Orchestrating Trusted Cloud Orchestrating Trusted Cloud Serviced Using TOSCA Serviced Using TOSCA

www.oasis-open.org

Simon Moser

Cloud Computing Architect & co-chair of the TOSCA Technical Committee

IBM Research & Development GmbH, Boeblingen, Germany

Agenda Introduction to TOSCA TOSCA and Security Get Involved!

Even simple cloud services sometimes have complex software and hardware infrastructures backing them. Think about today's Cloud Standards: How do we ensure portability?

© 2012 IBM Corporation

What are the Technical Problems ?

No interoperable description exists of what your application is and what it requires

Virtual images do not suffice at all They are “just” snapshots of the actual state of your

application

Another provider might not have a clue how to install, deploy, run & manage your application

Deep detailed skills about the application and its underlying stack is needed that “arbitrary” providers typically don’t have

Let alone other application aspects like security, QoS and the like ..

4

TOSCA: Topology and Orchestration Specification for Cloud ApplicationsDefine composite, high-value services – once!

© 2012 IBM Corporation

TOSCA Service Templates have expert knowledge for management and orchestration throughout the complete service life cycle built in!

© 2012 IBM Corporation

Portability between Cloud providers using the very same Service Templates

© 2012 IBM Corporation

A declarative model spanning software applications to virtual and physical infrastructure

Enables the migration between Cloud providers using Service Templates

Service specific best practices for their management and orchestration built into the model

Service Template includes:•The structure and composition of the application and its infrastructure•The relationships between the parts•The operational behavior (deploy, patch, shutdown, etc.) •The association of that behavior with cloud infrastructure management

N1

N2 N3

N4

Structural Model

Build Plan

Management Plans

Service Template

TOSCA at a Glance....

© 2012 IBM Corporation

TOSCA & Security

provide/use

Sponsored by

Parent Project

Projektträger

Service-Marketplace

Customers

Cloud-Hoster

Addon-ServiceProvider

Solution-Provider

Manufacturer of Cloud-Platforms

use

provide/use

set up provide

buy

provide/ use

• Today’s Cloud-Solutions

> provider-lock-in (TOSCA will change)

> little amount of standards

> rudimentary interfaces

> no compliance

> no certifications

> little acceptance of users

Cloud Cycle: Defining Trusted Service Templates Project funded by the German Government Work started in October 2011, based on TOSCA Goals of Cloud Cycle:

Develop Portable and interoperable definitions of security- and compliance aspects.

Work on Guidelines that define the concrete security and compliance-requirements of the cloud services

Work on ways how compliance with the guidelines will be assured through proper integration with the Cloud-Management System (e.g. TOSCA runtime).

Develop an open Plug-In-Mechanism, allowing for the extension by new aspects, especially security and compliance (also by third parties).

Sponsored by

Parent Project

Projektträger

What’s needed from a technical perspective Develop the grammar to describe …

… Security requirements for Cloud Services … Governance aspects for Cloud Services … Compliance requirements for Cloud Services

Develop extension mechanisms how to plug that grammar into TOSCA Service Definitions

Extend TOSCA runtime infrastructures by providing “plug-ins” that handle Security / Governance / Compliance during deployment & runtime of the cloud service

Interested ? We need help!

    <Policies>?     <Policy            name="string"            type="anyURI">+        policy specific content     </Policy>   </Policies>

Potential technical mean: TOSCA Node Types Policy

Get Involved!

0 - H

3M Health Information Systems ActiveState Software, Inc. ASG Software Solutions Axway Software Beijing Sursen Electronic Technology Co, Ltd CA Technologies Capgemini CenturyLink China Internet Network Information

Center(CNNIC) Cisco System Citrix Systems Cloudsoft Corporation Limited EMC Fujitsu Limited Gale Google Inc. Hewlett-Packard Hitachi Ltd. Huawei Technologies Co., Ltd.

I – Z

IBM Jericho Systems Mitre Corporation Morphlabs, Inc. NetApp Nokia Siemens Networks GmbH & Co. KG Oracle PricewaterhouseCoopers LLP Primeton Technologies, Inc. Progress Software Red Hat rPath Inc. SAP AG Siemens Enterprise Comm. GmbH & Co. KG Software AG, Inc. VCE VNomic WSO2 Yaana Technologies, LLC Zenoss

Members in the TOSCA TC

Medium Business and public Sector

Proposers

Associated Partners

Research and Teaching

Research and Cloud-Technology and Standardisation

Sponsors

Cloud Cycle Consortium

THANK YOU FOR YOUR ATTENTION.

© 2012 IBM Corporation