Global Standardization Activities
Standardization Activities for Cloud Computing
This article describes standardization activities for cloud computing. Since cloud computing involves a wide range of technical and business elements, the targets of cloud computing standardization are diverse and many standards organizations are studying cloud computing focusing on their respective areas of expertise. The study areas can be broadly classified into: (i) framework development, terminology definition, use cases, and requirements identification, (ii) cloud configuration management, and (iii) inter-cloud federation. Cloud computing standardization was started by industrial organizations, which develop what are called forum standards. Since late 2009, de jure standards bodies, such as ITU-T and ISO/IEC JTC1, and ICT-oriented standards bodies (ICT: information and communications technology), such as IEEE (Institute of Electrical and Electronic Engineers) and IETF (Internet Engineering Task Force), have also begun to study cloud computing standardization. In the USA and Europe, government-affiliated organizations are also discussing it.
Cloud computing represents a form of computing in which a user accesses networked-based information and communications technology (ICT) resources, such as servers, storage units and network devices, and services provided using those resources (cloud services) via the network without worrying about where the resources are actually located. It has been rapidly taken up by the business community over the last few years. This article describes standardization activities for cloud computing.
2. Importance of standardizing cloud computing
One advantage of using a cloud service is that users can use the service without owning their own ICT resources. Instead, they pay only for the amount of the service that they have actually used. The number of users of cloud-based consumer services, such as Amazon and Google, has been increasing rapidly in the last few years. Cloud computing is steadily making its way into enterprises’ information systems and government systems.
Technological evolution of cloud computing has been so fast that cloud service providers have tried to differentiate their services by using their own service specifications. However, as cloud computing develops into widely used social infrastructures, serious problems associated with users being locked into a specific provider have arisen. Specifically, once an enterprise begins to use a specific provider’s service, it finds it difficult to switch to another provider that offers more attractive service conditions and it faces the risk of its business being interrupted if the provider goes out of business.
To enable users to continue to use cloud services with confidence, activities for developing standards that ensure interoperability and portability between cloud services have been organized since around 2009.
3. Targets of cloud computing standardization
Cloud computing is a conglomerate of a wide variety of technologies, from distributed processing to virtualization. The types of service offered are also diverse: from infrastructure as a service (IaaS), in which ICT resources are provided as a service, and platform as a service (PaaS), in which database or other middleware programs are provided as a service, to software as a service (SaaS), in which application software, such as accounting programs and office suits, are provided as a service.
The targets of cloud computing standardization are so diverse that many standards organizations are studying cloud computing focusing on their respective areas of expertise. The different study areas and major cloud computing standards bodies related to each of them are shown in Fig. 1. Each body addresses issues that are so diverse that it is difficult to define precisely what issues it covers. However, the study areas for cloud computing can be broadly classified into the following three:
3.1 Studies on framework development, terminology definition, use cases, and requirements identification
Since cloud computing involves a wide range of technical and business elements, it is crucial in advancing standardization to sort out these elements and define standard technical terms. A significant contribution in these areas is being made by the National Institute of Standards and Technology (NIST), which first defined the now commonly used terms IaaS and SaaS.
To identify what needs to be standardized for cloud computing, many organizations take an approach of first discussing use cases and then sorting out requirements that need to be standardized. In addition to de jure standards bodies as the International Telecommunication Union, Telecommunication Standardization Sector (ITU-T) and International Organization for Standardization/International Electrotechnical Commission Joint Technical Committee 1 (ISO/IEC JTC1), major regional and national standards bodies in the USA, Europe, Korea, Japan, etc. are working on these standardization issues.
3.2 Studies on cloud configuration management
In the area of configuration management of cloud systems, many organizations are aiming to develop specifications for a standard application programming interface (API), an interface through which users and operators manage cloud systems.
The Open Cloud Computing Interface Working Group (OCCI-WG) of the Open Grid Forum (OGF) has defined and released an API for managing IaaS. The Open Cloud Standards Incubator (OCSI) of the Distributed Management Task Force (DMTF) has also specified an IaaS management API.
The Storage Networking Industry Association (SNIA) has formulated the specifications of the Cloud Data Management Interface (CDMI), which is an API for controlling storage units.
A non-standards organization is also active in this area. An open source community called OpenStack, which was established mainly by Rackspace and NASA in July 2010, makes the source code of its IaaS management software open to the public.
All the cloud configuration management APIs now under study are intended for IaaS. Few APIs are being studied for PaaS or SaaS. This can be attributed to the general recognition that PaaS and SaaS are in the competitive arena of business.
In addition, many organizations are studying reference architecture and security issues for cloud systems.
The Cloud Security Alliance (CSA) is defining the best practice in thirteen areas, ranging from security risks for cloud users and providers to governance and risk management that need to be defined in introducing cloud computing, electronic disclosure of legal evidence, compliance, and auditing.
3.3 Studies on inter-cloud federation
Studies on inter-cloud federation were started in the second half of 2009 so that multiple clouds can mutually give and take cloud resources to provide cloud services stably even when individual cloud systems become unable to provide service due to damage by a major natural disaster or a serious failure, or when their capacity is surpassed by the demand, or so that users can access two or more clouds seamlessly through ID-based federation (ID: identification).
The Global Inter-Cloud Technology Forum (GICTF), which was established in Japan in July 2009, is one of the first bodies to address the issue of inter-cloud federation. In June 2010, it issued a white paper that documented use cases and functional requirements for inter-cloud federation .
4. Current activities of major cloud-related standards bodies
Cloud computing standardization was started by industrial organizations, which develop what are called forum standards. Since late 2009, de jure standards bodies, such as ITU-T and ISO/IEC JTC1, and ICT-oriented standards bodies, such as IEEE (Institute of Electrical and Electronic Engineers) and IETF (Internet Engineering Task Force), have also begun to study it. In the USA and Europe, government-affiliated organizations are also discussing it. The activities of major forum standards bodies, ICT-oriented standards bodies, de jure standards bodies, and government-affiliated bodies are described below.
4.1 Forum standards bodies
There are two groups of forum standards bodies related to cloud computing. Those in the first group, including DMTF, OGF, and SNIA, have been active in the field of grids and distributed processing management and have newly added cloud computing to their agendas. The bodies in the second group, including OCC, CSA and GICTF, were newly founded to address cloud computing.
(1) DMTF (Distributed Management Task Force)
DMTF has defined the Open Virtualization Format (OVF), which is a standard virtual machine image format. It established OCSI in April 2009 and is studying standards that will allow interoperability between cloud systems. The Cloud Management Working Group (CMWG), in which VMware, Fujitsu, Oracle, and others are proposing a relevant API, was established in June 2010. DMTF issued a white paper on interoperability between cloud systems in November 2009 and another on use cases of cloud management and interactions in June 2010. Its Board Members include VMware, Microsoft, IBM, Citrix, Cisco, and Hitachi.
(2) OGF (Open Grid Forum)
OGF formed the OCCI-WG (WG: Working Group) in April 2009 and defined and released an API specification, OCCI , which makes possible lifecycle management of virtual machines and workloads through IaaS. OCCI is implemented in Europe’s OpenNebula Project, etc. The main participants in OCCI are Fujitsu, EMC, and Oracle.
(3) SNIA (Storage Networking Industry Association)
SNIA established the Cloud Storage Technical Working Group in April 2009 and released CDMI, which is an interface specification for cloud storage data management. In October 2009, it formed a sub-working group called the Cloud Storage Initiative (CSI) to educate users and promote the cloud storage market through the Cloud BUR SIG (Cloud Backup and Recovery Special Interest Group) project. SNIA’s membership includes EMC, IBM, Fujitsu, and Hitachi. Its Japan Chapter was established in 2010.
