Cloud Computing has helped us understand both the opportunity, and the need, to decouple physical IT infrastructure from the requirements of business. In theory cloud computing greatly enhances an organization’s ability to not only decommission inefficient data center resources, but even more importantly eases the process an organization needs to develop when moving to integration and service-orientation within supporting IT systems.
Current cloud computing standards, such as published by the US National Institute of Standards and Technology (NIST) have provided very good definitions, and solid reference architecture for understanding at a high level a vision of cloud computing.
However these definitions, while good for addressing the vision of cloud computing, are not at a level of detail needed to really understand the potential impact of cloud computing within an existing organization, nor the potential of enabling data and systems resources to meet a need for interoperability of data in a 2020 or 2025 IT world.
The key to interoperability, and subsequent portability, is a clear set of standards. The Internet emerged as a collaboration of academic, government, and private industry development which bypassed much of the normal technology vendor desire to create a proprietary product or service. The cloud computing world, while having deep roots in mainframe computing, time-sharing, grid computing, and other web hosting services, was really thrust upon the IT community with little fanfare in the mid-2000s.
While NIST, the Open GRID Forum, OASIS, DMTF, and other organizations have developed some levels of standardization for virtualization and portability, the reality is applications, platforms, and infrastructure are still largely tightly coupled, restricting the ease most developers would need to accelerate higher levels of integration and interconnections of data and applications.
NIST’s Cloud Computing Standards Roadmap (SP 500-291 v2) states:
“…the migration to cloud computing should enable various multiple cloud platforms seamless access between and among various cloud services, to optimize the cloud consumer expectations and experience.
Cloud interoperability allows seamless exchange and use of data and services among various cloud infrastructure offerings and to the the data and services exchanged to enable them to operate effectively together.”
Very easy to say, however the reality is, in particular with PaaS and SaaS libraries and services, that few fully interchangeable components exist, and any information sharing is a compromise in flexibility.
The Open Group, in their document “Cloud Computing Portability and Interoperability” simplifies the problem into a single statement:
“The cheaper and easier it is to integrate applications and systems, the closer you are getting to real interoperability.”
The alternative is of course an IT world that is restrained by proprietary interfaces, extending the pitfalls and dangers of vendor lock-in.
What Can We Do?
The first thing is, the cloud consumer world must make a stand and demand vendors produce services and applications based on interoperability and data portability standards. No IT organization in the current IT maturity continuum should be procuring systems that do not support an open, industry-standard, service-oriented infrastructure, platform, and applications reference model (Open Group).
In addition to the need for interoperable data and services, the concept of portability is essential to developing, operating, and maintaining effective disaster management and continuity of operations procedures. No IT infrastructure, platform, or application should be considered which does not allow and embrace portability. This includes NIST’s guidance stating:
“Cloud portability allows two or more kinds of cloud infrastructures to seamlessly use data and services from one cloud system and be used for other cloud systems.”
The bottom line for all CIOs, CTOs, and IT managers – accept the need for service-orientation within all existing or planned IT services and systems. Embrace Service-Oriented Architectures, Enterprise Architecture, and at all costs the potential for vendor lock-in when considering any level of infrastructure or service.
Standards are the key to portability and interoperability, and IT organizations have the power to continue forcing adoption and compliance with standards by all vendors. Do not accept anything which does not fully support the need for data interoperability.
Federal, state, and local government agencies gathered in Washington D.C. on 16 February to participate in Cloud/Gov 2012 held at the Westin Washington D.C. With Keynotes by David L. McLure, US General Services Administration, and Dawn Leaf, NIST, vendors and government agencies were brought up to date on federal cloud policies and initiatives.
Of special note were updates on the FedRAMP program (a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services) and NIST’s progress on standards. “The FedRAMP process chart looks complicated” noted McLure, “however we are trying to provide support needed to accelerate the (FedRAMP vendor) approval process.
McLure also provided a roadmap for FedRAMP implementation, with FY13/Q2 targeted for full operation and FY14 planned for sustaining operations.
In a panel focusing on government case studies, David Terry from the Department of Education commented that “mobile phones are rapidly becoming the access point (to applications and data) for young people.” Applications (SaaS) should be written to accommodate mobile devices, and “auto-adjust to user access devices.”
Tim Matson from DISA highlighted the US Department of Defense’s Forge.Mil initiative providing an open collaboration community for both the military and development community to work together in rapidly developing new applications to better support DoD activities. While Forge.Mil has tighter controls than standard GSA (US General Services Administration) standards, Matson emphasized “DISA wants to force the concept of change into the behavior of vendors.” Matson continued explaining that Forge.Mil will reinforce “a pipeline to support continuous delivery” of new applications.
While technology and process change topics provided a majority of discussion points, mostly enthusiastic, David Mihalchik from Google advised “we still do not know the long term impact of global collaboration. The culture is changing, forced on by the idea of global collaboration.”
Other areas of discussion among panel members throughout the day included the need for establishing and defining service level agreements (SLAs) for cloud services. Daniel Burton from SalesForce.Com explained their SLAs are broken into two categories, SLAs based on subscription services, and those based on specific negotiations with government customers. Other vendors took a stab at explaining their SLAs, without giving specific examples of their SLAs, leaving the audience without a solid answer.
NIST Takes the Leadership Role
The highlight of the day was provided by Dawn Leaf, Senior Executive for Cloud Computing with NIST. Leaf provided very logical guidance for all cloud computing stakeholders, including vendors and users.
“US industry requires an international standard to ensure (global) competitiveness” explained Leaf. In the past US vendors and service providers have developed standards which were not compatible with European and other standards, notably in wireless telephony, and one of NIST’s objectives is to participate in developing a global standard for cloud computing to prevent this possibility in cloud computing.
Cloud infrastructure and SaaS portability is also a high interest item for NIST. Leaf advises that “we can force vendors into demonstrating their portability. There are a lot of new entries in the business, and we need to force the vendors into proving their portability and interoperability.”
Leaf also reinforced the idea that standards are developed in the private sector. NIST provides guidance and an architectural framework for vendors and the private sector to use as reference when developing those specific technical standards. However leaf also had one caution for private industry, “industry should try to map their products to NIST references, as the government is not in a position to wait” for extended debates on the development of specific items, when the need for cloud computing development and implementation is immediate.
Further information on the conference, with agendas and participants is available at www.sia.net