By Pankaj Maru
Cloud computing has been growing steadily across the globe, including India. Enterprises and organizations have adopted cloud in different ways based on their business models, needs and financial imperatives. However, there are multiple concerns and doubts over cloud standards. CIOs are worried whether they will be able to switch from one cloud provider to another, migrate data safely to and back from the cloud, shunt between public, private and hybrid clouds, etc.
Express Computer takes a look at some of the prominent standards bodies and alliances on cloud computing and asks experts and CIOs about the prevailing concerns.
According to a technical note titled The Role of Standards in Cloud-Computing Interoperability by Grace Lewis of Carnegie Mellon University’s Software Engineering Institute, there are several cloud standardization projects. Some of these projects focus on standardizing parts of a cloud-computing solution such as workloads, authentication, and data access.
Other efforts focus on standardizing how the parts should work together as a solution. The Cloud Standards Coordination Wiki maintains a list of some of these projects (cloud-standards.org). Let us briefly look at some of the efforts related to cloud standardization, interoperability and security:
Distributed Management Task Force (dmtf.org):
An industry body formed in 1992, the organization’s board comprises representation from 17 companies, including AMD, Broadcom, Cisco, EMC, Fujitsu, IBM, Intel, Microsoft, Oracle, VMware and others. DMTF’s Cloud Management Initiative is focused on developing interoperable cloud infrastructure management standards and promoting adoption of those standards in the industry.
There are several working groups under the initiative, all working toward achieving interoperable cloud infrastructure management between cloud service providers and their consumers and developers. Previously, among others, DMTF has developed the OVF (Open Virtualization Format).
Cloud Standards Customer Council (cloud-council.org):
Formed as a group under the Object Management Group, a US-based non-profit trade association, its mandate is to “separate the hype from the reality on how to leverage what customers have today and how to use open, standards-based cloud computing to extend their organizations.” It is an end-user advocacy group that aims to accelerate the successful adoption of cloud. Besides complementing existing cloud standards efforts, it shares best practices, patterns, case studies and standards roadmaps. Its founding members include IBM, Kaavo, Rackspace and Software AG.
Institute of Electrical and Electronics Engineers (ieee.org):
The world’s largest association of technology professionals, Eye-Triple-E (as it is called) needs no introduction. The institute, under its Cloud Computing Standards Committee, has developed what are known as IEEE P2301 and IEEE P2302. The former refers to the Guide for Cloud Portability and Interoperability Profiles (CPIP) and the latter to the Standard for Intercloud Interoperability and Federation (SIIF). These seem to be still evolving, as on its website, the institute is inviting people to get involved in their development.
Cloud Security Alliance (cloudsecurityalliance.org):
As is evident from the name, the mission of this association is “to promote the use of best practices for providing security assurance within cloud computing, and provide education on the uses of cloud computing to help secure all other forms of computing.” A non-profit, member-driven organization, it is believed to be working on Version 3 of the Security Guidance for Critical Areas of Focus in Cloud Computing.
OpenStack (openstack.org):
Often cited as the de facto standard for building open-source clouds, it is supported by over 150 companies that have contributed to or adopted the platform in various ways. According to the OpenStack website, its goal is “to produce the ubiquitous open source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable.”
With these and many more efforts in defining or propagating cloud standards and interoperability, it would seem that all is well in the world of cloud computing. But that is not so. One reason is that multiple efforts are creating either confusion or complexity in the market. Another could be that there are vested interests of large vendors in supporting or pushing one standard or practice over another. Further, being still nascent in terms of wider and deeper adoption, especially in hybrid and private clouds, we are yet to see the full implications of cloud interoperability.
According to the OpenStack website, its goal is “to produce the ubiquitous open source cloud computing platform that will meet the needs of public and private cloud providers regardless of size, by being simple to implement and massively scalable.”
With these and many more efforts in defining or propagating cloud standards and interoperability, it would seem that all is well in the world of cloud computing. But that is not so. One reason is that multiple efforts are creating either confusion or complexity in the market. Another could be that there are vested interests of large vendors in supporting or pushing one standard or practice over another. Further, being still nascent in terms of wider and deeper adoption, especially in hybrid and private clouds, we are yet to see the full implications of cloud interoperability.
