1、 ETSI SR 003 392 V2.1.1 (2016-02) Cloud Standards Coordination Phase 2; Cloud Computing Standards Maturity Assessment; A new snapshot of Cloud Computing Standards SPECIAL REPORT ETSI ETSI SR 003 392 V2.1.1 (2016-02) 2 Reference DSR/NTECH-00033 Keywords Cloud computing, maturity assessment ETSI 650 R
2、oute des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.et
3、si.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived differenc
4、e in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change
5、of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff
6、.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of
7、 ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade
8、Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI SR 003 392 V2.1.1 (2016-02) 3 Contents Intellectual Property Rights 7g3Foreword . 7g3Modal verbs terminology 7g
9、3Introduction 7g31 Scope 8g32 References 8g32.1 Normative references . 8g32.2 Informative references 8g33 Definitions and abbreviations . 9g33.1 Definitions 9g33.2 Abbreviations . 9g34 Cloud Computing Standards Maturity Assessment 10g34.1 Context . 10g34.2 Objectives . 11g34.3 Approach 11g34.4 Targe
10、t audience 12g34.5 Content of the present document 12g35 Actors, Roles and Use Cases 12g35.1 Introduction 12g35.2 Roles . 12g35.3 Use Cases . 13g36 Evolution of the Cloud Computing standards and specifications landscape 14g36.1g3 Introduction 14g36.2g3 Customers and Users view on Cloud Computing Sta
11、ndards, Specifications and Certification 15g36.2.0 Introduction. 15g36.2.1 Moving to the Cloud . 15g36.2.2 Standards and specifications . 15g36.2.3 Main areas of concern . 15g36.2.4 Certification 15g36.3 Cloud Computing Standardization and Certification . 16g36.4 Cloud Computing Standards and specif
12、ications and the Cloud Service life-cycle . 17g36.4.1 Introduction. 17g36.4.2 Standards and specifications as pre-conditions to all (life-cycle) phases . 17g36.4.3 Standards and specifications in support of (life-cycle) Phase 1: Acquisition of Cloud Service . 18g36.4.4 Standards and specifications i
13、n (life-cycle) Phase 2: Operation of Cloud Service . 19g36.4.5g3 Standards and specifications in (life-cycle) Phase 3: Termination of Cloud Service . 20g37 Users concerns: how standards and specifications can help. 20g37.1 Introduction 20g37.2 Comparison of user concerns: how standards and specifica
14、tions can help. 20g37.3 How standards and specifications are in support of users concerns 21g37.3.0 Introduction. 21g37.3.1 Cloud Service Level Agreements . 21g37.3.2 Interoperability . 22g37.3.3 Security . 22g37.3.4 Other concerns 23g37.4 Summary 23g38 Conclusions and Recommendations . 23g39 Areas
15、for further study . 25g3Annex A: Cloud Computing Standards Landscape 26g3A.1 Presentation of results 26g3ETSI ETSI SR 003 392 V2.1.1 (2016-02) 4 A.2 SSOs and Standards list 26g3A.2.1 ATIS - Alliance for Telecommunications Industry Solutions 26g3A.2.2 CSA - Cloud Security Alliance 27g3A.2.3 DMTF - Di
16、stributed Management Task Force . 27g3A.2.4 ETSI - European Telecommunications Standards Institute 27g3A.2.5 EuroCloud 29g3A.2.6 GICTF - Global Inter-Cloud Technology Forum . 30g3A.2.7 IEEE - Institute for Electrical and Electronics Engineers . 30g3A.2.8 ISO/IEC - International Organization for Stan
17、dardization / International Electrical Commission 30g3A.2.9 ITU-T - ITU Telecommunication Standardization Sector 31g3A.2.10 NIST - National Institute of Standards and Technology 31g3A.2.11 OASIS - Organization for the Advancement of Structured Information Standards . 31g3A.2.12 ODCA - Open Data Cent
18、er Alliance 32g3A.2.13 OGF - Open Grid Forum 32g3A.2.14 SNIA - Storage Networking Industry Association . 32g3A.2.15 TIA - Telecommunications Industry Association . 33g3A.2.16 TMF - TeleManagement Forum . 33g3Annex B: Standards in the CC Service life-cycle 34g3B.1 Introduction 34g3B.2 Pre-condition t
19、o all phases . 34g3B.3 Phase 1 activities: Acquisition of a Cloud Service . 34g3B.4 Phase 2 activities: Operation of a Cloud Service . 36g3B.5 Phase 3 activities: Termination of a Cloud service 37g3Annex C: Change History . 38g3History 39g3ETSI ETSI SR 003 392 V2.1.1 (2016-02) 5 List of figures Figu
20、re 1: Roles and parties in Cloud Computing 12g3Figure 2: High Level Use Cases 13g3Figure 3: Users concerns in the Cloud Standards Coordination Phase 2 survey 20g3ETSI ETSI SR 003 392 V2.1.1 (2016-02) 6 List of tables Table 1: Cloud Computing Standards, Specifications and Certification Setting Organi
21、zations 15g3Table 2: Standards and specifications as pre-conditions to all (life-cycle) phases 16g3Table 3: Standards and specifications in support of (life-cycle) Phase 1: Acquisition of Cloud Service 17g3Table 4: Standards and specifications in (life-cycle) Phase 2: Operation of Cloud Service18g3T
22、able 5: Standards and specifications in (life-cycle) Phase 3: Termination of Cloud Service 19g3Table A.1: Atis standards 25g3Table A.2: CSA standards .26g3Table A.3: DMTF standards 26g3Table A.4: ETSI standards 26g3Table A.5: Eurocloud standards 28g3Table A.6: GICTF standards .29g3Table A.7: IEEE st
23、andards 29g3Table A.8: ISO/IEC standards .29g3Table A.9: ITU-T standards 30g3Table A.10: NIST standards 30g3Table A.11: OASIS standards .30g3Table A.12: ODCA standards .31g3Table A.13: OGF standards .31g3Table A.14: SNIA standards .31g3Table A.15: TIA standards 32g3Table A.16: TMF standards.32g3Tabl
24、e B.1: Pre-conditions to all (life-cycle) phases.33g3Table B.2: Activities for “Acquisition of a Cloud Service“ 34g3Table B.3: Activities in “Operation of a Cloud Service“ .35g3Table B.4: Activities in “Termination of a Cloud service“36g3ETSI ETSI SR 003 392 V2.1.1 (2016-02) 7 Intellectual Property
