Paul Krill's article "Cerf urges standards for cloud computing" highlights cloud interoperability and portability issues discussed by Vint Cerf, co-designer of the TCP/IP protocol that forms the back bone of modern communication. It behooves us to consider Cerf's viewpoint on what's required for successful cloud computing. Some of the points that he makes are as follows:
Authentication/Security
According to Cerf, "Strong authentication will be a critical element in the securing of clouds." We know that authentication is a core for establishing trust between transacting parties. This requirement is now further heightened because of the expansion of corporate boundaries out to cloud-based services. Authenticating to cloud services and accessing only authorized services in a multi-tenant environment will continue to be the most important aspect of establishing trusted connections between enterprises and IaaS, PaaS and SaaS providers.
Now imagine having a set of enterprise applications and systems that have to interact with a set of cloud providers, in a many-to-many topology. You may, for example, call a SaaS for a commodity business service to create your composite service, while archiving information to Amazon S3 and running intensive business intelligence queries on Amazon EC2. In this scenario, cloud services, even from the same vendor, may expect different identity tokens, some standards-based, others proprietary. The problem of multi-cloud computing decomposes to fundamental issues including identity token management, security, and central management and control of such functions.
Here are a couple of resources that are helpful in highlighting identity related issues surrounding cloud computing:
- Federated SOA: A pre-requisite for enterprise cloud computing.
- Domain 12: Identity and Access Management, Security Guidance for Critical Areas of Focus in Cloud Computing v 2.1, Cloud Security Alliance
Portability
The second item that Cerf points out is regarding moving your data (business information, virtual images, algorithms, database instances, etc.) between different cloud providers. According to Cerf, "At some point, it makes sense for somebody to say, 'I want to move my data from cloud A to cloud B,' " but the different clouds do not know each other."
Cloud interoperability has a number of dimensions including communication interoperability (HTTP, SOAP, REST), cloud management and interaction API interoperability (createImage, terminateImage, etc.), and image portability.
The good news is that at least most cloud providers have a REST-XML/JSON or a SOAP-based API. The API calls signatures are all different, but one can readily consume such APIs for image provisioning/de-provisioning and other IaaS functions. There has been a recent effort to standardize cloud API operations including Open Cloud Computing Interface Working Group.
In addition to such API standardization, moving entire images between various cloud providers would also provide the portability necessary for establishing reliability across multi-cloud environments. Instead of maintaining multiple images for say Amazon EC2 and Rackspace, having a single image that runs across IaaS providers would reduce management burden on enterprises. The DMTF Open Virtualization Format provides a common container formats for greater multi-cloud portability. Here are a couple of resources that one should review while looking at best practices for cloud interoperability and portability:
Cloud gateways have become a core component of managing not just the traffic between enterprises and their cloud providers, but also for managing and protecting security and identity tokens required for enterprise-to-cloud interaction. To avoid Multi-cloud Mayhem, the industry now needs to show greater commitment towards standardization for inter-cloud interoperability, portability and security. Unless our desire is to relive the stone-age era of pre-TCP/IP communication, ask Vint Cerf, he'll give you a few reason on why not to.
