1、BSI Standards Publication BS ISO/IEC 17789:2014 Information technology Cloud computing Reference architectureBS ISO/IEC 17789:2014 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 17789:2014. The UK participation in its preparation was entrusted to Technic
2、al Committee IST/38, Distributed application platforms and services (DAPS). A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correc
3、t application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 80196 9 ICS 35.100.05 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and St
4、rategy Committee on 31 October 2014. Amendments issued since publication Date Text affectedBS ISO/IEC 17789:2014Reference number ISO/IEC 17789:2014(E) ISO/IEC 2014INTERNATIONAL STANDARD ISO/IEC 17789 First edition 2014-10-15 Information technology Cloud computing Reference architecture Technologies
5、de linformation Informatique en nuage Architecture de rfrence BS ISO/IEC 17789:2014 ISO/IEC 17789:2014(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electr
6、onic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. +
7、 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2014 All rights reservedBS ISO/IEC 17789:2014Rec. ITU-T Y.3502 (08/2014) iii CONTENTS Page 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations | International Standards 1 2
8、.2 Additional references 1 3 Definitions 1 3.1 Terms defined elsewhere . 1 3.2 Terms defined in this Recommendation | International Standard 1 4 Abbreviations . 2 5 Conventions 2 6 Cloud computing reference architecture goals and objectives 3 7 Reference architecture concepts . 4 7.1 CCRA architectu
9、ral views . 4 7.2 User view of cloud computing 5 7.3 Functional view of cloud computing . 7 7.4 Relationship between the user view and the functional view 8 7.5 Relationship of the user view and functional view to cross-cutting aspects 8 7.6 Implementation view of cloud computing . 9 7.7 Deployment
10、view of cloud computing 9 8 User view 9 8.1 Introduction to roles, sub-roles and cloud computing activities 9 8.2 Cloud service customer . 10 8.3 Cloud service provider 14 8.4 Cloud service partner 21 8.5 Cross-cutting aspects . 23 9 Functional view 29 9.1 Functional architecture 29 9.2 Functional c
11、omponents . 30 10 Relationship between the user view and the functional view . 38 10.1 General 38 10.2 Overview . 38 Annex A Further details regarding the user view and functional view . 44 A.1 The cloud service customercloud service provider relationship 44 A.2 The providerpeer provider (or “inter-
12、cloud“) relationship 47 A.3 The cloud service developercloud service provider relationship . 50 A.4 The cloud service providerAuditor relationship 51 Bibliography 53 ISO/IEC 17789:2014 (E) BS ISO/IEC 17789:2014 ISO/IEC 17789:2014(E) iv ISO/IEC 2014 All rights reservedForeword ISO (the International
13、Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by th
14、e respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of in
15、formation technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft Interna
16、tional Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document
17、may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 17789 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 38, Distributed application platforms and services (DAPS), in c
18、ollaboration with ITU-T. The identical text is published as ITU-T Rec. Y.3502 (08/2014). BS ISO/IEC 17789:2014 ISO/IEC 17789:2014 (E) Rec. ITU-T Y.3502 (08/2014) 1 INTERNATIONAL STANDARD RECOMMENDATION ITU-T Information technology Cloud computing Reference architecture 1 Scope This Recommendation |
19、International Standard specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships. 2 Normative references The following Recommendations a
20、nd International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreeme
21、nts based on this Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication S
22、tandardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations | International Standards Recommendation ITU-T Y.3500 (2014) | ISO/IEC 17788:2014, Information technology Cloud computing Overview and vocabulary. 2.2 Additional references ISO/I
23、EC 29100:2011, Information technology Security techniques Privacy framework. 3 Definitions For the purposes of this Recommendation | International Standard, the terms and definitions in Rec. ITU-T Y.3500 | ISO/IEC 17788 and the following definitions apply. 3.1 Terms defined elsewhere The following t
24、erm is defined in ISO/IEC/IEEE 42010: 3.1.1 architecture: Fundamental concepts or properties of a system in its environment embodied in its elements, relationships and in the principles of its design and evolution. The following term is defined in ISO/IEC 29100: 3.1.2 personally identifiable informa
25、tion (PII): Any information that (a) can be used to identify the PII principal to whom such information relates, or (b) is or might be directly or indirectly linked to a PII principal. NOTE To determine whether a PII principal is identifiable, account should be taken of all the means which can reaso
26、nably be used by the privacy stakeholder holding the data, or by any other party, to identify that natural person. 3.2 Terms defined in this Recommendation | International Standard This Recommendation | International Standard defines the following terms: 3.2.1 activity: A specified pursuit or set of
27、 tasks. 3.2.2 cloud service product: A cloud service, allied to the set of business terms under which the cloud service is offered. NOTE Business terms can include pricing, rating and service levels. 3.2.3 functional component: A functional building block needed to engage in an activity (clause 3.2.
