Output Break-out Session # 4 CLOUD SLA © ETSI 2012. All rights reserved CLOUD STANDARDS COORDINATION Cannes, 4-5 december 2012.

Output break-out session # 4Cloud sla

© ETSI 2012. All rights reserved

CLOUD STANDARDS COORDINATIONCannes, 4-5 december 2012

Session Cloud SLA

Title session: Cloud SLA

Reported by: Bernd Becker (EuroCloud)

Co-facilitators: Jamil Chawki (Orange) and Bill Semper (TMF)

Number participants: 45

Misc: 4 Feedbacks

ETSI/BOARD(12)89_0XX2

Functional scope

• Describe the functional area of SLA• SLA Definition : A Service Level Agreement (SLA) is a documented

agreement between the service provider and customer that identifies services and service targets. [ISO/IEC 20000-1:2011].

• Specific on cloud issues

The scope of this session is to• catalogue standards organizations and specifications – existing as well

as missing - that may be relevant to SLAs that apply to the whole service/supply chain of Cloud.

• collect key issues and new ideas relevant to SLAs for Cloud. • Issue 1: Stakeholders and their responsibility.• Issue 2: Handling of e.g. QoS, KPI and KQI in addition to security, privacy

aspects relevant for SLA fulfillment. • Others…. Feedback: SLAs: How can SLAs be constructed similar to

Application Service Provider Models

Session Schedule

Scope (SLA activity) 45 min +15 min

Use cases & Requirements 45 min +15 min

Organization/SDO delivering technical specifications/Standards 45 min

ETSI/BOARD(12)89_0XX4

SLA Scope (1)

ETSI/BOARD(12)89_0XX5

SLA Scope (2)

ETSI/BOARD(12)89_0XX6

SLA Scope (3)

ETSI/BOARD(12)89_0XX7

SLA Usecase and Requirements

ETSI/BOARD(12)89_0XX8

SLA Organization/SDO delivering technical specifications/Standards

Organizations /SDO delivering technical specifications and/or standards• TMF• ISO/ IEC JTC1 SC38 and SC27• NIST• ITU-T• ETSI• OGF

Suggestions on relevant standards• ISO/IEC JTC1CS7: 20000 series• ISO/IEC JTC 1 SC-38: Report on SLA& Service delivery • TM Forum : TR178 Enabling End-to-End Cloud SLA Management, GB917, MultiCloud Accelerator Pack• NIST: Cloud Contracts and SLAs• ETSI TC Cloud: Draft ETSI DTR/CLOUD-0012 V0.0.4• Cloud Standards Customer Council: Practical Guide to Cloud Service Level Agreements

ETSI/BOARD(12)89_0XX9

SLA Organization/SDO delivering technical specifications/Standards

ETSI/BOARD(12)89_0XX10

SLA Scope (2)

ETSI/BOARD(12)89_0XX11

Who does what in this space?

Organizations delivering technical specifications and/or standards• Note that there may not be a matching Technical Specifications/Standards

organisation or forum for each area.

Suggestions on relevant standards• (Time permitting)

ETSI/BOARD(12)89_0XX12

Session xxx

Title session

Reported by (name rapporteur)

Co-facilitators

Number participants

Misc (if relevant)

ETSI/BOARD(12)89_0XX13

Functional scope

• Describe the functional area of (subject xxx)

Use cases/requirements

Key questions that need to be addressed (bearing in mind the EU landscape and market) • “What do people need?"

Requirements/use cases• Suggested priorities

ETSI/BOARD(12)89_0XX15

Who does what in this space?

Organizations delivering technical specifications and/or standards• Note that there may not be a matching Technical Specifications/Standards

organisation or forum for each area.

Suggestions on relevant standards• (Time permitting)

ETSI/BOARD(12)89_0XX16

Use cases/requirements

Use cases• Framework for classifications:

• Simple or composite Cloud services • Low / high critical services and Data

ETSI/BOARD(12)89_0XX17

Use cases/framework

18

IMPORTANCERelevance of service and/or

sensitivity of data

LOW HIGH

CO

MP

LE

XIT

Y O

F S

ER

VIC

E

LOW

HIG

H

UC Type 2

UC Type 1

UC Type 3

UC Type 4

IAASe.g.

Storage Archiving of Accounting

Logfiles

IAASe.g.

Processing non critical Insurance

Data

SAASe.g.

Drivers logT&E Mang.