25、Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essent
26、ial, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried ou
27、t by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Special Report (SR) has been produced by ETSI Technical Committee Net
28、work Technologies (NTECH). The present document is approved by the NTECH Technical Committee and for publication of the Cloud Standards Coordination website (http:/csc.etsi.org). Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“,
29、“will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction Cloud Computing is increasingly use
30、d as the platform for ICT infrastructure provisioning, application/systems development and end user support of a wide range of core services and applications for businesses and organizations. Cloud Computing is drastically changing the way ICT is delivered and used. However, many challenges remain t
31、o be tackled. Concerns such as security, vendor lock-in, interoperability and accessibility, service level agreements more oriented towards users are examples of issues that need to be addressed. In February 2015, the Cloud Standards Coordination (CSC) Phase 2 (CSC-2) was launched by ETSI to address
32、 issues left open after the Cloud Standards Coordination Phase 1 (CSC-1) work was completed at the end of 2013, with a particular focus on the point of view of the Cloud Computing users (e.g. SMEs, Administrations). The present document describes the results of the second Cloud Computing Standards M
33、aturity Assessment held by CSC-2, roughly two years after the first one. ETSI ETSI SR 003 392 V2.1.1 (2016-02) 8 1 Scope The present document describes the results of the second assessment of Cloud Computing Standards maturity held by CSC-2, roughly two years after the first one. 2 References 2.1 No
34、rmative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments)
35、 applies. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The foll
36、owing referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version
37、 applies. For non-specific references, the latest version of the reference document (including any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not
38、 necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 Cloud Standards Coordination, Final Report, November 2013. NOTE: See: http:/www.etsi.org/images/files/events/2013/2013_csc_delivery_Ws/csc-Final_report-013-csc_Final_report_v
39、1_0_pdF_format-.pdF. i.2 ETSI SR 003 381 (10-2015): “Cloud Standards Coordination Phase 2; Identification of Cloud user needs“. i.3 ETSI SR 003 382 (10-2015): “Cloud Standards Coordination Phase 2; Cloud Computing Standards and Open Source; Optimizing the relationship between standards and Open Sour
40、ce in Cloud Computing“. i.4 ETSI SR 003 391 (10-2015): “Cloud Standards Coordination Phase 2; Interoperability and Security“. i.5 Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/1
41、5/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council Text with EEA rel
42、evance. NOTE: See: http:/eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32012R1025. ETSI ETSI SR 003 392 V2.1.1 (2016-02) 9 i.6 Communication from the Commission to the European Parliament, the Council, The european Economic and Social Committee and the Committee of the Regions: “Unleashing the P
43、otential of Cloud Computing in Europe“. NOTE: Available at: http:/eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF. i.7 ISO/IEC 17789: “Information technology - Cloud computing - Reference architecture“. i.8 Recommendation ITU-T Y.3502: “Information technology - Cloud computin
44、g - Reference architecture“. i.9 ISO/IEC CD 19944: “Information Technology - Cloud computing - Data and their Flow across Devices and Cloud Services“. i.10 ISO/IEC 17788: “Information Technology - Cloud computing -Overview and vocabulary“. 3 Definitions and abbreviations 3.1 Definitions For the purp
45、oses of the present document, the following terms and definitions apply: specifications: output from an SSO (see i.5) that may become a standard when ratified by an SDO standards: output from an SDO (see i.5) Standards Development Organization (SDO): organization that develops standards that has a f
46、ormal recognition by international treaties, regulation, etc. NOTE 1: In the list of SSOs presented in Annex A, the SDOs are: ETSI, IEC, ISO, ITU, ITU-T. NOTE 2: The SDOs are a subset of the SSOs. Standards Setting Organization (SSO): any entity whose primary activities are developing, coordinating,
47、 promulgating, revising, amending, reissuing, interpreting, or otherwise maintaining specifications and standards that address the interests of a wide base of users outside the standards development organization NOTE: As an example, the organizations listed in Annex A are SSOs. 3.2 Abbreviations For
48、 the purposes of the present document, the following abbreviations apply: API Application Programming Interface 3GPP Third Generation Partnership Project CADF Cloud Auditing Data Federation CAMP Cloud Application Management for Platforms CC Cloud Computing CCM Cloud Control Matrix CCSL Cloud Certifi
49、cation Schemes List CDMI Cloud Data Management Interface CDN Content Delivery Network CIMI Cloud Infrastructure Management Interface CSA Cloud Security Alliance CSC Cloud Service Customer CSC-1 Cloud Standards Coordination Phase 1 CSC-2 Cloud Standards Coordination Phase 2 C-SIG Cloud Selected Industry Group CSP Cloud Service Provider CTP Cloud Trust Protocol DMTF Distributed Management Task Force DSCI Data Security Council of India EC European Commission ETSI ETSI SR 003 392 V2.1.1 (2016-02) 10 ENISA European Union Agency for Network and Inf
