Cloud Computing Is An Evolutionary Paradigm

Published Date: 02 Nov 2017

Abstract:

Cloud computing is an evolutionary paradigm for service delivery in IT industry. Technological evolution and adoption of cloud by leading companies diverge into development of too many standards. With the wide spread of the technology these standards cause problems like vendor lock-in preventing the future adoption. Many standardized bodies have developed their own standards but still their adoption is difficult and complex. In this paper, we conduct a comprehensive and systematic survey of standardization activities in cloud computing by different groups, standardization bodies, research communities and industries. A total of 31 standard initiatives from 20 different bodies are analyzed. Objective of the survey is to understand the different areas of standardization giving a detailed comparison between the standards to create a roadmap for future of standards. This survey encourages standardization communities to adopt and build common standards with core dimensions of creation of the architecture and framework, cloud management and cloud communication.

1. Introduction:

Cloud computing inherits the future of service delivery in IT industry with pay-as-you use and abstracted infrastructure. In recent time cloud computing became popular and it holds a place in Gartner top strategic technologies list for third successive year [1]. Cloud computing is adopted by many organizations and government bodies. A report submitted by IDC (International Data Corporation) in 2010 says investment in Public cloud services adoption will grow at over five times the rate of the traditional IT industry. Cloud service providers will account for 12% of IT infrastructure spending, growing to 20% by 2014 [2]. Gartner in March 2009 forecasted that the cloud computing worldwide market will reach $150 billion in 2013. A survey conducted by F5 cloud computing (F5 Network and Applied Research West, 2009) stated that, 66% of 250 IT companies have dedicated budget funds for the Cloud, further 71% expect cloud computing budgets to grow over the next two years [3]. Coupled with the opportunities and promise of cloud computing there are many elements of risk and management complexities. Many cloud adopters ask following questions before adopting cloud [11]:

How do I integrate computer, network and storage service from one or more cloud service providers to my business and IT process?

How do I manage security and business continuity risk across many cloud service cloud providers?

How do I manage the Lifecycle of a service in a distributed multi-provider environment in order to satisfy a service level agreement (SLA) with my customers?

How do I maintain effective governance and audit processes across integrated datacenters and cloud providers?

How do I adopt or switch to new cloud providers?

As stated by the above questions, there are many incompatibilities in smooth transition or adopting cloud computing. These incompatibilities can be Technical e.g. Security, Reliability or Business e.g. Pricing, Expense or Semantic e.g. Interoperability, Portability. Fig-2 shows main challenges in cloud computing [11]:

Fig-2(Cloud management challenges)

These challenges don’t allow industries as well as users to make use of full potential of cloud computing. The primary reason is the lack of an industry standard for defining cloud computing applications and their management. The industry needs to think how this new computing paradigm will impact organizations, how it can be used with existing technologies, and the potential pitfalls of this technology. Without an appropriate standardized framework, architecture, API’s and security policies — the biggest area of critique preventing the cloud’s wider adoption — is difficult. Dealing with these challenges in industry and research has the potential to bring cloud computing to the next level [10].

Key briefing on cloud standardization by industry experts:

a) Dan Kusnetzky, IT analyst of The Kusnetzky Group stated, "The need for standards that will allow such portability will became evident when IT users soon realize that the cloud decisions that may made early, before adequate standards had evolved, can make their future cloud moves difficult or even impossible due to incompatibilities among vendors and cloud configuration."[6]

b) Nirlay Kundu, Senior manager at Wipro Consulting Services says"A lack of security standards—addressing issues such as data privacy and encryption—is also hurting wider cloud-computing adoption."

c) Director of Standards Architecture at VMware, Winston Bumpus says "The next set of standards under development will revolutionize compute and data sharing in a similar fashion. This next generation of standards is being developed for cloud computing and will drive fundamental changes in the way we consume computing resources[4]."

d) According to Lynda Stadtmueller, program director for cloud computing at Frost & Sullivan’s Stratecast says "an effective lack of standardization makes it difficult for buyers to compare and evaluate cloud offerings".

The rest of this paper is structured as follows. Section 2 describes Research methods used to conduct this survey. Section 3 discusses all standard initiatives in detail. Section 4 describes current status of cloud computing standard initiatives. Section 5 gives standardization gaps and recommendations to build new cloud standards.

1.1 Related Work:

Different work and various initiatives both at low and high level are been done in the field of standardization in cloud computing. NTT technical review consolidated all the standardization activities in comprehensive manner [12]. Booz & Co. listed the standards highlighting the importance of standards in facing challenges of cloud computing. National institute of standards and technology (NIST) study different areas for standardization and provide roadmap for cloud computing standards [8]. IETF also listed all main SDO (standard development organizations) and provide introduction to each [33]. This survey gives a detailed and extensive insight into standard initiatives emphasizing on comparison between standards and giving future roadmap for these standards.

2. Research Methods:

2.1 Research Questions:

This survey aims at summarizing the current state of the art standards in cloud computing by proposing answers to the following questions:

a) What standard initiatives exist or are under development for cloud computing?

b) Which cloud product or process implements those standards?

c) How well these standards have worked for implementation of cloud (Success or Failure of standards)?

d) Which cloud standard bodies or industries are collaborating for development of standards?

e) Which standards are accepted world-wide by all bodies and industries?

2.2 Source of information:

In order to conduct this survey a systematic mythology is used to review the literature [5].

We started survey by searching major online research databases of computer science, i.e.

IEEE Xplore,

ACM digital Library,

Google Scholar,

Standardization bodies,

Industries Initiatives,

Research conducted by institutes,

Research organizations/communities.

Based on research questions a set of keywords were defined to search in research databases. All standards found in search of databases were listed and each standard was reviewed individually.

Table 1 gives keywords and their synonyms for searching standards.

Keyword

Synonyms

Cloud Computing Standards

Cloud Standards, Cloud Computing Standardization, Standardization in cloud computing, Standards for cloud,

Cloud Interoperability

Interoperability in cloud, Cloud computing interoperability

Cloud standard bodies

Cloud standard organization/institutes/communities

2.3 Study Selection:

Keywords were defined to find standards. Study selection process is shown in fig-3. This systematic survey started with defining research questions as stated in section-2.1. In next step we define keywords and their synonyms as listed in Table 1. Using these keywords and their synonyms we conducted a search in selected online databases, research institutes/industries and standardization bodies’ websites. Relevant standards were listed. Then each standard is studied one by one from their respective websites and online resources. Document, code or any other resource of standards were studied and review is generated. Then, relationship between standards is studied. Finally, Reference analysis is done to ensure that no known standard is left till date.

Fig-3(Selection Process)

2.4 Result and discussion:

A total of 31 Standard initiatives were found using above selection process. These standard initiatives were categorized in three parts viz. Architecture & Framework, Cloud Management and Cloud Communication. Hierarchy of categorization is shown in figure below:

Fig-4 (Categorization of cloud standard Initiatives)

Fig-5 shows breakdown of found standard initiatives in cloud computing, 10 standards are found in two areas viz. Architecture & Framework, Cloud Management and 11 standard initiatives found in Cloud Communication.

Fig-5 (contribution of standard initiatives)

Fig-6 shows year wise standard initiatives from 2006 to 2012 in all three categories. As seen in graph highest numbers of standard initiatives are in 2009 viz. 12 followed by 2010 viz. 5. Standards initiatives started in 2009 and 2010 are maturing and research is going on implementing these standards. This is reason in 2011 and 2012 only 3 standard initiatives are started.

Fig-6(No. of standard initiatives per year)

Standard initiatives are also classified based on type of standard bodies’ viz. Forum standard bodies, ICT (information and communication technology) - oriented standard bodies, de jure (concerning law) standard bodies. Fig-7 shows these bodies:

Fig-7(contribution from different standard bodies)

Following section will discuss the findings of above selection process for each focus area as shown in fig-4.

