Books for professionals by professionals® Companion eBook See last page for details on $10 eBook version CA Press CA Technologies (NASDAQ: CA) is an IT management software and solutions company, enabling customers to manage and secure their IT environments and deliver exible IT services. www.ca.com/capress US$49.99 Shelve in Information: Networking/General User level: Beginning–Advanced Related Titles cloud standards Cloud Standards is about the technology that supports the cloud and the standards that make the cloud possible. It combines several subjects: com- puting, standards, and business. Clouds are both a business arrangement and an integration of computing technologies. The technologies behind cloud implementations are vast and complex. They have risen from the ac- cumulation, winnowing, and recombination of discrete increments of inno- vation and development by numberless individuals and organizations since computing began. Without the standards that keep all its component technologies from many different sources working together, the cloud would not be possible. These standards are the product of an engineering community working together to forge ties that promote innovation and exibility instead of continual re- invention of the same wheels. Cloud computing is a playing eld with vast new possibilities for innovation and growth, but to understand both the ca- pabilities and limitations of the cloud, you must understand the underlying engineering revealed in its standards. The standards described and discussed in this book are the key to this understanding, which is in turn the foundation of innovation and growth in the cloud. Software engineers, architects, product managers, and executives involved with enterprise IT will learn from Cloud Standards how to select from the kaleidoscopic menu of standards those particular standards that are appro- priate to each aspect of cloud implementation and software development, how to apply them, and how to leverage the strengths and offset the vulner- abilities of each one. MARVIN WASCHKE is a senior principal software architect at CA Technol- ogies, which he represents on eight computing standards groups, includ- ing the DMTF Cloud Management Working Group, OASIS TOSCA Technical Committee, and W3C Service Modeling Language Working Group. “For business leaders and IT pros alike looking for the definitive resource on the complex cloud computing standards landscape, Cloud Standards absolutely fits the bill. Marvin Waschke calls upon his 20 years of experience engaged with IT standards organizations to clearly articulate how existing IT standards serve as the critical foundation for modern IT, and explains how ongoing efforts—specifically related to cloud standards— are a necessity to advance the market forward. Cloud computing opens the door to a new approach to IT management, breaking down barriers between the business and IT, but security and governance must evolve to accommodate new cloud-based services. This book is a must-read for anyone looking to better understand this incredibly complex, challenging, and rapidly-evolving landscape.” —ADAM FAMULARO, Senior Vice President, Cloud Solutions & Service Providers, CA Technologies MARVIN WASCHKE WASCHKE Companion ebook available CA Press cloud standards cloud standards Agreements That Hold Together Clouds CA Press For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. Download from Wow! eBook <www.wowebook.com> Contents Foreword ix About the Author xi About the Technical Reviewer xiii Acknowledgments xv Introduction xvii Chapter 1: Setting the Scene 1 Chapter 2: Standards 23 Chapter 3: Cloud 43 Chapter 4: Security and Governance 61 Chapter 5: Cloud Implementation 89 Chapter 6: Cloud Storage and Cloud Network 115 Chapter 7: A Map of Cloud Standards 145 Chapter 8: Storage Standards 153 Chapter 9: Network and Internet Standards 199 Chapter 10: The Internet Application Layer and the Cloud 241 Chapter 11: Cloud-Specific Standards 289 Chapter 12: Conclusion 333 Index 347 Introduction This book is about the technology that supports the cloud and the standards that have made the cloud possible. It combines several subjects: computing, standards, and business. Information technology (IT) clouds are both a business arrangement and a collection of computing technology. As technology, a cloud is the power of large datacenters made accessible through a far- reaching network. As a business arrangement, a cloud separates responsibility for physical computing equipment and operations from the consumers of computing services, much as electrical utilities separate the responsibility for generating electricity from the consumers who use it. Just as small and large electricity users benefit from efficient and reliable electrical utilities, both individuals and enterprises can benefit from the cloud. The technology behind cloud implementations is vast and complex, but this technology did not appear from nowhere. It has risen from innovation and development that has accumulated since computing began. The technology came from many individuals and organizations. Without standards that hold these technologies together, the cloud would not be possible. Standards make it possible for components and technologies from many different sources to work together. These standards are the product of an engineering community working together to