1、 ETSI TR 102 997 V1.1.1 (2010-04)Technical Report CLOUD;Initial analysis of standardization requirements forCloud servicesETSI ETSI TR 102 997 V1.1.1 (2010-04) 3Contents Intellectual Property Rights 4g3Foreword . 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references
2、5g33 Abbreviations . 6g34 Cloud computing - an introduction 6g35 Standards Requirements for Cloud Computing 7g35.1 Portability . 7g35.2 Interoperability of clouds . 7g35.3 Closer integration of IT and network resources . 8g35.4 APIs to networking/data movement functionality 9g35.5 Support for buildi
3、ng, modelling, testing and deploying applications . 9g35.6 Support for optimisation of distributed applications 9g35.7 Clearly defined SLAs, fit for business use . 10g35.8 Data protection, privacy, and security in clouds . 10g35.9 Regulatory Aspects. 11g35.10 Near real time Cloud (e.g. Media transfo
4、rmation (rendering/transcoding) . 11g35.11 Software Licensing . 11g3History 13g3ETSI ETSI TR 102 997 V1.1.1 (2010-04) 3Contents Intellectual Property Rights 4g3Foreword . 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Abbreviations . 6g34 Cloud computing
5、- an introduction 6g35 Standards Requirements for Cloud Computing 7g35.1 Portability . 7g35.2 Interoperability of clouds . 7g35.3 Closer integration of IT and network resources . 8g35.4 APIs to networking/data movement functionality 9g35.5 Support for building, modelling, testing and deploying appli
6、cations . 9g35.6 Support for optimisation of distributed applications 9g35.7 Clearly defined SLAs, fit for business use . 10g35.8 Data protection, privacy, and security in clouds . 10g35.10 Near real time Cloud (e.g. Media transformation (rendering/transcoding) . 11g35.11 Software Licensing . 11g3Hi
7、story 13g3ETSI ETSI TR 102 997 V1.1.1 (2010-04) 4Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be
8、 found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant
9、to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document
10、. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee CLOUD (CLOUD), formerly TC GRID (GRID). ETSI ETSI TR 102 997 V1.1.1 (2010-04) 51 Scope The present document describes standardisation requirements for cloud services. It is based on the outcome of the ETSI TC GRID Wo
11、rkshop, “Grids, Clouds and Service Infrastructures“, 2 and 3 December 2009. This event brought together key stakeholders of the grid, cloud and telecommunication domains to review state of the art and current trends. Needs for standardisation, with a particular focus on the emerging area of cloud co
12、mputing and services, were discussed. The present document introduces and expands on the conclusions reached. This is not an exhaustive survey and is intended to serve as the basis for future work. 2 References References are either specific (identified by date of publication and/or edition number o
13、r version number) or non-specific. For a specific reference, subsequent revisions do not apply. Non-specific reference may be made only to a complete document or a part thereof and only in the following cases: - if it is accepted that it will be possible to use all future changes of the referenced d
14、ocument for the purposes of the referring document; - for informative references. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of
15、 publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of the referen
16、ced document (including any amendments) applies. Not applicable. 2.2 Informative references The following referenced documents are not essential to the use of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest version of th
17、e referenced document (including any amendments) applies. i.1 The NIST Definition of Cloud Computing, Peter Mell and Tim Grance, Version 15, 10 July 2009. NOTE: See http:/csrc.nist.gov/groups/SNS/cloud-computing/. i.2 Workshop on “Grids, Clouds and Service Infrastructures“, 1-3 December 2009, ETSI,
18、Sophia Antipolis, France. NOTE: See http:/www.etsi.org/plugtests/GRID09/GRID.htm. i.3 Open Virtualization Format Specification, DMTF Document Number DSP0243, 12 January 2010. NOTE: See http:/www.dmtf.org/initiatives/vman_initiative. ETSI ETSI TR 102 997 V1.1.1 (2010-04) 6i.4 “Cloud Computing and the
19、 Internet“, Vinton Cerf, Google Research Blog, 28 April 2009. NOTE: See http:/ i.5 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy
20、 and electronic communications). i.6 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing or personal data and on the free movement of such data. 3 Abbreviations For the purposes of the present document, th
21、e following abbreviations apply: API Application Programming Interface DMTF Distributed Management Task Force ICT Information and communication technologies LI Lawful Interception NIST National Institute of Standards and Technology OVF Open Virtualisation Format PaaS Platform-as-a-Service SLAs Servi
22、ce Level Agreements VPN Virtual Private Networks DPP Data Protection and Privacy 4 Cloud computing - an introduction The term “cloud computing“ is applied to a range of different approaches to delivering IT capabilities over networks, typically the Internet. It originates from the use of a cloud to
23、represent wide area networks in diagrams - indicating that the details of how data are transported are hidden from the endpoints. Only correct delivery is significant to the end user. The network provider has the freedom to configure its systems and operations to meet its own business goals. Cloud c
24、omputing represents the extension of this general idea to include a wider range of networked IT components such as servers, storage and data resources. The National Institute of Standards and Technology (NIST) has recently proposed a definition of cloud computing which is becoming generally accepted
25、: - “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interac
26、tion“ i.1. Various services based on cloud computing infrastructures have emerged recently. From the customers point of view, much of their attraction lies in the ability to purchase only what they need, infrastructure, value-added platforms or software packages, without having to plan far ahead. Th
27、ere is typically little up-front commitment and the potential ability to achieve flexible scaling to meet dynamic demand. This can enable “pay-as-you-grow“ commercial models. The shift to utility models such as cloud computing can be compared with the move from private circuits to Virtual Private Ne
28、tworks (VPN). Moving from private, dedicated infrastructure to a managed shared service promises clear cost benefits to the customer, provided that issues such as performance, availability and security are predictable and meet their needs. From a providers point of view, sharing of resources between
