a central point for collection of information as it relates to cloud computing in the government
Cloud Computing Standards
September 8, 2009 at 9:33 am #79836
From the Internet Evolution
Title: Multiple Standards Could Spoil Cloud Computing
Author: Tom Nolle, software engineer and founder of CIMI Corp.
Everybody’s getting into cloud computing, often whether they have anything rational to contribute or not. Now, everybody seems to want to get into cloud standards as well.
Frankly, I think that too many standards are worse than no standards at all, because these efforts can stifle innovation and even implementation. In the case of cloud computing, there’s also the big question of whether standards being pushed for private clouds will end up contaminating the successful Internet model of cloud computing.
A recent study commissioned by F5 Networks suggests that enterprises are already throwing themselves into cloud computing and that private cloud planning is well along.
What’s not well along is how public cloud planning, or the use of cloud computing on the Web, plays into all this private cloud interest.
Enterprise interest is driving enterprise-focused cloud standards. An example is The Open Group , which has launched its own cloud computing activity. Their site refers to no fewer than five other cloud standards bodies with “similar aims.”
I count a total of seven bodies with some interest in this space, and no implementation to show for it. Apart from the groups listed by The Open Group — the Cloud Security Alliance, the Open Cloud Manifesto, the Cloud Computing Interoperability Forum, CloudCamp, and the Cloud Computing Use Cases Group — I include groups from the Distributed Management Task Force (DMTF) and the Object Management Group (OMG).
Aside from the question of why we’ve now got a total of seven standards groups, six of which have similar aims, you’ve got to wonder how this work might relate to the public cloud.
Here’s what the Cloud Security Alliance, one of those five bodies with “similar aims,” has to say about that:
The onus is on the customer to perform extensive due diligence of a cloud provider for usage in mission critical business functions or for hosting regulated personally identifiable information. At this point in time, customers should consider Private and Hybrid Cloud models for these types of business needs, unless rigorous due diligence determines a Public Cloud is acceptable.
The message here seems to be: “Go data center and forget EC2.” Not surprisingly, Amazon Web Services LLC announced its own counter-proposal; an expansion to its popular EC2 service to support the “Virtual Private Cloud” (VPC) lets enterprises build their own clouds with secure links to EC2.
The good news is that Amazon’s VPC can be implemented now. But the Amazon approach doesn’t address how private clouds would be built, how cloud resources would be connected between two private clouds, or the details of private cloud management.
So now we have live public cloud services with incomplete standards and evolving private cloud standards with no implementations.
The best hope for a unification is the Cloud Computing Interoperability Forum. Its Unified Cloud Architecture tackles standards by making public cloud computing interoperable. Their map of cloud computing shows the leading public cloud providers and a proposed Unified Cloud Interface that the body defines, with a joking reference to Tolkien’s Lord of the Rings, as “One API to Rule them All.”
So then, why not have that “One API” rule private clouds, too? A single top-down vision of cloud computing for public and private clouds has to be a better approach.
You could make a pretty strong argument that private cloud computing without the ability to harness public cloud resources to support it isn’t much more than SOA (service-oriented architecture) on steroids. Over 95 percent of enterprises I surveyed thought private clouds had to provide public cloud interactivity to be viable.
All of these cloud standards activities need to take a lesson from Tolkien and focus on one approach. It’s reasonable to have specialized groups working on specialized cloud standards. It’s reasonable to have these groups accommodate the IT architecture of the enterprise to facilitate private cloud deployment.
It’s not reasonable to expect all these diverse standards will somehow build up to something that is both effective and compatible with the Internet-hosted services that launched cloud computing in the first place.
Indeed, unless we do ensure a unified design and API, then private networks could end up negatively affecting existing public cloud services by creating incompatibilities.
We need to have a body aimed at harmonizing all the standards with a single model, a model that’s based on the kind of cloud computing that dominates the real world today — the stuff on the Internet. We need to get behind UCI!
You must be logged in to reply to this topic.