forge ties that promote innovation and flexibility instead of continual reinvention of the same wheels. Beginning in the mainframe era, businesses have assumed that to benefit from IT, they had to own and operate computing equipment. There was a period between mainframes and distributed computing when some businesses avoided owning large computers through time-sharing, but that practice declined as the cost of distributed desktop computers decreased and their capabilities increased. Time-sharing holds the kernel of the idea of the cloud and has resurfaced in a new form as computing has progressed. The same forces that elevated the desktop computer to prominence have also heralded its decline. Desktops were dramatically smaller than mainframes and could do many of the same things. Today, handheld devices have capabilities similar to desktops, but they slip into a pocket and run wirelessly. Some of Introduction xviii these tiny machines store as much data as a respectable datacenter of not too long ago. Datacenters now regularly hold hundreds of thousands of miniature equivalents of the most powerful desktops, all harnessed together to perform tasks that would have been inconceivable even ten years ago. Add the fast and ubiquitous global Internet to these capacities, and you have a cloud with nearly limitless IT resources available everywhere. Tapping into the cloud, a farmer with a cell phone in Africa and a corporate executive in New York City access IT resources with equal ease. This is a playing field with vast new possibilities for innovation and growth, but to understand and use both the capabilities and limitations of the cloud, you must understand the underlying engineering revealed in its standards. The standards discussed in this book are the key to this understanding. CHAPTER 1 Setting the Scene A Brief and Informal History and Introduction to the Cloud Cloud computing is at the zenith of the hype curve. Everyone is talking about it. Cloud enthusiasts are enthused, marketing has a new hot topic, but skeptics dismiss it as an old idea from forty years ago rewarmed. These views are all justified. What is the cloud that everyone is talking about? Here is a short and rather dry working definition: ■ The cloud is remote computing resources provided as a service. Service is an often-used term that has many meanings, but here it is being used with a precise meaning derived from publications of the Information Technology Infrastructure Library (ITIL), an organization that will be discussed in a later chapter. In this definition, a service means a consumer–provider relationship in which the provider delivers value to the consumer and the consumer avoids designated costs and risks they would have incurred if they had delivered the value themselves (Figure 1-1). When an automobile owner takes her car to an oil changing service, for example, she is avoiding the costs, trouble, and risks of acquiring tools, learning the correct procedures, and so on. When the owner makes the decision to subscribe, she presumably has decided that the benefits of the service justify the charge for the service. Chapter 1 | Setting the Scene 2 An IT cloud service is similar. Consumers avoid the cost and risk involved in providing the service themselves by paying the provider. On a technical level, the provider of service is strictly separated from the consumer of the service. This strict separation differentiates other architectures. The service relationship can take many forms, as can remote computer resources, so it is not surprising that cloud computing also takes many forms. Figure 1-1. The service consumer and provider relationship ComputING ResouRCes The following are generally considered computing resources. (The occasionally used term com pute resources generally refers to processing time rather than storage or network.) • CPU time • Memory • Non-volatile storage (disk) • Network • Electrical power • Peripheral devices The two important things to note are that the computing is remote and is usually used in a limited and explicitly described way; and the provider takes responsibility for the cost and risk of delivering the service. The consumer and provider remain distinct, even when the provider is part of the same organization as the consumer, as is often the case. The consumer usually has to pay for the service, but there are a surprising number of free cloud services available. The costs and risks that the provider assumes are usually costs 3 Cloud Standards associated with setting up and running computers and the risks of failures, disasters, or losing money on the investment in computing equipment. Our definition of the cloud as a service focuses on the business side of cloud computing, which may be surprising for a book that is about technical standards. In IT, technology and business are intertwined in a complex and intricate relationship. New technical capabilities cause new business opportunities and challenges, but at least as often, business challenges and opportunities inspire technical solutions. The rise of cloud computing was the result of movement in both directions. In later chapters, the business aspect of the cloud will shift into the background, but it will never disappear because business inevitably affects technology and standards. Many of the standards which we will examine in this book help maintain