September 26, 2012


Cloud Computing Standards

Necessity is the mother of invention – Plato

Gartner’s “Hype Cycle for Emerging Technologies 2012” predicts that cloud computing will reach a plateau of productivity in 2-5 years’ time. The key enabling technologies for this are fast wide area networks, powerful expensive server computers and high performance virtualization for commodity hardware. However, a lack of standardization to guide development, deployment and integration efforts around technical challenges like interoperability, portability and reusability,  and business concerns like security/compliance, regulation/jurisdiction and vendor lock-in  are cited as major barriers for wider adoption and success.

NIST (National Institute of Standards and Technology) cloud computing standards roadmap report published in 2011 well documents the fact that broad standards are already available in support of certain functions and requirements for cloud computing. While most of these standards were developed in support of pre-cloud computing technologies, such as those designed for web services and the Internet, they also support the functions and requirements of cloud computing. Other standards are now being developed in specific support of cloud computing functions and requirements, such as virtualization.

The NIST report further goes to state that from a standardization point, the cloud interfaces presented to cloud users can be broken down into two major categories, with interoperability determined separately for each category.

The interface that is presented to (or by) the contents of the cloud encompasses the primary function of the cloud service. This is distinct from the interface that is used to manage the use of the cloud service.

Now, if we have to understand this in Infrastructure as a Service (IaaS) cloud offering parlance, the NIST report elucidates that the functional interface is a virtualized Central Processing Unit (CPU), memory and input/output (I/O) space typically used by an operating system (and the stack of software running in that operating system [OS] instance).

The cloud user utilizes the management interface to control their use of the cloud service by starting, stopping, and manipulating virtual machine images and associated resources. It should be clear from this that the functional interface for an IaaS cloud is very much tied to the architecture of the CPU being virtualized. This is not a cloud-specific interface, and no effort is being put into a de jure standard for this interface since de facto CPU architectures are the norm.

The self-service IaaS management interface, however, is a candidate for interoperability standardization.

From a functional viewpoint Platform as a Service, PaaS is a set of libraries and components to which the application is written mostly to take advantage of existing application platforms standards such as those found in J2EE or DOTNET.

SaaS application leverages the standards designed for web services and the internet.

Apart from interoperability, there is a lot of focus on cloud portability as the means to prevent being locked into any particular cloud or service provider. Portability is generally the ability to move applications and data from one computing environment to another. Standards are fundamental to achieve portability.

Security ensuring the confidentiality, integrity, and availability of information and information systems forms the 3rd aspect where a standardized approach is warranted to alleviate the high priority concerns and perceived risks related to cloud computing.

Forrester predicts IaaS will become more standardized by 2015, which is somewhat in line with Gartner’s hype cycle prediction. There’s a lot of effort taking place which is worth looking at.

DMTF’s (Distributed Management Task Force, Inc.) Virtualization Management (VMAN) Virtualization Profiles have achieved ANSI adoption. As DTMF defines it, the VMAN standard is comprised of two components: the Open Virtualization Format (OVF) specification, which provides a standard format for packaging and describing virtual machines and applications for deployment across virtualization platforms, and the Virtualization Profiles, which standardize many aspects of the operational management of a virtualized environment. Together, these components deliver broadly supported interoperability and portability standards to virtual computing environments for deploying pre-configured solutions across heterogeneous computing networks.4

Next in line from the DMTF stable is CIMI (Cloud Infrastructure Management Interface). Version one has been released, and the specification standardizes interactions between cloud environments to achieve interoperable cloud infrastructure management between service providers and their consumers and developers. CIMI is developed as a self-service interface for infrastructure clouds which allows users to dynamically provision configure and administer their cloud usage.4

Coming to Data portability, SNIA (Storage Networking Industry Association) is behind CDMI which defines the functional interface that applications will use to create, retrieve, update and delete data elements from the cloud. As part of this interface the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface.5

Service-Oriented Cloud Computing Infrastructure Framework (SOCCI), made available by the Open Group, is for enterprises that wish to provide infrastructure as a service in the cloud and SOA. It outlines the concepts and architectural building blocks necessary for infrastructures to support SOA and cloud initiatives.

On the open source side, OpenStack, the initiative with the largest vendor community, is creating a lot of de facto standards for operating systems that will be deployed on the cloud.

Open Cloud Computing Interface (OCCI) published by Open Grid Forum, is a RESTful boundary protocol and API that acts as a service front-end to a provider’s internal management framework. OCCI describes APIs that enable cloud providers to expose their services. It allows the deployment, monitoring and management of virtual workloads (like virtual machines), but is applicable to any interaction with a virtual cloud resource through defined http(s) header fields and extensions. 6 OCCI endpoints can function either as service providers or service consumers, or both. Further, the OCCI working group and the OpenStack team are working together to deliver an OCCI implementation in OpenStack.

The nonspecific web and internet technology standards enabling the cloud are TCP/IP, HTTP, HTML, SSL, TLS XML, JSON, DNS, etc.

Another point worth mentioning here is SDN (Software Defined Networking), and understanding how it shall impact cloud computing. The SDN approach makes virtual networking with elastic resource allocation which is an engineering realization of network reaction to application requirement.

SDN separates the control plane from the data plane in network switches and routers. Under SDN, the control plane is implemented in software in servers separate from the network equipment, and the data plane is implemented in commodity network equipment. The Open Networking Foundation has specified the OpenFlow protocol standard as an implementation of SDN.

Now , what we get combining all these is shared pool of configurable computing resources, e.g., networks, servers and storage, that can be rapidly provisioned , orchestrated and released in a standardized way.

The industry is already warming up to this prospect, which is evident from the early steps taken in this direction. Notable is CISCO’s ONE (Open Network Environment) that brings together CISCO, OpenStack and OpenFlow.

A few questions still remain to be answered. How do industry behemoths VMware and Microsoft plan to integrate standardization in their next product plan? What role could TSPs/carriers play in shaping standardization for cloud computing? Read about HCL's suite of services here.


  1. Hype Cycle –
  2. NIST –
  3. Forrester –
  4. DMTF –
  5. CDMI –
  6. SOCCI –
  7. CISCO –