Intercloud and interoperability                                     5


            6.5     Relationship between trusted inter-cloud and the cloud computing reference architecture

            The  cloud  computing  reference  architecture  [ITU-T  Y.3502]  provides  an  architectural  framework  which
            defines  cloud  computing  roles,  sub-roles,  cloud  computing  activities  and  cross-cutting  aspects.  It  also
            describes the functional layers and functional components of a cloud computing system. According to this
            framework, the trusted inter-cloud relationships can be expressed by cross-cutting aspects like security,
            governance and resiliency that span over cloud computing multi-layer functionality. The conceptual view of
            cloud  computing  management  is  based  on  cloud  computing  management  layers  and  the  service
            management interface (SMI) approach [ITU-T Y.3520] and [ITU-T Y.3522].
            Trust management in inter-cloud environments can be realized based on the common model for end-to-end
            cloud computing management [ITU-T Y.3521]. In particular, the operations support system (OSS) functional
            components encompass the set of management capabilities that are required in order to manage and control
            trust  in  an  inter-cloud  environment.  The  role  of  business  support  system  (BSS)  functional  components
            remains  to encompass  the  set of  business-related management  capabilities dealing  with  customers  and
            supporting processes in a trusted manner (see clause 9.2.5.4 of [ITU-T Y.3502]). Therefore, in a trusted inter-
            cloud environment, the cloud computing management functionalities [ITU-T Y.3521] can be used to reach
            objectives of trust satisfying governance, security and resiliency aspects of inter-cloud.


            7       General requirements for trusted inter-cloud
            This clause identifies general requirements applicable to trusted inter-cloud.


            7.1     Data separation
            It is required that the CSP provides data separation between workloads to ensure security and confidentiality.

            7.2     Data annotation

            It is recommended that the CSP supports annotation (tagging) of trusted inter-cloud data (workloads) to
            enable compliance with regulatory obligations.

            7.3     Confidentiality of data

            It is required that the CSP respects the confidentiality of the CSC's or CSP's data used in trusted inter-cloud
            system.

            7.4     Operational statistics
            It is recommended that the CSP supports operational statistics for trusted inter-cloud services according to
            appropriate methods of measurement.

            7.5     Interoperability and dependability

            It is recommended that the CSP supports interoperability and dependability of trusted inter-cloud services.

            7.6     Master service agreement
            It is recommended that the CSP respects master service agreements to reach objectives of trust satisfying
            governance, security and resiliency aspects of inter-cloud.


            8       Requirements for governance of trusted inter-cloud
            This clause provides requirements for governance of trusted inter-cloud derived from the use cases described
            in Appendix I.

            8.1     Geographical policies
            It is required that the CSP respects all applicable geographical policies in order to realise requests from the
            CSC or other CSP.


                                                                                                         803