Information Technology's great advances -- mainframes, minicomputers, personal computers and even virtualization...
-- all developed without significant support of standards. Yet standard APIs, operating systems and middleware seem essential today. Networking followed a similar path, with ad hoc TCP/IP defeating formal international standards like OSI, only to be challenged by software-defined and standards-based networking. The cloud is the fusion of IT and networking, and it's fair to ask what role standards will play in its evolution. The scope of cloud standards and the variety of cloud models, however, complicate the topic.
The National Institute of Standards and Technology has published an excellent summary of cloud standards that are particularly applicable for the government sector but also valuable to enterprises. This document is authoritative for many of the details of cloud deployment, but it may not be the best guide in assessing the long-term impact of standards on the cloud. That will require looking at the specific areas where emerging standards and cloud needs intersect.
Cloud standards divide into three general areas: standards for images deployed in the cloud, standards for the management interfaces between users and cloud services, and standards for the architecture and interfaces of cloud components. The first group is important in both public and private cloud applications because it influences the work needed to move an application or component between cloud implementations. Cloud management standards have been of most interest to public cloud users and "cloud stack" software standards to private cloud users.
Images deployed in the cloud
Amazon and VMware provide de facto standards for machine images, which are really specifications for templates that describe how machine images of applications and components are deployed. OASIS (the Organization for the Advancement of Structured Information Standards) has recently developed a formal standard called OASIS Cloud Application Management for Platforms (CAMP). There are a number of tools available to translate from one of these formats to another, and that limits the need for the industry to converge on a single approach. In any event, cloud competition makes that convergence seem unlikely. At least in the near term, standardization of machine images is unlikely to impact the cloud.
In the longer term, OASIS CAMP may be the most important development because it can define application images for both infrastructure as a service (IaaS) and platform as a service (PaaS), which could be critical if users continue to show more interest in PaaS because of its potentially greater savings and ease of use. CAMP could end up as the accepted cloud image template standard since it is already in place. It also may eventually be adopted by Amazon and for virtualization applications.
Cloud architecture standards
The architecture of the cloud itself, the software stack, has three "standard" approaches for IaaS today. Amazon's cloud is based on proprietary tools, but open source software like Eucalyptus or Nebula can replicate the IaaS elements of Amazon at least. OpenStack and CloudStack are competing open source solutions for the cloud, both public and private, and VMware's vCloud is an evolutionary path from the company's virtualization platform to both a public or private cloud. It's not likely that there will be a formal standard for cloud software, nor that there will be a de facto PaaS standard for cloud software beyond Microsoft's Azure, which is not quite there yet itself.
Additionally, the battle for cloud software standards supremacy may really be less about standards than about open source. The largest number of cloud software deployments is in enterprises as the foundation for their private clouds. Enterprises will neither implement formal standards themselves nor wait a significant time for them to be implemented. The question at this point is whether OpenStack can be beaten, given its widespread support by major IT and network vendors. However, cloud software is a black box to users; it's visible only in the form of the management interfaces it exposes. Standardization of these management interfaces could indirectly impact, even decide, the cloud software standards area.
Cloud management standards
Cloud management APIs are perhaps the most complicated of the cloud standards areas because needs exist at multiple levels. Cloud stack software like OpenStack defines basic mechanisms for deploying machine images and connecting cloud elements into services, but in practice these are increasingly augmented by deployment, management and orchestration tools. Public cloud providers like Amazon define their own cloud management interfaces, and Amazon is also providing cloud management and orchestration tools with OpsWorks. Now OASIS has released a standard for cloud management and orchestration called Topology and Orchestration Specification for Cloud Applications (TOSCA).
What makes this area critical is that application lifecycle management processes are likely to be built around cloud management and orchestration tools as applications move to the cloud. These represent a major investment by businesses. The battle for acceptance as a standard is likely to be between OpsWorks, OpenStack and TOSCA. Amazon's supremacy in the public cloud insures OpsWorks will continue to be credible, but OpenStack has broad support in competing public clouds and also in private clouds. Its limitation is that it has only primitive development and operations capability, though this may change as OpenStack evolves. TOSCA is part of IBM's SmartCloud implementation, and it has been suggested as a standard for network functions virtualization. If there are any formal standards with a chance of driving cloud computing forward, TOSCA may be the one.
The likely path for cloud standards
If developers want to handicap the chances for various standards in the cloud, they should look for implementations, particularly open source ones. Cloud users won't write software to support standards, and vendors may avoid them to gain more benefits from their own development. Open source, already big in the cloud at the cloud stack software level, could be huge if it drives formal standards like those from OASIS. TOSCA, for example, already has an open source implementation.
Standards are a high-inertia activity, not well suited to drive something developing as rapidly as the cloud. Linking them with open source implementations would make up for the delays in formal standardization by reducing the delays in making an implementation available to users. The combination could be a long-term benefit to cloud buyers.
Cloud computing standards and compliance
Securing the data center: How to overcome the lack of cloud standards
Cloud standards on the horizon: CDMI, PEAT, security best practices