en:original_t2_principal_document_layout_test

Task 2 Principal Document

Introduction

Executive Summary

Task 2 “Interoperability and Standardization” is continuously surveying the cloudscape for applicable standards, best practices and other examples to follow. This document, including the Executive Summary, is likewise being continuously updated.

There are three distinct roles an NREN – a GÉANT member – can play with respect to the formulated cloud strategy. They are:

  • Procurer
  • Provider
  • Mediator/broker/integrator/consultant

For Procurers, it is best practice to dwell on standardization in at least the most basic areas, which are authentication and cloud management. Given GÉANT’s long-term activities in the field of authentication, standards should be chosen from among the SAML (Security Assertion Markup Language) family, currently SAML2. For cloud management, the emerging standard being widely adopted by many providers is OCCI (Open Cloud Computing Interface). Therefore, for cloud services procurement, these two (SAML2 and OCCI) are considered the reasonable minimum.

As far as cloud service providers or brokers are concerned, they should shape their services to meet that requirement for SAML2 and OCCI on their end, too.

One must not forget that there are other groups, often powerful standardization bodies, who perform evaluation of cloud standards. A comprehensive list is given in Section Related Work. Most relevant results are currently expected from ETSI (European Telecommunications Standards Institute).

Reiterating what has already been said in the Introduction; it is also important to stress that this Document is by no means finite. At this point, it has yet to be submitted to other members of GN3+’s SA7 members, and other interested parties. Non-trivial feedback, contributions, and recommendations as to which standards or use cases deserve most attention, must arrive from them!

Actions and Work Packages

This section sums up actions taken within the tasks. DELETEME

NREN Services and Plans

A survey of services currently used or provided by NRENs, including services planned or envisioned, is being taken.

Basic IaaS – vm management, data management (WP1)

Describing currently used protocols, problems with OpenStack/Amazon proprietary/defacto standard; for interoperability suggest also libraries which already support several cloud providers/standards and therefore provide interoperability

Federated Identity Integration into Clouds (WP2)

Cloud Brokerage (WP3)

There is related work already done. Checking on the progress is required.

Cloud Service Procurement (WP4)

Seen as a completely different use case. The Task needs at least to evaluate best practices, standards and policies.

Standardization

The Standardization chapter gives an overview of standardization bodies, evaluation of (potentially) applicable standards and related work by other teams. It is mainly a repository of acquired knowledge.

Standardization Bodies

Standardization bodies identified as having done work wrt. clouds.

Standards

How do we sort standards? CSCC (Cloud Standards Customer Council), for instance, sorts standards by the originating body. Sorting by area of application may be worth considering, perhaps.

Authentication and Authorization

Storage

Resource Management

Security

This subsection includes references to work done by various other teams, working groups or task forces within the field of cloud standardization and interoperability.

Interoperability

This Section explains how not only standards but also best practices and other tools can be applied to achieve interoperability.

Widely Adopted IOp Solutions (De-Facto Standards)

This Section collects experience, recommendations and evaluation of wide-spread solutions, which are not true standards but are often presented and used as such.

Case Studies

There were already several projects on a different scale, which had to address interoperability issues. There are certainly lessons to be learned from them.

Best Practices and Recommendations

This subsection provides guidelines and tips based on the evaluation of the standards and use cases outlined above. It is divided by service model.

SaaS & PaaS

FIXME

IaaS

FIXME

FaaS

FIXME

Storage

The area of cloud storage is covered by standards even less than others. There is CDMI (Cloud Data Management Interface) for management but there is a lack of standards for access. Apart of Amazon’s S3 with several competing implementations, most providers offer specific protocols or – in the case of storage services such as DropBox or BOX – even closed-source clients. An emerging solution supported by many public as well as private storage service providers is perhaps WebDAV (Web Distributed Authoring and Versioning).

Tools

There are tools intended to overcome lack of standardization in different cloud solutions by implementing different backends for different providers, and presenting the user with a unified frontend to access the different providers in a unified way. In some cases they promise to implement a standard. In other cases, they strive to become a de-facto standard by themselves simply by attracting a wide enough user base.

Non-Technical Considerations

Aside of the matters of standardization and interoperability, there is the other, non-technical angle to consider when procuring cloud services. It needs to be kept in mind while preparing tenders or writing up service agreements. Although these mostly legal matters may not be the main focus of Task 2 at first sight, it is not unreasonable to image a template legal document such as an SLA or a section on personal data protection being considered a de-facto standard, and as such made use of by multiple GÉANT members.

Along the track, Task 2 has collected a sampling of such documents, which are presented as case studies below.

Tenders

General advice for those who open tenders for cloud services is being collected in this Section, based on the interpretation of existing standards and evaluation of case studies

SLAs

Case Studies

Cloud Strategies across GÉANT

This section links to cloud strategy documents by GÉANT partners.

Institute Description Internal Link External Link
SURF SURF – Legal Framework for Cloud Services in Research and Education
Last modified: 02.02.2015 10:44