SAASe.g.

Financial Reporting

Patient Records

Use cases/requirements

Required Areas of standardization with respect to SLAs• Stakeholders and their responsibility• SLA terminology • Ecosystem, including roles and sub-roles and responsibilities• High level business/use and functional architecture views • Handling of e.g. QoS, KPI and KQI in addition to security, privacy aspects

relevant for SLA fulfillment..

ETSI/BOARD(12)89_0XX19

Who does what in this space?

Organizations /SDO delivering technical specifications and/or standards• TMF• ISO/ IEC JTC1 SC38 and SC27• NIST• ITU-T• ETSI• OGF

Suggestions on relevant standards• ISO/IEC JTC1CS7: 20000 series• ISO/IEC JTC 1 SC-38: Report on SLA& Service delivery • TM Forum : TR178 Enabling End-to-End Cloud SLA Management, • NIST: Cloud Contracts and SLAs• ETSI TC Cloud: Draft ETSI DTR/CLOUD-0012 V0.0.4• Cloud Standards Customer Council: Practical Guide to Cloud Service Level Agreements

ETSI/BOARD(12)89_0XX20

Feedbacks

ETSI/BOARD(12)89_0XX21

Feedback from ALU on issue 2

Provisioning of E2E cloud services quality(QoS):

• define a conceptual model• define/describe service impairments & SLA/QoS characteristics(e.g.

availability, performance,... ) that arise along the end-to-end path from the cloud consumer’s application running on some cloud service providers’ infrastructure

• define a set of SLA Parameters appropriate to the specific service types and characteristics identified (e.g. response time)

• defining and standardisation of SLA Metrics (e.g. delay) to allow the unambiguous evaluation of SLA Parameters and service quality across key interfaces in the service delivery chain

ETSI/BOARD(12)89_0XX22

Feedback from Microsoft (1)

The IS IEC 20000-1 of the SLA includes the 2 following note:

• NOTE 1: A service level agreement can also be established between the service provider and a supplier, an internal group or a customer acting as a supplier.

• NOTE 2: A service level agreement can be included in a contract or another type of documented agreement

• These notes should be re-introduced in the scope to give an accurate definition, especially the note 2, because it clearly states that a SLA is a part of a contract. A SLA is not a contract and shall not be confused with a contract

• Issue 3 named ”others” is too generic and doesn’t add value, especially because the sentence above includes already the idea that the activity will not be “limited” to the issues listed

• The statement about the link between the SLAs and “the legislation, regulation and other matters outside the scope of standardization” is extremely important and shall be always carefully considered.

ETSI/BOARD(12)89_0XX23

Feedback from Microsoft (2)

• A SLA cannot replace a contract or agreement – it can just assist in entering into a contract or agreement

• A SLA cannot supersede or contradict relevant law (consumer law, contract law, …); so work on SLA standards has to be delicate and must avoid dealing with issues that are covered by higher authorities

• Legacy outsourcing thinking cannot be applied to Cloud Computing. The multi-tenant, very large scale nature of public cloud services creates nuanced issues across many terms and conditions in traditional IT agreements and SLAs

• In practice, for cloud computing, a SLA is mainly constituted of “service targets”, also identified in the scope as KPI and KQI“

• In support of “self service, on demand” the KPI and KQI should, as far as possible, be machine readable and suitable for automatic interpretation by software

• Where human intervention is required to evaluate or negotiate an SLA, this should be confined to the aspects which are not suitable for automation only

• SLAs need to be suitable for international use

• The standard SLA format cannot be tied to any specific cloud platform, operating system, middleware or application. Rather, the standard SLA should be flexible for all.

The standard SLA format must not preclude innovation in the cloud ecosystem. For example, it should not assume or require specific solutions, protocols, or parameters that may become obsolete as the ecosystem evolves over time.

ETSI/BOARD(12)89_0XX24

Feedback from Ministry of the Interior The Netherlands

I think it is important to stress that, as stated in the recently released opinion of the EDPS(*), cloud computing should not be treated any different from the way conventional data processing operations are being treated regarding aspects concerning SLAs. What we do need to discuss is how cloud computing can be configured - among others in terms of the way services are being delivered and contractual terms & conditions can be described and enforced - in such a way that it can comply to the current standards in the field of data processing. The challenge is to do this in such a way that it supports the realization of the recently published European cloud strategy.

ETSI/BOARD(12)89_0XX25