More than a dozen organizations are working to bring consistency to cloud computing. Some are creating standards, while some are promoting best practices. This list can help you understand what these organizations are doing and the impact they’ll have on the industry.
Even though cloud computing has seen setbacks, generating distrust and concern over security and stability, corporations and governments are actively moving data into the cloud. Just last month, InformationWeek reported that recent surveys show two of the most conservative industries—financial and healthcare—are adopting cloud solutions.
Even the U.S. government’s CIO, Vivek Kundra, wants to see the government migrate its systems to the cloud. Back in May, he wrote an excellent blog post explaining his goals and defining the cloud by way of an analogy:
“There was a time when every household, town, or village had its own water well. Today, shared public utilities give us access to clean water by simply turning on the tap. Cloud computing works a lot like our shared public utilities. However, instead of water coming from a tap, users access computing power from a pool of shared resources. Just like the tap in your kitchen, cloud computing services can be turned on or off as needed, and, when the tap isn’t on, not only can the water be used by someone else, but you aren’t paying for resources that you don’t use. Cloud computing is a new model for delivering computing resources – such as networks, servers, storage, or software applications.”
But wait! That sounds rather different from the supposed “cloud” that’s described periodically in the mass media whenever a large online service loses data. Suddenly the cloud is considered any online storage system. If you’re a bit overwhelmed by the numerous definitions of cloud computing, you aren’t alone. (In one news report, somebody used Flickr as an example of the cloud.)
I don’t hold universal authority and therefore can’t declare unequivocally that the inhabitants of Earth must, henceforth and hitherto, only refer to the cloud in one way or another. But as a software developer, the definition given by the White House CIO is much closer to the version of the cloud for which I’ve written software.
But still, others disagree, and that’s why we need an organization to define not only what the cloud is, but how it works and the standards it needs to operate successfully. Standards-creation is commonplace in the world of programming, because we need agreed-upon rules for software to interoperate. We have an official standard for the C++ programming language, for example, overseen by the International Organization for Standards (ISO). We also have standards for HTML, XML, and CSS, headed up by the Worldwide Web Consortium (W3C). The organization tells us what HTML is, and the developers of the web browsers, after much bickering, finally agree to follow these standards.
However, sometimes standards compete. For example, word processing has two competing standards, one created and pushed by Microsoft and adopted by ECMA, and another, OpenDocument, embraced by Open Office and adopted by the ISO.
No actual laws say that software developers must use one or the other. Rather, over the long term one standard usually wins out through more software adopting one technology or way to accomplish things.
Today there are no fewer than 13 active organizations in the cloud computing universe. But they’re not all trying to create standards. Some are pushing for the use of cloud computing (however it’s defined), while others focus on security issues or on creating APIs. Here’s a rundown of the organizations and what they’re trying to accomplish:
The Standards Organizations
When I started searching for organizations involved in Cloud standards, I at first came up with over a dozen. But once I started organizing the organizations, I realized that really only two are involved in creating overall cloud standards, and two are creating standards for one aspect of cloud technology. Let’s look at those four first.
Open Cloud Incubator
This is an initiative of the Distributed Management Task Force (DMTF) to create a set of standards for cloud computing, with primary focus on interoperability between platforms. It has many members, and several of the big names. Yahoo is present, as is Microsoft, Oracle, Rackspace, Red Hat, VMWare, and Novell.
One goal of the Open Cloud Incubator is to bring together what would otherwise be competing companies so that they can together create a set of informal, agreed-upon specifications. These informal specifications would later be revised and deemed as official by this organization. The DMTF has been around since 1992 and has over 3,000 members from over 200 different organizations. While this isn’t quite ISO or ECMA, it is on the same level of the W3C. Standards produced by this organization are respected and implemented by the industry. For example, DMTF has produced web-based enterprise management standards, a desktop management interface standard that’s part of the Linux kernel, and a Web services management protocol.
Open Cloud Consortium
This is the other organization trying to create a set of standards. Their website states:
“The Open Cloud Consortium (OCC) is a member driven organization that supports the development of standards for cloud computing and frameworks for interoperating between clouds, develops benchmarks for cloud computing, and supports reference implementations for cloud computing.
“The OCC also manages testbeds for cloud computing, such as the Open Cloud Testbed, and operates clouds computing infrastructure to support scientific research, such as the Open Science Data Cloud.”
Members include Cisco, NASA Ames Research Center, and Yahoo. Most of the big cloud players, such as Microsoft, Google, Rackspace, Dell, and Amazon, are absent.
Committee to Advance Identity Standards for Cloud Computing
This committee, which is part of OASIS (Organization for the Advancement of Structured Information Standards), is creating a standard focusing on the security concerns of identity management in cloud computing. According to the website, the technical committee’s purpose “is to harmonize definitions/terminologies/vocabulary of Identity in the context of Cloud Computing; to identify and define use cases and profiles; and to identify gaps in existing Identity Management standards as they apply in the cloud.” They plan to release a set of documents, including one that details the use cases of identity management, and others that identify gaps in existing standards (although they don’t say what those existing standards are). Its members include Alfresco, CA, Capgemini, Cisco, Cognizant, Boeing, eBay, IBM, Microsoft, Novell, PingIdentity, Red Hat, SafeNet, SAP, Skyworth TTG, Symantec, Vanguard, VeriSign.
Open Cloud Computing Interface Working Group
This working group is part of the Open Grid Forum, and is creating an API standard for the remote management of cloud computing infrastructures.