the separation between the consumer and provider of cloud services. That separation is the source both of value and of complication—even loss of efficiency. This may seem trivial and scant justification for the brouhaha that cloud computing has generated. But as we explore cloud computing, you will see that cloud computing is much more significant than it may seem from the bare bones of this definition. History: Evolution of the Cloud The significance of cloud computing is partially revealed in its history. It was not invented yesterday. Although the term cloud computing came much later, it is an idea from the ’60s and ’70s when computing power was expensive and hard to come by. In those days, the next big thing was time-sharing, a new idea that promised to break computing away from the batch-processing model. Whereas batch processing runs computing jobs in batches, one job at a time in sequence, the time-sharing model runs many jobs at the same time (multitasks) while users work concurrently, sharing the computer time. Although there are significant differences, the old notion of time-sharing is very similar to what we now call cloud computing. The common concept is to provide computing from a remote central source instead of locally. Both cloud computing and time-sharing are tied to the notion that computing power can be a utility that is dispensed as a service like electricity or water. In the ’60s and ’70s, time-sharing was inspired by the expense and paucity of computer resources. Computers with what would now be called modest capacities occupied whole rooms and required massive power supplies and cooling systems. Large enterprises were able to set up computer systems, but many smaller enterprises clamored for computing power. In business, Chapter 1 | Setting the Scene 4 computers of that era were used mainly for back office jobs: accounts receivable, billing, and payroll all were efficiently computerized to yield speed and accuracy that could not be equaled by manual systems. Smaller organizations had similar needs and could reap similar benefits from this type of functionality, but in smaller volumes that would not justify a large computer. Time-sharing ameliorated this situation by providing simultaneous remote access to a central computer. Organizations could purchase computer time for their needs without the overhead of owning and managing an entire system that they could not fully utilize. Organizations that had a computer installation could recoup some of the costs of underutilization by selling time to other organizations. Minicomputers began to appear at the same time time-sharing became popular. As the name implies, minicomputers were smaller than mainframes and cost less. Advances in technology soon began rapidly to increase the capacity of minicomputers to the point that they began to rival recently produced mainframes. Examples are the PDP-8 and the VAX, both from Digital Equipment Corporation, and models from some the great names in computing in the ’70s and ’80s such as Data General, Prime, and Wang Laboratories. Most minicomputers had multitasking operating systems and were able to support time-sharing. Time-sharing and minicomputers evolved into distributed systems. Distributed computing is closely associated with the personal computer (PC). PCs appeared on the scene during the heyday of time-sharing and were rapidly accepted as office appliances, not unlike the typewriters they replaced. These appliances were usually owned and administered by ordinary office workers instead of computer professionals. This turnabout in the proprietorship of computing power had far-reaching consequences. Instead of going into lengthy and difficult negotiations with corporate IT, individual office workers and managers could take the initiative and purchase and deploy relatively cheap off-the-shelf software to make their jobs more efficient. Personal computers were transforming computing from something that existed only in the rarified atmosphere of the “glass house,” the corporate datacenter, to a household commodity. The Network and Distributed Systems Almost as soon as PCs began landing on every desk and word processors replaced typing pools, PCs began to be connected together in networks. The initial impetus toward networks was often the need to share a single printer 5 Cloud Standards among several desks, but users soon discovered the advantages and convenience of being able to share documents and information over the network instead of passing data around manually. Network technology had already been developed for remote access to time- sharing systems. Networks make servers possible. Servers function like the single printer that prints for all the computers in a group. Instead of translating digital signals into physical paper and ink, servers provide information and processing to other computers. Just as a single financial department can serve an entire enterprise, a single server might provide accounting data and processing to an entire enterprise. The server and its clients, typically PC desktops, all communicate on a single network. In its simplest form, a server is connected to a relatively small number of interconnected computers in what is called a local area network (LAN), usually limited to a small geographical area (Figure 1-2). LANs can be connected together in an ever larger hierarchy (Figure 1-3), culminating today in the Internet. The Internet is the ubiquitous network of networks that connects most of the computing resources on the planet. Figure 1-2. A simple LAN Initially, the Internet was used mainly for sharing data in the form of documents linked together with hypertext. However, that is only one use of the Internet. Document sharing is still the primary activity on the World Wide Web, but the Internet also makes it possible, through web services and other mechanisms, to share remote computer processing. The Internet sets computing free from location. The laptop in front of me can interact with another computer in Australia or Mumbai more easily than I can get a cup of coffee at the nearest [...]