NIST Cloud Computing Program NIST Cloud Computing Program Current Activities Current Activities NIST Information NIST Information Technology Laboratory Cloud Computing Program Technology Laboratory Cloud Computing Program Robert Bohn, Ph.D. NIST Cloud Computing Program Manager ETSI - Cloud Standards Coordination 5 December 2012, Cannes, France
27
Embed
NIST Cloud Computing Program Current Activitiesdocbox.etsi.org/Workshop/2012/201212_CSC/NIST_BOHN.pdf · 2012-12-05 · NIST Information NIST Information Technology Laboratory Cloud
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
NIST Cloud Computing ProgramNIST Cloud Computing Program
Current ActivitiesCurrent Activities
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
Robert Bohn, Ph.D.
NIST Cloud Computing Program Manager
ETSI - Cloud Standards Coordination
5 December 2012, Cannes, France
OutlineOutline
• Roadmap Activities
• Updates on PAPs/Working Groups
– SLA Guidance
– Cloud Metrics
2
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
R 1: International voluntary consensus based interoperability, portability and security standards
(interoperability, portability, and security standards)
R 2: Solutions for high priority Security Requirements (security technology)
R 3: Technical specifications to enable development of consistent, high quality Service Level Agreements
(interoperability, portability, and security standards and guidance)
R 4: Clearly and consistently categorized cloud services (interoperability and portability guidance and
technology)
R 5: Frameworks to support seamless implementation of federated community cloud environments
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program4
R 5: Frameworks to support seamless implementation of federated community cloud environments
(interoperability and portability guidance and technology)
R 6: Technical security solutions which are de-coupled from organizational policy decisions (security
guidance, standards and technology)
R 7: Defined unique government regulatory requirements, technology gaps, and solutions (interoperability,
portability and security technology)
R 8: Collaborative parallel strategic “future cloud” development initiatives (interoperability, portability, and
security technology)
R 9: Defined and implemented reliability design goals (interoperability, portability, and security technology)
R 10: Defined and implemented cloud service metrics (interoperability and portability standards)
USG USG CC Roadmap CC Roadmap –– Volume Volume IIII
Reference Architecture & Taxonomy
• Recommend Industry Mapping so that USG agencies & others can more easily
and consistently compare cloud services
• In parallel, support formal standards development process leveraging the
reference architecture
Standards
Use collaboration through public working groups & Federal Cloud Computing Standards & Technology
Working Group to continue to validate findings
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program5
Standards
• Provide avenue for USG agency engagement
• Continue standards roadmap
Target Business Use Cases & SAJACC
• Expand initial use case set & use SAJACC to identify gaps
Security
• leverage working groups to finalize special publication focusing on challenging
security requirements
• Continue technical advisor role – e.g. FedRAMP, continuous monitoring,
conformity assessment system
USG CC Roadmap USG CC Roadmap –– Volume IIIVolume III
• BUILDS ON the first two volumes of the USG Cloud Computing Technology Roadmap
• IS FOR USG agency technical planning and implementation teams - AND ANYONE ELSE THAT FINDS IT USEFUL
6
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
• HAS A GOAL to inform decision makers regarding questions and decision factors in the context of Cloud Computing use cases
•DESCRIBES HOW to leverage the Federal Cloud Computing Strategy Decision Framework for Cloud Migration and the collaborative NIST Cloud Computing Program work
Decision FrameworkDecision Framework
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
16 aspects…16 aspects…
• Provision
– Aggregate demand
– Integrate services
– Contract effectively
– Realize value
• Selection
– Efficiency
– Agility
– Innovation
– Security Requirements
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program8
– Realize value
• Manage
– Shift mindset
– Actively monitor
– Re-evaluate periodically
– Service characteristics
– Market Characteristics
– Network infrastructure
– Government readiness
– Technology lifecycle
Application CategoriesApplication Categories
• Collaboration Tools
• Planning/Management Tools
• Web Server/Content Management
• Identity Management
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
• Identity Management
• Document Retrieval/Library System
• PaaS
• IaaS
Next Steps for PAPs/Working GroupsNext Steps for PAPs/Working Groups
• Goal 3 -Advanced Actor Analysis - To further the discussion on the roles of and interactions of cloud computing actors (consumer/auditor/broker/carrier).
