Session Abstract: “Cloud computing has dramatically lowered the barriers to entry for new web entrepreneurs wanting to start innovative businesses. However, the lack of interoperability, consistency and security concerns across services keeps many businesses from adopting. There have been several calls for standards to help make services from different cloud providers interoperable and ultimately more useful and secure to enterprises.
Uncertainty abounds, with questions such as "Are standards really needed?" "Who should be involved?" “Can the cloud ever be secure?” and "What are potential consequences of working in the cloud?"
This talk will explore the pros and cons of standards, address myths surrounding security in the cloud, while also providing insight from customer feedback and what new cloud technology trends Mosso sees coming this year.”
Jonathan Bryce is a Rackspace Mosso Co-Founder.
1. Cloud Standards: Who needs ‘em?
Types of Standards: Technology classifications, APIs, Pricing Mechanisms, Compliance
Technology Classifications – a little consensus and agreement is building on the three common layers:
SaaS
PaaS
IaaS
Inversion of Simplicity and Customization, Greater Simplicity at Top (SaaS), More Customization at Bottom (IaaS). IaaS raw infrastructure power, IaaS consumer has increased responsibility: install, networking, security etc.
APIs to:
Provision and Manage cloud services: Storage, Compute, Network, Application Data
These are ripe for formal specification (standardization). Basic things everyone needs to do: start/stop, add/remove etc.
Tools will provide portability between clouds, such as rightscale and eucalyptus (open source)
Pricing Mechanisms (Money, Money, Money):
Pricing complexity issues:
- Fewer Natural Limits – no physical boundary, such as physical server, storage device
- Very Different Capabilities – what is offered, especially at PaaS layer; what is included, what needs to be priced a la carte (consider PaaS that offers auto-scale capability)
- Virtual Everything – not buying physical memory, but chunk of memory on server, buying & holding memory chunk, or receive only as needed
- Consistency or Capacity?
Standard Processing Calculation – there isn’t a standard processing calculation, adds to pricing issues; megacycle hours (Appengine) vs. compute cycle (Mosso); no raw metric, even GHz is problematic with multi-core processors
Compliant Clouds (Compliance)
Compliance is never a first offering in emerging technology. But, is a critical offering for large business adoption. Often requested: HIPAA, SAS70, PCI, Safe Harbor
Joint responsibilities of cloud provider and developer. Cloud provider needs to provide safe platform, storage, auditing etc. But developer needs to ensure application is designed with compliance in mind, such as HIPAA data access rules, PCI credit card encryption etc.
2. Why Does IT (Standards) Matter?
The Network Effect: interoperability, avoid lock-in (portability), RAIC (redundant arrays of inexpensive clouds), better tools for all, cloud bursting (internal infrastructure with load burst to cloud) & cloud native apps
3. Who and When?
You, me (Jonathan), Customers, Vendors, Partners
Now
Get Involved: Cloud computing interoperability groups, Cloud computing standards groups, easy to find and engage with online
Q&A
- Jonathan discusses interoperability vs. portability. Tools exist to port an image from one cloud to another. The bigger challenge, with no real tools or standards, is being able to use more than one cloud at the same time.
- Can you name specific groups: CCIF, unified cloud computing group, open cloud manifesto. Speaks to the controversy around the open cloud manifesto, suggests people read the manifesto, interpret content as ideals (requirements), not standards.
PDF 