Because cloud computing includes the approach of dynamically allocating resources and billing them like a utility, many of the technologies used in utilities apply to this dynamic aspect of cloud computing. Remote management is one technology that is used in utility companies, and this organization recognized the need for an API for remote management of cloud utilities as well. They’ve completed the first proposed recommendation for the standard; it is now available for public inspection and comments through the website.
Other Influential Cloud Organizations
Several organizations are thinking beyond standards. They are actively working to influence the direction of cloud computing and to help encourage businesses to adopt it. Here’s a rundown of the bigger players.
Open Cloud Manifesto
This consortium of companies isn’t creating a set of standards, but is instead creating a list of core principles that are, as their website states, “fundamental expectations of cloud computing technology providers.” Their six-page document, the Open Cloud Manifesto, was written a little over a year ago, at a time when the cloud was getting bad publicity from the data loss incidents. As a result, the document includes a detailed definition of cloud computing (in line with the definition the White House CIO gave) and is frank about challenges and barriers to adoption. But they go beyond what the cloud currently is and present the concept of an open cloud, which focuses on the ability of cloud customers to change providers without much trouble.
This group has a huge list of members, including Sun, VMWare, Akamai, Rackspace, AT&T, Sybase, Cisco, and many others. Microsoft isn’t present, nor is Amazon, Google, or Salesforce.com.
Cloud Computing Interoperability Forum
This organization was started by a single person, Reuven Cohen of Enomaly (which markets Elastic Computing Platform, an Infrastructure-as-a-Service product), but includes several big-named sponsors: Cisco, Intel, IBM, RSA, Thomson Reuters, Sun, Orange, Enomaly, Adaptivity, Appistry, SOASTA, Zero Nines, CloundCamp, SIMtone. The group’s goal is to create a common framework by which cloud technologies can exchange information.
Cloud Industry Forum
The Cloud Industry Forum aims to create a certifiable code of practice in an effort to spread adoption of cloud computing and help consumers know that they’re going with a dependable cloud vendor. The founding members are Microsoft, Rackspace, Computacenter, Fasthosts, FASTiis, nominet, and Scalable.
Cloud Security Alliance
This group is promoting the use of various “best practices” regarding security in cloud computing. Members include pretty much all the big names, such as Google, Rackspace, Microsoft, Cisco, you name it, as well as the cloud-standards.org group. (Although it doesn’t appear Amazon is present.) This organization has several subgroups called Research Initiatives focused on various aspects of cloud security. The research groups have produced several documents, such as “Security Guidance for Critical Areas of Focus in Cloud Computing” (currently at version 2.1).
Cloud Storage Initiative
This initiative is part of a larger group called the Storage Networking Industry Association, and is creating a single standard that focuses only on storage in the cloud, called the Cloud Data Management Interface. The group is a professional association of producers of storage and networking products, and has been around since 1997. The member organizations support the use of cloud technology, since such technology requires the purchase of the members’ products. Version 1.0 of the standard is available, as is Java source code for a reference implementation of the standard.
Cloud Services Initiative
This is a project of the TM Forum, an industry association for communications and media companies. So far they’re not creating any standards. Instead, they’re focused on helping their industry adopt and adapt to the cloud. They produce several news articles and general information documents about cloud technology to assist IT managers in making informed decisions. Additionally, they have a set of projects called Development Catalysts, where member organizations work from buyer specifications to solve various cloud-related challenges. For example, one such project is called Cloud Service Broker, which is creating a trusted cloud management platform.
Cloud Standards Coordination
This group is documenting the activities of the various standards groups—sort of what I’m doing with this article, but with a lot more words and a lot more detail.
Focus Group on Cloud Computing
This is part of the International Telecommunications Union (ITU), which has developed various standards in the past pertaining to the telecommunications industry. However, at present they’re only gathering other cloud standards and developing documentation for how they apply to the telecommunications industry. Their focus group has only been around since May 2010, so it’s barely off the ground. In my experience, standards and recommendations put out by the ITU are usually embraced by European telecom companies, and largely ignored by American telecom companies. My own personal assessment is that if they do create any cloud standards, such standards would probably follow a similar path of embracement.
Standards Acceleration to Jumpstart Adoption of Cloud Computing
This initiative is part of the National Institute of Standards and Technology (NIST), and was started in response to a request by Vivek Kundra, the U.S. government’s CIO. The goal is to provide a process primarily for the US government, which industry optionally may follow. This is a new project (initial publication [PDF]), and will bring together various standards and suggestions. At present a website isn’t built, but they intend to create one to serve as a portal for cloud computing information.
Where Do They Stand?
Looking through this list, you’ll notice that only two groups (identified by a single asterisk: Open Cloud Consortium and Open Cloud Incubator) are actually creating standards for the cloud. A handful of the groups are creating standards or APIs for specific aspects of cloud computing. This is good: We don’t need a dozen standards organizations. Two is a good number. And by far most of the blogs that I read about this topic are rooting for the Open Cloud Incubator.
Finally, we should note one major problem with all this: Amazon is clearly one of the big players in the cloud space with its Amazon Web Services. They were one of the forerunners in the cloud game, laying an early groundwork. Yet, oddly, Amazon isn’t involved in either of the two groups creating standards. That’s pretty typical in the computing world; it’s not a surprise when one of the biggest players doesn’t play well with others because they really don’t care what their competitors are doing. So perhaps in a year or two we’ll have a cloud standard that some organizations use and others don’t. What, then, is my final analysis? It appears that IT managers should watch the work of the two standards groups, especially the Open Cloud Incubator, while choosing the cloud.
Related Information From Dell.com: Dell and Cloud Computing
