How standards could get cloud out of the 1970s
NIST document could pave the way to better interoperability, portability and security
A road map to developing standards about to be released by
the National Institute of Standards and Technology promises to improve
the interoperability, portability and security of cloud infrastructures
-- and, in the words of Internet pioneer Vint Cerf, could help get the
technology out of the Internet equivalent of the 1970s.
The NIST Cloud Computing Standards Roadmap Working Group is making
use of existing, publicly available work along with the work of other
NIST Working Groups to develop the standards document, Annie Sokol,
co-chair of the working group, said during a presentation at the NIST
Cloud Computing Forum and Workshop III on April 8. The document is set
to be released this month.
The Cloud Computing Standards Roadmap document will be incorporated
into the NIST Cloud Computing Roadmap, which is due by the end of fiscal
2011. The NIST Cloud Computing Roadmap will define and prioritize U.S.
government requirements for interoperability, portability and security
in order to support secure and effective adoption of cloud computing.
Other NIST Cloud Computing Working Groups contributing to the overall
road map include: the Target Business Use Cases Working Group,
Reference Architecture Working Group, Security Working Group and the
Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC)
Technical Use Cases Working Group. The working groups consist of
interested participants from academia, industry and government.
At last, a solid definition of what a cloud looks like
The Standards Roadmap Working Group comprises an inventory of standards that
can be mapped to use cases, along with the NIST Cloud Computing
Reference Architecture, which was released at the NIST cloud forum. The
Reference Architecture serves as a road map for IT managers to
understand, select, design and deploy cloud infrastructures.
The Standards Working Group found that “there were not many specific
cloud computing standards, but many cloud-relevant IT standards” that
can be leveraged, Sokol said. The three specific cloud standards
include: the Open Virtualization Format from the Distributed Management
Task Force, Open Cloud Computing Interface from the Open Grid Forum, and
the Cloud Data Management Interface from the Storage Networking
Cloud service interfaces that are likely candidates for
standardization include management applications programming interfaces
(APIs), data exchange formats, data storage APIs, federated identity and
resources descriptions. The standards road map document will describe
areas in which standards are available, being developed or where new
standards are needed.
The Standards Working Group recommends that agencies contribute clear
and comprehensive requirements for cloud computing standards projects.
Agencies should also participate actively in standards development
projects, the group says.
Each cloud thinks it’s the only cloud
Cloud-to-cloud interoperability is where one of the co-founders of
the Internet would like to see more efforts directed. Cloud systems have
emerged from Amazon, Google, IBM and Microsoft. However, the industry
is at the same stage as computer networks were in 1973, said Cerf, vice
president and chief Internet evangelist at Google.
Networks worked fine. “But each network thought it was the only
network in the world,” Cerf said. And, “now each cloud thinks it is the
only cloud in the world.”
If someone has an enormous amount of data in Cloud A and wants to
move or replicate the data to Cloud B to take advantage of
its processing capability, they can't do it, because there is no common
vocabulary for cloud vendors to port data to another provider. The same
is true for metadata associated with access control.
There are lots of standards that can be used for the cloud. However,
“in order to make progress, we should not be only working on paper, we
must have real experience,” Cerf said.
The SAJACC Technical Use Cases Working Group has produced use cases,
descriptions of how groups of users and their resources might interact
with one or more cloud computing systems. Much of the work has focused
on the infrastructure-as-a-service model centering on how to copy data
objects into a cloud, said Lee Badger, NIST SAJACC Project and Working
The SAJACC working group did not find any open support for direct
cross-cloud copy of data, he noted. However, the working group did
demonstrate how users on their own could copy data objects between cloud
providers. But as a user of cloud services you would want the cloud
provider to provide that capability, probably as an icon that you could
click on, Badger said.
Cloud providers probably would not want to do this because they want
to keep customers locked in to their services, said an IT director of a
trade association, who attended the NIST Cloud Computing Forum.
But perhaps they have no choice, as some proponents of the cloud have said: The age of vendor lock-in is over.