© 2012 Open Grid Forum

Simplifying Inter-Clouds

October 10, 2012

Hyatt Regency HotelChicago, Illinois, USA

© 2012 Open Grid Forum

Last June

• Last June, I was at the summer meeting of the NSF Center for Cloud and Autonomic Computing

• I presented some of these slides…

© 2012 Open Grid Forum

Fundamental Cloud Concepts

• Cloud Service Models• IaaS, PaaS, SaaS

• Cloud Deployment Models• Private, Hybrid, Federated/Community, Public

• Determined by Two Fundamental Properties:

Within Trust Boundary Crossing Trust Boundary

Centralized Private Cloud (Commercial) Public Cloud

DistributedFederated, Community

CloudFederated, Hybrid, or Multiple Public Cloud

© 2012 Open Grid Forum

Resulting System Types

• Centralized (stand-alone)

• Many basic functions can/must be deployed

• Distributed

• Distributed versions of most of the above

• Must minimize impact of latency and bandwidth

• Federated – Inter-clouds

• Requires federated identity, resource management

© 2012 Open Grid Forum

The Design Space

Cloud Res MgmtSecurity

Catalog & DiscoveryData Management

Svc/Job/Wkflw MgmtSystem Bldg Tools

CommunicationMonitoring & EventingAccounting & Auditing

APPLICATIONS

Large Scale

Small Scale

Centra

lized

Distrib

uted

Feder

ated

Goal: Identify a development sequence to get fromsmall-scale, private clouds to large-scale, federated clouds

© 2012 Open Grid Forum

Possible Centralized Cloud Topics

• Identity Provisioning

• Attribute-, Role-, and Policy-based Authorization

• Heterogeneous Compute Resources

• Complex, Virtual Applications

• Programming Paradigms

• Workflow Management

• SaaS Portals

• VM Scheduling

• VLAN Management

• Service Level Agreements

• Monitoring

• Policy-Based System Management

• Local Fail-over

• System Integrity

© 2012 Open Grid Forum

Distributed Cloud Topics

• Distributed versions of many centralized cloud functions will be needed• Critical to minimize the impact of reduced bandwidth and increased latency

on these functions when running them across a distributed infrastructure

• If something can be run in a centralized manner, do so!• Avoid distributed execution whenever possible

• Topics• Distributed catalogs and discovery• Distributed workflow management• Distributed programming paradigms• Policy-based data management• Remote fail-over

© 2012 Open Grid Forum

Federated Inter-Cloud Topics

• Federated Identity Management• Semantic interoperability of user attributes, roles

• Trust Federations• Trusting other users and identity providers through compliance certification• Example: International Grid Trust Federation, www.igtf.net

• Virtual Organizations• VO-specific roles/attributes determine what a user can do within that VO• Unilateral policy enforcement by resource owners• A well-defined policy language over user and resource attributes to enable cross-

organizational polices

• Single Sign-On• Reuse of electronic identities

• Delegation of Trust• Secure, third-party operations

© 2012 Open Grid Forum

And Geoffrey Said:

• “You’re making things too complicated.”

© 2012 Open Grid Forum

Why Do We Need Inter-Clouds?

• NIST Requirement #5

• Data access and interoperability and integration• Disaster Response• B to B, Agency to Agency, Sovereign to Sovereign

• R&D groups

• Surge Pools

• Fail-over

• Agile Organizations

• Avoiding non-interoperable cloud “silos”

© 2012 Open Grid Forum

Barriers to Technology Adoption

• Complexity• Number of components

• Scale of Adoption• Necessary ”critical mass” of realize benefits

• Scale of Usefulness; Metcalfe’s law• Market timing, market readiness

• Cost to deploy and operate• Time, money and people• Economic self-sustainability

© 2012 Open Grid Forum

Approaches to Adoption

• Risk mitigation• Unilateral deployments• Incremental deployments• Abstraction – Simplification• Descope – what works for most cases

•Avoid complicating “corner cases”

• Quick-n-dirty• Packaging• Standardized functions and interfaces

© 2012 Open Grid Forum

What Makes Inter-Clouds So Complicated?What Makes Inter-Clouds So Complicated?

And What Can We Do About It?And What Can We Do About It?

Three broad categories:Three broad categories:

Security, Resources, DataSecurity, Resources, Data

© 2012 Open Grid Forum

Security

• Federated Identity Management• Semantic interoperability of user attributes, roles

• Trust Federations• Trusting other users and identity providers through compliance certification,

e.g., IGTF

• Virtual Organizations• VO-specific roles/attributes determining user authorizations• Unilateral policy enforcement by resource owners• A well-defined policy language over user and resource attributes to enable

cross-organizational polices

• Single Sign-On• Reuse of electronic identities

• Delegation of Trust• Secure, third-party operations

© 2012 Open Grid Forum

Resources

• Complex Apps – VM, storage containers and VLANs

• VLAN Management

• Service Level Agreements

• Monitoring & Eventing

• Accounting & Auditing

• Local and Remote Fail-over

© 2012 Open Grid Forum

Data

• Data Access and Integration

• Attribute-, Role-, and Policy-based Authorization

• Policy-based data management

© 2012 Open Grid Forum

Conclusions & Recommendations?

• What adoption and simplification techniques could/should be applied to all of these capabilities?• ??• ??• ??