Position Papers. 27 & 28 February 2013 Brussels, Belgium. Cloud for savings, Cloud for quality

Transcription

1 Cloud for savings, Cloud for quality 27 & 28 February 2013 Brussels, Belgium Position Papers #cloudscapev

2 Contents Welcome...3 The European Cloud Strategy...5 SIENA Roadmap Supporting an open standards-based transition to the Cloud...6 Message from Our Sponsors...9 Microsoft...9 IEEE Cloud Computing...10 CLOUD4SOA...11 CIRRUS Sustainable Clouds for a globalised research environment Cloud4Science - Empowering the Research Community Developing Clouds for e-science and government in Europe Federating Private and Public Clouds to support researchers in the European Research Area The Uber Cloud Experiment...19 GRNET s Cloud Services for Greek research and higher education community Cloudscape V - Position papers European R&D Success Stories...23 Cloud4SOA - Bringing Interoperability & Portability to PaaS The European Telecom Sector in the Cloud Computing Landscape...25 Why use Optimis? Helix Nebula - Selected by HPC in the Cloud as Top Cloud Story New Business Opportunities The 7th Framework Programme - The Poison Chalice for SMEs Cloud Software & Security - Perspectives from Finland...33 From research to market - turning scientific results into business opportunities...34 Open Collaborative Models, Open Data, Big Data...36 Open Collaborative Models, Open Interfaces & Interoperability...36.

3 Addressing the market barriers to cloud adoption through best practices for security. & data protection...38 Cloud Computing: And then?...40 Catalysing an open data culture EUDAT - Supporting a Collaborative Data Infrastructure...43 A new paradigm to enable flexible and efficient data sharing without loss of control Leading by Example - Government cloud Services...47 UK G-Cloud Vision...47 goberlin - A service marketplace fo business and citizens The Resiliency, Dependability and Survivability of Cloud Computing...52 What s on the European Horizon?...53 Cloudscape V - Position Papers Future of a Consumer-Centric Cloud-based Application Platform...53 COMPOSE - A Collaborative Open Market...55 Ocean - Open Cloud for Europe, Japan and Beyonf...57 Trust, Security & the EC Certification Framework The double-edged sword of Cloud computing in Critical Information Infrastructure Protection Extended Position Paper on Legal Issues Spotlights on standards & interoperability OASIS Cloud Standards for Interoperable Trusted Cloud Deployments SNIA CDMI - The ISO standard enabling interoperability and data portability for. collaboration in the cloud IEEE - Cloud Computing - Accelerating the development of cloud computing and the global. cloud computing industry...68 OGF - Driving open standards adoption for applied distributed computing...75 The Distribute Management Task Force (DMTF)...75 Huawei - Industry perspectives on cloud standards in Europe...76

4 Welcome Cloud computing has enormous potential to boost innovation in Europe. But Europe has to become not just cloud-friendly but cloud-active, playing a leading role in providing value-add services and solutions. Cloudscape V truly advocates awareness of cloud computing, its benefits for the public and private sectors and the barriers that need addressing to ensure mainstream adoption. The Cloudscape agenda is inspired by the latest developments in European R&D, open data, open science, egovernment, SME innovation. Key issues explored include trust, security, certification, standards, interoperability and portability with strong commitment from standards groups and international partnerships. This year s Cloudscape is the fifth in a series of annual gatherings, now being taken forward as a self-sustained event. Since 2009 it has significantly grown in terms of visibility and attraction for different stakeholders, as can be seen from our Cloudscape V in numbers : 30 position papers contained in this Booklet. 25+ presentations on key cloud topics. 18 demos, including Cloud4SOA, VISIONCloud, CODE, EUBrazilOpenBio, Cloud4SOA, OCEAN, EGI, Huawei, OKEANOS, StratusLab, TiViT; Microsoft: Eye on Health, Eye on Earth, Venus C fire prevention, Symbiosis Centre for Distance Learning, Love Clean Streets. 20 posters, including Cloud4SOA, icordi, EUBrazilOpenBio, MODAClouds, e-fiscal, PaaSage, CHAIN, Cloud4SOA, CIRRUS, OCEAN, EGI, OASIS, IEEE Cloud Computing, Future Business Clouds, Multi-Cloud: Needs and Tools 7 media partners: Computer Weekly, CloudTweaks, EuroParlamento24, isgtw, esciencetalk, Supercomputing Online, O1Net 6 standards organisations: CSA, DMTF, IEEE-SA, OASIS, OGF, SNIA Europe 5 supporters: Digital Europe, ENISA, EuroCloud, NIST, VMWare Cloudscape V - Position papers 3 Cloudscape V focuses on the cost efficiency and high quality that cloud computing offers. Emerging trends include open data, big data, open collaborative models and new cloud solutions and business opportunities for Europe. Open, interactive discussions between the public sector, experts and user communities is central to the event with the sharing of practical experiences and best practices. The ultimate measure of success will be how IT services are delivered through more efficient services at lower cost, ensuring government, businesses, scientists and citizens profit fully from Europe s digital single market and a more sustainable environment is created. Key elements also underpinning the single Cloud market include harmonised data protection regulations and governance measures.

5 The event will also re-examine public policy and government responsibility requirements with the aim of creating a procurement market place and network. This approach is highly strategic for the European single cloud market by dynamically extending public sector IT by leveraging Open Data and cloud brokers while fostering best practices and greater transparency. New ways of serving the needs of Europe s researchers will also be explored, whether they work individually or in large collaborative settings, sharing open data for the common good. The workshop will zoom in on policies and initiatives fostering entrepreneurship and new services created by small businesses along with smart services empowering citizens while increasing collective awareness and participation. We would like to extend our thanks to Cloudscape V sponsors: Microsoft, IEEE Cloud Computing, Cloud4SOA and CIRRUS, all distinguished programme committee, chairs, speakers and panellists, EC representatives, and, of course, all the participants for making Cloudscape the high-quality event it is renowned to be. Cloudscape V - Position Papers 4

6 The European Cloud Computing Strategy Cloud computing has the potential to significantly cut users IT expenditure and to enable many new services to be developed. Using the cloud, even the smallest firms can reach out to ever larger markets while governments can make their services more attractive and efficient even while reining in spending. Cloud computing is still at a comparatively early stage, giving Europe a chance to act to ensure it is at the forefront of its further development and to benefit on both the demand and supply side through wide-spread cloud use and cloud provision. The Commission s Cloud Computing Strategy aims at enabling and facilitating wider adoption of cloud computing throughout all sectors of the economy in order to boost the productivity, growth and jobs. It represents a political commitment of the Commission and serves as a call on all stakeholders to participate in the implementation of the actions set out in the EC publication, Unleashing the Potential of Cloud Computing in Europe (September 2012). This document identifies three broad areas for action: Standards and certification - Cutting through the jungle of technical standards so that cloud users enjoy interoperability, data portability and reversibility is one of the aims of the strategy. Necessary standards need to be identified by The European Telecommunications Standards Institute (ETSI) has been tasked with identifying these standards. The Commission will work with the support of the European Network and Information Agency (ENISA) and other relevant bodies to assist the development of EU-wide voluntary certification schemes and establish a list of such schemes by Cloudscape V - Position papers Contract terms and conditions - Development of model contract terms to deal with issues not covered by the Common European Sales Law such as data preservation; data disclosure and integrity; data location and transfer, data ownership, direct and indirect liability change of service by cloud providers and subcontracting. Identifying and disseminating best practices for model contract terms is aspected to accelerate the take-up of cloud computing by increasing the trust of prospective customers. 5 Establishing a European Cloud Partnership (ECP) - bringing together industry expects and public sector users to work on common procurement requirements for cloud computing in an open and fully transparent way. The ECP aims at driving the first steps towards better public procurement of cloud services in Europe, based on common definitions of requirements and possibly eventually going as far as joint procurement across borders. This should make the public sector more effective, i.e. save money and do more with less, while it would also stimulate a European cloud industry. Pooling public requirements could bring higher efficiency and common sector requirements (e.g. ehealth, social care, assisted living, egovernment services) would reduce costs and enable interoperability. The private sector would also benefit from higher quality services, more competition, rapid standardisation and better interoperability and market opportunities for high-tech SMEs.

7 SIENA Roadmap Supporting an open standardsbased transition to the Cloud Interoperability of services and applications is a key concern because it broadens choice and ensures a level playing field for both service providers and users, driving competition and innovation. I am a fervent defender of interoperability and it is a priority of the Digital Agenda for Europe. Standards are key to achieve interoperability. However, standards sometimes take too long to long to develop in comparison to the speed at which the ICT world functions. The aim of the SIENA Roadmap is to reduce the time to reach consensus in distributed computing standardisation initiatives by focusing attention on the main challenges and charting the possible paths to follow. I therefore welcome the SIENA Roadmap and I invite all stakeholders to use it as a reference. Neelie Kroes, Vice-President of the European Commission Cloudscape V - Position Papers 6 The SIENA Roadmap (June 2012) identifies issues and makes recommendations regarding the adoption and evolution of open standards-based interoperable grid and cloud computing infrastructure (e-infrastructure) to support research in Europe. The vision for such a European e-infrastructure is to empower productivity of research communities through ubiquitous, trusted and easy trans-national access to services for data, computation, communication and collaborative work. Many of the general challenges to the adoption of cloud computing are shared by cloud-based e-infrastructures for research. These include cooperation and coordination to communicate requirements and participation in the standardisation process, security, education, legal issues and globalisation. Some considerations in the Roadmap therefore apply also to computing in industry and the public sector. The SIENA Roadmap recommendations constitute a Call for Action on all stakeholders involved in the development of European e-infrastructure. These recommendations have been divided into immediate short-term priority actions (a maximum of 12 months) and actions with a medium-term timeframe (a maximum of 3 years). Within this overall plan there is a role for governments where the trend towards procurement of commercial cloud services by the public sector (including research) will generate interest in standards. There is also an important role for industry to play in the international standards dialogue, implementation and certification processes, as well as in continued investments aimed at boosting European innovation. The most relevant actions for Cloudscape V are: Priority Action 1 Determine optimum deployments of cloud computing for research. Reviewing current deployments of cloud computing for e-research and the broader scientific user at various service levels (infrastructure-, platform-, software-, science-as-a-service) with a representative range of applications requires the collection of case studies, careful requirement analysis and interaction with infrastructure, standards, software and application stakeholders. The objective is to understand where emphasis should be placed and fosters impact assessment of ICT on the environment and the use of green technology, not only pure performance but overall efficiency.

8 Priority Action 2 Strengthen collaborative international dialogue for achieving interoperability and portability. It is imperative that the current standardisation dialogue be strengthened and widened to involve all stakeholders, including standards groups, cloud collaborative working groups, open source and commercial infrastructure providers, and other global and regional public sector institutions. Such a multi-stakeholder dialogue will guarantee adequate representation of all the needs to leverage the inherent strengths of each group to the benefit of the cloud computing environment in the international arena. A strengthened international dialogue is a foundation upon which to share respective case studies, best practices and achieve true interoperability and portability. To this end, the EC and European member state governments should include direct support for funded initiatives to participate in relevant international activities. Priority Action 3 Strive for a common approach for contributing to the European Digital Market. A common approach by European Member State public administrations is necessary to help citizens and businesses profit fully from the Union s single digital market. The contribution of e-research communities should be through the EC putting into place plans for long-term sustainability and re-use of assets from distributed computing initiatives. A condition for approval of future initiatives should be the creation of reusable assets, including potential uptake by European government, industry and research. Attention needs to be paid to avoiding multiple independent parallel developments offering almost identical functionalities, and recognise that these developments can also span diverse areas such as transport, energy and health. Priority Action 4 Expand support for efforts by distributed computing infrastructures (DCIs) to provide mechanisms to federate across multiple cloud suppliers. A major near-term initiative, supported by the EC, is required to enable federation across multiple globally located cloud providers, including SME providers, to support European participation in global research enterprises. This participation must build on the participation of European communities to develop and implement the necessary standards, adopt the software profiles and a common administrative framework. EGI has created the Federated Cloud Task Force to work on the required standards for the transition to cloud-based services in collaboration with other European distributed computing initiatives. Priority Action 5 Introduce measures to provide open access to all relevant standards documentation. The standards groups producing open standards should be actively encouraged by the EC to share information and documentation about their standards work to avoid duplication of effort and provide better understanding to the different communities seeking to use their standards. The ready availability of open standards for whoever wishes to use them is necessary to support the procurement process by reducing the risk of becoming dependent on a single vendor. Vendors will implement standards if they are listed as technical specifications in calls for tender by public sector customers. One way of achieving this action would be to build on current plans of the EC s ADMS project on sharing repository metadata, which are very relevant to this need. Priority action 6 Introduce business models for use of clouds by research. A set of common business models for the use of cloud computing by research communities is required. Certain special cloud services and properties are required for the effective use of cloud for research that are not driven by e-government or business applications. In some cases no good solution may be available, e.g. long-term data curation. There is general agreement that much research data must reside in the cloud but there is currently no Cloudscape V - Position papers 7

9 Cloudscape V - Position Papers business model to support long-term sustainability and government funding alone is not expected to be sufficient. Priority Action 7 Review public sector procurement regulations. It is very important for distributed computing infrastructures to liaise with governments to support large research-optimised private clouds. A close examination of existing European and national public sector procurement regulations is necessary to identify and remove any barriers to the procurement and re-use of DCI assets by public sector organisations before these projects close. Issues that need addressing include: should there be an open tender process to purchase any of the assets? Could an overarching framework contract be put in place to handle the disposal of assets? Will the increasing trend for public sector procurements demanding solutions that use open source be an obstacle for projects that have used proprietary or non-standard approaches. Priority Action 8 Re-use tangible and intangible assets produced by distributed computing infrastructures. Funded projects should aim to produce tangible assets that can be made available to other parts of the public sector, SMEs and industry, thus protecting assets in the short to longer term. Promotion of re-use of assets should be supported by both the projects and funding organisations to reap full potential. Wherever possible, the package should indicate the scope, transparent re-use procedure and maturity of individual assets as part of the sustainability. Publicly available asset packages should be a prerequisite of all future projects funded by the EC, appropriately furnished with practical guides. 8

10 Message from our Sponsors Microsoft Cloudscape V - Position papers 9

11 Get Involved with the IEEE Cloud Computing Initiative Sponsors of the Networking lunch & exhibition Cloudscape V - Position Papers Cloud Computing has widespread impact across how we access today s applications, resources, and data. The IEEE Cloud Computing Initiative (CCI) intends to lead the way by collaborating across the interested IEEE societies and groups for a well coordinated and cohesive plan in the areas of big data, conferences, education, publications, standards, testbed, and dedicated web portal. Get involved The CCI offers many opportunities to participate, influence, and contribute to this technology. Contact us: cloudcomputing@ieee.org 10 Current opportunities Submit a paper or help organize at one of our conferences. Contribute an article to our new Transactions on Cloud Computing publication. Be a part of the P2302 standards working group for intercloud interoperability and federation. Save the Date Cloud Computing for Emerging Markets (CCEM), October 2013, Bangalore, India (cloudcomputing.ieee.org/ccem) Check out the Cloud Web Portal for the latest information on the CCI s activities.

12 CLOUD4SOA Cloudscape V - Position papers 11

13 Certification, Internationalisation, and Standardisation in Cloud Security (CIRRUS) The CIRRUS project aims to bring together representatives of industry organizations, law enforcement agen-cies, cloud services providers, standard and certification services organizations, cloud consumers, auditors, data protection authorities, policy makers, software component industry etc. with diverse interests in security and privacy issues in cloud computing. Cloudscape V - Position Papers 12 CIRRUS has the ambition to drive research projects and their results in direction of impact increase (policy, standards, market uptake etc.), and to help overcoming fragmentation still existing in cyber security research arena. The project is funded under the European seventh framework pro-gramme (FP7) and executed by a consortium of six partners from inside and outside the EU: Atos Spain, Cloud Security Alliance, Austrian Standards Institute, PKT (Turkey), IPA (Japan) and Grant Thornton Forensic and Investigation Services. The project is supported by an Advisory Board with representatives of companies such as Google, Microsoft and IBM. Additionally, the interests of the different stakeholders are covered by input of several special interest groups. The first CIRRUS event is held in conjunction with the Cloudscape series V event on 28 February 2013 in Brussels. The programme is available at Three more seminars are planned during the pro-ject s life span. We invite you to find out more on visit our semi-nars and get involved in our special interest groups. Stay updated via

14 Sustainable Clouds for a globalised research environment Cloud4Science Empowering the Research Community Dennis Gannon, Microsoft Focus Area & User Targets We are at the start of a data tsunami that is transforming every discipline of science. The data is coming from instruments of all types, digital records, surveys, and the World Wide Web. With increasing frequency, researchers need to share their data with colleagues or with large, multidisciplinary collaborations. As the data collections have grown, size has become a barrier to progress. While many areas of science are well supported by national supercomputer infrastructure, most are not. This long tail of science is huge and largely underserved. Cloud computing, based on massive, public data centres presents us with an opportunity to support community-based data collections and analysis tools as scalable services that can be accessed from any network device. This paper describes a business model that can sustain community data collections without dependence upon direct government funding. Cloud4Science ( is a new project we have begun to address this problem. In collaboration with several academic partners in Europe and the US, Cloud4Science initially focuses on dedicated services for the bioinformatics community. Its ultimate goal is to support a wide range of scientific communities with tools for data curation, discovery and analysis running as cloud services. Cloudscape V - Position papers 13 Relevant standards for interoperability and portability From the perspective of the commercial cloud provider the underlying technology, the programming and service APIs and contracting models are evolving very rapidly. Many of the details are being driven by large and small enterprises that are already using these online resources. In the case of interdisciplinary scientific research the greatest need for standards is in the area of data curation and harmonised metadata standards. The Open Data Protocol (OData - proposed Oasis standard is one step. The global Research Data Alliance (rdalliance.org) is another important activity we are following. In terms of scientific application portability across cloud platforms the IPython tools ipython.org run on all Linux and Widows based cloud deployments.

15 Public sector issues such as data preservation, privacy, transnational data flows and uniform procurement regulations are extremely important. While not addressed in this presentation, we fully support efforts to establish and harmonise these policies throughout Europe. Relevance to SIENA Roadmap Calls for Action This work directly relates to Siena Roadmap Priority Action 6 - Introduce business models for the use of clouds by research by enabling the effective use of dedicated cloud services and supporting long-term sustainability. Cloudscape V - Position Papers 14

16 Developing Clouds for e-science and government in Europe Gabriella Cattaneo, IDC Focus Area This presentation is based on the results of the study Clouds for Science and Public Authorities entrusted by the European Commission, DG CONNECT to IDC and TRUST-IT. The main goal of this study is to analyse the current and perspective development of cloud computing infrastructures for e-science and e-government in Europe, contributing to the development of an EU strategy for cloud computing in this field, as foreseen by the Digital Agenda for Europe (DAE). The ultimate goal of the study is to promote the development of cloud-based quality services to researchers, public sector employees and the public at large. This report builds on desk research, a wide range of interviews with key stakeholders and case studies in Europe and the world, collected in national profiles of cloud policies and initiatives for e-science and e-government for the 27 EU Member States and 14 other world countries. IDC s worldwide databases on cloud computing, HPC and technical computing were used to develop a forecast model of potential cloud demand in e-science. Relevance to the EC Cloud Computing Strategy The study results have highlighted the main problems to be solved concerning cloud e-infrastructures in Europe: a fragmented market with a variety of cloud policies and initiatives, little attention to scalability of initiatives, the risk of proliferation of standards and lack of cross-border interoperability. There is a strong potential demand for open, flexible and scalable computing resources, particularly to respond to peak and burst-type demand, which may not be completely satisfied by public cloud providers. On the other hand governments are looking for economies of scale and scope beyond national boundaries and cost efficiencies, while National Research and Education Networks (NRENs) and e-infrastructure providers are aware that they must find more sustainable business models - but this requires a change of mindsets. Given these multiple market and technical challenges, the EC has an important role to play in promoting the development of pan-european cloud e-infrastructures. Our study presents one overarching general recommendation, building on the consensus opinion by stakeholders and coherent with the spirit of the SIENA call for action: The EC should promote and sustain the spontaneous movement towards the integration and federation of clouds at the EU level, avoiding the risk of developing top-down infrastructures totally dependent on public funding and unable to adapt to the multidimensional characteristics of demand. Cloudscape V - Position papers 15 Relevant standards for interoperability and Portability Our study recommends that the EC supports the following actions, in order to promote the integration and federation of clouds in a European e-infrastructure: Promote and support cross-border interoperability of cloud products and services using open standards. Review procurement policies to enable the transition from CAPex to OPex.

17 Promote and enable the development of a European marketplace of connectivity and cloud services. Support efforts to federate resources and services across multiple cloud providers. Monitor and support OpenStack as an open collaboration model. Relevance to SIENA Roadmap Calls for Action Cloudscape V - Position Papers The main recommendations of the study are coherent with the SIENA Calls for Action spirit. In addition to those mentioned the study suggests the following actions: Promote the use of clouds across multiple scientific domains through the development of an ecosystem of value-added cloud services driven by demand, based on user-centric approaches, to narrow the gap between the supply and user communities. Require full costs assessments in research projects, supporting the consistent, comprehensive and business-case oriented analysis of cloud computing costs compared to other computing resources. Promote the evolution of e-infrastructure providers, supporting the evolution of organisational and management models towards user-centric business strategies. Create the next-generation of cloud enthusiasts, by supporting the change of mindsets and the development of the skills needed for sustainable cloud e-infrastructures. Promote the development of innovative SMEs developing cloud-based services, leveraging spin-off and start-up capability to develop the ecosystem of new cloud-based value added services. Promote the addition of Cloud Capabilities to the PRACE research infrastructure, to maximise the capability of HPC centres to meet unmet demand of computing for research. 16

18 Federating Private and Public Clouds to support researchers in the European Research Area Steven Newhouse, EGI.eu EGI s strategic plan (go.egi.eu/egi2020) describes how EGI will evolve and expand its services to support compute and data intensive research and education communities of all sizes. Part of this strategic plan is to develop and deploy a Cloud Infrastructure Platform, which is being built around of a federation of Infrastructure-as-Service Cloud Providers affiliated with EGI through national coordination bodies - National Grid Initiatives (NGIs). Building on a decade-long experience and legacy of supporting one of the largest and world s renowned research community, the Worldwide LHC Grid Community (WLCG), EGI is now preparing transitioning to offer a platform of federated services providing consistent access to infrastructure resources. This platform will be capable of supporting the complete spectrum of research communities of any size present in the public sector in Europe the so-called long tail of research. The EGI Cloud Infrastructure Platform is already playing a pivotal role in this endeavour. Relevance to the EC Cloud Computing Strategy The EGI Federated Clouds Task Force (FCTF) started in late 2011 and through the incremental design and technical architecture of the cloud test-bed, the FCTF is directly addressing and indirectly facilitating uptake within all three key action areas identified by the European Commission: Standards and certification By design, the FCTF relies on standards implemented by cloud management solutions and will ultimately enable an ecosystem of certifiable services that federated resource providers can adopt when joining the EGI federation. Contract terms and conditions By starting with the established trust models that EGI has developed in the academic sector, the FCTF will be able to move work and data across borders. From this foundation, EGI is investigating the conditions, constraints and requirements for pan-european Cloud service provisioning, service management and customer support within the research and education communities in Europe. European Cloud Partnership Technical integration between public sector and commercial cloud providers is being explored through the EC funded Helix Nebula project. Through this, EGI can provide substantial expertise and knowledge in a partnership of much wider scope. Cloudscape V - Position papers 17 Relevant standards for interoperability and portability EGI s Cloud Infrastructure Platform is built on the use of technical standards defining the interfaces and exchange points between the services exposed to the public. Of key importance to this architecture are the following cloud related standards: the Open Cloud Computing Interface (OCCI) as the universal and extensible interface description for the provisioning of virtualised computing resources; the Cloud Data

19 Management Interface (CDMI) describing the access interface to generic Cloud storage resources (both block and object storage resources); and the Open Virtualistion Format (OVF) as a declarative language for pre-packaged virtual server images and necessary contextualisation information. Furthermore, a number of complementary standards are used to integrate with EGI s Core Infrastructure Platform: X.509v3-based federated authentication is used for safe and secure identification for services and end-users; the Usage Resource (UR) is extensively used to account for resource usage (virtualised compute resources). The emerging TOSCA language is of interest for extending OVF with a richer deployment language across all Cloud deployment levels (IaaS, PaaS, SaaS). Relevance to SIENA Roadmap Calls for Action Cloudscape V - Position Papers 18 Action 1 - Determine optimum deployments of cloud computing for research: The FCTF is engaging with a number of scientific communities ranging from small, local communities to large European and international projects to understand optimal deployment patterns. Action 2 - Strengthen collaborative international dialogue for achieving interoperability and portability: by definition a federation of European academic resource providers, EGI relies on interoperability and portability. Action 3 - Strive for a common approach for contributing to the European Digital Market: through the IaaS federation, EGI is able to provide a common and consistent service delivery across Europe, complemented with national and local policies and procedures. Action 4 - Expand support for efforts by distributed computing infrastructures (DCIs) to provide mechanisms to federate across multiple cloud suppliers: The current test bed comprises four different IaaS implementations fronted by standards based interfaces hosted by over 12 different resource providers. Action 6 Introduce Business Models for use of clouds by research: EGI is exploring the technical and legal aspects of certain business models including its cloud resources. Action 8 Re-use tangible and intangible assets produced by distributed computing infrastructures: EGI is currently reviewing its service catalogue and, subsequently, its service portfolio in preparation for EU 2020.

20 The UberCloud Experiment Wolfgang Gentzsch, The UberCloud Initiative Focus Area The current field of application of my UberCloud ( activities is High Performance Computing (HPC) in the Cloud with a focus on SMEs in Manufacturing. The UberCloud HPC Experiment explores the end-to-end process for SMEs to access and use remote computing resource, learn about the roadblocks and how to overcome them. The HPC Experiment currently has over 330 participating organisations, and 59 teams are jointly porting and running end-user applications in the HPC Cloud. In studying this end-to-end process, and providing lessons learned and recommendations to the wider community, if successful, this will accelerate adoption of HPC in the Cloud especially for SMEs. Relevance to the EC Cloud Computing Strategy The major focus of our initiative is to investigate how we can achieve sustainability for HPC Cloud infrastructures, and more ambitiously sustainability of the wider HPC Cloud community of providers and consumers. Sustainability in the context of cloud infrastructures means the long-term maintenance of their services for the wider user and customer community. Researchers who have previously used their own limited resources are benefiting tremendously from clouds: for example, by avoiding long waiting times for their compute jobs; enjoying on-demand availability of resources; experiencing no peak-demand bottlenecks; having the best-suited resources always available at their fingertips; not having to deal with cumbersome procurements; and having no need to maintain their own expensive IT infrastructure. As with any EU-funded project in the past and the present, the huge challenge arises that an infrastructure project s deliverables should be maintained after the end of the project, when funding dries out. But where should the money come from to continue providing the novel infrastructure, software, and services to a wider community? Sure, the community could pay for these services, but where should that money come from? I see two major ways (and several derivatives) for this: First, to pay for it themselves, the users of these novel services could use the money they previously spent on existing (or precursor) services, which they then successively discontinue and replace by the new and better services. Second, one could find new user communities, which will also benefit from these novel services, for example industries. Certainly, there are more challenges for building sustainable clouds; in fact, to guarantee sustainability of the whole infrastructure, we have to ensure sustainability of individual areas, such as technology, operations, expertise, communities, collaborations, and the eco-political landscape. But, since the early days of grid computing, we have learned how to tackle many of these challenges. Cloudscape V - Position papers 19

21 Relevant standards for interoperability and portability The UberCloud HPC experiment currently has over 330 actively participating organizations from 29 countries, and 58 teams (industry end user, software provider, hardware/cloud provider, and HPC expert) are exploring the end-to-end process of accessing and using their end user s application and data onremote computing resources. Without standards there is no process alike: every resource provider has different access requirements and processes; every software provider offers different mechanisms for getting an ondemand license key; many ways exist to get your results back, but none is optimal; and the HPC application itself is most complex; no standards far and wide. All these areas require standards to enable wider use and greater acceptance of HPC in the Cloud. Relevance to SIENA Roadmap Calls for Action Cloudscape V - Position Papers We believe that our work in The UberCloud HPC experiment uncovers all kinds of challenges and dilemmas on the provider and on the consumer side, resulting in lessons learned and recommendations contributing to the early stage of definition for the right standards which will become a basis for a global cloud ecosystem fully integrated in our future businesses and lives. 20

22 GRNET s Cloud services for Greek research and higher education community Vangelis Floris, GRNET The Greek National Research & Education Network Focus Area GRNET is the Greek NREN responsible for providing a multitude of e-infrastructure services to the Greek Research and Academic community. Cloud computing and the provision of relevant services to Greek researchers is one of the major areas that GRNET is currently investing. GRNET is developing its own cloud solution named Okeanos. Okeanos (okeanos.grnet.gr) is an open source IaaS cloud software that provides a complete range of Cloud services: compute, storage, network, accounting, billing and security. The software is modular, comprising of a number of different components which can be independently deployed and exploited. Access to the services is provided through an intuitive user-friendly web interface as well as from command line tools. Currently the service is in testing phase and is by invitation only but will soon be available, free of charge, to the Greek Academic and Research Community. Relevance to the EC Cloud Computing Strategy Okeanos is also one of the two cloud platforms that provide resources to the CELAR EC-funded project ( CELAR is a three year STREP project that kicked-off on October 2012 with the aim of investigating and developing cloud elasticity solutions. The project is coordinated by Athena Research And Innovation Center In Information Communication & Knowledge Technologies, and Okeanos along with Flexiant s Flexiscale, provide the two software stacks that are being extended with dynamic resource allocation and elasticity capabilities. The technologies developed by the project will be showcased through two use cases: a cancer research workflow, which will be ported to Okeanos in collaboration with the Institute of Cancer Research, Royal Cancer Hospital UK, and a Social Game application developed by PlayGen Ltd. Cloudscape V - Position papers 21 Relevant standards for interoperability and Portability Programmatically, Okeanos offers a set of well documented proprietary REST APIs as well as standard APIs such as OpenStack Compute (Nova) and OpenStack Object Storage (swift compliant). Support for other standards is also under consideration, such as the Open Cloud Computing Interface (OCCI) and Cloud Data Management Interface (CDMI). Currently the software is in Alpha-2 version and ready to move to beta in the coming weeks. Nevertheless the software is already used to run a public cloud service, which has already attracted more than 1700 users and is hosting VMs.

23 Relevance to SIENA Roadmap Calls for Action The range of GRNET s cloud activities are complemented by the continuous support to the StratusLab open source initiative, which relates directly to the Priority Action 8 on Re-using tangible and intangible assets produced by distributed computing infrastructures (DCIs). StratusLab (stratuslab.eu) grew from an informal, academic collaboration in 2008 into a formal EC-funded project with the aim of developing an open source IaaS cloud distribution that investigated the relationship, opportunities and impact that the cloud paradigm is bringing to grid computing infrastructures. After the completion of the project, StratusLab continues as an open collaboration of institutes (CNRS, SixSq, GRNET, and TCD) and individuals that are committed to evolving the software and providing support for StratusLab sites and users. Cloudscape V - Position Papers 22

24 European R&D Success Stories Cloud4SOA Bringing Interoperability & Portability to PaaS Francesco D Andria, Atos Focus Area Cloud Platform as a Service (PaaS) is a novel, rapidly growing segment in the cloud computing market, offering an abstracted development and deployment environment that can simplify the life of a developer in any domain. However, unlike Infrastructure as a Service (IaaS), we are not dealing simply with raw compute and storage, but often a customised environment that builds on innovation more than IaaS commodity focused offerings. This brings to light larger complications in interoperability, and particularly for PaaS, the concept of application portability. Developers and SaaS providers can benefit greatly from PaaS, but are often weary of the making an all eggs in one basket investment in a particular platform as-a-service model, as well as the fear of finding themselves in a situation of vendor lock-in or incompatibility with other adopted solutions in parallel. This is where Cloud4SOA comes into play, interconnecting public and private platform vendors for the developer to help compare, manage and migrate between vendors. Cloud4SOA offers an open-source added value feature set for PaaS customers: developers and SaaS providers oriented towards SMEs, large industry or the public sector. PaaS providers can also leverage the benefits of being part of a larger ecosystem: gaining greater visibility and wider compatibility of third-party services via their existing API. Cloudscape V - Position papers 23 Relevance to the EC Cloud Computing Strategy As the European private and public sector continue to invest in cloud solutions, we are witnessing more advanced, mature scenarios arriving, such as orchestration, multi-cloud infrastructures or modular, open cloud stacks. Cloud4SOA advances this area by interconnecting platforms for added-value capabilities such as multi-platform management, comparative monitoring and application portability across collaborating or competing offerings. This empowers European SME and large enterprise developers, as well as up-andcoming PaaS providers with the same impact as the EC Cloud Strategy s focus on standards: interoperability, data portability and reversibility. While Cloud4SOA supports such future standards, it also provides a solution that works today. Beyond its initial capabilities, Cloud4SOA prepares for a wider potential as the PaaS segment of cloud computing evolves, pointing towards concepts such as the federation of multiple platforms and management

25 between hybrid use cases of public and private PaaS. We are already seeing this evolution with flexible open source platforms such as Cloud Foundry, appearing in both public/private implementations, and supported by a growing number of third-party services that leverage the ecosystem. Cloud4SOA helps to push this on a larger scale, not only across various implementations of a single platform, but also across multiple platforms and multiple vendors. Relevant standards for interoperability and portability Cloudscape V - Position Papers 24 The vision of cloud interoperability and portability shared by Cloud4SOA is often associated with standards. Our solution, however, leverages existing PaaS APIs and brings a harmonised layer and adapters to support its advanced feature set. It is a solution that works today. Looking forward, Cloud4SOA is modelled to be both standards-independent and standards-compatible. This seems to be a good bet in the fragmented landscape of cloud standards, in a market that looks for solutions ready for immediate deployment yet robust to adapt to tomorrow s landscape. Solving these challenges is not an either/or when comparing adapters to standards, but a balance of investment towards both. We see this echoed in the SIENA Roadmap, as well, where it calls for interoperability and portability as immediate priorities, yet the empowering standards are just not ready. We must provide an evolving solution. Standards might seem counterintuitive in the PaaS layer, where innovation is the driving force, unlike the commodity services of its IaaS cousin. Yet standardising basic management protocols can enable platforms to further focus on those innovative concepts, and allow ecosystem-empowered capabilities like those of Cloud4SOA to see a wider compatible market. Fortunately, PaaS standards development in this area is already taking shape. OASIS s CAMP standard ( Cloud Application Management for Platforms ) is one example, with its initial specification already released with support by platform industry partners. We feel that Cloud4SOA can benefit both from the standard by expanding our ecosystem, as well as help contribute to it with our multi-platform monitoring and portability assets.

26 The European Telecom Sector in the Cloud Computing Landscape Michel Dao, Orange Labs & VISION Cloud This position paper presents some ideas on the role of telecommunication operators (telcos) in the cloud computing market and how Orange is currently involved in actions relevant in today s Cloudscape. From a high level point of view, telcos can take different roles as regards cloud services: cloud carrier: telcos are already providing networks for connecting cloud customers to cloud data centres, and this is a key resource for all possible roles. In addition, telcos can take a more active role in offering cloud specific network offerings such as managed networks with Quality of Service and security guarantees. cloud service provider: most telcos already have a data centre infrastructure and experience in operating them (management of large amounts of data), also for regular hosting services. In addition, telcos have billing solutions that they can readily adapt to the cloud context. The network asset is important for offering an end-to-end service. Strategic partnerships with leading cloud players are necessary to develop and operate competitive cloud based services. This involves international partners as well as domestic partners in the corresponding operations. Long relationships with hardware, software and integrators are important relationships. cloud broker: telcos can use their service provider relationships and offer services possibly bundled with their own services if they also choose to play a cloud service provider role. In this case, partnership with 3rd party developers is an important asset. For this role, partnerships with marketing and sales are also needed. The billing systems and competence along with network assets are important key resources as telecommunication operators have control over part of the access means (ADSL/fibre, mobile network, and so on). Orange is starting to take on these different roles and is already providing products: VPN Galley service offered by Orange Business Services is one example of the cloud carrier role; Flexible Computing line of products proposes IaaS services to the business market; Le Cloud Pro is offering a portal to professionals where they can subscribe to services in SaaS mode. Orange s aim is to offer companies and consumers in the EU a high quality, secure means of access to services from environmentally efficient data centres, located in Europe such as Cloudwatt (joint company with Thalès). We will also ensure that our customers retain full ownership of their data files at all times and can easily secure their return or have their data deleted. Cloudscape V - Position papers 25 Relevance to the EC Cloud Computing Strategy Orange has a strong interest in boosting European public sector use of cloud technology and is involved in the European Cloud Partnership initiative through its Orange Business Services unit. Orange is also involved in a European Community support action proposal aiming at studying the obstacles in the adoption of cloud technology by public administrations and SMEs.

27 Relevant standards for interoperability and portability Cloudscape V - Position Papers The Storage Networking Industry Association (SNIA) is a part of the Orange Labs (Orange R&D centre) is participating in several standardisation bodies in the area of cloud technologies: ITU-T SG13 on architecture, SG17 on data privacy, ISO SC27 on data privacy and SC38 on architecture; Internet Engineering Task Force (IETF) on network; Cloud Security Alliance (CSA) on SLAs and with the Cloud Management Working Group of the Distributed Management Task Force (DMTF) on open APIs, where Orange Labs is contributing to Sirocco, the open source CIMI API. For instance, CDMI for cloud storage is used in VISION Cloud and some developments using Scality. The organisation elaborating CDMI (SNIA) is part of the VISION Cloud consortium. Open Source efforts that can develop as de facto standards are also closely monitored such as Openstack Swift, which Cloudwatt has chosen as basis of development for its cloud services. Within VISION Cloud project (FP7 Call 5), three telcos (Orange Labs, Telenor and Telefonica) are working together on the evaluation of the results of the project through a common telecommunication oriented use case development which demonstrates that its storage architecture can enhance the core business of many telecommunications companies through practical, real-world examples with a call centre service provided by one telco being taken to other companies. 26

28 Why use Optimis? Craig Sheridan, Flexiant Focus Area OPTIMIS aims at optimising IaaS cloud services by producing an architectural framework and a development toolkit. The optimisation covers the full cloud service lifecycle (service construction, cloud deployment and operation). OPTIMIS gives service providers the capability to easily orchestrate cloud services from scratch, run legacy apps on the cloud and make intelligent deployment decisions based on their preference regarding trust, risk, eco efficiency and cost (TREC). It supports end-to-end security and compliance with data protection and green legislation. It also gives service providers the choice of developing once and deploying services across all types of cloud environments private, hybrid, federated or multi-clouds. OPTIMIS simplifies the management of infrastructures by automating most processes while retaining control over the decision-making. The various management features of the OPTIMIS toolkit make infrastructures adaptable, reliable and scalable. Altogether, these lead to an efficient and optimised use of resources. By using the OPTIMIS toolkit, organisations can easily provision on multi-cloud and federated cloud infrastructures and allows them to optimise the use of resources from multiple providers in a transparent, interoperable, and architecture-independent fashion. Relevance to the EC Cloud Computing Strategy OPTIMIS is a software toolkit that infrastructure and service providers and end-users deploy in their data centres. It encompasses enabling technologies that are required for consumers to easily and efficiently use cloud functionality to their best advantage. It is a complement to cloud management, orchestration and application lifecycle management platforms. It gives service providers the capability to easily orchestrate cloud services from scratch and run legacy applications on the cloud. It helps them make intelligent deployment decisions based on their preference regarding trust, risk, eco-efficiency and cost (TREC). It gives them the choice of developing once and deploying services on best execution venues and across any type of cloud environments private, hybrid, federated or multi-clouds. End-to-end security, data protection and compliance with green legislation are supported by the Toolkit. Although the competition in the market is fierce, none of the identified competitor products cover the full range of OPTIMIS features. The most important attribute of OPTIMIS, the TREC framework, continues to be the key selling point along with the service orchestration features and catalogue of deployment options. Cloudscape V - Position papers 27 Relevant standards for interoperability and portability OPTIMIS uses the Open Cloud Computing Interface (OCCI) in conjunction with its Virtual Machine (VM) Manager component to provide interoperability across IPs. Used in conjunction with Open Virtualisation Format (OVF) to handle VM images in a standard way. OCCI and OVF provide a way to migrate and

29 subsequently deploy and start a virtual machine on another platform as well as carrying contextualised information within the OVF regarding how the service is formed. OPTIMIS Service Level Agreements (SLAs) can still be managed across this type of multi-cloud scenario by the use of WS-Agreement across other external SLA frameworks. To enable an OPTIMIS scenario to become an ecosystem of resources, POSIX is used to plug-in a distributed data system from both the Flexiant platform and from the OPTIMIS Data Manager component. SOAP/WSDL were used to offer API interfaces for the OPTIMIS Programming Model component to offer web services across multiple IPs as well as plugging in the Flexiant infrastructure as an OPTIMIS enabled platform. Relevance to SIENA Roadmap Calls for Action Cloudscape V - Position Papers The unique OPTIMIS TREC solution involves choosing an optimal target platform based on trust, risk, eco and cost data. It therefore aims at responding to Priority Action 1 determine optimum deployments of cloud computing for research. The dynamic data that is extracted from target platforms is used for the benefit of service providers and end users and can be weighted to fit their needs, ensuring an automated runtime solution. This can be used at runtime to dynamically manage the optimal platform for a service run, providing cross-platform scalability. This was proven using platforms in Scotland, Spain and Sweden. Despite using platforms with different hypervisors and cloud software, the OPTIMIS tools provide a common approach and methodology to achieve this. This solution has been developed to operate within a fully managed, SLA based OPTIMIS system with the legalities of handling data being analysed at every stage of operation as well as the related business models being published. 28

30 Helix Nebula Selected by HPC in the Cloud as a Top Cloud Story 2012 Maryline Lengert, European Space Agency & Michael Higgins, CloudSigma Focus Area Helix Nebula ( aims to pave the way for the development and exploitation of a Cloud Computing Infrastructure, initially based on the needs of European IT-intense scientific research organisations, while also planning the inclusion of other large and small stakeholders needs (governments, enterprise businesses and SME s, and individual citizens). The Cloud Computing Infrastructure will ultimately provide physical and organisational structures and assets needed for the IT-related operations of research institutions, enterprises, governments and society. The scale and complexity of services needed to satisfy the foreseen needs of Europe s IT-intense scientific research organisations are beyond what can be, or would be wanted to be, provided by any single company, and hence will require the collaboration of a variety of service providers. Helix Nebula intends to expand its activity beyond the initial pilot phase to become an open market place for science, where data, scientists, funding bodies, SMEs and downstream industry collaborate. Relevance to the EC Cloud Computing Strategy Helix Nebula has established a growing public private partnership of more than 30 commercial cloud providers and publicly funded research organisations. The Helix Nebula strategy is to establish a federated cloud service across Europe. Three high-profile flagships, sponsored by CERN (high energy physics), EMBL (life sciences) and ESA (earth science), have been deployed and extensively tested across a series of cloud service suppliers. The commitments behind these initial flagships have created a critical mass that attracts suppliers to the initiative, to work together and make investments. An initial analysis of the procurement methods of the users and suppliers has been performed and a number of candidate business models highlighted that could ensure the sustainability of the initiative. The transparency of pricing of services will contribute to a more effective market and allow the users to complete a factual comparison of the cost of cloud services compared to the use of in-house resources. The public-private governance model has been expanded by refining the roles of the suppliers to an array of activities that will contribute to growing the initiative into an ecosystem of services. The need for demonstrable security combined with ease of access is one of the key reasons for taking such a structured approach to the federation required, in both technology and service aspects. That model should also ensure that the potential exists for innovative services, whether from currently-participating suppliers of other organisations (e.g. SMEs) sitting on top of that set of service. Cloudscape V - Position papers 29

31 Relevant standards for interoperability and portability Within the Helix Nebula Consortium, links have been established with DANTE and a number of NRENs so that the commercial data centres around Europe have been accessed by the user organisations via the GÉANT network. These deployments and tests have revealed a series of gaps in the current set of offerings on the cloud market and the appreciation that the best means of promoting Europe s leadership is to create an open standards based multi-vendor federated market which will allow the diversity of Europe s suppliers to compete with current big players on the global public cloud computing market. Based on the experience gathered from the proof of concept deployments, Helix Nebula s technical architecture group has defined a federated cloud architecture to enable an open platform for science innovation. EGI.eu is contributing to the development of the architecture so that the EGI publicly funded e-infrastructure could be interfaced with Helix Nebula. The services architecture team are also in communication with groups such as the ODCA ( who are trying to establish user-requirement-driven standards across the whole cloud industry. Cloudscape V - Position Papers 30 Relevance to SIENA Roadmap Calls for Action At the end of 2012, Helix Nebula opened a call for new flagship use cases to be brought on-board. These proposals have been scrutinized according to agreed criteria. A limited number of flagship applications from more research disciplines that will stretch the functionality and impact of Helix Nebula have been identified for deployment during the second half of These deployments will build on the experience gathered during the earlier proofof-concept deployments for the initial flagships and will benefit from the creation of common interfaces with multiple commercial cloud service providers. Around half of the existing and new flagships also foresee a role for smaller but higher-added-value contributors (e.g. SMEs), who can complement the services from the major suppliers and open up whole new opportunities and markets for the resulting services. Specifically, for what concerns the SIENA Roadmap Immediate Priority Actions: Action 1 - Determine optimum deployments of cloud computing for research: Helix Nebula is testing deployment of cloud computing for a range of scientific research applications; Action 2 - Strengthen collaborative international dialogue for achieving interoperability and portability: Helix Nebula has been requested to extend its activities to international research groups active in countries beyond Europe; Action 3 - Strive for a common approach to contributing to the European Digital Market: Helix Nebula is helping shape a common platform for public sector cloud computing across the Europe; Action 4 - Expand support for DCI efforts to provide mechanisms to federate across multiple cloud suppliers: One of Helix Nebula s key objectives is to bring together many cloud suppliers into a federated cloud market; Action 5 - Introduce measures to provide open access to all relevant SDO standard documentation: many of the applications being considered by deployment with Helix Nebula want to provide open access to their datasets. Action 6 - Introduce business models for use of clouds by research: The EC support action within Helix nebula is specifically studying business models and a recent deliverable (D7.1) shows the earlier analysis of what appears to be feasible. Action 7 - Review public sector procurement regulations: The procurement approaches for the publicly funded research organisations are discussed in the above-mentioned deliverables D7.1. Action 8 - Re-use tangible and intangible assets produced by DCIs: Interoperability with existing DCIs, notably GEANT and EGI, are part of the Helix Nebula activities.

32 New Business Opportunities The 7th Framework Programme The Poison Chalice for SMEs Tabussam Sharif, Flexiant Who is Flexiant? Our heritage in the service provider and cloud industry stretches back to Originally developed by hosting company XCalibre Communications for its own customers, our technology was designed specifically with the needs of service providers in mind. This technology also allowed us to launch Europe s first cloud platform in A New Beginning Until our first foray into the wilderness of FP7 back in 2009, we had never heard of this funding programme and our investigations had led us to believe that this was the domain of academia and large corporations. These were the organisations with the manpower and capacity to take on the mammoth task of the paperwork, paperwork and more paperwork!! Coerced into joining our first Consortium and submission, we jumped in head first, with the guys from Optimis. Our guide and mentor, Josep Martrat (Atos) helped us to take our first tentative steps into the dark arts of FP7. The then FP7 quickstart guide for SME s was only a mere 127 pages, and our submission draft only starting out in excess of 150 pages. What on earth were we thinking? Once word got out that an SME had elected to join the FP7 community, word spread like wild fire and we had requests fired at us left right and centre. Not a day would go by when we would not be approached by a consortium making a bid for FP7 glory! The attention was overwhelming; we had gone from obscurity to fame overnight. Everybody knew who we were, we had gone from Nerdy Scotsmen to being a household name in the FP7 community in a matter of a few weeks and people wanted our opinion and furthermore listened to our perspectives. It was fabulous, demand was unprecedented and we were taken aback with the attention. That first year we were part of 14 submissions of which 3 were successful - Optimis, 4CAAST, Cumulo, Nimbo. DOWs, CAs A2 Forms, PIC numbers, all these tasks came flying in thick and fast, the amount of work was overwhelming, the instruction and how to guides were extremely unclear, we were the 1 year old taking our first steps and falling over constantly to the left and the right. The trips to the kick off meetings, conference calls and face-to-face meetings started to take their toll. The realisation that tasks we expected to be completed in a matter of 7 10 days were being scheduled to be completed in 6 months. Tasks assigned in the DOW, the bible of the project although held true, the distribution and expectations of who was going Cloudscape V - Position papers 31

33 Cloudscape V - Position Papers 32 to carry out the work was flawed and actually did not always fall as expected. We learned the hard way that to academia and the research departments of large corporations, FP7 are their soul and lifeblood. Without FP7 revenue, driving forward technology and levelling the playing field from a technology perspective, this would be limited to those corporations with revenue streams large enough to run vast R&D departments. To these guys FP7 research was their lives and these individuals were recognised for successful projects and scorned for their failures. These guys live, eat and sleep FP7!! Regaling stories over consortium dinners, people were shocked and horrified to hear that not only do we participate in FP7 projects, but that we actually have day jobs as well! OMG how do you cope? What do you have to do? How do you deal with customers? The severity of our situation began to sink in, when we were in over our heads and the demands of the projects began to take its toll. Disagreements, heated conversations, disbelief at being asked to carry out tasks not assigned to us and demands on infrastructure that were beyond initial agreements. The times were hard but perseverance and the ability to adapt quickly, a speciality of SMEs, led us to participate in a further 3 FP7 projects - MODACLOUDS, PaaSage and CELAR. As we near our final few months of our first 3 projects, I offer these thoughts to prospective SME applicants for European funding: 1. Consider and map out your business roadmap before you even think about it. 2. Only look at calls that align with your business direction. 3. Remember you are only funded at 60% 4. The maths to work out how much and when you will be paid and the red tape seems daunting IT IS! 5. Do not be fooled, this is probably the hardest thing to participate in for an SME. 6. YOU still have a business to run! Is it a poison chalice? YES!! There are politics, bullying, backroom arguments and drooping shoulders! Nothing you would not find in the best of soap operas. BUT - The redeeming factors are that you get paid and are provided with assistance to carry out the work you have planned for in your business road map, by some of the best people you could ever meet! The pan European recognition of your business is priceless. Brand recognition, people and students know and learn about you and what you stand for. Access to large corporations on a level playing field. Product validation from the scientific community. Summary Say what you may, the chalice is truly a poisoned one, the work is excruciatingly time consuming and the paperwork never ceases, but align yourself with the right project consortium and the outcome will exceed even your highest expectations.

34 Cloud Software & Security Perspectives from Finland Janne Järvinen, F-Secure Corporation The Cloud Software Finland ( is the largest ICT related industrial research initiative in Finland funded in recent years with a total budget of 60 million over four-years. F-Secure acts as the steering company of this initiative, which brings together 22 companies and 8 research institutions with the aim of creating new business activity in Finland in the value chains of internet services and in the areas of sustainable development, user experience and information security. Business success stories include doubling and tripling growth and making considerable cost savings in just a few months by streamlining procedures. The Cloud Software programme has also succeeded in creating a new ecosystem that focuses on the most profitable cloud services. The programme has applied the agile development methods of the software industry in collaboration with companies and researchers. Client-centred approaches enable the rapid creation of added value for partners, demonstrating best practices that could be applied to EU research programmes. Flexible models of operation based on customer feedback and a focus on seamless user experiences right at the beginning of the design process is central to accelerating development work. The Cloud Software Programme brings the following insights:»» Cloud is causing a paradigm shift that is affecting everybody within ICT today.»» Competitiveness in the cloud not only means changes in technologies but sets in motion other important transformations at the European level, especially user experiences, security and sustainability: cloud business, cloud technologies, lean and agile organisations. Cloud Security is especially important. Security in the cloud must address technical, process and people aspects. Lack of well defined and implemented processes and well trained personnel is many times cause of security breaches while technically all the right security measures would be in place. When buying cloud services, security issues are currently almost exclusively a contractual issue. For smaller clients, the contract clauses are not something they could easily change. We propose a set of standard contract clauses, which would be offered for voluntary adoption for cloud services providers and clients. These are templates that are filled in after risk analysis. The reason for the clauses to be based on risk analysis is that a) if the final form of contract clauses would follow risk analysis, it would make them more universally acceptable and malleable, and b) it would force clients to think about their risks in advance. The partners see the usage of essential competitive factors as key to getting products onto the market more quickly. All results from the project are publicly available for consultation ( org/results). TIVIT Ltd (Information and Communications Industry Research) is a Strategic Centre for Science, Technology and Innovation (SHOK). TIVIT builds new ecosystems of research and business in order to create new knowhow, business and jobs. These are based on strategic research areas defined by 40 businesses, universities and public corporations of different sizes. TIVIT brings together projects from these fields to create focused research programs, raise the bar and the goals for innovation, foster international projects cooperation in Cloudscape V - Position papers 33

35 the field and apply for overall funding, thereby increasing the effectiveness of the operations. From research to market: turning scientific results into business opportunities Ignacio Blanquer - Espert, Technical University of Valencia Focus Area, User & Market Targets Cloudscape V - Position Papers 34 Turning research into exploitable assets and driving take-up of research results by the commercial sector has become an important priority in Spain. Innovation means changing production models and creating a highly qualified workforce but most importantly it also means taking risks. Cloud computing presents an important opportunity for minimising investment risks in the drive towards marketing innovative products and services that bring a competitive edge. The European project VENUS-C ( has demonstrated the feasibility of using clouds to solve a number of specific problems on the borderline between research and innovation, such as bioinformatics, architecture and civil engineering. Working in a collaborative multi-disciplinary environment, the Technology University of Valencia has developed Architrave ( a software for structural analysis of buildings and civil engineering structures. This new cloud-based tool for on-demand static and dynamic analysis, has a number of advantages for architects and structural analysis engineers, working in both commercial and academic settings. Firstly, cloud computing enables the concurrent execution of multiple structures, which not only speeds up the analytical process and lowers cost but also ensures higher safety levels and greater resilience, for example, during an earthquake. Secondly, the team has come up with a new business model based on subscription for advanced features. The university has also implemented a cloud-based service for BLAST in Azure. This tool has been interfaced with the Blast2Go ( application which provides free users with the access to a limited set of features and resources, and provides subscribers with additional features and dedicated resources, dynamically on the cloud. A Spanish company (BIOBAM) is interested in exploiting the BLAST porting with the aim of increasing the Quality of Service while minimising investment risks. Relevance to the EC Cloud Computing Strategy The adoption of standards is a key factor to enable software interoperability. Interoperability at the level of pure IaaS is much more mature through the Open Cloud Computing Interface (OCCI) or the use of de-facto standards such as AWS EC2. By contrast, the main attraction of cloud platforms is the provision of platform services that provide advanced functionalities and increased performance (such as specific data objects, elastic load balancing, communication services, authentication methods, etc.). However, the lack of standards reduces migration across platforms. Standards like the Cloud Data Management Interface

36 (CDMI) can help but are poorly supported by the cloud providers. PaaS stack standardisation will boost the achievement of stable software developments on the cloud. B2GO and Architrave have made an important investment in the choice of the platform, which could be less important if mature standards were available. The second important point is the management of confidential data. From personal data (including health and genomics data) to commercial data, cloud providers may be able to subscribe to privacy and access guarantee agreements that could enable migrating critical data to the cloud. Current availability guarantees are not sufficient for massive data storage. Relevant standards for interoperability and portability The two applications described use CDMI and Basic Execution Services (OGF-BES) standards to ease interoperability. By using CDMI, client applications can be lightweight while supporting an unlimited range of cloud storage back-ends. For example, BLAST client uses a CDMI interface that can communicate with different end-points deployed in Azure, AWS S3 or local storages. Similarly, the use of OGF-BES enables pointing out to different execution end-points, provided that the binary compatibility exists. VENUS-C conducted a state-of-the-art analysis, worked closely with peers from other distributed computing infrastructures (DCIs) and the SIENA initiative. This collaborative approach led to the identification of relevant standards, including established protocols for distributed computing. VENUS-C also participated in complementary Plugfests (jointly organised by OGF, SNIA and ETSI) with a focus on real-life verification of products and cross-validation while reducing efforts on legal overheads. Relevance to SIENA Roadmap Calls for Action VENUS-C activities relate to four priority actions of the SIENA Roadmap Calls for Action: Action 3 - Strive for a common approach to contributing to the European Digital Market, by provisioning new market services in the cloud. Action 4 - Expand support for DCI efforts to provide mechanisms to federate across multiple cloud suppliers, tangentially through the use of interoperable standards and peer-to-peer cooperation. Action 6 Introduce business models for use of clouds by research through the experimentation of service models with new capabilities and exploring new ways of mixed license and subscription offerings. Action 8 - Re-use tangible and intangible assets produced by DCIs by reusing developments in VENUS-C such as Generic Worker, CDMI proxy and COMPSs - PMES, a Programming Model Enactment Service, designed as a web service to manage the execution of the applications and which implements the BES interface. Cloudscape V - Position papers 35

37 Open Collaborative Models, Open Data, Big Data Open Collaborative Models, Open Interfaces & Interoperability Cloudscape V - Position Papers 36 Silvana Muscella & Stephanie Parker, Trust-IT Services The SIENA Roadmap acknowledges the important role that the European e-infrastructure and escience community has made towards the development and adoption of open standards through open collaborative approaches. The European Grid Infrastructure (EGI), is driving the transition through virtualisation from a grid-based to a cloud-based e-infrastructure. The Federated Clouds Task Force is working on the required standards and methodologies to implement a transition from grid- to cloud-based services for e-infrastructure provision to researchers in the European Research Area. Helix Nebula is another high-profile initiative in Europe that has established a growing public private partnership of suppliers and users. Initial flagship deployments and tests involving CERN, the European Space Agency (ESA) and the European Molecular Biology Lab (EMBL) have showed that the best means of promoting Europe s leadership is to create an open standards based multi-vendor federated market that enables the diversity of Europe s suppliers to compete with global leaders. Based on the proof of concept deployments, the Helix Nebula architecture group, led by a series of cloud-savvy SMEs, have defined a standards-based federated cloud architecture to enable an open platform for science innovation. EGI.eu is contributing to the development of the architecture so that the EGI publicly funded e-infrastructure can be interfaced with Helix Nebula. These efforts are also focused on addressing the challenges of longer term sustainability of the services. The provision of e-infrastructure for research has been dependent mainly on public funding, with each country in Europe organising its own resources and facilities independently. The commitment of the EGI Federated Cloud Task Force to provide practical deployment experience has the potential to be applied across the research, government and business communities allowing resources to be shared in the public and private sectors for maximum benefit. Global Open collaborative models & open source approaches Besides these collaborative efforts, there are other collaborative and open source initiatives at play in the cloud landscape. While different in focus, they are becoming powerful forces and some of them are largely independent of global standardisation and interoperability efforts. European open source, open-standards initiatives with a clear mission for interoperable cloud systems include OpenNebula, which is developing an industry standard solution for building and managing virtualised

38 data centres and cloud infrastructures. As an open, interoperable cloud enabler, OpenNebula is shaping the development of innovative cloud technology, and bringing to market interoperable cloud solutions and services. In research environments, OpenNebula is being used as an open platform for innovation and interoperability in leading research and infrastructure projects, and as a reference implementation of cloud standard specifications. CompatibleOne is an open-source, open standards collaborative initiative and part of the OW2 Open Source Cloudware initiative (OSCi). It focuses on the description and federation of different clouds comprising resources provisioned by heterogeneous cloud service providers but independently of any single provider. CompatibleOne provides the core services described in the NIST Reference Architecture definition of a cloud service broker: intermediation, aggregation and arbitrage. CompatibleOne aims at being interoperable with most platforms so as to provide maximum freedom of choice to cloud service consumers and developers. CompatibleOne provides interoperability, portability and reversibility and thus helps break vendor lock-in. From an international perspective, OpenStack Foundation is a global community bringing together almost 6700 people from 87 countries to drive a cloud operating system with a user base representing a broad set of enterprise, academic and service provider users. While Google and Amazon are not formally members, they have facilitated the adoption of their APIs now available as open source reference implementations, and in production by companies like AT&T, HP, among others, through OpenStack & Beyond IDC has predicted that up to seven million jobs could be created between now and 2015, as more businesses and organisations embrace hosted services. The warning signs today are still of a lack of cloud-related skills which could see many of the new positions go unfilled. Legal and compliance issues around contracts and SLAs also require a new skill set for public sector bodies to fully understand what is possible in terms of purchasing and maintaining effective and efficient Cloud based services. The issue is not just open-source versus commercial products and services, but also how to get smart people hooked up in both the commercial and research/science settings to the best practices, most relevant standards, and best methods for software development. It is crucial that this be conducted in a way that optimises the potential for broad adoption throughout e-science, government and industry, rather than producing isolated narrow towers of privileged funding or surrendering the reins of innovation to the pure commercial sector. It is important to establish a multi-stakeholder dialogue around these issues, interacting directly with representatives from European and global collaborative models to evaluate the drivers, expertise and best practices of the different yet powerful forces at play. Through its consolidated escience community the Cloudscape series offers an important platform to share knowledge and facilitate such an evaluation, bringing in perspectives from EU industry, government and research organisation that are part of them. Cloudscape V - Position papers 37

39 Addressing the market barriers to cloud adoption through best practices for security & data protection Giles Hogben, Cloud Security Alliance Focus Area Cloudscape V - Position Papers The Cloud Security Alliance (CSA) focuses on an important market barrier to the adoption of cloud computing concerns about security and data protection. CSA supports the use of best practices for cloud security and provides education on the uses of cloud computing to help secure all other forms of computing. We provide a governance, risk and compliance approach applicable across the public and private sector. We provide tools for increasing transparency and trust in cloud computing, by supporting cloud customers, providers and policy makers with security certifications (based around our Open Certification Framework), advanced frameworks for continuous verification of security properties (GRC Stack, CCM v3, CTP v3), guidance on Privacy and Data Protection (Privacy Level Agreements) and Cloud Incident Management capabilities (CloudCERT, CSIRT EU). We also participate in several research projects addressing new security approaches in cloud computing including the use of accountability as a driver for the adoption of best practices (A4Cloud), federated cloud approaches (Helix Nebula) and new certification models applicable across cloud supply chains (CUMULUS). We support European standardisation in cloud computing security and data protection, for example as part of the security sub-group of the ETSI Cloud Standards Co-ordination Task Force. 38 Relevance to the EC Cloud Computing Strategy CSA is closely collaborating with the European Commission, ETSI and ENISA in the implementation of action 1 of the Strategy Standards and Certification. We are part of the Reference Group coordinating the activities of the Standards Task Force established by ETSI on request of the Commission to define a list of necessary standards for cloud computing.we are also facilitating the work of the European Commission industry Special Interest Group on cloud certification along with ENISA and EuroCIO. CSA operates an International Standardisation Council which has formal liaison status with a number of important standardisation bodies including ISO and ITU-T. Our ISC is used to provide members with access to drafts of cloud standards in development (e.g. ISO 27017) and to provide a voice for review and comment within the standards committees that develops them. Additionally, CSA is developing a number of specifications, which we hope will eventually become part of standards. One important specification is the Open Certification Framework. The CSA Open Certification Framework is a flexible, incremental and multi-layered cloud provider certification framework based on the Cloud Security Alliance s industry leading security guidance and control objectives. It integrates with popular third-party assessment and attestation statements developed within the public accounting community to avoid duplication of effort and cost. It is based on the control objectives and continuous monitoring structure as defined within the CSA GRC

40 (Governance, Risk and Compliance) Stack research projects. CSA also provides the only user certification related to cloud security knowledge (CCSK). CSA provides standard best practices in the form of our Cloud Controls Matrix which can be integrated into standard contract terms. CSA contributed to ENISA s 2012 Procure Secure report on continuous monitoring of cloud contract execution. Furthermore, CSA is part of a consortium supporting the creation of common private sector contract procurement requirements. CSA s network of 18 European chapters is an ideal support network for gathering common security requirements across the public and private sector. Relevant standards for interoperability and Portability Regarding key areas of the Cloud landscape requiring contribution to standards, we identify the following: 1. Cloud metrics and continuous monitoring. Standards are required for reporting security properties of cloud services to allow customers to continuously monitor and compare the attributes of cloud service security performance and receive reports when incidents occur. For example, standards on how to measure and report availability, elasticity, data integrity, authentication strength, incident management performance are important. 2. Cloud-relevant control frameworks. There are currently a number of de-facto control frameworks adapted to the needs of cloud computing, including CSA s own Cloud Controls Matrix. However,the prospect of a formal standard in this area is still distant. 3. Privacy and data protection controls work is required on standard ways of assessing a provider s data protection compliance in a multi-jurisdictional framework. Approaches exist such as CSA s own Privacy Level Agreement framework, the European Commission s Model Clauses and the UK ICO s PIA guidance however more work is needed on standardising and harmonising these initiatives. 4. Standards for increasing accountability in cloud computing in particular means of attributing responsibility and increasing transparency without compromising security. Finally work is required on understanding the total cost of operation of cloud standards compliance to avoid creating entry barriers to smaller operators. Relevance to SIENA Roadmap Calls for Action The following items are relevant: CSA provides access to standards documents for our membership via our International Standardisation Council. CSA is a member of the Helix Nebula consortium, supporting the development of European Federated cloud architecture for big science and beyond. CSA will be part of on-going initiatives to implement and roll-out such architectures. CSA has a network of 18 chapters across Europe, supporting international dialogue on cloud computing security. CSA actively participates in European policy initiatives such as the European Commission s Future of Cloud Computing dialogue and the industry SIG on cloud computing, for which CSA has been appointed rapporteur. As part of the A4Cloud project, CSA is responsible for creating an overview of cloud standards suitable for the implementation of security and accountability technologies across distributed cloud supply chains. The CSA Innovation Initiative is a working group within the Cloud Security Alliance (CSA) created to foster secure innovation in information technology. Its mission is to: identify key structural issues related to trust and security that will inhibit the adoption of next generation information technology; articulate the guiding principles and objectives that IT innovators must address; help innovators incubate technology solutions that align with our principles and address the systemic gaps we have identified. Cloudscape V - Position papers 39

41 Cloud Computing: And then? Jean-Pierre Laisné, CompatibleOne Cloudscape V - Position Papers 40 No need to rewrite what has already been written: «cloud computing will power our global economy». What does that represent for Europe? One could say a huge opportunity. Should not we add that it is the fastest way to port the European common market into the digital economy? A place where, thanks to their cultural diversity, Europeans are able to innovate in terms of communication and services in various domains such as business, science, education, health, etc. Innovate is the keyword. The European people must be innovators and innovators are not followers, they are moving ahead. This implies a prospective vision. This implies that the real challenges are identified and the false ones are demystified. Among the false challenges, we find the boundaries between private and public clouds which are blurring a little more everyday, until they disappear completely leaving the floor to a virtual space of services. Interoperability is another rear guard battle. Thanks to the wake up call from the open source community, good, viable and open standards exist today. They have already made their mark with open-source, open-standards based with a mission for interoperable cloud systems such as OpenStack, OpenNebula, CompatibleOne or EGI to name a few. These standards are OGF OCCI, SNIA CDMI. When it comes to Service Level Agreement (SLA) which is still considered as a utopia, OGF WS-Agreement and the many projects adopting prove those solutions exist. It is up now to consumers to lobby providers by putting their buying power into the balance. Finally does European IT industry need to compete on scale? The major players have already made enormous investments in infrastructure at a level that no single European player may afford. Instead of competing on scale, we propose to compete on smartcloud services established through a federation of cloud resources. Let s imagine a world (Europe and beyond) where any data center (public, private, small, large) is equipped with a Cloud Management Platform (CMP), so these data centers have the ability to expose resources as cloud services. Then we would have at our disposal an infinite number of resources, with a computing power beyond the combined capabilities of all data centers of all the Amazon, Google, Microsoft of this world. Let s imagine further that these services are proposed to consumers through a marketplace via a simple API or a portal. Actually this marketplace would be a stock exchange for cloud services in which cloud services brokers could be able to collaborate. There the pricing of services could be based on both the providers offer and the consumers demand, plus on the evaluation of consumers about the quality of the delivered service. Consequently, each of these data centers and each of the organizations managing them, would become both producer and consumer, customer and supplier, altogether creating wealth. Because we believe that such an open and interoperable ecosystem will foster the development of innovative services in a pervasive digital economy, we at CompatibleOne have built and made freely available all necessary technical means to make it sustainable.

42 Catalysing an open data culture Stuart Coleman, The Open Data Institute Consider the question: Has information technology got close to fulfilling its potential? Early personal productivity software, database products, automated supply chain, enterprise resource planning, search, business intelligence CRM, Saas - the never ending list of snappy sounding IT promises (most never really fulfilling their prophesies) is relentless and more often than not confusing to business leaders pushing their Chief Technology Officers to speak in clear simple terms - revenue, brand, profit, loss. It seems that Software really is eating the world [1]. What do all these technologies have in common? Data, data, data. Sucked in from a burgeoning audience of self service socialites (Facebook) or extracted from a connected cacophony of cyber noise (Twitter) our appetite to consume more and more data just keeps growing. So much so that the latest hype demand is Big Data [2]. The hype so often leaves business buyers disappointed because they never quite understood what they really wanted in the first place. Information is what counts Perhaps with all this talk of data we have forgotten something. Accessing then extracting the insight we need from the information and vast data available to make the right decision at the right time is the bit that makes the difference. The promise of analytics is not new. The tech industry has seen a rebirth of cloud based propositions that can suck up data and supposedly spit out insight. All too often these solutions have only been affordable to medium sized and large businesses and all too often the bit after the insight is forgotten. How do I best communicate the information to my audience? How do I make the data visually simple yet compelling and relevant to the business people? How do I make the data visually simple yet compelling and relevant to the business people? Companies like geckoboard [3] are breaking this open, as are an increasing number of propositions provided on a pay-per-use model. Cloudscape V - Position papers 41 The Open Data Promise What can Open data [4] deliver? Let s start with the government s data: some might argue that if we dust off and unlock that treasure chest, the information potential for society, for commerce is huge. In this utopia, startups will flourish by moving in to assist with the supply and demand and the trickle of most useful data will work itself out and become a steady flow. If only it were that easy. Publishing the data is not enough. Getting the scale and focus right in the early stages, on which data to supply and which to request, is critical to building a sustainable model. What is in it for business & for us? The word free confuses and scares the business folk - how can I build a business on free? [5] Open data

43 does mean freely available to access, use and share but that does not restrict smart use to create paid for value-add services around that access. Take transport data: having a fire hose of data on TFL is no good to a business. Having that data aggregated, structured and accessible in an automated way is worth paying for [6]. There are many open data business models [7] taking shape. Why should I make my data available? Which data should be open and which closed? What really needs to be understood is that the value of open is that it can enable completely different way to innovate and invent new business models often where the current model is mature but can be built open or adapted. Take noddle from callcredit - a consumer service empowering personal ownership and accountability for credit scoring. What should be the important characteristics of open data? Let s consider one simple data item: the gross domestic product of the UK [8] or the annual revenue of a company [9]. We need to ask: Is the available data maintained by an authoritative source? If financially derived, Is it audited and how do I know? Will it be updated next year? If the data I need is in a closed pdf file, I will need to manually open and search. Far better if I can automatically link my software or website to the data needed in a structured way. Then it becomes information. It may all sound simple but data really does deserve better. Cloudscape V - Position Papers Conclusion If software is really going to eat the world then data is a core fuel source. Open data and money [10] are going to help by enabling the mass market to source, supply and consume it with better outcomes. This will enable the innovators and inventors to build stuff that matters [11] and build stuff that works! Open data can unlock more value in the existing data market and has the potential to create a new industry of businesses driving demand and supply across all sectors. Open data is both speeding up the value in IT and forging a new industry. If you have data that can bring value to others open it up! 42 Sources [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]

44 EUDAT Supporting a Collaborative Data Infrastructure Rob Baxter, EPCC, Edinburgh University Focus Area The EUDAT vision ( is to support a Collaborative Data Infrastructure which will allow researchers to share data within and between communities and enable them to carry out their research more effectively. EUDAT aims to provide a solution that will be affordable, trustworthy, robust, persistent and easy to use. EUDAT brings together a number of major European computing and data centres with five core data-rich research consortia CLARIN ( LifeWatch ( ENES (verc.enes.org), EPOS ( and VPH ( In EUDAT, the provision of cloud storage systems as a back-end option is at the design stage, with a focus of enabling access to Amazon S3- compliant storage. While technical integration is a problem still to be solved, it is by no means the only issue EUDAT will face in its potential use of cloud storage. Relevance to the EC Cloud Computing Strategy This paper focuses very much on contract terms and conditions, the second area of the EC Cloud Computing Strategy. The fundamental nature of cloud storage is that you neither know nor care any longer where your data are stored they are available wherever you are. But what if you do care? What if the data in question cannot, for reasons of copyright or national law, leave the country or even the data centre in which they are formally curated? Automatic off-site replication to a cloud may actually be unlawful. Many research data are fundamentally irreproducible. EUDAT takes a long-term view of the data it holds, and is actively considering a number of trust marks for digital archiving. For an EUDAT service provider to be able to achieve the necessary levels of trustworthiness for, for example, the Data Seal of Approval (datasealofapproval.org) though, they need to be able to point to a certain level of trustworthiness in any partner organisation to which they may have outsourced storage capacity. The nature of cloud storage makes using cloud and achieving the status of trusted digital repository that much more complex. Addressing these policy questions may be much harder than agreeing on technology or standards. Cloudscape V - Position papers 43 Relevant standards for interoperability and Portability In technology terms, a pragmatic approach to standards is almost always the way to make progress. For cloud storage, betting against the de facto standards of Amazon S3 is only for those who enjoy the long shot. Of more relevance for EUDAT in our current context is the emergence of understanding and agreements in policy and legal data interoperability, characterised by the emerging Legal Interoperability Working Group

45 at the newly-formed Research Data Alliance (rd-alliance.org). Making progress on global policy agreements will almost certainly trump compliance with technology standards in the long term. Relevance to SIENA Roadmap Calls for Action Our current thinking in the policy area relates directly to the immediate Priority Action (2) Strengthen collaborative international dialogue for achieving interoperability and portability, and to the medium-term Priority Action (10) Co-ordinate global regulations for transnational data flows. Here EUDAT intends to work closely with the icordi project ( an EU-funded support project seeking to strengthen global interoperability initiatives for research data) and the Research Data Alliance. Cloudscape V - Position Papers 44

46 A new paradigm to enable flexible and efficient data sharing without loss of control Toni Cortes and Anna Queralt, Barcelona Supercomputing Center Focus Area Data sharing and especially enabling 3rd parties to build new services using shared data is clearly a trend for the future and a key driver for innovation. The main challenge is to guarantee that the owner of the data maintains full control of the data, while enabling 3 rd parties both to perform possibly complex processing and to enrich data. The objective of CloudInfo, proposed as a new paradigm, is to address these issues by raising the abstraction at which data is manipulated in the cloud. CloudInfo proposes self-contained objects, a new abstraction where data, methods, and policies are encapsulated to enable data sharing between providers and third parties, which will build new services exploiting the data. In this way, issues such as privacy and security are guaranteed by data objects themselves, facilitating both data sharing between independent organisations, and offloading data and computation to the cloud. Relevance to the EC Cloud Computing Strategy In current Cloud environments, data interoperability and portability is understood as enabling different actors to put, get, and modify objects, but little information about the internal structure, or relationships between them, is made available. Thus application programmers willing to use this data need to get this extra information from the data provider. We propose to add semantics and move from plain to structured data by including schemas as part of the data itself. In addition, we advocate adding logic to access this data. Including logic that manipulates the data as part of the object eases the task of 3 rd parties to interoperate with shared data. Another problem identified in today s systems is that once data is copied to 3 rd party infrastructure, the owner of the data loses any control over the data. We propose to include, as part of the self-contained object, not only data and methods, but also security and privacy policies, as well as integrity constraints (among others), thus ensuring that even if the object is accessed out of the data provider infrastructure, this object continues to behave as defined by the data provider with respect to privacy and security. Cloudscape V - Position papers 45 Relevant standards for interoperability and portability Current standards, such as the Cloud Data Management Interface (CDMI), are based on data objects and their main objective is to enable movements between cloud infrastructures. As we have mentioned, to improve interoperability and portability, we should include schemas describing the objects and their relationships with other objects, methods, as well as policies as part of the object. This implies a potential upgrade in the CDMI standard to enable accessing fields of the object (as opposed to byte ranges) and to include additional

47 information such as schemas and methods not currently available in the standard. In addition, and given that objects now have logic attached to them, we should also extend CDMI to allow users to execute a given method in the infrastructure holding the object. To implement this method execution, we may take advantage of current computation interfaces such as the Open Cloud Computing Interface (OCCI) to offload such computations to the available infrastructures. Relevance to SIENA Roadmap Calls for Action Cloudscape V - Position Papers Self-contained objects facilitate the offloading of data and its computation to different infrastructures while guaranteeing the object privacy and security. This property simplifies the use of several non-related infrastructures, thus federating them towards a common goal priority action 4. Enabling 3 rd parties to build new services using available data while guaranteeing that the owner never loses control over its data has the potential to exploit current data for commercial purposes. This applies to the B2B environment, where new business can be created with very little upfront investment by reusing data and infrastructures that already exists, as well as in the research arena, where scientific data can be used to build new commercial services useful to the community, including offering compute and data services as a seamless package priority action 6. 46

48 Leading by Example Government Cloud Services UK G-Cloud Vision Denise McDonagh, UK Cabinet Office Government will use multi-tenanted services, shared and managed by several organisations. Shared resources, infrastructure, software and information will be provided to a range of end user devices, e.g. laptops, smart phones etc, as a utility on a pay by use basis, via a network connection in many cases the internet; this will be supported by new delivery and supply models. It will be dynamically scalable, agile, and easy to move in and out of the service. G-Cloud is not a single entity; it is an ongoing and iterative programme of work which will enable the use of a range of cloud services, and changes in the way we procure and operate ICT, throughout the public sector. By adopting cloud computing, the government will be able to more easily exploit and share commodity ICT products and services. This enables the move from high-cost customised ICT applications and solutions to low cost, standard, interchangeable services where quality and cost is driven by the market. It means changing the culture of government to adopt and adapt to the solutions the market provides and not creating unnecessary bespoke approaches. The vision is for government to robustly adopt a public cloud solution first policy, though this will not be possible in every case. Simply buying cloud technology will not, in itself, save the most money. The greatest value will be gained by Government changing the way we buy and operate our ICT. Cloud computing is a way to access and use ICT services in a flexible and agile fashion, buying only the services needed when they are needed we should do it once, do it well and then re-use, re-use, re-use. In achieving this we face challenges in procurement, transition and operational arrangements. In adopting this vision, the government must ensure that the cloud service still provides an acceptable level of security risk mitigation and allows government organisations to demonstrate they are meeting their legal and statutory obligations as far as information is concerned. Cloud computing will be enabled via the creation of a CloudStore. This will take the form of an online portal, and will provide an open marketplace displaying services that will be able to be procured, used, reviewed and reused across the public sector. The goal for the CloudStore will be to:»» Provide an open, visible, commoditised and cost transparent marketplace, that is the first point of call for any public sector ICT requirements»» Create a shop window where all the relevant public sector ICT services can be found encouraging innovation, competition and new suppliers Cloudscape V - Position papers 47

49 Exploit pan-public sector purchasing Enable the IA and security community to have access to information related to the assurance and accreditation status of the service Be a key enabler for collaborative procurement, including: Driving up supplier performance by providing an open feedback mechanism Facilitating re-use of a service to drive efficiency and cost savings. The CloudStore will be the market place in which public sector organisations can purchase trusted services (and in some instances trial services) from a variety of sources. Overall the CloudStore will aim to deliver sophisticated capability, diverse services and will allow users to easily find, review, compare, purchase, commission, decommission and switch services. Government s use of cloud computing technologies for its ICT requirements moves ICT service provision from a costly dedicated development that is often duplicated many times over, to taking the best fit the market has to offer that balances functionality, service levels and cost. This works most effectively where a mature market exists for a given service so that the business can adapt to utilise the commodity solution quickly and easily. Cloudscape V - Position Papers 48 The benefits for government Since the emergence of modern ICT solutions, government has defined and purchased custom solutions to meet its needs. In the future, rather than over specifying requirements government will make greater use of commodity solutions that best fit its needs This moves government from attempting to be the architect of bespoke digital solutions to a consumer of widely available and constantly improving mass-market products. Underpinning the government s approach will be the optimisation of our data centre infrastructure, which traditionally has been hugely inefficient. Maximising utilisation will allow rationalisation and consolidation of the data centre estate and lead to significant cost, accommodation and energy savings. For government the benefits will be:»» Many more common commodity solutions a range of the best industry ICT services and solutions available off the shelf so the government, its agencies and related bodies can use what they need when they need it and not create duplicate services that cannot be shared.»» Flexibility and Freedom the ability, if required, for departments and organisations to change service provider easily without lengthy procurement and implementation cycles, no lock-ins to long contracts and the freedom to quickly adopt better value and more up to date solutions.»» Ready and Easy to Use complete solutions that are already assured for security, performance and service management. Ready access to hybrid cloud solutions that allow the cost efficiencies of the public cloud to be used alongside more secure / dedicated private cloud solutions based on a consolidated data centre and service estate;»» Low cost Services that are paid for on a usage basis, driven by strong competition on price and quality. Transparent costs along with quality and scope-of-service metrics for simpler comparison and control;»» Competitive Marketplace a range of service providers constantly improving the quality and value of the solutions they offer, from small SME organisations providing niche products to large scale hosting and computer server capacity.

50 The benefits for suppliers The development of the marketplace must be beneficial to small, medium and emerging suppliers as well as government if it is to thrive and improve the range and quality of services available. The move from custom to commodity solutions for suppliers means:»» Open Marketplace always available for government customers, current service usage, cost and performance is transparent along with upcoming opportunities. Contract performance and comparative performance indicators are published. As government customers are not locked-in to long-term service contracts, suppliers are free to offer new, better quality and value solutions to government clients at any time»» Simple and Fair Procurement simplified commodity purchasing, through the use of systems, such as dynamic purchasing systems currently used for other utilities, removes the need for long, expensive procurement processes. This creates a level playing field for suppliers, both major and emerging providers, especially SMEs will be able to offer solutions that can be easily and quickly adopted by government»» Freedom to Innovate service suppliers are free to innovate, to offer new solutions and improvements to services at any time, rather than being held to deliver often out-dated and inappropriate custom specifications and requirements set through the procurement process. Cloudscape V - Position papers 49

51 goberlin A service marketplace for businesses and citizens Klaus-Peter Eckert, Fraunhofer FOKUS Focus Area & User Targets Cloudscape V - Position Papers 50 The main goal of the goberlin project is provisioning a service marketplace that combines commercial services and public governmental services to state-of-the-art applications. Around circumstances such as birth, marriage, children or move services from both worlds are orchestrated and offered to citizens in a personalised mode as SaaS. Citizens have the advantage to get an all-inclusive, one-stop-shopping service for administrative issues. Administrations have the advantage that a lot of applications and processes can be done or prepared online and the work for the government employees can be reduced. Commercial service providers get a commercial environment to offer their services and application developers get a technical platform as a service to develop and provide their orchestrated apps. The architecture of the marketplace is a loosely coupled combination of functional and security related aspects such as access control, privacy, multi-tenancy etc. It can be applied to other cloud services running in similar cloud infrastructures, operated by public data centres. Relevance to the EC Cloud Computing Strategy goberlin is part of the Trusted Cloud projects sponsored by the German Ministry of Economics and Technology. These projects are clustered in four groups: basics, industry, heath, and public sector. Implementing a trusted marketplace implies the consideration of aspect such as data preservation in and between long running user transactions, data disclosure considering legal rules, data transfer from user profiles to commercial and governmental services, traceability of service invocations. Identity management plays an important role because citizens must be able to identify and authenticate themselves via classical user name password mechanisms and utilizing the German identity card respectively the eat (electronic residence title). Service and application providers must be able to identify themselves as corporate body respectively their employees as natural but authorised persons. The orchestration and invocation of externally hosted technical (Web) services in apps requires the guarantee of interoperability considering syntactic, semantic and legal aspects. The uniform deployment of externally developed apps in a PaaS style requires the consideration of deployment related cloud standards. The examination of the applications developed by external stakeholders and operated on the trusted marketplace requires the development and implementation of associated certification policies. Relevant standards for interoperability and portability A service market place operated in a cloud infrastructure has to consider several use cases and standards. The architecture of the goberlin marketplace and several other Trusted Cloud projects has been aligned with the NIST reference architecture and will be compared with the upcoming ISO-approaches. For the

52 customer/provider relationships and SLAs between citizens, service providers and application providers with the operator of the market place NIST and DMTF concepts have been considered. The description of cloud services considers the German/W3C USDL-developments and the deployment process considers the TOSCA specification that is improved in another Trusted Cloud project. Members of the goberlin team contribute to the work of the coordinating initiative of the Trusted Cloud projects and participate in standardisation activities such as ISO SC38, NIST, ETSI, partially in cooperation with other European projects like OCEAN. Relevance to SIENA Roadmap Calls for Action Beneath technical aspects the goberlin project develops business models and evaluates German regulation for the operation of a service market combining commercial and governmental services. Especially considering security related aspects German laws seem to be quite restrictive concerning identity and access management and the distribution of data from a public cloud marketplace to commercial services. The development of solutions considering data transfer and interoperability on a local or even national level can be regarded as a first step for the identification of European solutions. One result of goberlin will be the development of a cloud strategy for the Berlin data centre that is going to operate the goberlin marketplace. These results may influence future procurement strategies for cloud services in the German public sector. The Trusted Cloud competence centre has created an overview of Cloud related standards that seem to be relevant for the Trusted Cloud projects. This inventory will be updated with respect to the requirements and experiences of the fourteen projects. Cloudscape V - Position papers 51

53 The Resiliency, Dependability and Survivability of Cloud Computing Ben Katsumi, Information-technology Promotion Agency, Japan Cloudscape V - Position Papers 52 In 2011, parts of Japan were devastated following the Great East Japan Earthquake and the resulting tsunami. Hundreds of thousands of people lost their relatives, housing, daily lives, and jobs. The tsunami also took away social infrastructures as well as IT facilities. The emergency relief effort was swift and massive as response teams and volunteers joined up to help the victims. People lost their homes and were evacuated to city halls, gymnasiums, community houses, and even to temples/shrines/churches. There was a lack of food, water, medicine and sanitation, as well as fuel and blankets. Aid came from all over Japan with materials piling up in warehouses and gymnasiums. However, relief teams were immediately faced with the problem of not knowing where the real demand was from and exactly what items were needed as they up to date information from victim camps was not available. This meant that effective and timely delivery of much-needed relief was impossible. What was missing was information and the IT to convey, aggregate, disseminate and match information regarding needs and supply. As PCs and printers were also lost in the tsunami, replacements were also provided as part of the relief effort. In addition, communication lines were down including servers which had been destroyed. To solve this issue, cloud services were provided free for to city staff and volunteer teams. Cloud-based communication media also supported people s peer to peer communication allowing people find out if their family, relatives, friends and colleagues were safe. Cloud also helped governments address a lack of capacity. Many local governments had used poor servers and narrow bandwidth to disseminate administrative information to citizens. The aftermath of the disaster saw demand increase to a spike peak hundreds of times higher as people clambered to get information on radiation levels. Servers crashed as people found out where the latest updates were online. As a response, CSP offered free hosting and mirroring to local and central governments. Free use of cloud was also offered to companies who suffered from lack of IT. The disaster proved the cloud s ability, efficiency and advantages in emergency response on a national basis. Cloud is also used in every component of society and economy today. It supports people, companies, critical infrastructure and governments. If cloud stops the whole of society is affected. If this is due a natural disaster, then the whole of society and the economy can be thrown into chaos and catastrophe. We therefore need to seriously identify the potential damage that can be caused if the cloud went down. There is no king s way to solve this problem. We need to make data centers robust and disaster ready. Then we should think of moving cloud from one data centre to another. Virtualization technology makes this easier compared to traditional real machine-based computing. There is also a lot of work going on to develop standards to realize migration between clouds. To make cloud migration feasible technological issues must be addressed as well as business and legal aspects, including SLA, security, consumer contract, providerprovider contract, compliance and international alignment.

54 What s on the European Horizon? Future of a Consumer-centric Cloud-based Application Platform Robert Kleinfeld, Fraunhofer FOKUS Focus Area OPENi ( will define and deliver an open-source web platform that will enable mobile application consumers to store data and metadata from their mobile application usage in their own space in the cloud the Cloudlet. This information can be shared (by and under the control of the consumer) securely across their applications, services and across their connected devices. To realise this vision, OPENi will provide the required components that will support both consumers in creating and managing their Cloudlets but also developers in creating applications that will be able to access and interact with them without disrupting service providers. OPENi will be a significant catalysing factor, boosting EU software industry which already counts a considerable number of highly skilled SME software firms to take further advantage of the thriving market of mobile applications, through a framework of open technologies that will be readily available and require almost no additional skill to take up. Relevance to the EC Cloud Computing Strategy OPENi contributes to the EC Cloud Computing Strategy in establishing interoperable clouds, with advance trust and storage qualities for users, and new business opportunities for SMEs and EU cloud providers.»» OPENi delivers the specification and implementation of an open source Cloud Platform that can support the creation and deployment of user spaces in the cloud (Cloudlets) with significant interoperability features, such as storage of content and metadata (in open formats XML/JSON), discoverability and addressability, access by different applications and a security and privacy schema totally under their users control.»» EU cloud providers usually small and medium firms in relation to big US providers can readily use the OPENi Cloud Platform to provide a new offering, the User Cloudlets. This is enabled by two basic qualities that significantly reduce the research-to-market time of the delivered technology: 1) the Cloud Platform and all its components will be delivered under an open source license, 2) the Cloud Platform and all its components will be built on open cloud stacks end-to-end (such as OpenStack or Eucalyptus) that are already compatible with established cloud technology infrastructures and therefore require minimal take up effort, skills and cost. Cloudscape V - Position papers 53

55 Relevant standards for interoperability and portability OPENi adopts non-proprietary technologies as the underlying development platform and delivers all its components to be compatible with existing frameworks and specifications. As a result, developers can use OPENi components for application development side-by-side (in compatibility) with frameworks and tools they already use, without any additional skills. This drastically reduces development cost (since integration of broad cloud-based functionality is enabled through a common set of technologies they already use and not by proprietary APIs) and time-to-market (as there is no need to take up new technologies and skills). With respect to standardisation, OPENi will follow the strategy proposed by the standards groups themselves, which is no-other than participate early, engage actively. For this the following standardisation activities have already been identified as relevant to the project domains: W3C Web Applications (WebApps) Working Group, W3C Web Security Context Working Group (part of W3C Security Activity) and IETF Web Authorisation Protocol. Relevance to SIENA Roadmap Calls for Action Cloudscape V - Position Papers 54 In order to provide tangible and marketable results OPENi needs to overcome the limitation of a national level efforts and constitute a truly EU level initiative, by:»» Bringing together different types of partners (research, industry, academia, SMEs) and culture but with proven skills and hands on experience in both the research and industry domains.»» Taking advantage of the latest evolutions in several fields such as mobile application development, web development and cloud computing.»» Tapping into existing communities and standardisation activities at the national and international levels.»» Merging together the requirements and needs of the EU software industry across disparate geographical, economic and cultural regions.»» Monitoring alignment with EU policy objectives such as the Digital Agenda and participating in collaborative activities in the scope of EU initiatives such as the Future Internet Assembly Collaboration Working Groups.

56 COMPOSE A Collaborative Open Market Robert Kleinfeld, Fraunhofer FOKUS Focus Area The COMPOSE project aims at enabling new services that can seamlessly integrate real and virtual worlds through the convergence of the Internet of Services with the Internet of Things. COMPOSE will achieve this through the provisioning of an open and scalable marketplace infrastructure, in which smart objects are associated to services that can be combined, managed, and integrated in a standardised way to easily and quickly build innovative applications. The COMPOSE project is expected to pave the way for a new business ecosystem, building on the convergence of the Internet of Services (IoS) with the Internet of Things (IoT) and the Internet of Content (IoC). The COMPOSE marketplace will enable SMEs and innovators to introduce new Internet of Thingsenabled services and applications to the market in a short time with a small upfront investment. At the same time, COMPOSE will allow major European players in the information and communication industry, particularly cloud service providers and telecommunications companies, to reposition themselves within new Internet of Things-enabled value chains. Relevance to the EC Cloud Computing Strategy COMPOSE delivers an abstraction layer on top of hardware delivering data. Objects, i.e., devices providing data for applications, are turned into services offering standardised interfaces. The standardisation of these service interfaces ensures their interoperability. On top of standardised APIs, COMPOSE will develop a marketplace for services. This significantly lowers the hurdle for SMEs and software developers to advertise and distribute their own software products. Additionally, various types of information collected in the market offer small-sized enterprises an option to conduct easy market analyses that give an overview on the data sources and services requested by potential users. This will also help to find, explore, and serve new riche markets, which are of particular importance to SMEs. Standardisation will also ease the penetration of new markets by relying on features offered by the marketplace developed in COMPOSE: new business models can be explored, new types of resources can be offered, and due to the compatibility of different COMPOSE markets, completely new market infrastructures become possible. Through the integration of security mechanisms into the overall COMPOSE architecture and thus into the market as well as into devices, COMPOSE will provide essential, business-critical security properties. COMPOSE will deploy functionalities beyond those based on manual, human inspection. To improve trust in the marketplace, all services or applications offered will be subject to an automated security analysis. Services that do not comply with the security requirements of a platform or of a user will be rejected or restricted in functionalities. Cloudscape V - Position papers 55

57 Relevant standards for interoperability and Portability Cloudscape V - Position Papers 56 A major goal of the COMPOSE project is to promote its findings within specific standard bodies. COMPOSE partners have a successful track record of initiating and participating in standard committees in different standards groups, thus being versed in the complete lifecycle procedure of a standard. In addition, partners are well aware of relevant standard activities within different organisations. COMPOSE views standardisation activities as an important means for helping to foster a community around the COMPOSE platform and technologies. Some potential areas for standardisation include: APIs for discovering and accessing, sensors and actuators. APIs for registering and searching for services with brokers. Declarative approaches to creating distributed processing graphs (with some inspiration from Yahoo Pipes). P2P for event and real-time media streams across security boundaries like consumer NATs (Web RTC ++). Data models for various kinds of events identified by COMPOSE (with the serialization as JSON or XML). COMPOSE has identified possibly relevant standardisation activities: ERCIM (W3C), NGN-M, TMF, ETSI, WS- Distributed Management (OASIS) and ACF. Relevance to SIENA Roadmap Calls for Action The COMPOSE project will bring a new dynamic by bridging the gap across three domains: IoT, IoS, and IoC. COMPOSE is highly expected to be a participating project of the European Research Cluster on the IoT and will build on the results of other participating projects such as IoT-I and IoT-A. In order to be successful and make an impact, COMPOSE needs to cover a broad spectrum of areas of expertise and different kinds of institutions, thus a European rather than a national approach makes sense. We do want a combination of universities, with specific knowledge and expertise domains, along with deeply rooted research centres, SMEs which are deeply entrenched in the real IoS world, and large enterprises that can bring their productisation expertise. All these entities are difficult to find in a single location, thus we harvest the expertise we need from the physical location where it resides. In addition, in such a global technology, we intend to foster communication and collaboration among different entities residing in different physical locations, while being able to take advantage of the existing diversity.

58 Ocean - Open Cloud for Europe, Japan and Beyond Yuri Glikman, Fraunhofer FOKUS Focus Area The fundamental goal of OCEAN ( is to foster the emergence of a sustainable open source cloud ecosystem in Europe, by generating greater efficiency among collaborative research projects on open source cloud computing. OCEAN is supporting European FP7 projects, European national and Japanese open cloud collaborative projects. OCEAN will maintain an online directory of FLOSS outcomes of cloud projects (online by March 2013). It will provide a functional mapping of these outcomes, in relation with key standards and reference models from leading standardisation organisations such as NIST, ETSI, DMTF, OGF, in what we call an Open Cloud Interoperability Framework and Roadmap. OCEAN supports projects by providing an online service, based on the ETICS framework enabling open cloud projects to build, test and check the quality of their software, including interoperability testing and compliance to cloud standards. Finally, OCEAN will organise Plugfests to foster cooperation and integration between projects. Relevance to the EC Cloud Computing Strategy The significant investments made by the EC over the last decade need concrete support to ensure long term impact on the EU society and economy, especially for the emergence of a truly Open Source Cloud Stack for the innovation of industries, especially SMEs, and the EU knowledge economy. By definition, European projects are developed in isolation with each one focused on its specific objectives and its scientific and technology deliverables. However, there are a number of publicly financed R&D projects in Europe that aim at developing technologies, which could collectively contribute to a complete open source distribution of cloud solutions. Cloud computing is a complex, fast-evolving landscape. There are many opportunities to join forces on specific activities or for promoting standards, improve the re-use of assets to reduce overlapping, and boosting overall impact from a European perspective through wider collaboration among projects. OCEAN aims to provide practical services helping Open Cloud R&D projects to identify and realise these opportunities. It promotes cross-project collaboration, supports the give-and-take of documentation, code and software. It provides concrete services, virtual environments as well as networking events to foster standardisation and interoperability of different solutions through Plugfest contests. Cloudscape V - Position papers 57 Relevant standards for interoperability and portability The project defines an Open Cloud Interoperability Framework that contributes to higher consistency across European publicly funded research projects and European open source initiatives on cloud computing. The framework is defined by mapping the outcomes of open cloud projects registered in the Open Cloud Innovation Directory to the cloud reference architecture defined by NIST and open standards.

59 The framework will be the basis for the Plugfests organised by the project and will enable the European cloud projects to identify possibilities and needs for cross-project interoperability and integration. OCEAN will organise its Plugfests in cooperation with ETSI, OGF and SNIA. Relevance to SIENA Roadmap Calls for Action The OCEAN project is closely related to two SIENA Calls for Action. Its directory of available and planned FLOSS cloud outcomes from European, European national, Japanese and the most important other opensource cloud development projects fosters their reuse. This activity is in line with the SIENA s Call for Action Re-use tangible and intangible assets produced by DCIs. With its Open Cloud Interoperability Framework and Roadmap, and with its Cloud Plugfests, OCEAN supports Collaborative international dialogue for achieving interoperability and portability, Action 2 of the SIENA roadmap. Cloudscape V - Position Papers 58

60 Trust, Security & the EC Certification Framework The double-edged sword of Cloud computing in Critical Information Infrastructure Protection Marnix Dekker, European Network & Information Security Agency (ENISA) In a few years, a large majority of organisations will be dependent on cloud computing. Large cloud services will have tens of millions of end-users. What are the implications if these cloud services fail or get hacked? The European Cyber Security and Cloud Computing Strategies provide a roadmap paving the way for the prevention of service failures and cyber attacks on cloud services. From a security perspective, the concentration of data is a double-edged sword ; large providers can offer state-of-the-art security, and business continuity, spreading the costs across many customers. But if an outage or security breach occurs, the impact is bigger, affecting many organisations and citizens all at the same time. In recent years, there have been many examples of failures affecting very large sites with millions of users, such as the leap year bug outage [1]. Cloudscape V - Position papers The ENISA [2] report titled Critical Cloud Computing (February 2013) [3] looks at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective. It recognises that cloud computing is critical given the concentration of users and data and its growing use in critical sectors, such as finance, health and insurance. This report looks at the threats from a CIIP perspective, i.e. how to prevent large cyber disruptions and large cyber-attacks. The key messages of the report are: Critical infrastructure: Soon, the vast majority of organisations will use cloud computing notably also in critical sectors like finance, energy and transport. Cloud services are themselves becoming a critical information infrastructure. Natural disasters and DDoS attacks: A benefit of Cloud computing is resilience in the face of natural disasters and Distributed Denial of Service (DDoS)-attacks, which are difficult to mitigate using traditional approaches (servers on site, or single data centre). Cyber attacks: Cyber attacks exploiting software flaws can cause large data breaches, affecting millions of users, because of the large concentration of users and data. Physical redundancy does not safeguard against certain cyber attacks, such as data breaches exploiting software flaws. 59 The report also provides nine recommendations for bodies responsible for critical information infrastructures. Key points include large cloud services in national risk assessments, track cloud dependencies,

61 and work with providers on incident reporting schemes. Relevant background policy documents include the Commission CIIP Action Plan [4], the European Cloud Computing Strategy [5] and the EU Cyber security Strategy [6]. References [1] [2] [3] [4] [5] [6] Cloudscape V - Position Papers 60

62 Extended Position Paper on Legal Issues Tim Cowen, Sidley Austin LLP Customer dependency on a cloud supplier. One aspect that has been troubling many in the market, beyond data protection and security, is the issue of customer dependency on cloud suppliers and what is known as the issue of lock-in. The fear of customers is that they will lose their ability to shop around and will gradually pay more and more to a cloud supplier over time. To some extent this is based on the history of customers outsourcing of technology and in particular the outsourcing of technology risk. In this model of contracting customers traded low prices in the short term for agreements with suppliers that allow suppliers to upgrade and modify systems and services as technology progresses. The risk of keeping up with technology changes being outsourced to the supplier. This looks like a reduction in complexity and hassle. One difficulty for the customer is that it may become increasingly dependent on a particular supplier or its systems and processes become locked in to that supplier. This may happen as technology progresses over time and new features and services are developed and upgraded and added to the basic services under the contract. Legacy systems can create dependency and lock-in is beneficial for suppliers and a well known commercial practice in computing. The competition law issue arises where the supplier monopolises customers. If a competition law breach can be shown, customers may be able to argue that the contracts or certain provisions in them, are unenforceable. Customers may then be free to shop around in spite of clauses in the contract to the contrary. For this issue to arise much depends on evidence for the claim being made that customers ability to switch suppliers is being restrained and the presence or absence of alternatives. Where dependence can be shown to arise because of the dominance of a supplier, for example with relation to legacy systems, it can be addressed under competition law, and indeed has been the subject of repeated investigations into IBM s and other computer companies practices over many years, the latest ending with unbundling of hardware and maintenance undertakings provided to the European Commission during Cloudscape V - Position papers 61 The shift from IT services to cloud services means that the commodity software replacement cycle may be disrupted. For enterprise customers there may be a problem in migrating away from legacy systems and suppliers. It may be in customers interests to shop around but their ability to do so may be restrained by existing contracts. As cloud services are often both more flexible and more cost effective than traditional IT in systems that have been integrated between customer and supplier, the customer may be interested in buying from a new third party. Much will depend on the definition of scope in the existing contracts, and whether any restrictive provisions require new technology to be supplied by an existing supplier. Current market research. We know from market research that this issue of dependency is a major issue for customers. Indeed it has been in the top issues that IDC has noted over the past five years. It was presented to the Commission in the formulation of its cloud strategy in The research notes that customers are afraid of becoming dependent on their cloud supplier. This fear is at such a high level that despite the huge

63 savings available in the short run, customers are not adopting cloud computing for fear of being locked in over time. Practical solutions? There are a number of practical ways that are worth mentioning through which such dependency may be avoided, and trust can be created, such as: maintaining dual supply or retaining data portability break clauses in contract tightly defined scope of service in existing contracts, enabling new services to be bought from third parties. Cloudscape V - Position Papers 62 In practice these are in many cases difficult to achieve. For example, outsourcing to one supplier may mean that a policy of dual sourcing cuts across existing contractual obligations. Another difficulty in putting dual sourcing in place can be because each supplier may seek to differentiate themselves over time. Each supplier may reap efficiencies from specialisation, so dual supply does not mean competitive supply and may lead to separate supply of different services. More fundamentally, dual supply may be more expensive in the short term with a single supplier being a much cheaper option than multiple suppliers because a single service provider can drive economies of scale. Also a single supplier of a particular offering may facilitate services such as working better with a group of identifiable users within a secure closed user group: the security and software systems may increase the security of the system and increase switching costs, increasing dependency. This may be a particular issue in tailored software offerings and it may in fact be easier to use standardised or portable solutions from a major supplier to maintain peace of mind. Also, major cloud computing suppliers will not negotiate except with the very biggest customers. This may in fact be a blessing in disguise since the major suppliers may drive a degree of standardisation. For example, Microsoft word is available as a well known word processing software package that works with almost every underlying technology platform from PC equipment suppliers through to Apple Macs. Interoperability between dual sourced services may also be a practical issue. Different suppliers may naturally want their services to be supplied on proprietary software or IPR to meet the entire community that the customer wants to connect together. To the customer there may be an increased value in each additional person or data centre connecting to a single supplier s system. The services may then work better if they are connected together using a single technology or software. This re-enforces network effects, where the value of each addition makes it economically attractive to ensure increased connections to the same system. For the customer buying such a system the issue is that he may become dependent on the supplier and the terms of the contract need to address the increasing dependency over time such that the total costs of ownership, including switching and the costs of exit, are understood when the contract is entered into. Data portability may in theory be an attractive idea. However, unlike number portability in telephony, which is imposed by regulation and does reduce switching costs, one issue with data portability is that data that is provided to the processor is processed and that data is then changed. As such, parts of the data, such

64 as its presentation and manipulation may be integrated with the supplier s IPR in a way that it becomes the property and IPR of the supplier. The processed data is not the same thing as the raw material. Raw data is always under the control of the customer, so what is being retrieved is often going to face the issue that is not the same as what was given to the supplier. The supplier can rightly comment that the raw material is in the hands of the customer and nothing needs to be portable. Here the legal issues start. For example, in general, computer software is protected by copyright. There are, however, exceptions to the scope of this protection. There is an exception for fair use. As such, it may not be possible for a cloud supplier to say that processed data is protected by copyright if the information relates to interface information. Interface information may be unprotected by copyright and this may allow applications to be ported across platforms between cloud service providers. This will, of course only be practically possible if the interfaces are not only portable but also conform to cross platform standards which enable interoperability. The European Commission has been considering legislation to address this interoperability issue and the issue remains one of the action points under the EU s Digital Agenda (action point 25). To address dependency and seek a level playing field between customers and suppliers the EU has also, in its recently published Cloud Strategy, proposed that a group of EU Cloud Partners, should be formed, who may be able to jointly purchase and through their combined buying power, exert added leverage on cloud computing suppliers. The Cloud Partners are likely to be drawn from government departments across different member states in the EU. This approach may allow customer departments to insist on greater ability to switch and change suppliers, but it remains to be seen whether the issue is one that arises on new cloud computing contracts or arises because customers have not made a good bargain in the past. Cloudscape V - Position papers Bundling is illegal where the supplier can be shown to be dominant. The next legal issue is the extent to which a contract may seek to over-protect the cloud supplier and seek to bundle or lock-in services that the customer does not want. For example technology agreements can be constructed in a way that provides the customer with no choice over maintenance or supplementary and complimentary services. The costs of such add-ons and maintenance may be very high by comparison with the costs of the basic cloud service. This was one issue that the Commission has addressed in its undertakings in the recent IBM case. In that case it found that IBM is dominant in the market for legacy mainframe computers and required IBM to unbundle maintenance. An earlier case against Compaq established that maintenance bundling is unlikely to be acceptable. There have been cases on bundling of hardware and peripherals brought against IBM some years ago and another example of unacceptable bundling was of nails and nail guns in the Hilti case. 63 Dominance depends on an analysis of markets and the extent to which there truly are alternatives to meet customer needs. Because of the wide variety of different alternatives many technology markets are open and competitive. There are some where the differentiation of the offering or the type of service is such that substitutability is limited. Understanding where to draw the line can be difficult. Lack of customer choice is always a good indication that a particular offering may be unique and dominance can found in narrow markets where there are no substitutes. Tailored software may be a particular issue. A clear example is the

65 UK Competition Commission finding in the proposed merger of IBS/Capita where software used in benefits systems by the UK s Departments for Works and Pensions was potentially dominated by a single supplier, and the Competition Commission prevented that situation from occurring by accepting undertakings from the parties to the transaction. Cloudscape V - Position Papers In its investigation of the acquisition of IBS OPENsystems by Capita Group, the Competition Commission found that a UK market existed for a single software system and its related services, the Revenue & Benefits (R&B) software system. A substantial lessening of competition in this market was found to result from the merger, the remedy of which required Capita to divest IBS Revenue & Benefits software system and to assign to any approved purchaser the intellectual property rights of software codes necessary to operate the IBS R&B business. The case is of interest for its high quality analysis of a market and for its finding of a narrow and relatively small market, namely for a legacy software or software and related services market. If this type of approach is followed in future cases, and there is every reason to think that it will be, it stands as a precedent for defining the market as comprising a particular type of software application. 64

66 Spotlight on standards & interoperability OASIS Cloud Standards for Interoperable Trusted Cloud Deployments Gershon Janssen, OASIS Focus Area OASIS is a Standards Development Organization which drives the development, convergence and adoption of open standards. We promote industry consensus and produce worldwide standards for security, Cloud computing, SOA, Web services, the Smart Grid, electronic publishing, emergency management, and other areas. Our work is driven by our members, our standards are open and freely available, offering the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS runs various Cloud standardization projects enabling interoperability, helping industry, government, education and research communities with their development and delivery of new Cloud Solutions and Services. Cloudscape V - Position papers Relevance to the EC Cloud Computing Strategy OASIS s Cloud standardization projects contribute to the EC Cloud Computing Strategy s actions. We actively participate in the EC s Cloud Standards Coordination effort, both by contributing valuable input as well as being part of the Reference Group which overlooks the work. Our standards work addresses relevant themes in the area of privacy, identity, security, trust and interoperability, both on a policy as well as a technical level. Good examples are the standardization of cloud computing operational requirements for public administrations and the standardization of portability and management of cloud applications and services. 65 Relevant standards for interoperability and portability Amongst our newest and most relevant Cloud standardization projects are:»» Cloud Application Management for Platforms (CAMP): standardizing cloud PaaS management API»» Public Administration Cloud Requirements (PACR): standardizing cloud computing operational requirements for public administrations»» Topology and Orchestration Specification for Cloud Applications (TOSCA): standardizing portability and management of cloud applications and services

67 Identity in the Cloud (ID-Cloud): profiles of open standards for identity deployment, provisioning and management in cloud computing Cloud Authorization (CloudAuthZ): contextual attributes and entitlements to Policy Enforcement Points in real time Identity Credential Trust Elevation Methods (Trust Elevation): standardized protocols to elevate trust in an electronic identity Privacy Management Reference Model (PMRM): guideline for developing operational solutions to privacy issues Transformational Government Framework (TGF): overall framework for using IT to improve delivery of public services Relevance to SIENA Roadmap Calls for Action Cloudscape V - Position Papers OASIS actively participated in and contributed to the collaborative SIENA Roadmap effort. Our work supports and closely relates to the SIENA Roadmap Calls for Action by means of: support, encouragement and participation in the international dialogue for achieving interoperability and portability participation in the European Multi-Stakeholder Platform providing open and free access to our standards specifications the development of standardized cloud computing operational requirements for public administrations. 66

68 SNIA CDMI The ISO standard enabling interoperability and data portability for collaboration in the cloud Markus Pleier, SNIA Europe & Mark Carlson, SNIA Focus Area The Storage Networking Industry Association (SNIA) enables our members to develop robust solutions for storing and managing the massive volumes of information generated by today s businesses. For more than a decade we have worked to bring recognition of storage issues to the IT world, making storage less complicated for the end user. As a result, the SNIA has adopted the role of industry catalyst for the development of storage solution specifications and technologies, global standards, and storage education. SNIA Europe is an affiliate of SNIA and the SNIA Cloud Storage Initiative (CSI), an industry association/ standards group, whose mission is to foster the growth and success of the market for cloud storage and the use of data storage resources and services in the cloud. The CSI has researched the requirements from multiple use cases and cloud storage offerings. CSI has worked with other standards groups, not only to coordinate standards development, but also to hold joint plugfests and interoperability demonstrations. The effectiveness of this approach is demonstrated by the adoption of CDMI (Cloud Data Management Interface) by several research projects and e-infrastructure deployments. The CSI advocates and supports work items of the SNIA Cloud Storage Technical Working Group, which has developed the SNIA Cloud Data Management Interface (CDMI) specification. SNIA Europe is a member of the FP7 VISIONCloud consortium working actively within the project to incorporate the SNIA CDMI standard into the VISIONCloud architecture and to facilitate extensions to CDMI based on VISIONCloud experiences. VISIONCloud is developing use cases in healthcare, telecoms, media, and enterprise/business intelligence. Cloudscape V - Position papers 67 Relevance to the EC Cloud Computing Strategy SNIA has been working for two years now on promoting the market for cloud storage through the CSI. As part of this effort, requirements related to the three pillars of the EC Cloud Computing Strategy have been incorporated into the CDMI, which addresses data protection and management in the cloud, including: geo-location of data, retention and hold for compliance, query for ediscovery, encryption of data at rest, sanitisation of storage media, data (and metadata) portability and extensibility for future requirements. The CDMI defines the functional interface that applications will use to create, retrieve, update and delete data elements from the Cloud. As part of CDMI the client is able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface. This interface is also used by administrative and management applications to manage containers, accounts,

69 security access and monitoring/billing information, even for storage that is accessible by other protocols. The capabilities of the underlying storage and data services are exposed so that clients can understand the offering. The CDMI is now an approved ISO/IEC (17826) international standard and is the accepted by the Italian government as the basis for implementation. Relevant standards for interoperability and portability Cloudscape V - Position Papers 68 SNIA alliances with other SDOs include DMTF, OGF, CSA, INCITS and JTC 1 (ISO/IEC). SNIA participates in the coordination of cloud standards and the maintenance of the cloud-standards.org wiki. Among these cloud standards, SNIA is unique in addressing the cloud storage and data management space. Through CDMI, CSI is promoting the adoption of cloud storage as a new delivery model, that provides elastic, on-demand storage billed only for what is used. CDMI lets you tag your data with special metadata (data system metadata) that tells the cloud storage provider what data services to provide that data (backup, archive, encryption, etc). These data services all add value to the data stored in the cloud and by implementing a standard interface such as CDMI, it is possible to move your data from cloud vendor to cloud vendor without the pain of recoding to different interfaces. Relevance to SIENA Roadmap Calls for Action SNIA standards work affects all infrastructure related priority actions, like deployments for research, collaboration and international dialogue for interoperability and portability. The CDMI standard will provide the basis for collaboration and data portability in the research infrastructure. SNIA also works to define vendor-neutral management capabilities. Governmental institutions and research departments can join these efforts to help alignment with EU objectives. SNIA will drive the adoption of the defined standards with other standards organisations in order to achieve a widely adopted foundation. Moreover, SNIA participated in the collaborative SIENA Roadmap effort. Our work relates closely to various SIENA priorities by means of: support, encouragement and participation in the international dialogue for achieving interoperability and portability participation in the European Multi-Stakeholder Platform providing open and free access to our standards specifications the development of a standard for interoperable cloud storage and data management

70 IEEE - Cloud Computing - Accelerating the development of cloud computing and the global cloud computing industry David Bernstein, IEEE - Cloud Computing Focus Area IEEE has the longest standing and most prolific contribution to the Cloud, Grid, HPC, and Distributed Computing conferences of any organization: thousands of research papers from over a dozen conferences including CloudCom (5th recurrence), Cloud (6th), GPC (8th), escience/grid (9th), SCC (10th), CCgrid/Cluster (13th), IPDPS (27th), HPCS (27th), and ICDCS (33rd). Imagine, 33 years of distributed computing conferences! In addition to this, IEEE has a series of standards working groups under the IEEE P2300 family covering Cloud Computing. Active or information standards working groups include Cloud Profiles; Intercloud Interoperability; Cloud Units of Measurement; and Amazon, Google, and OpenStack Cloud API. Finally, utilizing the IEEE Industry Connections program, under P2300 supervision/coordination, a Cloud Computing Reference Testbed is being organized with international participants from government research labs, telecommunications/cloud companies, and universities. Under this innovative structure, live registration and trust authorities, as well as exchange and root facilities for the global Intercloud experiment, will be exercised. Proprietary and open source reference implementations of each standard will be tested and made available as appropriate. The IEEE is solving interworking and standardization problems for the large, global cloud challenges which Telecoms and Governments face. The IEEE believes that global, standardized, interworking cloud is as important as the global IP and Power network. Just as our foundational work in networking and smart grid has been paving the way for those areas, we add cloud as an area which we can make the same level of contributions to. Cloudscape V - Position papers 69 Relevance to the EC Cloud Computing Strategy With regards standards and certification, today Cloud Computing is a big players industry, with a complete lack of popular standards, no scientifically defined service definitions and no interoperability/very little portability of programs, processes, or data amongst cloud technologies or service providers. The IEEE efforts are first aimed at the large constituencies of service providers, governments, research labs, and technology providers to create a level, interoperable playing field in this new paradigm of computing. The IEEE work is paving the way for broad adoption of cloud computing in a few market adoption modes where the commodities of compute, networking and storage are defined to the point where other commodities are. The IEEE work will further enable interoperability as the phone system or the Internet interoperates today.

71 As to contract terms and conditions, today there is no framework to express these characteristics of a cloud service offering, nor is there a way to make sure that downstream clouds which may be used to fulfil work, comply with the requirements of the home cloud terms and conditions. As part of the IEEE work, many aspects of these definitional challenges are being addressed. Semantic models of cloud resources and properties are being developed and standardized, leading to a common language to describe these properties. It is believed that without an automated interworking and federated system for cloud to collaborate, it is not possible to address common practices and policies. Regarding the establishment of a European Cloud Partnership, the IEEE is not only a standards organization, in fact is also the world s largest professional association. Everything done by the IEEE is tuned to disseminate high quality, technically accurate, useful research and standards deliverables to the community. On the standards side, IEEE is quite progressive with a development process which is completely open to the public, one does not even need to be an IEEE member to participate. Standards usually follow the one-engineer one-vote policy, meetings are held with a global membership in mind, and draft standards are publicly available. Europe is important to the IEEE and that s why we are here are Cloudscape. Cloudscape V - Position Papers 70 Relevant standards for interoperability and portability The IEEE currently has three efforts underway each addressing a different layer or aspect of the cloud computing stack. 1. At the fundamental services level, there is a need to define units of measurement. In conjunction with NIST there is an effort to define scientifically the units of computing, networking, and storage in the same spirit of an SI Unit of Measurement. This way a compute unit (for example) can be as consistently defined as a lumen, watt, or any other fundamental unit. 2. At the portability level, that is for the development of applications code to run on top of a cloud platform, the IEEE members have begun efforts to formalize the API definitions used in some of the most popular cloud platforms, namely the compute and storage API s found in Amazon s AWS and the same API s found in Openstack. Developers are wishing to see the native API s of these systems as a standard, and so are working through the issues in the IEEE context to do so. 3. At the interoperability level, that is cloud-to-cloud or intercloud. This standard is inspired by and defines topology, functions, and governance for cloud-to-cloud interoperability and federation similar to the routing protocols and infrastructure of the Internet. Topological elements include clouds, roots, exchanges (which mediate governance between clouds), and gateways (which mediate data exchange between clouds). Functional elements include name spaces, presence, messaging, resource ontologies (including standardized units of measurement), and trust infrastructure. Governance elements include registration, geo-independence, trust anchor, and potentially compliance and audit. In the cloud computing area IEEE has made liaison with all the major other standards organizations and trade associations working on the larger subject so there is little overlap in the community.

72 Relevance to SIENA Roadmap Calls for Action Overall, the IEEE is helping the cloud computing industry in the following ways:»» Identified gaps where other standards activities are not addressing, and are addressing those. For example, for interworking, there are two architectural approaches [the so called Buyya Taxonomy]. One is a multi-cloud approach and one is a federation approach. The multi cloud approach involves user to cloud interfaces (called UNI in network speak) and the federation approach involves cloud to cloud interfaces (called NNI in network speak). While other groups have promoted multi-cloud interworking, IEEE is promoting federation (Intercloud) based interworking.»» Likewise for example, for portability API s, other organizations have been promoting designing an abstract interface, standardizing it, and then applying it to several clouds. The IEEE believes that in cloud computing anyway, industry leads standards, as this is a large players game at this point. Thus, we believe that focus on Amazon AWS, Google GCE, and OpenStack API are more important than any other interface»» Finally, by organizing open testbeds with the largest operators and universities involved, and promoting open source results from these testbeds, the IEEE believes that the development model of the Internet, Linux, and now many aspects of Cloud, are more contemporary approaches to accelerated technology development in concert with standards. All of these efforts are aligned with the SIENA calls for action. Cloudscape V - Position papers 71

73 OGF - Driving open standards adoption for applied distributed computing Alan Sill, OGF Focus Area Cloudscape V - Position Papers 72 Open Grid Forum (OGF) is a leading standards development organization operating in the areas of cloud, grid and related forms of advanced distributed computing. The OGF community pursues these topics through an open process for development, creation and promotion of relevant specifications and use cases. OGF actively engages partners and participants throughout the international arena through an open forum with open processes to champion architectural blueprints related to cloud and grid computing. The resulting specifications and standards enable pervasive adoption of advanced distributed computing techniques for business and research worldwide. Clouds, grids and virtualized distributed architectures reduce costs through automation and improved IT resource utilization and improve organizational agility by enabling more efficient business processes. OGF s extensive experience has enabled distributed computing built on these architectures to become a more flexible, efficient and utility-like global computing infrastructure. Advanced computing built on OGF standards enables organizations to share computing and information resources across department and organizational boundaries in a secure, efficient manner. OGF s approach to meet these challenges is to engage actively cooperative relationships and joint work with all parties, including other standards organizations, provided that are willing to work cooperatively to meet the needs of the community. Relevant standards for interoperability and portability OGF has a large number of formal working relationships, including Memoranda of Understanding, Work Registers, and formal Liaison status with organizations including the Inernational Telecommunications Union (ITU-T) JCA-Cloud, International Standards Organization (ISO) JTC1 SC38, Distributed Management Task Force (DMTF) Cloud Management Working Group (CMWG), Telecommunications Management Forum (TM Forum) Cross-SDO Working Group on End-to-End SLA Management, Cloud Standards Customer Council (CSCC), Storage Networking Industry Association (SNIA) Cloud Storage Initiative, European Telecommunications Standards Institute (ETSI) and others. OGF also contributes extensively to the Standards Roadmap, Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC), and other current working groups of the US National Institute of Standards and Technology (NIST), to the European Commission funded Standards and Interoperability for einfrastructure implementation initiative (SIENA) and to other global and regional cloud standards roadmapping initiatives worldwide. OGF is also a co-sponsor, along with ETSI and SNIA, of the ongoing Cloud Plugfest developer-oriented testing series.

74 Relevance to SIENA Roadmap Calls for Action OGF helped to formulate the SIENA Roadmap Calls for Action, and has been involved since the inception of the SIENA project in putting its results into practical application throughout the distributed computing community as quickly as possible. Working groups and community groups based on the initial cloud federation concepts discussed at Cloudscape events and in other OGF and partner settings were created in several areas of immediate topical interest. These included OGF s Distributed Computing Infrastructure Federation working group (DCI-Fed), which put into practice the idea of creating a combined profile of appropriate current cloud-relevant standards to create a pattern for working federated infrastructures that could be duplicated world-wide, and which led immediately to the creation of the European Grid Initiative s Federated Community Cloud Task Force to put these ideas into practice. OGF s Open Cloud Computing Interface (OCCI), WS-Agreement and WS-Agreement Negotiation, and Data Format Description Language (DFDL) specifications have emerged to fill essential gaps in the cloud standards landscape, and are seeing wide-scale adoption, both in open source and in commercial implementations. OGF is working actively with the ITU-T, ISO, ETSI, US NIST, and other global standards organizations to further develop their cloud standards inventories and to correctly categorize and test a wide variety of cloud standards. Cloudscape V - Position papers 73

75 The Distributed Management Task Force (DMTF) Mark Carlson, DMTF Focus Area Cloudscape V - Position Papers 74 The Distributed Management Task Force, the organization bringing the IT industry together to collaborate on systems management standards development, validation, promotion and adoption, is the originator of the Cloud Infrastructure Management Interface (CIMI) specification. The specification standardizes interactions between cloud environments to achieve interoperable cloud infrastructure management between service providers and their consumers and developers, enabling users to manage their cloud infrastructure use easily and without complexity. As implementations of CIMI are rolled out by cloud vendors, the various user communities will be able to pick best of breed cloud offerings without being locked in by proprietary interfaces. Relevance to the EC Cloud Computing Strategy Cloud computing allows customers to improve the efficiency, availability and flexibility of their IT systems over time. As companies have adopted cloud computing, vendors have embraced the need to provide interoperability between enterprise computing and cloud services. DMTF developed CIMI as a self-service interface for infrastructure clouds, allowing users to dynamically provision, configure and administer their cloud usage with a high-level interface that greatly simplifies cloud systems management. Relevant standards for interoperability and portability DMTF s Cloud Management Initiative is promoting the work of the Cloud Management Work Group, the Cloud Auditing Data Federation Working Group, the System Virtualization, Partitioning, Clustering Working Group and the Software Entitlement Working Group. The links below provide an overview of each work group s activities, work group charter, specifications, work-in-progress specifications and other technical documents.»» Cloud Management Working Group (CMWG) - Cloud Auditing Data Federation Working Group (CADF) - Software Entitlement Working Group (SEWG) - System Virtualization, Partitioning, and Clustering Working Group (SVPC) -.

76 Relevance to SIENA Roadmap Calls for Action DMTF participated in the collaborative SIENA Roadmap effort. Our work relates closely to various SIENA priorities by means of: support, encouragement and participation in the international dialogue for achieving interoperability and portability participation in the European Multi-Stakeholder Platform providing open and free access to our standards specifications the development of a standard for interoperable cloud infrastructure management Cloudscape V - Position papers 75

77 Huawei - Industry perspectives on cloud standards in Europe Abdellatif Benjelloun Touimi, Huawei Focus Area Cloudscape V - Position Papers 76 Huawei is a telecom infrastructure manufacturer serving mainly telecom operators. Our fields of application and activity are therefore, focused on meeting the operators business needs and demands. Huawei is a proactive force in the drive towards telco cloud computing and a key partner for operators transformation from CT to ICT. As such, we focus on 3 main areas where operators can implement cloud computing. Consolidation and virtualization of Data centres is one field of application. It will improve operational efficiency, enhance security, reliability and energy efficiency, and provide efficient utilization and expansion for pooled IT resources. Government and enterprise customers have long been a key revenue source for operators. Cloud transformation is therefore an opportunity for operators to leverage their main assets in terms of network infrastructure, Operations & Management, and services and cooperate with manufacturers in the development of customized solutions for IT system construction, IT equipment hosting, and IT services outsourcing. Operators can also bundle IT services and innovative communication services (e.g. unified communication) into packages to provide one-stop shop ICT solutions. The third area is the public cloud services such as IT hosting, cloud storage, SaaS, provided for individual users or small and medium businesses (SMBs). Operators can retail a package of public cloud services with basic telecommunication services and open service aggregation platforms with IT device manufacturers introducing application development companies at the upper layer. They can also act as service brokers, providing SMBs with both SaaS and billing services, within industry alliance. Security, data privacy, security, Interoperability, and data portability are key elements for the future success of Cloud based services. Additionally, others like identity management within customer relationships and billing systems have special importance for telecom operators as they constitute an important competitive advantage for their positioning in the cloud market. Relevance to the EC Cloud Computing Strategy With this clear picture of the current and ongoing standardization activities and analysis for the remaining elements to standardize to fill the gap, Huawei actively supports the European Commission roadmapping action on Cloud Standards. We have then a direct involvement in the ETSI Cloud Standards Coordination initiative, where we aim to bring the vision and the voice of the telecommunication industry. Huawei supports the European Cloud Partnership between the public sector and the industry with the objective to set-up a common basis for cloud procurement by public authorities. The implementation of Cloud Computing by the public sector will showcase the cost savings, improved productivity and market acceptance of cloud services which in turn will be good for the European cloud services. As we consider Europe as one of our major markets, we are very keen to collaborate with different players (connectivity

78 providers, software integrators, etc) to work with the public sector in defining and harmonizing its specific requirements, provide a first proof of concept and also first implementations. Relevant standards for interoperability and portability Huawei is actively participating and driving cloud computing standards in international organizations to come up with solutions for these different technical issues. At the high level, we consider the work of the Collaborative Team between ISO/IEC SC38 and ITU-T SG13 to define a Reference Architecture as fundamental to having a modular and functional architecture that will serve to depict the required technical elements, protocols, and interfaces to standardize later on. On Cloud management interfaces DTMF CIMI and SNIA CDMI are important standards allowing the access to the cloud infrastructure resources. Huawei is actively involved in the Cloud plugfest aiming interoperability between these APIs and also OGF OCCI. DMTF has also made good progress towards interoperability and portability by finalizing OVF 2.0 (Open Virtualization Format). Other international standards can follow once the architecture is clear. It could be the case for developing security and privacy aspects within ISO/IEC JTC1 SC27 and in collaboration with CSA, and Elastic Network and infrastructure within IETF. Huawei is also involved in others SDOs such as IEEE, OASIS, SPEC, SPC, Energy Star, INCITS, PCI-SIG, RSA, and industry bodies like CSCC, ODCA, OCP etc. and China domestic ones like CCSA, CNITS etc. Cloudscape V - Position papers 77

79 Cloudscape V Sponsors and Research Partners