(4) OMG (Object Management Group)
OMG held a Cloud Standards Summit in July 2009 and inaugurated Cloud Standards Coordination, which is a round-table conference of cloud-related standards bodies. Participants in the Coordination currently include DMTF, OGF, SNIA, TM Forum (TeleManagement Forum), OASIS, OCC, CSA, ETSI, and NIST in addition to OMG.
(5) OASIS (Organization for the Advancement of Structured Information Standards)
OASIS established the Identity in the Cloud Technical Committee (IDCloud TC) in May 2010, surveyed existing ID management standards, and developed use cases of cloud ID management and guidelines on reducing vulnerability. It also developed basic security standards, such as SAML (Security Assertion Markup Language) and maintains liaison with CSA and ITU-T. The main members are IBM, Microsoft, and others.
(6) OCC (Open Cloud Consortium)
OCC is a nonprofit organization formed in January 2009 under the leadership of the University of Illinois at Chicago. It aims to develop benchmarks using a cloud testbed and achieve interoperability between cloud systems. Its Working Groups include OpenCloudTestbed, Project Matsu, which is a collaboration with NASA, and Open Science Data Cloud, which covers the scientific field. The main members include NASA, Yahoo, Cisco, and Citrix.
(7) Open Cloud Manifesto
Open Cloud Manifesto is a nonprofit organization established in March 2009 to promote the development of cloud environments that incorporate the user’s perspective under the principle of open cloud computing. It published cloud use cases and requirements for standards as a white paper in August 2009. The latest version of the white paper is version 4.0 (V4) , which included for the first time the viewpoint of the service level agreement (SLA). The participants include IBM, VMware, Rackspace, AT&T, and TM Forum. A Japanese translation of the white paper is available .
(8) CSA (Cloud Security Alliance)
CSA is a nonprofit organization established in March 2009 to study best practices in ensuring cloud security and promote their use. It released guidelines on cloud security in April 2009. The current version is version 2.1 , which proposes best practices in thirteen fields, such as governance and compliance. The main members are PGP, ISACA, ENISA, IPA, IBM, and Microsoft. A distinctive feature of the membership is that it includes front runners in cloud computing, such as Google and Salesforce. A Japan Chapter of CSA (NCSA) was inaugurated in June 2010.
(9) CCF (Cloud Computing Forum)
CCF is a Korean organization established in December 2009 to develop cloud standards and promote their application to public organizations. Its membership consists of 32 corporate members and more than 60 experts. CCF comprises six Working Groups, including Media Cloud, Storage Cloud, and Mobile Cloud.
(10) GICTF (Global Inter-Cloud Technology Forum)
GICTF is a Japanese organization studying inter-cloud standard interfaces, etc. in order to enhance the reliability of clouds. As of March 2011, it has a membership of 74 corporate members and four organizations from industry, government, and academia. In June 2010, it released a white paper on use cases of inter-cloud federation and functional requirements. The main members include NTT, KDDI, NEC, Hitachi, Toshiba Solutions, IBM, and Oracle.
4.2 ICT-oriented standards bodies
Major standards bodies in the ICT field have also, one after another, established study groups on cloud computing. These study groups are holding lively discussions.
IETF had been informally discussing cloud computing in a bar BOF (discussions over drinks in a bar; BOF: birds of a feather) before November 2010 when, at IETF79, it agreed to establish the Cloud OPS WG (WG on cloud computing and maintenance), which is discussing cloud resource management and monitoring, and Cloud-APS BOF (BOF on cloud computing applications), which is mainly discussing matters related to applications. Since around the end of 2010, it has been receiving drafts for surveys of the cloud industries and standards bodies, reference frameworks, logging, etc.
IEEE formed the Cloud Computing Standards Study Group (CCSSG) in March 2010. It announced the launch of two new standards development projects in April 2011: P2301, Guide for Cloud Portability and Interoperability Profiles (CPIP) and P2302, Standard for Intercloud Interoperability and Federation (SIIF).
(3) TM Forum
In December 2009, TM Forum established the Enterprise Cloud Buyers Council (ECBC) to resolve issues (on standardization, security, performance, etc.) faced by enterprises when they host private clouds and thereby to promote the use of cloud computing. In May 2010, it started the Cloud Services Initiative, which aims to encourage cloud service market growth. The main members of this initiative are Microsoft, IBM, and AT&T.
4.3 De jure standards bodies
Since late 2009, major de jure standards bodies have taken up cloud computing as part of their study subjects. All these bodies are conducing a gap analysis based on the studies made by forum standards bodies in order to identify the target areas where standardization by de jure standards bodies is desired. Specific activities to develop recommendations are expected to start in 2011.
In February 2010, ITU-T launched the Focus Group on Cloud Computing, which is discussing the benefits of clouds and target issues requiring standardization from the telecommunication perspective. The Group is currently developing six documents on topics such as the cloud ecosystem, functional architecture, cloud security, and utilization of networks in clouds. Afterwards, relevant Study Groups will develop recommendations for these issues.
(2) ISO/IEC JTC1
In its Sub Committee 38 (SC38) meeting held in November 2009, ISO/IEC JTC1 established a Study Group to study cloud computing. Its secretariat is provided by the American National Standards Institute (ANSI). The Study Group is classifying cloud computing, sorting out terminology, and maintaining liaison with other organizations. In Japan, SC38 Technical Committee was launched in February 2010. In addition, SC27 is studying requirements for Information Security Management Systems (ISMSs).
(3) ETSI (European Telecommunications Standards Institute)
ETSI has established a Technical Committee on grids and clouds. The TC Cloud has released a Technical Report (TR) on standards required in providing cloud services.
4.4 Government-affiliated bodies
Government-affiliated bodies in the USA and Europe are active in cloud-related standardization. Government systems constitute a large potential cloud market. It is highly likely that the specifications used by governmental organizations for procurement will be adopted as de facto standards.
NIST is a technical department belonging to the U.S. Department of Commerce. “The NIST Definition of Cloud Computing”, which was published in October 2009, is referred to on various occasions. NIST undertakes cloud standardization with five WGs. One of them, Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC), is intended to promote the development of cloud standards based on actual examples and use cases. It discloses a number of different specifications and actual implementation examples on its portal. It also discloses test results for the developed standard specifications.
(2) ENISA (European Network and Information Security Agency)
In November 2009, ENISA, an EU agency, released two documents: “Cloud Computing: Benefits, Risks and Recommendations for Information Security”, which deals with cloud security, risk, and assessment and “Cloud Computing Information Assurance Framework”, which is a framework for ensuring security in cloud computing.
5. Future of cloud standardization and NTT’s activities
While many organizations are discussing cloud standardization, activities for consolidating their discussions are currently inadequate. Such activities are being undertaken only partially by Cloud Standards Coordination. The key issue will be how well the de jure standards bodies that have begun full-scale studies of cloud computing can collaborate with forum standards bodies.
Major front runners in cloud services, such as Amazon, Google, and Salesforce, are not participating in the cloud standards organizations mentioned in this article. There are not a few people who argue that it is too early for cloud standardization because it may impede technical innovation. It is unclear to what extent the standards developed by the standards bodies will be adopted by the market. This trend should be monitored carefully.
NTT believes that it is particularly important to standardize the external interfaces of cloud systems if we are to achieve interoperability and portability between cloud services. Specifically, such interfaces include interfaces for cloud users and those for cloud application developers and inter-cloud interfaces to allow federated operation between clouds.
NTT is currently participating in GICTF as a board member. NTT will make proposals to ITU-T and NIST on the basis of the work undertaken by GICTF on inter-cloud federation and other issues.
This article described standardization activities for cloud computing. NTT will promote the standardization of external interfaces of cloud systems, which will enable interoperability and portability between cloud services.