29、 customers and bulk purchasing can lead to economies of scale. Commercial trends in computing infrastructure have reached a point where these economies of scale can make provision of computing infrastructure as a utility viable. However, mainstream adoption of cloud services is currently limited, at
30、 least in part due to the technological diversity of current offerings in terms of e.g. different virtualization technologies or different interface definitions (APIs) towards the services. The following clauses describe requirements for standards to promote the development of the market for cloud s
31、ervices. This is based on the conclusions of the ETSI TC GRID Workshop i.2. ETSI ETSI TR 102 997 V1.1.1 (2010-04) 75 Standards Requirements for Cloud Computing 5.1 Portability Portability in general refers to the ability to migrate applications between different clouds. This is required to allow cus
32、tomers of cloud services to avoid the situation of being locked into a specific cloud infrastructure provider, having made the decision to run an application in the cloud. This adds to the perceived risks associated with moving to cloud computing. A potential customer needs a high level of trust in
33、the technical and commercial ability of a chosen provider to support critical business applications in the long term. Current cloud infrastructure providers offer their own proprietary interfaces to application developers. Standardised interfaces to manage cloud infrastructures and the different typ
34、es of resource they provide are required. Reducing the mismatch between different cloud infrastructure systems would not only enable a competitive market but also enable new business models where different cloud infrastructures can be traded according to price and demand. At one extreme, the ability
35、 to automatically migrate a complete running application (including any necessary monitoring and management features) from one cloud infrastructure to another would clearly be attractive to customers (but much less so to cloud infrastructure providers, particularly in the current market). Portabilit
36、y of a virtual machine images is being addressed by the DMTF Open Virtualisation Format (OVF) i.3. This should provide a good basis for limited portability but does not address complex configuration or interactions with any supporting systems. These issues are naturally within the scope of a service
37、 provider. Portability of data is essential for a typical business application. The ability for a customer to retrieve application data from one cloud infrastructure provider and import this into an equivalent application hosted by an alternative provider reduces the risk of long-term dependency. Th
38、is would probably involve a not insignificant amount of effort from the customer (or an application service provider - the details will be largely application specific and not the responsibility of a cloud infrastructure provider). Achieving data portability depends on effective standardisation of d
39、ata import and export functionality between cloud infrastructure providers. 5.2 Interoperability of clouds Interoperability is closely related to portability. Here we interpret interoperability as the ability to federate multiple clouds to support a single application. In other words, interoperabili
40、ty involves software and data simultaneously active in more than one cloud infrastructure, interacting to serve a common purpose. Considering cloud interoperability in general, the term “Intercloud“, possibly coined by Cisco TM, is starting to gain some acceptance. It is analogous to the Internet an
41、d based on a similar vision - connecting individual, essentially uncoordinated cloud infrastructures and giving control to the users. One of the lessons of the Internet is that the use of common protocols (or interfaces) readily accessible to developers has great benefits in stimulating innovation.
42、In a recent lecture, Vinton Cerf discussed the current state of play i.4: - “Each cloud is a system unto itself. There is no way to express the idea of exchanging information between distinct computing clouds because there is no way to express the idea of another cloud. Nor is there any way to descr
43、ibe the information that is to be exchanged. Moreover, if the information contained in one computing cloud is protected from access by any but authorized users, there is no way to express how that protection is provided and how information about it should be propagated to another cloud when the data
44、 is transferred“. There are two obvious scenarios that have to be considered when an application is supported by a federation across multiple clouds. In the first scenario the application is managed by an entity, which may be the end user, which interacts individually with each cloud provider. This
45、entity is directly responsible for coordination between the cloud service providers and manages the application via standardised management and monitoring interfaces. In the second scenario a cloud service provider may take on this coordination role, using services from a number of third party provi
46、ders to meet the overall performance guarantee to the end user. One example could be a compute cloud provider using a network provider for delivery. This scenario requires standards for the sharing of management information such as SLA goals between service providers without exposing too much confid
47、ential detail of how the goals are met. ETSI ETSI TR 102 997 V1.1.1 (2010-04) 8Even these two quite obvious scenarios allow us to suggest a number of dimensions for the discussion of Cloud interoperability: Application/Service: Interoperability standards should support distributed applications with
48、predictable behaviour and performance. Components of a single application could be deployed across multiple cloud infrastructure providers and possibly reconfigured while running, or with limited interruption, to respond to changes in usage patterns or resource availability, for example. Application
49、 configuration should be resilient to changes in the configuration within each cloud - for example scaling or migration of computational resources. Management: Standardised interfaces should be provided by cloud service providers so that a single application can be managed in a consistent way, end-to-end - substantially independent of the details of its deployment across multiple cloud infrastructures. It will be possible for a management application to control and coordinate componen
