Many IT pros view the lack of cloud computing standards as a potential roadblock to adoption, stemming from cloud provider lock-in fears and the inability to move virtual machines and data from cloud to cloud.
Today, there is a single cloud standard -- the Open Virtualization Format (OVF), pioneered by VMware for facilitating the mobility of virtual machines -- but it alone does not solve the cloud interoperability issue.
What users want is a cloud application programming interface (API) like the network API, TCP/IP, one that’s implemented in all cloud products and services and promotes transparent interoperability. This would increase the confidence of prospective public cloud adopters, as they’d be able to leave their providers whenever they want. It would also eliminate the belief that it’s easy to get into the cloud but difficult to get out.
However, Forrester analyst James Staten says he believes that a common cloud API is way off in the future. He sees the push for standards as too far ahead of where the market is: “There is no compelling reason to comply; not enough enterprise users have established cloud computing initiatives.”
Organizations presently pushing for cloud standards
There are a number of organizations that ratify proposals for open standards and others that develop guidelines and provide information to those interested in cloud computing. Some of the more important ones include:
- The Distributed Management Task Force (DMTF) develops cloud interoperability and security standards. The DTMF created the Open Cloud Standards Incubator (OCSI) in 2009 to address the need for open management standards for cloud computing. An OCSI-produced white paper, Interoperable Clouds White Paper, helps users with questions about integrating computer, network and storage services from one or more cloud service providers into business and IT processes.
- The mission of the National Institute of Standards and Technology (NIST) is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security.
- The Open Cloud Consortium (OCC) is a member-driven organization that develops reference implementations, benchmarks and standards for cloud computing.
- The Open Grid Forum (OGF) is an open community committed to driving the rapid evolution and adoption of applied distributed computing. OGF accomplishes its work through open forums that build the community, explore trends, share best practices and consolidate these best practices into standards. OGF has launched the Open Cloud Computing Interface Working Group to deliver an open community, consensus-driven API, targeting cloud infrastructures.
- The Storage Networking Industry Association (SNIA) has adopted the role of industry catalyst for the development of storage specifications and technologies, global standards, and storage education.
- The Cloud Security Alliance (CSA) publishes guidelines for secure cloud computing, and the Cloud Computing Interoperability Forum (CCIF) is a vendor-neutral, open community of technology advocates and consumers dedicated to driving the rapid adoption of global cloud computing services.
There is also a wiki site for cloud standards coordination that documents the activities of the various standards organizations working on cloud standards and guidelines.
The cloud standards available today
Various proprietary and open APIs have been proposed to provide interoperability among Infrastructure as a Service (IaaS). As far as I know, however, the first and only cloud-oriented standard that has been ratified is the OVF, which was approved in September 2010 after three years of processing by the DMTF.
OVF’s open packaging and distribution format for virtual machines (VMs) gives customers and vendors some platform independence. It helps facilitate mobility, but it does not provide all of the independence needed for cloud interoperability. OVF lets vendors or enterprises package VMs together with applications and operating systems and calls to any other applications and hardware as needed. This meta data includes information about VM images, such as the number of CPUs and memory required and network configuration information.
As for the other prominent APIs, VMware announced the submission of its vCloud API to the DMTF in September 2009. The API is expected to enable consistent provisioning, management and service assurance of applications running in private and public clouds.
The GoGrid API was submitted to the Open Grid Forum’s OCCI working group. This effort stalled because the GoGrid API failed to achieve any significant backing from the industry.
Oracle recently published its Oracle Cloud API on OTN (Oracle Technical Network) and submitted a subset of the API to the DMTG Open Cloud Standards Incubator group in June 2010. The Oracle Cloud API is basically the same as the Sun Cloud API but with some refinements. This submitted proposal has not received much attention from the IT industry.
Red Hat submitted the Deltacloud API to DMTF as a standard for cloud interoperability in August 2010. It is a set of open APIs that can be used to move cloud-based workloads among different private clouds and public cloud providers. Red Hat has contributed Deltacloud to the Apache Software Foundation as an incubator project. Deltacloud attempts to abstract the details of cloud provider cloud implementations so that an application or developer writing an application only has to call a single API to get a response regardless of the back-end cloud.
The Rackspace Cloud API has been open sourced and is included in OpenStack. And finally, the Amazon EC2 API is viewed by many as the de facto public cloud API standard. Vendors such as Eucalyptus Systems and OpenNebula implement much of the Amazon EC2 API. As far as we know, it has not been submitted to DMTF or any other open standards group.
Questions to pose on cloud standards
Because interoperability standards between cloud platforms are not yet in place, what should a prospective cloud adopter do? For starters, do not wait for interoperability standards to be ratified. In an environment of tremendous change where the potential benefits could be large, a better decision is to study up and make a choice.
Try to determine which vendors have the best opportunities to turn their cloud APIs into de facto standards for private and public clouds. Be sure to ask a number of questions like these and then compare the answers with your needs for both the short and the long term:
- Does the vendor have cloud APIs that appeal to customers and service providers, along with widespread acceptance in the cloud marketplace?
- Has the vendor submitted one or more of its cloud APIs for ratification to DMTF or one of the other standards organizations?
- Does the vendor have significant numbers of partners to promote and use its cloud APIs?
- Does the vendor’s cloud API promote interoperability between private and public clouds? What about between the vendor’s cloud and another vendor's cloud?
- Can the vendor provide a way to transfer your data out of its service?
If you woke up today and wanted to move data from one cloud to another, there is a good chance that you cannot. If you want to do this in the future, however, make sure that you don't architect your solution to take advantage of a vendor’s proprietary features and services, such as the data store in Google App Engine or Amazon’s SQS (Simple Queue Service).
Best of what's out there
In my opinion, the vendors with the best shot at providing de facto cloud API standards are VMware and Amazon.
Amazon is the 800-pound gorilla in the public cloud space, but VMware is trying to leverage its dominance in the virtualization software market to gain the lead in both the private and public cloud markets. If customers go heavily for internal clouds first, as many are predicting, VMware could become the de facto standard in the private cloud business.
And with the vCloud Express offering and the vCloud API, VMware also has a good chance at challenging Amazon in the public cloud. Over a year ago, VMware CEO Paul Maritz said that more than 1,000 hosting providers have enlisted to help enable public clouds via vCloud Express. However, the vCloud API could be considered a lock-in API, unless other hypervisor technologies in the cloud beyond vSphere actually adopt or make use of it.
As for the other major player in cloud, Microsoft’s strategy is aimed at its huge Windows-installed base. I don't expect Microsoft to make its APIs open, as its clouds don't have to interoperate with other clouds for it to be a successful vendor. Even Microsoft’s own services, Hyper-V Cloud and Windows Azure, have limited interoperability. The reason: Microsoft believes that Azure is the wave of the future. If you are a large, cloud-hungry Windows user who wants to buy from a single vendor and doesn't object to lock-in (neither of which is advisable), choose Microsoft.
About the author:
Bill Claybrook is a marketing research analyst with more than 30 years of experience in the computer industry, with the last 10 years in Linux and open source. From 1999 to 2004, Bill was Research Director, Linux and Open Source, at Aberdeen Group in Boston. He resigned his competitive analyst/Linux product marketing position at Novell in June 2009 after spending over four and a half years at the company. He is now president of New River Marketing Research in Concord, Mass. He holds a doctorate in computer science.
Understanding cloud compliance issues
Security issues in cloud computing
Terremark guru talks enterprise cloud security issues