She however adds that developing standards is a time-consuming, lengthy process. “Once a standard is published, it also requires acceptance and adoption. Good examples of active standards and interoperability work can be seen from the U.S. based NIST (National Institute of Standards and Technology) and the formation of the Cloud Computing Innovation Council for India (CCICI) recently. Both demonstrate efforts promoting standardization and interoperability,” she says.
Areas of concern
“Cloud computing is following the technological standards but standards are needed for interoperability, cloud service and service level agreements (SLAs), common management and policies; concerns over data security are critical,” he says.
Shankar shares concerns other than standards and security. “There is lack of licensing policy to support the cloud model and for taking enterprise applications onto the cloud,” he says.
Explaining the role of ISVs (independent software vendors) that offer cloud-based products and services, he says, “In recent times, the ISVs are coming up with cloud-based products and services but the service providers have still not come forward with appropriate solutions for critical domains like BFSI, telecom or manufacturing. And that is the route for most CIOs to go.”
Grise of IEEE offers some advice to the CIOs trying to embrace the cloud. “I think CIOs need to expand their thinking and approach beyond traditional IT when it comes to the cloud by being open, nimble and flexible. They need to adopt cloud solutions that may comprise a combination of private, public and hybrid solutions.” She also emphasizes the need to collaborate with others to ensure interoperability.
Many Indian CIOs are already mixing and matching the cloud with their own IT environment. For instance, Mumbai-based Essar Group uses both private and public clouds: the private cloud is built in-house using Microsoft HyperV, VMware and Citrix technologies, while the public cloud runs with the help of Microsoft Azure and SAP SuccessFactor. Similarly, Chennai-based AM International Holdings, too, has opted for private and public clouds in different portions. What’s more, as a part of its overall IT strategy, the company is working on consolidating the infrastructure and offering the same on an Infrastructure-as-a-Service (IaaS) model to its group companies.
According to Shankar, lack of standards could hamper cloud adoption and could limit interoperability among cloud platforms, causing inconsistency in areas such as security. He feels that it would result in restrictions in interoperability between a private and a public cloud or between portability of services from one provider to another.
“As more and more players are coming in, I see interoperability as a point of concern. But for the cloud to be successful, it cannot remain that way for a long time. The adoption of PaaS and SaaS is falling in place but not at the pace of IaaS,” he says.
In his opinion, the issues around security, standards and interoperability will limit enterprises going to public cloud compared to private cloud, especially in the IaaS segment—where the adoption is growing amongst all lines of business, be it through partners or managed in-house.
Besides those concerns, the age-old complaint of vendor lock-in continues to play on CIOs’ minds even in the new era of cloud computing. “Customers do not want to be locked into a single cloud provider; they would like the freedom to move between clouds, ideally from public to private and back again. This would give customers the freedom to switch providers as their computing needs grow or shrink, and the ability to move applications and workloads around as their business requirements change,” points out Prabhu of Essar.
On their part, vendors are becoming sensitive to the issue and participating in efforts aimed at open cloud computing.
Ramachandran believes that organizations will need to implement a hybrid delivery strategy that leverages the right mix of cloud and traditional IT to optimize application, service creation and delivery.
He agrees that from an enterprise perspective, organizations are experiencing the impact of lock-in and want “greater democratization” of cloud. He is of course, quick to claim the company’s Converged Cloud offerings as the remedy for them. These, he says, provide enterprises “the essential foundation of technologies and services to confidently build, operate and consume IT across private, managed and public clouds.”
Other vendors in the cloud fray make similar claims. But it still remains to be seen how the CIOs in India test those claims and come to grips with the problems they are likely to face in their day-to-day cloud journeys. There’s a strong feeling among CIOs that vendors need to focus and work hard on establishing standardization rather than give marketing spiel.
“I personally believe that there is a lot to be proved by cloud technology. This implies that cloud technology providers should emphasize or rather work more toward its standardization rather than plunging in the market for attracting customers. This results in complete chaos that actually demerits cloud technology which I feel, is very unfair,” opines Prabhu.
The cloud story is just beginning to unfold. Watch this space.