28、1), backed by an implementation. BS ISO/IEC 17789:2014 ISO/IEC 17789:2014 (E) 2 Rec. ITU-T Y.3502 (08/2014) 3.2.4 peer cloud service: A cloud service of one cloud service provider which is used as part of a cloud service of one or more other cloud service providers. 3.2.5 peer cloud service provider
29、: A cloud service provider who provides one or more cloud services for use by one or more other cloud service providers as part of their cloud services. 3.2.6 product catalogue: A listing of all the cloud service products (clause 3.2.2) which cloud service providers make available to cloud service c
30、ustomers. 3.2.7 role: A set of activities (clause 3.2.1) that serves a common purpose. 3.2.8 service catalogue: A listing of all the cloud services of a particular cloud service provider. 3.2.9 sub-role: A subset of the activities (clause 3.2.1) of a given role (clause 3.2.7). 4 Abbreviations For th
31、e purposes of this Recommendation | International Standard, the following abbreviations apply: API Application Programming Interface CaaS Communications as a Service CCRA Cloud Computing Reference Architecture CPU Central Processing Unit CS Cloud Service CSC Cloud Service Customer CSN Cloud Service
32、partner CSP Cloud Service Provider IaaS Infrastructure as a Service ICT Information and Communication Technology KPI Key Performance Indicator MSA Master Service Agreement NaaS Network as a Service PaaS Platform as a Service PII Personally Identifiable Information QoS Quality of Service RAM Random A
33、ccess Memory SaaS Software as a Service SLA Service Level Agreement ToS Terms of Service T to describe the fundamental characteristics of cloud computing systems; to specify basic cloud computing activities and functional components, and describe their relationships to each other and to the environm
34、ent; to identify principles guiding the design and evolution of the CCRA. The CCRA supports the following important standardization objectives: to enable the production of a coherent set of international standards for cloud computing; to provide a technology-neutral reference point for defining stan
35、dards for cloud computing; to encourage openness and transparency in the identification of cloud computing benefits and risks. The CCRA focuses on the requirements of “what“ cloud services provide and not on “how to“ design cloud-based solutions and implementations. The CCRA does not represent the s
36、ystem architecture of a specific cloud computing system, although it could put constraints on a specific system. The CCRA is not tied to any specific vendor products, services or reference implementation; nor does it define prescriptive solutions that inhibit innovation. The CCRA is also intended to
37、: facilitate the understanding of the operational intricacies of cloud computing; illustrate and provide understanding of various cloud services and their provisioning and use; provide a technical reference to enable the international community to understand, discuss, categorize and compare cloud se
38、rvices; be a tool for describing, discussing, and for developing a system-specific architecture using a common framework of reference; facilitate the analysis of candidate standards in areas including security, interoperability, portability, reversibility, reliability and service management, and sup
39、port analysis of reference implementations. BS ISO/IEC 17789:2014 ISO/IEC 17789:2014 (E) 4 Rec. ITU-T Y.3502 (08/2014) 7 Reference architecture concepts This Recommendation | International standard defines a CCRA that can serve as a fundamental reference point for cloud computing standardization and
40、 which provides an overall framework for the basic concepts and principles of a cloud computing system. This clause provides an overview of the architectural approaches that are used in this Recommendation | International standard. 7.1 CCRA architectural views Cloud computing systems can be describe
41、d using a viewpoint approach. Four distinct viewpoints are used in the CCRA (see Figure 7-1): user view; functional view; implementation view; and deployment view. Figure 7-1 Transformations between architectural views Table 7-1 provides a description of each of these views. Table 7-1 CCRA views CCR
42、A view Description of the CCRA view Scope User view The system context, the parties, the roles, the sub-roles and the cloud computing activities Within scope Functional view The functions necessary for the support of cloud computing activities Within scope Implementation view The functions necessary
43、 for the implementation of a cloud service within service parts and/or infrastructure parts Out of scope Deployment view How the functions of a cloud service are technically implemented within already existing infrastructure elements or within new elements to be introduced in this infrastructure Out
44、 of scope NOTE While details of the user view and functional view are addressed within this Recommendation | International Standard, the implementation and deployment views are related to technology and vendor-specific cloud computing implementations and actual deployments, and are therefore out of the scope of this Recommendation | International Standard. Figure 7-2 shows the transition from the user view to the functional view. Details are presented in clause 7.4.
