Cloud computing reference architecture

1. ITU Workshop on “Cloud Computing Standards – Today and the Future” (Geneva, Switzerland 14 November 2014) Cloud computing reference architecture Olivier Le Grand, Standardization Senior Manager on Future Networks, Orange (France) olivier.legrand@orange.com Yongshun Cai Research Engineer, China Telecommunications Corporation caiysh@ctbri.com.cn

2. Y.3502 - Introduction • June 2012: Establishment of Collaborative Teams (CT) between ITU-T and ISO/IEC JTC1 to produce common international standards: • Vocabulary and Overview (ITU-T Y.3500 | ISO/IEC 17788) • Cloud Computing Reference Architecture (ITU-T Y.3502 | ISO/IEC 17789) • Leverage the work done in ITU-T SG13 and ISO/IEC JTC1 SC 38 • 6 Experts meetings: 09/2012, 10/2012, 02/2013, 04/2013, 09/2013, 05/2014 • Co-conveners (CT-CCRA): J. Chawki (Orange) and A. Kingstedt (SWE) • Co-editors: L. Lindsay (Microsoft) and O. Le Grand (Orange)

3. Y.3502 - Architectural views In scope User view Functionalview Deployment view Implementation view • Cloud computing systems described using a Viewpoint approach • Top down approach

4. From User View to Functional View Party Aspect Cross-cutting aspects: Security, Privacy, Interoperability, Portability, Reversibility, Performance, SLA, Resiliency, Auditability, Governance, … Role Multi-layer functions Layer Functional component Role Layer Functional component Sub-Role Sub-Role Functional component Activity Layer Functional component Activity Activity Activity User view Functionalview

5. User View: Roles and Sub-roles

6. User View: Customer activities CSC: cloud service administrator Monitor service Administer service security Provide billing and usage reports Handle problem reports Administer tenancies Cloud service customer (CSC) CSC: cloud servicebusiness manager CSC: cloud service integrator CSC: cloud service user Performservice trial Perform business administration Connect ICT systems to cloud services Use cloud service Select and purchaseservice Request audit report

7. Functional View: Layering and functional components Multi-layer functions User layer User function Business function Administrator function Integration Security systems Operational support systems Business support systems Development support Developer environment Securityintegration Authentication and identitymanagement Servicecatalogue Productcatalogue Access layer Provisioning Access control Connection management Accountmanagement Monitoring and reporting Monitoringintegration Authorization and security policymanagement Service policymanagement Service layer Build management Subscriptionmanagement Business capabilities Service capabilities Administration capabilities Serviceautomation Service integration Service levelmanagement Billing Encryptionmanagement Service orchestration Incident andproblemmanagement Test management Accounts Resource layer Peer serviceintegration Platform andvirtualizationmanagement Resource abstractionand control Peer servicemanagement Physical resources

8. User View and Functional View (1): “Use cloud service” CSC:cloud service user Use cloud service User layer Multi-layer functions User function Integration Security systems Operational support systems Business support systems Development support Access layer Authentication and identitymanagement Serviceaccess Authorization and security policymanagement Service layer Service capabilities Service Integration Resource layer Resource abstractionand control Physical resources

9. User View and Functional View (2): “Inter-cloud” relationship for “Use cloud service” User layer Multi-layer functions User layer User function Integration Access layer Access layer Serviceaccess Serviceaccess Service layer Service layer Service capabilities Service capabilities Resource layer Resource layer Peer serviceintegration Primary cloud service provider Secondary cloud service provider

10. Conclusions and Recommendations • A reference architecture to be used : • in ITU-T SG13 on topics such as architecture for NaaS, DaaS, Big Data, cloud management • in ISO/IEC JTC1: • SC 27 on ISO/IEC 27017 (security controls) • SC 38 on SLA framework • Paving the way for possible reference and reuse together with the Cloud Vocabulary in other organizations (e.g. IETF, DTMF, ETSI NFV,…) dealing with Cloud computing and virtualization related aspects • Need to communicate and publicize outside ITU-T • First ICT Cloud architecture (collaboration between ISO and ITU-T) reusing definitions provided in the Cloud vocabulary Rec. ITU-T Y.3500 | ISO/IEC 17888 • Published as a Recommendation Y.3502 | International Standard ISO/IEC 17789 in Q3 2014 (freely available) • Viewpoint approach methodology: • User view (eco-system, roles, sub-roles, activities) • Functional view (layering framework and functional components) • Generic architecture for the support of major cloud service categories (IaaS, PaaS, SaaS, NaaS,….) in different deployment models such as private, public, hybrid cloud (inter-cloud)

11. Y.3510 (Y.CCInfra) - Introduction User layer Multi-layer functions Access layer Service layer Resource abstraction and control Physical & virtualResources Software & Platform Assets Virtual Path Virtual Circuit VS VM VN Storage Computing Intra Cloud Network Core Transport Network Inter Cloud Network Compute Storage Network Physical machine Virtual machine Software assets Storage Interface Storage management Storage availability Intra-datacenter network Inter-datacenter network Access and core transport network

12. Requirements for Compute Resource—Y.3510 Virtualization Physical machine Virtual machine Software provision • Hardware assisted virtualization • Horizontal scalability and vertical scalability • Energy consumption optimization • Automated provisioning and deployment • Unified software license management • VM Migration and HA • CPU/Mem/IO virtualization • Duplication of VM • Management automation

13. Requirements for Storage Resource—Y.3510 • Storage interface • block storage protocol • file system protocol • database protocol • web service interfaces • Storage management • Client authorization • Request dispatching • Configuration and provision • Monitoring and alerting • Replication and archiving • Storage availability • data backup and recovery • Data verification, • Data synchronization • Data de-duplication

14. Requirements for Network Resource —Y.3510 Access and Core transport network Intra-DC network Inter-DC network • Elastic addressing for multi-tenant users • Dynamic migration of VMs across DC • Virtual network services (e.g., DND, FW, LB, VPN) for multi-tenant users • Support delivery of cloud services in terms of performances, scalability and agility • Support multiple addressing, such asIPv4 and IPv6 • Deal with VM network addresses overlapping • Resilient to topology changes • Support different logical networks

15. Conclusions and Recommendations • In the first batch of ITU published cloud computing recommendation with the number of Y.3501, Y.3510, Y.3520 • Fully covered main categories of cloud infrastructure, consisting of compute resources, storage resources and network resources • Covering most types and scenarios of the resources: • Compute :physical machine, virtual machine • Storage :block storage, object starge, database, xml,.. • Network: Intra-datacenter, Inter-datacenter, Access and core transport network • From infrastructure and network level, fully support major cloud service categories (IaaS, PaaS, SaaS, NaaS, ….) • As a base standard for reference or reuse by other organizations, such as ETSI NFV, MEF, DMTF, CCSA, etc.