NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
NIST Cloud Computing ProgramNIST Cloud Computing ProgramCurrent ActivitiesCurrent Activities
Robert Bohn, Ph.D.NIST Cloud Computing Program Manager
ETSI - Cloud Standards Coordination 5 December 2012, Cannes, France
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
OutlineOutline
• Roadmap Activities• Updates on PAPs/Working Groups
– SLA Guidance– Cloud Metrics– Cloud Broker
• Security RA• Standards Update
2
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program3
USG Cloud Computing Roadmap – USG Cloud Computing Roadmap – Volume IVolume I
Collaboration through public working groups & Federal Cloud Computing Standards & Technology Working Group
Intent is to leverage PAPs that are identified as complete or under way by cloud stakeholder community; some may fall within NIST scope
Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption;
Interoperability, portability, and security standards, guidelines, and technology needed to satisfy these requirements;
Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary self-tasking by the stakeholder community.
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program4
USG Cloud Computing Technology USG Cloud Computing Technology Roadmap requirementsRoadmap requirements
R 1: International voluntary consensus based interoperability, portability and security standards (interoperability, portability, and security standards)R 2: Solutions for high priority Security Requirements (security technology)R 3: Technical specifications to enable development of consistent, high quality Service Level Agreements (interoperability, portability, and security standards and guidance)R 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and technology)R 5: Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology)R 6: Technical security solutions which are de-coupled from organizational policy decisions (security guidance, standards and technology)R 7: Defined unique government regulatory requirements, technology gaps, and solutions (interoperability, portability and security technology)R 8: Collaborative parallel strategic “future cloud” development initiatives (interoperability, portability, and security technology)R 9: Defined and implemented reliability design goals (interoperability, portability, and security technology)R 10: Defined and implemented cloud service metrics (interoperability and portability standards)
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program5
USG CC Roadmap – Volume IIUSG CC Roadmap – Volume II
Reference Architecture & Taxonomy•Recommend Industry Mapping so that USG agencies & others can more easily and consistently compare cloud services•In parallel, support formal standards development process leveraging the reference architecture
Standards•Provide avenue for USG agency engagement•Continue standards roadmap
Target Business Use Cases & SAJACC•Expand initial use case set & use SAJACC to identify gaps
Security•leverage working groups to finalize special publication focusing on challenging security requirements•Continue technical advisor role – e.g. FedRAMP, continuous monitoring, conformity assessment system
Use collaboration through public working groups & Federal Cloud Computing Standards & Technology Working Group to continue to validate findings
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
USG CC Roadmap – Volume IIIUSG CC Roadmap – Volume III
• BUILDS ON the first two volumes of the USG Cloud Computing Technology Roadmap
• IS FOR USG agency technical planning and implementation teams - AND ANYONE ELSE THAT FINDS IT USEFUL
• HAS A GOAL to inform decision makers regarding questions and decision factors in the context of Cloud Computing use cases
•DESCRIBES HOW to leverage the Federal Cloud Computing Strategy Decision Framework for Cloud Migration and the collaborative NIST Cloud Computing Program work
6
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Decision FrameworkDecision Framework
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program8
16 aspects…16 aspects…
• Provision– Aggregate demand– Integrate services– Contract effectively– Realize value
• Manage– Shift mindset– Actively monitor– Re-evaluate periodically
• Selection– Efficiency– Agility– Innovation– Security Requirements– Service characteristics– Market Characteristics– Network infrastructure– Government readiness– Technology lifecycle
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Application CategoriesApplication Categories
• Collaboration Tools• Planning/Management Tools• Web Server/Content Management• Identity Management• Document Retrieval/Library System
• PaaS• IaaS
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Next Steps for PAPs/Working GroupsNext Steps for PAPs/Working Groups
• Goal 1 - Requirement 3: Address “Technical Specifications for High-Quality Service-Level Agreements”.
• Goal 2 - Requirement 10: Address “Defined & Implemented Cloud Service Metrics”.
• Goal 3 -Advanced Actor Analysis - To further the discussion on the roles of and interactions of cloud computing actors (consumer/auditor/broker/carrier).
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program11
SLA TaxonomySLA TaxonomyChair: John Messina (NIST) and Ken Stavinoha (Cisco)Purpose: Address Roadmap Requirement 3 on Service Level Agreements (SLA)s
Goals:•Create a mindmap/taxonomy identifying the major elements that should appear within a high-quality SLA.•Write report on how to create high-quality SLA
Status:•Mindmap/taxonomy draft complete (available on NIST CC twiki public website)•Report draft complete (available on NIST CC twiki public website)
Moving Forward:•Establish Federal SLA collaborative activities•Submit material to international standards bodies for further development
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Mind Map of a Master Service AgreementMind Map of a Master Service Agreement
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Contents of SLAContents of SLA
Business Level Objectives•Roles & Responsibilities•Requirements•Operational Policies•Continuity•Limitations•Financial•Glossary of Terms
Service Level Objectives•Resources•Performance Indicators•Service Deployment•Service Management•Description•Security•Privacy
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Cloud Business RequirementsCloud Business Requirements
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Performance IndicatorsPerformance Indicators
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Cloud MetricsCloud MetricsChair: Frederic J. de Vaulx and Steve Woodward (CloudPersectives)Purpose: Address Roadmap Requirement 10 on Cloud Metrics
Goals:•Improve consistency & terminology to facilitate valuable comparative analysis•Create a framework to help clarify measures, definitions and collection methods•Align with the roadmap high priority goals like SLAs
Status:•Cloud reference and description list (available on NIST CC twiki public website)•Draft concept model for cloud metrics, measures and usages (available on NIST CC twiki public website)
Moving Forward:•Present the concept model to organizations involved in cloud metrics•Write the Cloud Measure document based on the draft outline
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Cloud MetricsCloud MetricsWork Areas & Priorities
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program18
Goal 3: Advanced Actor Analysis –Goal 3: Advanced Actor Analysis –Cloud BrokerCloud Broker
Cloud Broker Intermediate Cloud Service Provider
• dd
• Consumer accesses multiple provider services through a single broker interface
• The Cloud Consumer retains visibility into the cloud service providers they use
• Intermediary uses additional providers as invisible components of its own service, presented as integrated offering
• No consumer visibility into or control over additional cloud providers
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
The NIST Cloud Computing Reference ArchitectureThe NIST Cloud Computing Reference Architecture19
Cloud CarrierCloud Carrier
Cloud AuditorCloud
Auditor
SecurityAudit
SecurityAudit
Privacy Impact Audit
Privacy Impact Audit
Performance Audit
Performance Audit
Cloud Service
Consumer
Cloud Service
Consumer
Cloud Service ProviderCloud Service Provider
Physical Resource Layer
Hardware
Facility
Resource Abstraction and Control Layer
Service Layer
IaaS
SaaS
PaaS
Cloud Service Management
Cloud Service Management
Business Support
Business Support
Provisioning/ConfigurationProvisioning/Configuration
Portability/Interoperability
Portability/Interoperability
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Physical Resource Layer
Hardware
Facility
Resource Abstraction and Control Layer
Service Layer
IaaS
SaaS
PaaSSoftware as a Service
Platform as a Service
Infrastructure as a Service
Cloud Provider
IT Infrastructure/Operation
ApplicationDevelopment
Biz Process/Operations
App/Svc Usage
Scenarios
App/Svc Usage
Scenarios
App/Svc Usage
Scenarios
App/Svc Usage
Scenarios
Develop, Test, Deploy and Manage
Usage Scenarios
Develop, Test, Deploy and Manage
Usage Scenarios
Create/Install, Manage, Monitor Usage Scenarios
Create/Install, Manage, Monitor Usage Scenarios
NIST Security Reference ArchitectureNIST Security Reference Architecture20
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
Draft NIST CC Reference ArchitectureDraft NIST CC Reference Architecture
Cloud ConsumerCloud Consumer
Cloud ProviderCloud Provider
Cloud Service Management
Cloud Service Management
Cloud CarrierCloud Carrier
Cloud AuditorCloud Auditor
Cloud Consumer
Cloud Consumer
Provisioning/ConfigurationProvisioning/Configuration
Portability/Interoperability
Portability/Interoperability
SecurityAudit
SecurityAudit
Privacy Impact Audit
Privacy Impact Audit
Performance Audit
Performance Audit
Business Support
Business Support
Physical Resource Layer
Hardware
Facility
Resource Abstraction and Control Layer
Service Layer
IaaS
SaaS
PaaS
Cloud Orchestration
Cross Cutting Concerns: Security, Privacy, etc
Cloud BrokerCloud Broker
Service Intermediation
Service Intermediation
Service Aggregation
Service Aggregation
Service ArbitrageService
Arbitrage
21
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program22
NIST Security Reference Architecture –NIST Security Reference Architecture –formal modelformal model
22
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program23
ISO/IEC JTC 1 Information Technology
SC 27IT security techniques
IECISO
ISO TC 68Financial services
SC 7Software &
systems engineering
SC 38Distributed application platforms &
services
SC 2Financial Services, security
PSDOIEEE
W3COASIS TCGOMG SNIA
OGF CAOCC
ATIS CSA Kantara TIA
Cloud Computing Standards DevelopersCloud Computing Standards Developers
ITU-TIETF
SG 17
Security
SG 13Future networks including mobile
and NGN
SG 11Signalling
requirements, protocols and test
specifications
JTC 1 PAS Submitters
others
Key: PSDO = Partner Standards Development Organization; PAS = Publicly Available Specification; = private sector, national member-based international standards body; = UN agency, member state-based international standards body;
= international consortium standards developer
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
NIST SP 500-291 RecommendationsNIST SP 500-291 RecommendationsAccelerating Development and Use of Cloud StandardsAccelerating Development and Use of Cloud Standards
Contribute Agency RequirementsParticipate in Standards Development Encourage Compliance Testing to Accelerate Technically Sound Standards-Based DeploymentsSpecify Cloud Computing StandardsUSG-Wide Use of Cloud Computing StandardsDissemination of Information on Cloud Computing Standards
• Contribute Agency Requirements• Participate in Standards Development • Encourage Compliance Testing to Accelerate
Technically Sound Standards-Based Deployments• Specify Cloud Computing Standards• USG-Wide Use of Cloud Computing Standards• Dissemination of Information on Cloud
Computing Standards
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
New Topics for ConsiderationNew Topics for Consideration
• Accessibility• Conformity Assessment• Performance• Reliability• Forensics• Law Enforcement• Education
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program
NIST Cloud Computing Special Publications
• CC Standards Roadmap ……………………..500-291• CC Reference Architecture………………….500-292• USG CC Technology Roadmap Draft......500-293
• Guidelines on Security and Privacy …….800-144• Definition of Cloud Computing …………..800-145• CC Synopsis & Recommendations……....800-146
Searchable as “NIST SP xxx-nnn”
NIST Information Technology Laboratory Cloud Computing ProgramNIST Information Technology Laboratory Cloud Computing Program27
ContactsContacts
NIST ITL Cloud Computing Home Page http://www.nist.gov/itl/cloud
NIST Cloud Computing Collaboration Site (twiki)http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing
Dr. Chris [email protected]. Robert Bohn [email protected] Messina [email protected]. Michaela Iorga [email protected] Sokol [email protected] Hogan [email protected] Simmon [email protected] de Vaulx [email protected]
Acting SESProgram MgrRA/Tax Co-ConvenerSecurityStandardsStandardsVolume IIIMetrics