3. Standardization Initiatives in Cloud Computing:

The following sections will specify relevant cloud standards and capture their area of standardization in a tabular format. Some standards may apply to more than one category therefore may be listed more than once. Table 2 shows all the standards arrange in chorological order in their respective category:

Category

Standard Name

Year

Area of standardization

Architecture & Framework

CSA

2008

Governess, Architecture

KCSA

2008

Promote cloud computing

CCUG [15]

2009

Cloud use cases

ISO/IEC JTC

2009

Definition, Terminology, Framework

OCC

2009

Benchmark, Tested

OGC-WG

2009

Architecture, Security, Use cases, Business Artefacts

OMG

2009

Coordination among bodies

ITU-T

2010

Functional Architecture, Utilization of Network

NIST

2010

Architecture, Definition, Use cases

Cloud Management

DMTF- VMAN

2007

Virtualization, Resource management

CSA

2008

Security, Risk Management

OGF

2009

Scaling, Monitoring, Deployment

TM Forum

2009

Security, Performance

CA

2010

Audit, Asses

IETF

2010

Resource Management and Monitoring

ITU-T

2010

Security

NIST

2010

Security, Monitoring

OASIS IDcloud

2010

Identity deployment, provisioning, monitoring

Fed RAMP

2012

Assessment, authorization, monitoring

Cloud Communication

ETSI-STF

2006

Interoperability testing

DMTF- VMAN

2007

Portability

CCIF

2009

Interoperability

DMTF- Incubator

2009

API’s for IAAS

GICTF

2009

Use cases for inter-cloud

OASIS SAF

2009

Knowledge sharing among provider and consumer

OGF

2009

API’s

SNIA

2009

API’s for storage

ITU-T

2010

Portability and interoperability

NIST

2010

API’s for IAAS

IEEE

2011

Portability, Interoperability

TOSCA

2012

Interoperability and portability

Table-2

3.1 Architecture & Framework:

There is need of a wide adopted cloud computing architectures and frameworks. Architecture should be generic high level conceptual model which should be powerful tool for discussing requirements, use cases, frameworks and operations in cloud computing. This architecture should not be vendor or product specific. It should contain a set of views and descriptions that are the basis for discussing the characteristics, uses and standards for cloud computing [8]. This section includes standard bodies which are currently working in development of Architecture, framework, use cases, promotion and coordination.

CSA (Cloud Security Alliance):

It is a non-profit group started in 2008 to study best practices in cloud security and governess. It also provide training, education and certification in security in cloud computing. It released many white papers [17]:

Trusted cloud initiative (TCI) reference architecture: released in 2010, it will help cloud provider to develop industry recommended, secure and interoperable identity, access and compliance management configuration, and practices [18].

Security guidance critical areas of focus in cloud computing version 3.0 released in 2011.

Top threats to cloud computing released in 2010.

Security as a Service (SecaaS) implementation guidance released in 2012.

Cloud Controls Matrix v1.3 released in 2012.

Consensus Assessments Initiative Questionnaire v1.1 released in 2011.

Korea Cloud Service Association (KCSA):

KCSA established in June, 2008. Main activities of KCSA are:

Creation of the needs and promotion of the services.

Make the environment for the service activation.

Promote and enhance the awareness of the services.

Support members and reinforce the network.

Cloud computing usecase group (CCUG):

CCUG is a forum group standard body. It started its initiative in developing cloud computing use cases in 2009. Goal of this group is to bring cloud consumer and cloud vendor to define common use cases for cloud implementation [15]. This group works in:

How applications are built in cloud computing?

How consumers use cloud?

Security in cloud.

Service level agreements.

This group also released two white papers viz. Cloud Computing use cases version 4.0 and Moving into cloud (discuss risk and reward of moving into cloud) [15]. This group is currently under OCM (open cloud Manifesto) [16].

ISO/IEC JTC (International organization for standards/ International electrotechnical commission Joint Technical Committee)

ISO is an international standard setting body. In its subcommittee 38 (SC38) meeting, ISO started a study group in Cloud Computing. ISO accepted OVF (open virtualization format) [19] developed by DMTF as a standard of packaging virtual images. After that many standards are accepted by ISO and many are under development. Some of standards ISO accepted are [14]:

ISO/IEC16680:2012- The Open Group Service Integration Maturity Model (OSIMM).

ISO/IEC 17203:2011- Open Virtualization Format (OVF) specification.

Standards that are under development are [14]:

ISO/IEC CD 17788- Cloud Computing – Vocabulary.

ISO/IEC WD 17789- Cloud Computing -- Reference Architecture.

ISO/IEC 17826- Cloud Data Management Interface (CDMI).

