Question 19/13 - End-to-end Cloud computing management and security
(Continuation of Question 28/13)
Cloud computing is a model for enabling service user's ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services), that can be rapidly provisioned and released with minimal management effort or service provider interaction. The cloud computing model is composed of five essential characteristics (on-demand, delivery over a broad network access, resource pooling, rapid elasticity, self and measured services), five cloud computing service categories, i.e., Software as a Service (SaaS), Communication as a Service (CaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Network as a Service (NaaS), and different deployment models (public, private, hybrid…).
The term multi-cloud is used to refer to cloud services where their applications (components) may be deployed on one or more Cloud Provider. In such scenarios inter-cloud exchange between the two Cloud Providers may occur. The actual architecture is specific to the application to each design.
Due to convergence of telecommunication and Information Technology services in the area of cloud computing, telecommunication players have an important role to play in the emerging cloud computing market and ecosystem. The telecommunication network is a central part for multi-tenant cloud computing architecture delivering composite -services with high QoS and optimal resource allocation.
With the adoption of cloud services, the network, computing, storage and application boundary of an organization will extend into the Cloud Service Provider domain. As a result an organization's trust boundary will become dynamic and will move beyond their internal control. The organization's loss of control over who has access to what information and resources, regardless of where those resources reside is an area of concern in cloud computing and a challenge to the management and security of cloud services and resources. This challenge can be addressed by sharing identity information with the Cloud Service Provider (CSP) through the use of cloud specific identity management solutions, including cloud identity federation. This work will be done in close collaboration with the security related Questions.
The primary focus of this Question is cloud service and infrastructure management and the management of composite cloud services and components that use a variety of telecom and IT infrastructure resources. These cloud services are typically composed of individual services elements that may be acquired from or exposed to third parties. This is a very complex management environment and requires the study of standards that provide a means to enable consistent end-to-end, multi-cloud management and monitoring of services exposed by and across different service providers' domains and technologies. This Question also includes the study of security mechanisms and methods to stream line and manage service delivery mechanisms across the service life cycles so that services can be created and delivered efficiently.
It should be noted that the term "end-to-end" is used here in information technology context, and does not refer to the management of endpoints or user devices, as it would have otherwise been implied if the telecommunication technology context were used. The term end-to-end simply refers to a holistic, multi-layer, multi-component, and multi-cloud management and security, which is in the scope of this Question.
Study items to be considered include what new Recommendations should be developed regarding:
- Cloud service management (in cooperation with SG 2) as well as cloud infrastructure and resource management, utilizing ideally common underlying principles, best practices, fundamentals, frameworks and design, a requirement demanded by telecom operators and service developers.
- The scope includes multi-cloud management, end-to-end management scenarios for cloud services and cloud infrastructure/resources.
- Study (in cooperation with SG 17) of cloud specific identity, access and security mechanisms that enable effortless trusted access to cloud resources in multi-provider scenarios, to the extent that such cloud specific scenarios do exist (not yet established)
- Developing Recommendations for high level requirements and capabilities for end-to-end cloud computing service management including cloud infrastructure and resource management
- Developing Recommendations for cloud federated identity and access management if deemed necessary.
- Developing Recommendations required for cloud computing security as defined in the Cloud Computing security collaboration between SG13 and SG17 (COM 13-R 10, Annex 6)
- Providing the necessary collaboration with external SDOs, consortia and forums working on cloud computing architectures and infrastructures to minimize duplication of efforts.
- An up-to-date status of work under this Question is contained in the SG 13 work programme
- All cloud computing related SG 13 Questions (Q.6/13, Q.17/13, Q.18/13 and Q.14/13, Q.15/13, Q.16/13), SG 2 (Q.5/2, Q.7/2), SG 17 (Q.8/17, Q10/17)
Standardization bodies, forums and consortia:
- ISO/IEC JTC 1/SC 38
- Distributed Management Task Force (DMTF)
- Storage Networking Industry Association (SNIA)
- TM Forum