SLA TaxonomySLA Taxonomy
Chair: John Messina (NIST) and Ken Stavinoha (Cisco)
Purpose: Address Roadmap Requirement 3 on Service Level Agreements (SLA)s
Goals:
• Create a mindmap/taxonomy identifying the major elements that should appear
within a high-quality SLA.
• Write report on how to create high-quality SLA
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program11
Status:
• Mindmap/taxonomy draft complete (available on NIST CC twiki public website)
• Report draft complete (available on NIST CC twiki public website)
Moving Forward:
• Establish Federal SLA collaborative activities
• Submit material to international standards bodies for further development
Mind Map of a Master Service AgreementMind Map of a Master Service Agreement
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
Contents of SLAContents of SLA
Business Level Objectives
• Roles & Responsibilities
• Requirements
• Operational Policies
Service Level Objectives
• Resources
• Performance Indicators
• Service Deployment
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
• Operational Policies
• Continuity
• Limitations
• Financial
• Glossary of Terms
• Service Deployment
• Service Management
• Description
• Security
• Privacy
Cloud Business Cloud Business RequirementsRequirements
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
Performance Performance IndicatorsIndicators
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
Cloud MetricsCloud MetricsChair: Frederic J. de Vaulx and Steve Woodward (CloudPersectives)
Purpose: Address Roadmap Requirement 10 on Cloud Metrics
Goals:
• Improve consistency & terminology to facilitate valuable comparative analysis
• Create a framework to help clarify measures, definitions and collection methods
• Align with the roadmap high priority goals like SLAs
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
Status:
• Cloud reference and description list (available on NIST CC twiki public website)
• Draft concept model for cloud metrics, measures and usages (available on NIST
CC twiki public website)
Moving Forward:
• Present the concept model to organizations involved in cloud metrics
• Write the Cloud Measure document based on the draft outline
Cloud MetricsCloud Metrics
Work Areas & Priorities
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
Goal 3: Advanced Actor Analysis Goal 3: Advanced Actor Analysis ––
Cloud BrokerCloud Broker
Cloud Broker Intermediate Cloud Service Provider
• dd
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program18
• Consumer accesses multiple provider services through a single broker interface
• The Cloud Consumer retains visibility into the cloud service providers they use
• Intermediary uses additional providers as invisible components of its own service, presented as integrated offering
• No consumer visibility into or control over additional cloud providers
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program23
Information
Technology
SC 27IT security
techniques
Financial services
SC 7Software &
systems engineering
SC 38Distributed application platforms &
services
SC 2Financial Services, security
W3COASIS TCGOMG SNIA
OGF CAOCC
ATIS CSA Kantara TIA
JTC 1 PAS Submitters
others
Key: PSDO = Partner Standards Development Organization; PAS = Publicly Available Specification; = private sector,
national member-based international standards body; = UN agency, member state-based international standards body;
= international consortium standards developer
NIST SP 500NIST SP 500--291 Recommendations291 RecommendationsAccelerating Development and Use of Cloud StandardsAccelerating Development and Use of Cloud Standards
Contribute Agency Requirements
Participate in Standards Development
Encourage Compliance Testing to Accelerate
• Contribute Agency Requirements
• Participate in Standards Development
• Encourage Compliance Testing to Accelerate
Technically Sound Standards-Based Deployments
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
Encourage Compliance Testing to Accelerate
Technically Sound Standards-Based Deployments
Specify Cloud Computing Standards
USG-Wide Use of Cloud Computing Standards
Dissemination of Information on Cloud Computing
Standards
Technically Sound Standards-Based Deployments
• Specify Cloud Computing Standards
• USG-Wide Use of Cloud Computing Standards
• Dissemination of Information on Cloud
Computing Standards
New Topics for ConsiderationNew Topics for Consideration
• Accessibility
• Conformity Assessment
• Performance
• Reliability
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program
• Reliability
• Forensics
• Law Enforcement
• Education
NIST Cloud Computing Special Publications
• CC Standards Roadmap ……………………..500-291
• CC Reference Architecture………………….500-292
• USG CC Technology Roadmap Draft......500-293
NIST Information NIST Information Technology Laboratory Cloud Computing ProgramTechnology Laboratory Cloud Computing Program