OCC (Open Cloud Consortium)

OCC is a non-profit organization establish in 2009. It mainly focuses on managing and operate cloud infrastructure to support scientific, environmental and healthcare research. OCC also manages testbeds for cloud computing Open Cloud Testbed. It has five working groups [20]:

The Open Science Data Cloud (OSDC) Working Group

Project Matsu- which is collaboration with NASA.

OCC Virtual Network Testbed.

The Open Cloud Testbed Working Group.

The main members include NASA, Yahoo, Cisco, and Citrix [12].

OGC-WG (Open Group Cloud- Working Group)

This group is responsible for creating a common understanding among buyers and suppliers. OGC collaborate with many other standard bodies and groups which are CSA, OCM, CCIF, and CCUG [20]. It has five working group:

Cloud architecture framework.

Cloud computing security.

Cloud computing business use cases.

Cloud computing business artefacts.

Cloud computing explained.

OGC released a white paper which presents the initial conclusions to build and measure Return on Investment (ROI) from Cloud Computing [20].

OMG (Object Management Group)

This group held a summit in 2009. It is responsible for making coordination among various standard bodies and groups. Participants in OMG are DMTF, OGF, SNIA, TM Forum

(TeleManagement Forum), OASIS, OCC, CSA, ETSI and NIST.

ITU-T (International telecommunication unit)

ITU-T started a focus group on cloud in 2010. This group works in standardization from telecommunication perspective. It has 6 working group:

Cloud Definition, Ecosystem and taxonomy, Use cases, requirement and architecture.

Cloud Security.

Infrastructure and network enabled cloud.

Cloud service and resource management.

Platform and middleware.

Cloud computing benefits and first requirement from ICT perspective.

NIST (National institute of standards and technology)

NIST is a technical department belonging to U.S. department of commerce. NIST aims to shorten the adoption cycle, which will enable near-term cost savings and increased ability to quickly create and deploy enterprise applications [24]. NIST has five working group on cloud computing standardization One of them, Standards Acceleration to Jumpstart

Adoption of Cloud Computing (SAJACC) is intended to promote the development of cloud standards based on actual examples and use cases [25]. It disclosed many different specifications and implementations.

Definition of Cloud Computing [23].

Cloud computing reference architecture [22].

Cloud computing standard roadmap [8].

3.2 Cloud Management standard initiatives:

DMTF VMAN (Distributed management task force- virtual management)

DMTF VMAN is a standard which include a set of specification that addresses the management lifecycle of virtual environment. It provides a standard format for packaging virtual machines known as OVF (open virtualization format) and makes them portable [19]. This standard is adopted by ISO [14] and ANSI [26]. It is first standard in cloud computing adopted by any world-wide recognized standardization authority. It makes virtual machines portable hence prevent many challenges of cloud computing such as vendor lock-in. It has also releases specification for OVF in detail [19].

OGF (Open grid forum)

OGF has announced OCCI (open cloud computing interface) in 2009 and released API specifications for IAAS [12]. It provides general purpose set of specifications for cloud based interaction with resources which are explicitly vendor independent, platform neutral and can be extended easily. Now OCCI is implemented for IAAS but it can be easily extended to PAAS and SAAS [28]. There are already many implementations of OCCI in working software such as OpenNebula, OpenStack, CompatibleOne [27]. It allow for development of interoperable tools for common task including deployment, automatic scaling and monitoring [29]. The main participants in OCCI are Fujitsu, EMC, and Oracle.

TM Forum (TeleManagement Forum)

TM forum is not for profit global organization with more than 900 companies members around the world [30]. It started Enterprise Cloud Leadership Council (ECLC) in 2009 to resolve issues in standardization, security, performance etc. [12]. In 2010 it started Cloud Service Initiative with primary objective is to help the industry overcome barriers and assist in the growth of a vibrant commercial marketplace for cloud based services. TM forum also provides training and education in cloud computing [31]. Main members of TM forum are Microsoft, IBM and AT&T [12].

CA (Cloud Audit)

CA deals with automated audit and assessment process of cloud computing for IAAS, PAAS and SAAS. CA was started in Jan. 2010 and merge into CSA (Cloud Security Alliance) in Oct. 2010. CA provides a common interface and namespace that allow cloud providers to automate the audit and assessment process of their environment and allow authorized consumers to do likewise via an open, extensible and secure API’s. It is also known as A6, Automated Audit, Assertion, Assessment, and Assurance API’s [32].

IETF (Internet Engineering Task Force)

IETF had been discussing cloud computing but there is no official release [12]. On, November 2010 at IETF79 they establish Cloud OPS WG for cloud computing and maintenance which deals with resource management and monitoring and APS BOF which deals with matter related to applications. IETF conducted survey of cloud industries and standard bodies [33].

OASIS- ID Cloud

OASIS developed IDCloud TC in May 2010 for solving identity problems in cloud environment [12]. It provides good understanding of Identity Management in a Cloud context with respect to technical standards-based feasibility. OASIS completed development of 29 usecases for identity in cloud computing [34]. Now from May, 2012 OASIS is working on GAP Analysis. It released documents on usecases and gap analysis [35].

Fed RAMP (Federal risk and authorization program)

Fed RAMP was launched in 2012. It is a U.S. government program to provide standardized approach to security assessment, authorization and continuous monitoring for cloud products and services across the world. This program is designed to comply with the Federal Information Security Management Act of 2002 (FISMA) [37]. Fed RAMP released document to provide guidance on how cloud service providers can meet FISMA requirements to obtain a FedRAMP Provisional Authorization [36]. It also released many templates for security in cloud computing [38]. Fed RAMP collaborates with GSA, NIST, DHS, DOD, NSA, OMB, and Federal CIO Council [37].

3.3 Cloud Communication:

ETSI-STF (European telecommunication standard institute - Specialist task force):

This group is started in 2006. This group works in grid computing and IT to telecom convergence and in particular, the lack of interoperable grid solutions. Now they establish a technical committee on cloud computing also. It provides white papers on standardization in grid and cloud for interoperability in relevance to telecommunication [39].

CCIF (Cloud Computing Interoperability Forum)

CCIF open forum for interoperability in cloud computing. It works for development of ontology framework in which one or more organization can work together [40]. Release a UCI (Unified Cloud Interface) model for achieving Interoperability [41]. Main sponser of CCIF are CISCO, Sun microsystems, Intel, Orange, and IBM [40].

DMTF CMWG (Cloud Management Working Group)

DMTF open cloud standard incubator developed in 2009 provides usecases and reference architecture to interface between cloud service provider and consumer [11]. This group then merge into CMWG in 2010. CMWG also released a set of specifications as work-in-progress to enable interoperability of cloud management. These specifications are called Cloud Infrastructure Management Interface or CIMI [42]. These set of specifications provide a REST (representational state transfer protocol) style interface and a logical model to provide a standardized interface to deploy and manage infrastructure resources for heterogeneous clouds. Its Board Members include VMware, Microsoft, IBM, Citrix, Cisco, and Hitachi [12].

GICTF (Global Inter-cloud Technology Forum)

GICTF deals with creating usecases, requirements and specification fir inter-cloud communication. It has membership of 78 members. The main members include NTT, KDDI, NEC, Hitachi, Toshiba Solutions, IBM, and Oracle [12]. GICTF partners with DMTF for cloud resource management [43].

OASIS SAF (Symptoms Automation Framework)

OASIS started this TC in 2009 to automate appropriate response to changing business conditions and integrate it to all domains. In current state cloud computing there is separation between requirement and response between consumer and provider respectively. SAF facilitates knowledge sharing across different domains allowing consumer and provider to work cooperatively.

SNIA (Storage Network Industry Association)

It establishes a working group for cloud storage in 2009 [12]. It has formulated the specifications of CDMI (Cloud Data Management Interface) which is an API for controlling storage units. In Oct. 2009 it formed a group known as Cloud Storage Initiative. It provides storage to cloud applications in elastic, on-demand and bill as you use basis [44]. SNIA submit CDMI to ISO/IEC JTC for approval [45].

IEEE- P2301/P2302

IEEE launched its two standards dedicated to cloud interoperability in 2011. P2301 is for Cloud Portability and Interoperability Profiles (CPIP). This standard will examine areas such as application interface, portability interface, management interface, interoperability interface, file formats, and operation conventions. P2302 is Standard for Inter-cloud Interoperability and federation (SIIF). This standard will examine areas such as protocols, directory services, namespace authority, and governance coordination [46].

OASIS TOSCA (Topology and orchestration Specification for Cloud Applications)

OASIS start TOSCA TC in 2012 with may industry support. TOSCA is used to standardized the language to describe structure of IT services i.e. topology model and hoe to orchestrate operational behaviour i.e. plans such as build, deploy, patch, shutdown etc. [10].

4. Current Status of Standard Initiatives:

There is much progress in cloud standardization field from last 5 years. Major milestone was adoption of OVF by ISO and ANSI as standard for packaging of virtual machines. Other important standard initiatives by OCCI, CSA, and SNIA are getting world-wide acceptance. Fig-8 shows status of all standards on the basis of 6 stages as describe by NIST [8].

Fig-8 (Current Status of Standard Initiatives)

Fig-9 shows current state of standards form different areas of cloud computing. Security standards are farthest from other areas followed by workload portability achieved by OVF. On the other hand, work for standardization in Software Licence Management is in early stages [47].

Fig-9 (Stage of Standard in different areas of Cloud)

5. Standardization Gaps and Recommendations:

Cloud computing is still now in its early stages of development. Many challenges are addressed by technology vendors and service providers separately which embed many standardization gaps. Additionally many standard gaps before cloud computing era are also highlighted e.g. data formats and identity in distributed environment. So Standardization gap in cloud computing can be divided into two parts:

Introduced by new service model.

Pre-cloud computing technology standardization gaps.

Table-3 summarizes all standardization gaps:

Standardization Area

Gap

Architecture and framework

Standards for describing cloud service-level agreement and quality of services.

Standards for describing and discovering cloud service resources.

Standards in policies, processes, and technical controls in supporting the security auditing, regulation, and law compliance needs

World-wide adopted reference architecture.

Cloud Management

Standards related to user account and credential management.

Standards for metering and billing of service consumptions and usage.

Standards for secure and efficient replication of identity and access policy information across systems.

Single Sign-On (SSO) interface and protocol standards that support strong authentication.

Cloud Communication

Data format and Metadata format standards.

Common API architecture standards.

Standard for API’s in PAAS and SAAS.

NIST gave recommendations to build a standard so that standard can be adopted world-wide [8]. These recommendations are listed below:

Contribute Agency Requirements: Standard development agencies (ISO, ANSI, IEEE etc.) should provide all requirements clear and unambitious to SDO’s for development of standards.

Agencies should actively participate in the standard development process: Agencies contributions can be at many levels viz. Monitor, Influence, Promote, and Lead.

Agencies should encourage compliance testing: Testing should be done at every phase to have technically sound cloud computing standards and standards-based products, processes, and services.

Agencies should specify Cloud Computing Standards: When multiple vendors offer standards-based implementations and there is evidence of successful interoperability testing. In such cases, agencies should ask vendors to show compliance to the specified standards.

Wide Use of Cloud Computing Standards: When any standard shows compliance with existing technologies and standards agencies should encourage its use.

Dissemination of Information on Cloud Computing Standards: All information on standards should be listed and made available to all users.

Fig-10 shows a standard development process based on the above recommendations of NIST:

Fig-10 (Standard Development Process)

Conclusion:

Cloud standards deliver interoperability, foster innovation and create competition, which results in lower costs and a wider range of vendors and service providers. In this survey paper, we define a systematic selection process, discussed result of selection process and provide standardization gaps and recommendations for development of cloud standards. First we define research questions and survey is conducted to answer these questions. Related to our research questions a) Total of 31 standard initiatives exist or under development. b) Products like OVF.CDMI, CIMI, and OCCI are implemented by many industries. c) Most of standards are under development, OVF, OCCI, and CDMI are successful and only 1 standard initiative CCF is stopped. d) Industries like VMware, Microsoft, IBM, Cisco, Orange, Citrix and many more are collaborating for standard development. e) OVF, OCCI are adopted by ISO.

More and more organizations, like OASIS, IEEE, ITU-T and IETF have just begun to get engaged in cloud computing standard development. The sheer number of standardization efforts, led by both vendors and standards bodies, are muddying the waters without coordination among them. We hope work already done doesn’t duplicates and these organizations focus on standardization gaps and coordinate with each other for standard development. There is still plenty of work to be done in providing the interoperability standards, Architectures standards and Management standards that will enable the broader vision of cloud computing.