by the European Commission's 7th Framework Programme (contract # RI-605243).
CESNET, z. s. p. o.
Generála Píky 26
16000 Prague 6
Tel: +420 234 680 222
Fax: +420 224 320 269
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
Fax: +420 224 313 211
support@cesnet.cz
