380 likes | 781 Views
NIST Cloud Computing Program Current Activities. Robert Bohn, Ph.D. NIST Cloud Computing Program Manager ETSI - Cloud Standards Coordination 5 December 2012, Cannes, France. Outline. Roadmap Activities Updates on PAPs/Working Groups SLA Guidance Cloud Metrics Cloud Broker Security RA
E N D
NIST Cloud Computing ProgramCurrent Activities Robert Bohn, Ph.D. NIST Cloud Computing Program Manager ETSI - Cloud Standards Coordination 5 December 2012, Cannes, France
Outline • Roadmap Activities • Updates on PAPs/Working Groups • SLA Guidance • Cloud Metrics • Cloud Broker • Security RA • Standards Update
USG Cloud Computing Roadmap – Volume I Prioritized strategic and tactical requirements that must be met for USG agencies to further cloud adoption; Interoperability, portability, and security standards, guidelines, and technology needed to satisfy these requirements; Recommended list of Priority Action Plans (PAPs) -- candidates for voluntary self-tasking by the stakeholder community. • Collaboration through public working groups & Federal Cloud Computing Standards & Technology Working Group • Intent is to leverage PAPs that are identified as complete or under way by cloud stakeholder community; some may fall within NIST scope
USG Cloud Computing Technology Roadmap requirements R 1: International voluntary consensus based interoperability, portability and security standards (interoperability, portability, and security standards) R 2: Solutions for high priority Security Requirements (security technology) R 3: Technical specifications to enable development of consistent, high quality Service Level Agreements (interoperability, portability, and security standards and guidance) R 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and technology) R 5: Frameworks to support seamless implementation of federated community cloud environments (interoperability and portability guidance and technology) R 6: Technical security solutions which are de-coupled from organizational policy decisions (security guidance, standards and technology) R 7: Defined unique government regulatory requirements, technology gaps, and solutions (interoperability, portability and security technology) R 8: Collaborative parallel strategic “future cloud” development initiatives (interoperability, portability, and security technology) R 9: Defined and implemented reliability design goals (interoperability, portability, and security technology) R 10: Defined and implemented cloud service metrics (interoperability and portability standards)
USG CC Roadmap – Volume II Use collaboration through public working groups & Federal Cloud Computing Standards & Technology Working Group to continue to validate findings • Reference Architecture & Taxonomy • Recommend Industry Mapping so that USG agencies & others can more easily and consistently compare cloud services • In parallel, support formal standards development process leveraging the reference architecture • Standards • Provide avenue for USG agency engagement • Continue standards roadmap • Target Business Use Cases & SAJACC • Expand initial use case set & use SAJACC to identify gaps • Security • leverage working groups to finalize special publication focusing on challenging security requirements • Continue technical advisor role – e.g. FedRAMP, continuous monitoring, conformity assessment system
USG CC Roadmap – Volume III • BUILDS ON the first two volumes of the USG Cloud Computing Technology Roadmap • IS FOR USG agency technical planning and implementation teams - AND ANYONE ELSE THAT FINDS IT USEFUL • HAS A GOAL to inform decision makers regarding questions and decision factors in the context of Cloud Computing use cases • DESCRIBES HOW toleverage the Federal Cloud Computing StrategyDecision Framework for Cloud Migration and the collaborative NIST Cloud Computing Program work
16 aspects… • Provision • Aggregate demand • Integrate services • Contract effectively • Realize value • Manage • Shift mindset • Actively monitor • Re-evaluate periodically • Selection • Efficiency • Agility • Innovation • Security Requirements • Service characteristics • Market Characteristics • Network infrastructure • Government readiness • Technology lifecycle
Application Categories • Collaboration Tools • Planning/Management Tools • Web Server/Content Management • Identity Management • Document Retrieval/Library System • PaaS • IaaS
Next Steps for PAPs/Working Groups • Goal 1 - Requirement 3: Address “Technical Specifications for High-Quality Service-Level Agreements”. • Goal 2- Requirement 10:Address “Defined & Implemented Cloud Service Metrics”. • Goal 3 -Advanced Actor Analysis - To further the discussion on the roles of and interactions of cloud computing actors (consumer/auditor/broker/carrier).