... collection and mining of unprecedented quantities of data The presence of a reliable high-speed network everywhere makes cloud computing possible Cloud services can be valuable only when they are accessible The presence of a fast and reliable network opens cloud services to their users Cloud Standards Virtualization Networking has transformed the way we use computers in business and at home, but another... email a self-contained cloud service A user of a service like Gmail interacts with a service in the cloud rather than a service implemented on a local computer Users do not download email to their local hard drives Instead, it stays in the cloud, and the user can access it from anywhere Consequently, the user can expect a similar experience from each device that connects to the cloud email service In... 17 ImpoRtaNt staNdaRds FoR Cloud BaCkups TCP/IP for data transport • CDMI storage standards • Download from Wow! eBook • COBIT data storage audits and controls • Cloud Security Alliance, Security Guidance for Critical Areas of Focus in Cloud Computing for identification of critical security and governance concerns 18 Chapter 1 | Setting the Scene A cloud document service like Google... the group can collaborate in real time, seeing each other’s changes as they are made These advantages come from both sharing storage on the cloud and an application that runs on the cloud important Standards For Cloud Document Sharing •• HTTP •• OAuth •• OpenID Cloud Scenarios for Enterprises Enterprise computing differs from individual computing in many ways Individuals are far less concerned about... also likely to require, and have the influence to demand, a higher level of reliability and performance than individuals Cloud Standards Cloud Service Models The range of uses for the cloud for businesses is much wider than for individuals There are three main classifications of cloud computing provided today, corresponding roughly to the application stack described earlier: Infrastructure as a Service... hassle of physically deploying, undeploying, and returning purchased or leased equipment Standards important to Testing in the Cloud •• DMTF CIMI •• OMG OCCI •• Amazon EC2 •• SNIA CDMI Developing In the Cloud At the next step up in the cloud service stack is development in cloud This can take different forms For software start-ups, one of the largest capital investments is in a development environment... the cloud The enterprise using a cloud CRM does not need to know where the data is stored or whether a table needs to be re-indexed, they do not need to understand what version of software is being run, and they never have to worry that the version of software on their laptop does not match the version on the server All that is in the cloud and out of their hands STandards important to CRM in the cloud. .. but more than anything else, they need more flexible and manageable capacity in order to respond quickly and well to rapid change This is exactly what the cloud promises to deliver Cloud Scenarios This section contains some specific scenarios that cloud computing supports today In later chapters, these scenarios will illustrate the use of the standards under discussion Scenarios for Individuals Scenarios... product to users Similar to the Google Docs word processor that runs on a server in the cloud, a SaaS application runs entirely in the cloud The end user accesses the application through a browser, and the use of the application is not dependent on the computer from which the user accesses the application Testing in the Cloud Someone must test whenever software is written or revised Sometimes software testing... servers somewhere in the Google cloud If the Google Docs word processor meets the needs of everyone in the group, compatibility is no longer an issue, and the members of the group do not need to go through the trouble and expense of acquiring and installing compatible word processors The other part of Google Docs is cloud storage of the documents This is similar to using the cloud for backup, but it adds . Standards 23 Chapter 3: Cloud 43 Chapter 4: Security and Governance 61 Chapter 5: Cloud Implementation 89 Chapter 6: Cloud Storage and Cloud Network 115 Chapter 7: A Map of Cloud Standards 145 Chapter. President, Cloud Solutions & Service Providers, CA Technologies MARVIN WASCHKE WASCHKE Companion ebook available CA Press cloud standards cloud standards Agreements That Hold Together Clouds CA. level: Beginning–Advanced Related Titles cloud standards Cloud Standards is about the technology that supports the cloud and the standards that make the cloud possible. It combines several subjects: