Output break-out session # 4 Cloud sla © ETSI 2012. All rights reserved CLOUD STANDARDS COORDINATION Cannes, 4-5 december 2012
Dec 17, 2015
Output break-out session # 4Cloud sla
© ETSI 2012. All rights reserved
CLOUD STANDARDS COORDINATIONCannes, 4-5 december 2012
Session Cloud SLA
Title session: Cloud SLA
Reported by: Bernd Becker (EuroCloud)
Co-facilitators: Jamil Chawki (Orange) and Bill Semper (TMF)
Number participants: 45
Misc: 4 Feedbacks
ETSI/BOARD(12)89_0XX2
Functional scope
• Describe the functional area of SLA• SLA Definition : A Service Level Agreement (SLA) is a documented
agreement between the service provider and customer that identifies services and service targets. [ISO/IEC 20000-1:2011].
• Specific on cloud issues
The scope of this session is to• catalogue standards organizations and specifications – existing as well
as missing - that may be relevant to SLAs that apply to the whole service/supply chain of Cloud.
• collect key issues and new ideas relevant to SLAs for Cloud. • Issue 1: Stakeholders and their responsibility.• Issue 2: Handling of e.g. QoS, KPI and KQI in addition to security, privacy
aspects relevant for SLA fulfillment. • Others…. Feedback: SLAs: How can SLAs be constructed similar to
Application Service Provider Models
Session Schedule
Scope (SLA activity) 45 min +15 min
Use cases & Requirements 45 min +15 min
Organization/SDO delivering technical specifications/Standards 45 min
ETSI/BOARD(12)89_0XX4
SLA Scope (1)
ETSI/BOARD(12)89_0XX5
SLA Scope (2)
ETSI/BOARD(12)89_0XX6
SLA Scope (3)
ETSI/BOARD(12)89_0XX7
SLA Usecase and Requirements
ETSI/BOARD(12)89_0XX8
SLA Organization/SDO delivering technical specifications/Standards
Organizations /SDO delivering technical specifications and/or standards• TMF• ISO/ IEC JTC1 SC38 and SC27• NIST• ITU-T• ETSI• OGF
Suggestions on relevant standards• ISO/IEC JTC1CS7: 20000 series• ISO/IEC JTC 1 SC-38: Report on SLA& Service delivery • TM Forum : TR178 Enabling End-to-End Cloud SLA Management, GB917, MultiCloud Accelerator Pack• NIST: Cloud Contracts and SLAs• ETSI TC Cloud: Draft ETSI DTR/CLOUD-0012 V0.0.4• Cloud Standards Customer Council: Practical Guide to Cloud Service Level Agreements
ETSI/BOARD(12)89_0XX9
SLA Organization/SDO delivering technical specifications/Standards
ETSI/BOARD(12)89_0XX10
SLA Scope (2)
ETSI/BOARD(12)89_0XX11
Who does what in this space?
Organizations delivering technical specifications and/or standards• Note that there may not be a matching Technical Specifications/Standards
organisation or forum for each area.
Suggestions on relevant standards• (Time permitting)
ETSI/BOARD(12)89_0XX12
Session xxx
Title session
Reported by (name rapporteur)
Co-facilitators
Number participants
Misc (if relevant)
ETSI/BOARD(12)89_0XX13
Functional scope
• Describe the functional area of (subject xxx)
Use cases/requirements
Key questions that need to be addressed (bearing in mind the EU landscape and market) • “What do people need?"
Requirements/use cases• Suggested priorities
ETSI/BOARD(12)89_0XX15
Who does what in this space?
Organizations delivering technical specifications and/or standards• Note that there may not be a matching Technical Specifications/Standards
organisation or forum for each area.
Suggestions on relevant standards• (Time permitting)
ETSI/BOARD(12)89_0XX16
Use cases/requirements
Use cases• Framework for classifications:
• Simple or composite Cloud services • Low / high critical services and Data
ETSI/BOARD(12)89_0XX17
Use cases/framework
18
IMPORTANCERelevance of service and/or
sensitivity of data
LOW HIGH
CO
MP
LE
XIT
Y O
F S
ER
VIC
E
LOW
HIG
H
UC Type 2
UC Type 1
UC Type 3
UC Type 4
IAASe.g.
Storage Archiving of Accounting
Logfiles
IAASe.g.
Processing non critical Insurance
Data
SAASe.g.
Drivers logT&E Mang.
SAASe.g.
Financial Reporting
Patient Records
Use cases/requirements
Required Areas of standardization with respect to SLAs• Stakeholders and their responsibility• SLA terminology • Ecosystem, including roles and sub-roles and responsibilities• High level business/use and functional architecture views • Handling of e.g. QoS, KPI and KQI in addition to security, privacy aspects
relevant for SLA fulfillment..
ETSI/BOARD(12)89_0XX19
Who does what in this space?
Organizations /SDO delivering technical specifications and/or standards• TMF• ISO/ IEC JTC1 SC38 and SC27• NIST• ITU-T• ETSI• OGF
Suggestions on relevant standards• ISO/IEC JTC1CS7: 20000 series• ISO/IEC JTC 1 SC-38: Report on SLA& Service delivery • TM Forum : TR178 Enabling End-to-End Cloud SLA Management, • NIST: Cloud Contracts and SLAs• ETSI TC Cloud: Draft ETSI DTR/CLOUD-0012 V0.0.4• Cloud Standards Customer Council: Practical Guide to Cloud Service Level Agreements
ETSI/BOARD(12)89_0XX20
Feedbacks
ETSI/BOARD(12)89_0XX21
Feedback from ALU on issue 2
Provisioning of E2E cloud services quality(QoS):
• define a conceptual model• define/describe service impairments & SLA/QoS characteristics(e.g.
availability, performance,... ) that arise along the end-to-end path from the cloud consumer’s application running on some cloud service providers’ infrastructure
• define a set of SLA Parameters appropriate to the specific service types and characteristics identified (e.g. response time)
• defining and standardisation of SLA Metrics (e.g. delay) to allow the unambiguous evaluation of SLA Parameters and service quality across key interfaces in the service delivery chain
ETSI/BOARD(12)89_0XX22
Feedback from Microsoft (1)
The IS IEC 20000-1 of the SLA includes the 2 following note:
• NOTE 1: A service level agreement can also be established between the service provider and a supplier, an internal group or a customer acting as a supplier.
• NOTE 2: A service level agreement can be included in a contract or another type of documented agreement
• These notes should be re-introduced in the scope to give an accurate definition, especially the note 2, because it clearly states that a SLA is a part of a contract. A SLA is not a contract and shall not be confused with a contract
• Issue 3 named ”others” is too generic and doesn’t add value, especially because the sentence above includes already the idea that the activity will not be “limited” to the issues listed
• The statement about the link between the SLAs and “the legislation, regulation and other matters outside the scope of standardization” is extremely important and shall be always carefully considered.
ETSI/BOARD(12)89_0XX23
Feedback from Microsoft (2)
• A SLA cannot replace a contract or agreement – it can just assist in entering into a contract or agreement
• A SLA cannot supersede or contradict relevant law (consumer law, contract law, …); so work on SLA standards has to be delicate and must avoid dealing with issues that are covered by higher authorities
• Legacy outsourcing thinking cannot be applied to Cloud Computing. The multi-tenant, very large scale nature of public cloud services creates nuanced issues across many terms and conditions in traditional IT agreements and SLAs
• In practice, for cloud computing, a SLA is mainly constituted of “service targets”, also identified in the scope as KPI and KQI“
• In support of “self service, on demand” the KPI and KQI should, as far as possible, be machine readable and suitable for automatic interpretation by software
• Where human intervention is required to evaluate or negotiate an SLA, this should be confined to the aspects which are not suitable for automation only
• SLAs need to be suitable for international use
• The standard SLA format cannot be tied to any specific cloud platform, operating system, middleware or application. Rather, the standard SLA should be flexible for all.
The standard SLA format must not preclude innovation in the cloud ecosystem. For example, it should not assume or require specific solutions, protocols, or parameters that may become obsolete as the ecosystem evolves over time.
ETSI/BOARD(12)89_0XX24
Feedback from Ministry of the Interior The Netherlands
I think it is important to stress that, as stated in the recently released opinion of the EDPS(*), cloud computing should not be treated any different from the way conventional data processing operations are being treated regarding aspects concerning SLAs. What we do need to discuss is how cloud computing can be configured - among others in terms of the way services are being delivered and contractual terms & conditions can be described and enforced - in such a way that it can comply to the current standards in the field of data processing. The challenge is to do this in such a way that it supports the realization of the recently published European cloud strategy.
ETSI/BOARD(12)89_0XX25