Over the last year much progress has been made on new standards for improved cloud interoperability and reduced vendor lockin. Standards development organizations (SDOs) have been applying the expertise of their constituencies to the problem and new organizations like the Cloud Security Alliance, have emerged to focus on unique challenges of cloud computing. Existing standards are being adapted as well to address cloud computing interoperability such as the Open Virtualization Format (OVF) from the Distributed Management Task Force (DMTF). OVF was originally developed to address portability concerns between various virtualization platforms. It consists of meta-data about a virtual machine images or groups of images that can be deployed as a unit. It provides an easy way to package and deploy services as either a virtual appliance or used within an enterprise to prepackage known configurations of a virtual machine image or images.
For example, it may contain information regarding the number of CPUs, memory required to run effectively, and network configuration information. It also can contain digital signatures to ensure the integrity of the machine images being deployed along with licensing information in the form of a machine readable EULA (End User License Agreement) so that it can the terms can be understood before the image(s) is deployed.
OVF is currently being explored to validate if other metadata should be added to help improve the automation of intercloud workload deployment. Concepts such as standardized SLAs (Service Level Agreements), sophisticated inter virtual machine network configuration and switching information and software license information regarding all of the various components that make up the workload are possibilities.
Other standards are still emerging including a common cloud API (Application Progamming Interface). These higher level APIs will be important as the pendulum settles in towards a series of multiple cloud offerings, each have different underlying implementations, but a standard many in which to interact. Having a standard set of foundation APIs will help to ensure that cloud management and compliance tools will not be overly complex in order to handle different cloud implementations.
Efforts such as NIST’s Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC) and Federal Risk and Authorization Management Program (FedRAMP) are two key initiatives to help both the government and industry to better define a robust, scalable and economically viable set of standards to accelerate the adoption of cloud computing.
For more information on what is going on in the various SDOs and the current and emerging industry standards for cloud computing please go to www.cloud-standards.org.