Cloud Connect - OCCI & CloudAudit Standards Update


Published on

An overview of the Open Grid Forum's Open Cloud Computing Interface standards effort and the (non-OGF) CloudAudit ("A6") working group. Presented at CloudConnect on 17 March 2010.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Four key elements to ensuring an open ecosystem: Clouds must be accessible via open interfaces, use open formats, allow access to your data, and provide access via open source tools. Guarantees free market ecosystem without impinging on innovation/secret sauce. These four elements can be provided by choosing proper frameworks for Copyrights, Trademarks, Patents, and providing multiple, interoperable implementations.
  • CloudAudit has broad support across the industry, including the key roles of operators, auditors, security, and development. Believe it or not Amazon is represented in the group, which is quite remarkable – they’re normally very guarded and don’t participate in industry groups. In addition there are alliances in place with other related efforts and groups, such as ENISA (European Network & Information Security Agency), the CSA (Cloud Security Alliance), and more.
  • This is one possible way you can expose artifacts – and, as you can see, it’s simple for the provider to just place the needed items in the correct web server directory. This is an example of a SAS-70 report being exposed as a raw PDF, together with its PGP signature for verification.
  • Alternatively, the provider can expose a machine-readable xml document containing assertions within. It’s up to the provider what to expose – but the location will be standardized. Current efforts are focused on mapping existing assertions to proper namespaces, but in an extensible, non-invasive manner, allowing future assertions to be handled without any dependency the CloudAudit spec. The main message for both OCCI and CloudAudit is simplicity and ease of implementation/consumption - which we hope to achieve by getting as close as possible to HTTP and avoiding envelope formats (SOAP). It's also not too late to get involved/suggest improvements - developing standards by way of an open process takes longer but the result is almost always better.
  • Cloud Connect - OCCI & CloudAudit Standards Update

    1. 1. The OGF Open Cloud Computing Interface andCloudAudit<br />Shlomo Swidler<br />OGF OCCI WG Member, CloudAudit WG Member<br />March 17, 2009<br />
    2. 2. Common OCCI & CloudAudit Vision:Open Cloud Ecosystem<br />Open Formats<br />Open<br />Cloud<br />Open<br />Interfaces<br />Open<br />Data<br />Open Source<br />
    3. 3. Goal of OCCI<br />Interoperability<br />Let different cloud systemswork together<br />Portability<br />Move services between clouds<br />Integration<br />Wire up cloud with legacy<br />At all levels of the stack<br />
    4. 4. Who is OCCI<br />Open Grid Forum Working Group<br />OGF IP umbrella for copyrights, patents, trademarks<br />More than 200 participants<br />Industry: Rackspace, GoGrid, Sun/Oracle, RESERVOIR, …<br />Academia: UCMadrid (OpenNebula), SLA@SOI w/Intel, …<br />Service providers: CohesiveFT, RabbitMQ, …<br />End users, developers<br />
    5. 5. Current Status of OCCI<br />Infrastructure layer spec finalized, in public review<br />Reference implementation underway<br />OpenNebula, other implementations in the works, too…<br />Working on Extensions (reservations, snapshots, etc.)<br />Building demo integrations with other standards<br />SNIA CDMI - storage<br />Proposed Roadmap:<br />Draft Platform spec – October 2010<br />Final – late 2011<br />
    6. 6. 20,000-foot Look at OCCI<br />Protocol<br />Lightweight, extensible<br />Format-agnostic<br />Built on HTTP, RESTful<br />Create: HTTP POST<br />Retrieve: HTTP GET<br />Update: HTTP GET & HTTP PUT<br />Delete: HTTP DELETE<br />OCCI Application<br />OCCI Platform<br />OCCI Infrastructure<br />HTTP Header<br />Rendering<br />XHTML5 + RDFa<br />Rendering<br />OCCI<br />Core<br />Extensions<br />
    7. 7. 5,000-foot Look at OCCI<br />GET<br />*<br />Provider<br />Instance<br />*<br />HTTP LINK header<br />Compute<br />*<br />Storage<br />*<br />Links<br />Network<br />*<br />Operations<br />*<br />Attributes<br />OCCI<br />Atom-like categories<br />
    8. 8. REQUEST<br />Eye-level Look at OCCI<br />> GET /us-east/webapp/vm01 HTTP/1.1 <br />> User-Agent: occi-client/1.0 (linux) libcurl/7.19.4 OCCI/1.0 <br />> Host:<br />> Accept: */* <br />> <br />< HTTP/1.1 200 OK <br />< Date: Sat, 10 Oct 2009 12:56:51 GMT <br />< Content-Type: application/ovf<br />< Link: </us-east/webapp/vm01;start>; <br />< rel=""; <br />< title="Start" <br />< Link: </us-east/webapp/build.pdf>; <br />< rel="related"; <br />< title="Documentation"; <br />< type="application/pdf" <br />< Category: compute; <br />< label="Compute Resource”; <br />< scheme="" <br />< Server: occi-server/1.0 (linux) OCCI/1.0 <br />< Connection: close <br />< <br />< <?xml version="1.0" encoding="UTF-8"?> <br />< <Envelope xmlns:xsi="" <br />< xmlns:ovf="" <br />< xmlns="" <br />< xml:lang="en-US”<br />< ...<br />Get the resource,<br />in whatever format<br />RESPONSE<br />It’s in OVF<br />format<br />You can “start” it<br />Related “documentation”<br />It’s a “compute” resource<br />The OVF payload<br />
    9. 9. Goal of CloudAudit (“A6”)<br />Provide a common interface that allows cloud computing providers to automate the audit, assertion, assessment, and assurance (“A6”) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments.<br />Allow authorized consumers of these services to do the same via an open, extensible, and secure interface and methodology.<br />
    10. 10. Who is CloudAudit<br />Over 250 participants across the industry<br />Cloud operators<br />Auditors<br />Security professionals<br />Developers, Integrators<br />Affiliations include<br />
    11. 11. CloudAudit Current Status<br />Currently standardizing the data footprint<br />Allows consistent automation for provider and consumer<br />HTTP chosen as the protocol<br />Format-agnostic, human or machine client<br />Inspired by OCCI<br />First draft expected in 90 days<br />
    12. 12. A Look at CloudAudit Thinking<br /><br />
    13. 13. A Look at CloudAudit Thinking<br /><br />
    14. 14. Thank you!<br />The OGF Open Cloud Computing Interface and CloudAudit<br />Shlomo Swidler<br /><br />@ShlomoSwidler<br />
    15. 15. Copyright Notice<br />Copyright (C) Open Grid Forum (2009). All Rights Reserved. <br />This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. <br />The limited permissions granted above are perpetual and will not be revoked by the OGF or its successors or assignees.<br />