SLA Taxonomy • Chair: John Messina (NIST) and Ken Stavinoha (Cisco) • Purpose: Address Roadmap Requirement 3 on Service Level Agreements (SLA)s • Goals: • Create a mindmap/taxonomy identifying the major elements that should appear within a high-quality SLA. • Write report on how to create high-quality SLA • Status: • Mindmap/taxonomy draft complete (available on NIST CC twiki public website) • Report draft complete (available on NIST CC twiki public website) • Moving Forward: • Establish Federal SLA collaborative activities • Submit material to international standards bodies for further development
Contents of SLA Service Level Objectives • Resources • Performance Indicators • Service Deployment • Service Management • Description • Security • Privacy Business Level Objectives • Roles & Responsibilities • Requirements • Operational Policies • Continuity • Limitations • Financial • Glossary of Terms
Cloud Metrics • Chair: Frederic J. de Vaulx and Steve Woodward (CloudPersectives) • Purpose: Address Roadmap Requirement 10 on Cloud Metrics • Goals: • Improve consistency & terminology to facilitate valuable comparative analysis • Create a framework to help clarify measures, definitions and collection methods • Align with the roadmap high priority goals like SLAs • Status: • Cloud reference and description list (available on NIST CC twiki public website) • Draft concept model for cloud metrics, measures and usages (available on NIST CC twiki public website) • Moving Forward: • Present the concept model to organizations involved in cloud metrics • Write the Cloud Measure document based on the draft outline
Cloud Metrics Work Areas & Priorities
Goal 3: Advanced Actor Analysis –Cloud Broker Cloud Broker Intermediate Cloud Service Provider • dd • Consumer accesses multiple provider services through a single broker interface • The Cloud Consumer retains visibility into the cloud service providers they use • Intermediary uses additional providers as invisible components of its own service, presented as integrated offering • No consumer visibility into or control over additional cloud providers
The NIST Cloud Computing Reference Architecture Cloud Broker Cloud Service Consumer Cloud Service Provider Service Layer SaaS Cloud Service Management Security Privacy Service Intermediation PaaS Cloud Auditor Business Support Service Aggregation IaaS Security Audit Provisioning/ Configuration Service Arbitrage Resource Abstraction and Control Layer Privacy Impact Audit Portability/ Interoperability Physical Resource Layer Performance Audit Hardware Facility Cloud Carrier
NIST Security Reference Architecture Cloud Provider Service Layer SaaS App/Svc Usage Scenarios Biz Process/ Operations App/Svc Usage Scenarios Software as a Service PaaS IaaS Platform as a Service Resource Abstraction and Control Layer Develop, Test, Deploy and Manage Usage Scenarios Application Development Physical Resource Layer Hardware Infrastructure as a Service IT Infrastructure/ Operation Facility Create/Install, Manage, Monitor Usage Scenarios
Draft NIST CC Reference Architecture Cloud Consumer Cloud Consumer Cloud Provider Cloud Broker Cloud Orchestration Cloud Service Management Service Layer SaaS Service Intermediation Business Support Cloud Auditor PaaS IaaS Service Aggregation Provisioning/ Configuration Security Audit Resource Abstraction and Control Layer Privacy Impact Audit Physical Resource Layer Portability/ Interoperability Service Arbitrage Hardware Performance Audit Facility Cloud Carrier Cross Cutting Concerns: Security, Privacy, etc
Cloud Computing Standards Developers IEEE ISO IEC ITU-T IETF PSDO SG 13 Future networks including mobile and NGN SG 17 Security SG 11 Signalling requirements, protocols and test specifications ISO TC 68 Financial services ISO/IEC JTC 1 Information Technology JTC 1 PAS Submitters = international consortium standards developer OMG SNIA TCG W3C OASIS OGF OCC CA SC 2 Financial Services, security SC 7 Software & systems engineering SC 27 IT security techniques SC 38 Distributed application platforms & services ATIS CSA Kantara TIA others Key: PSDO = Partner Standards Development Organization; PAS = Publicly Available Specification; = private sector, national member-based international standards body; = UN agency, member state-based international standards body;
NIST SP 500-291 RecommendationsAccelerating Development and Use of Cloud Standards • Contribute Agency Requirements • Participate in Standards Development • Encourage Compliance Testing to Accelerate Technically Sound Standards-Based Deployments • Specify Cloud Computing Standards • USG-Wide Use of Cloud Computing Standards • Dissemination of Information on Cloud Computing Standards Contribute Agency Requirements Participate in Standards Development Encourage Compliance Testing to Accelerate Technically Sound Standards-Based Deployments Specify Cloud Computing Standards USG-Wide Use of Cloud Computing Standards Dissemination of Information on Cloud Computing Standards
New Topics for Consideration • Accessibility • Conformity Assessment • Performance • Reliability • Forensics • Law Enforcement • Education
NIST Cloud Computing Special Publications • CC Standards Roadmap ……………………..500-291 • CC Reference Architecture………………….500-292 • USG CC Technology Roadmap Draft......500-293 • Guidelines on Security and Privacy …….800-144 • Definition of Cloud Computing …………..800-145 • CC Synopsis & Recommendations……....800-146 Searchable as “NIST SP xxx-nnn”
Contacts Dr. Chris Greer chris.greer@nist.gov Dr. Robert Bohn robert.bohn@nist.gov John Messina john.messina@nist.gov Dr. Michaela Iorga micheala.iorga@nist.gov Annie Sokol annie.sokol@nist.gov Mike Hogan michael.hogan@nist.gov Eric Simmon eric.simmon@nist.gov Frederic de Vaulx frederic.devaulx@nist.gov Acting SES Program Mgr RA/Tax Co-Convener Security Standards Standards Volume III Metrics • NIST ITL Cloud Computing Home Page http://www.nist.gov/itl/cloud • NIST Cloud Computing Collaboration Site (twiki) • http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing