Interoperability and portability

 

 

The contents included in this section are DRAFTS proposed for a public consultation and are under review.

 

Scenario

Introduction

Interoperability is defined as the capability of two or more functional units to process data cooperatively [Ref. to ISO/IEC spec]. Within the cloud computing context this refers to the capability of public and private clouds to use an agreed language to use each others’ access interfaces and to transmit data in machine to machine communications. Achieving high levels of interoperability is critical for the ability of a cloud service customer to exchange data within and between cloud services. Nevertheless, this capability is still not universally available.

Further info on the ISO website: https://www.iso.org/obp/ui/#iso:std:iso-iec:2382:ed-1:v1:en .

Portability is defined as the capability of a program to be executed on various types of data processing systems without converting the program to a different language and with little or no modification [Ref. to ISO/IEC spec]. In a wider Cloud context this translates to both applications and data that have been initially developed and generated, that are then transmitted to another Cloud Service Provider where they are then executed (applications) or processed (data) without significant porting or transformation costs, respectively.

Further info on the ISO website: https://www.iso.org/obp/ui/#iso:std:iso-iec:2382:ed-1:v1:en .

Procurement needs

When procuring cloud computing technologies, enterprises must consider how easy it will be to access and move software and data components to adapt to current and future needs. Software portability is usually affected by the dependency of that software on other computing components (e.g., operating systems, hardware architectures, etc.), while data portability is affected by the format and content supported by the target system.

The portability of software or data is not a binary “yes/no” metric, rather the level of ‘portability’ can be defined as the amount of effort required to move from one system to another. This can range from the simple copying of files (high-portability) through to large teams modifying software on the destination system (low-portability). The level of portability directly impacts the costs involved.

Before the advent of cloud computing, enterprises bore the expenses of owning and maintaining their own infrastructure. Under cloud computing, customers reduce their costs by only paying for usage. However, these customer also become fully dependent on the capabilities offered by their Cloud Service Provider. If the Cloud Service Provider modifies or stops offering a feature or interface that a customer relies upon, that customer may be forced to incur significant costs to continue relying upon that solution.

Two procurement needs, representing high-level scenarios, are presented here, from which three use cases have been derived:

Moving data from and between Cloud Service Providers;

Ensuring portability and interoperability when migrating from a PaaS Cloud Service Provider to another.

Costs & Benefits

Cost savings from cloud adoption: research has indicated that 27% of businesses identify cost savings from adopting cloud. Of these: 59% saw savings of between 5% and 19% of total IT costs; 26% saw savings of 30% or more; and 15% saw savings of 4% or less or could not quantify the savings.

The following studies present some predicted net costs and benefits associated with enhancing interoperability and portability within Cloud Computing across Europe:

http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=9742

http://www.europarl.europa.eu/RegData/etudes/IDAN/2016/583786/EPRS_IDA(2016)583786_EN.pdf

For more general information see: http://www.cloudwatchhub.eu/taxonomy/term/92 .

Situation in Member States

Eurostat has produced country-specific statistics on the use of cloud computing by enterprises across Europe:

http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises#Further_Eurostat_information

The following study provides information on uptake based on a number of country case-studies:

http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=9742

Go to top

 

Standards

The following contents are the starting sources for the list of standards reported in the excel spreadsheet.

In order to define a framework of general standards, in February 2016 the European Telecommunications Standards Institute (ETSI) issued a publication related to the Cloud Computing standards, with special focus on Interoperability and Security:

http://www.etsi.org/deliver/etsi_sr%5C003300_003399%5C003391%5C02.01.01_60%5Csr_003391v020101p.pdf

The CloudWATCH2 Consortium, that is operating in the Horizon 2020 framework, issued a series of guides for the use of standards in order to facilitate an approach to Interoperable and Secure Cloud Services that avoids vendor lock-in (in particular for SMEs and procurers).

Further information is available at the following link:

http://www.cloudwatchhub.eu/cloud-standards-guide

Other standards that could be referred to, or that are useful for standardising cloud computing interoperability and portability, have already assessed by CAMSS. 

 

Go to top

 

Use Case: Portability

Use Case 1: The Cloud Service Customer needs to (be able to) retrieve all data that is handled by their Cloud Service Provider at the end of their service contract. Sample standards and other references follow:

Draft ISO/IEC 19941 "Information technology - Cloud computing - Interoperability and Portability".

Draft ISO/IEC 19944 "Information technology - Cloud computing - Data and its flow across devices and cloud services".

ISO/IEC 17203 "Information Technology - Open Virtualization Format Specification".

ISO/IEC 17826 "Information Technology - Cloud Data Management Interface (CDMI)".

ISO/IEC 19831"Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol - An Interface for Managing Cloud Infrastructure".

DMTF DSP0243 "Open Virtualization Format Specification".

DMTF DSP0263 "Cloud Infrastructure Management Interface - CIMI".

OASIS CAMP "Cloud Application Management for Platforms".

OGF OCCI "Open Cloud Computing Interface".

OGF GFD.192 "Web services agreement specification".

OGF DCDL [missing] “ Data Format Description Language (DFDL)”

SNIA CDMI [i.21]: "Cloud Data Management Interface".

 

Use Case 2: The Cloud Service Customer needs to (be able to) move its data residing with one Cloud Service Provider to another Cloud Service Provider. Sample standards and other references follow:

Draft ISO/IEC 19941 "Information technology - Cloud computing - Interoperability and Portability".

Draft ISO/IEC 19944 "Information technology - Cloud computing - Data and its flow across devices and cloud services".

ISO/IEC 17203 "Information Technology - Open Virtualization Format Specification".

ISO/IEC 17826 "Information Technology - Cloud Data Management Interface (CDMI)".

ISO/IEC 19831"Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol - An Interface for Managing Cloud Infrastructure".

DMTF DSP0243 "Open Virtualization Format Specification".

DMTF DSP0263 "Cloud Infrastructure Management Interface - CIMI".

OASIS CAMP "Cloud Application Management for Platforms".

OASIS TOSCA: "Topology Orchestration Specification for Cloud Applications".

OGF OCCI "Open Cloud Computing Interface".

OGF GFD.192 "Web services agreement specification".

OGF DCDL [missing] “Data Format Description Language (DFDL)”

SNIA CDMI: "Cloud Data Management Interface".

Draft NIST SP 500-307: "Cloud Computing Service Metrics Description".

ISO/IEC 27001: "Information technology - Security techniques - Information security management systems - Requirements"

ISO/IEC 27002: "Information technology - Security techniques - Code of practice for information security controls ".

NIST SP 800-53r4 Security and Privacy Controls for Federal Information Systems and Organizations

Draft NIST SP 500-299: "Cloud computing security reference architecture".

NIST SP 800-125: "Guide to security for full virtualization technologies".

NIST SP 800-144: "Guidelines on security and privacy in public cloud computing".

Draft ISO/IEC 27017: "Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services".

ISO 22301 "Societal security - Business Continuity Management Systems - Requirements".

ISO/IEC 27031 " Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity" .

 

Use Case 3: The Cloud Service Customer needs an application they develop on one Cloud Service Provider’s PaaS[1] services to be easily portable to the cloud platforms of other Cloud Service Providers. Sample standards and other references follow:

Draft ISO/IEC 19941 "Information technology - Cloud computing - Interoperability and Portability".

Draft ISO/IEC 19944 "Information technology - Cloud computing - Data and its flow across devices and cloud services".

ISO/IEC 17203 "Information Technology - Open Virtualization Format Specification".

ISO/IEC 17826 "Information Technology - Cloud Data Management Interface (CDMI)".

ISO/IEC 19831"Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol - An Interface for Managing Cloud Infrastructure".

DMTF DSP0243 "Open Virtualization Format Specification".

DMTF DSP0263 "Cloud Infrastructure Management Interface - CIMI".

OASIS CAMP "Cloud Application Management for Platforms".

OASIS TOSCA: "Topology Orchestration Specification for Cloud Applications".

OGF OCCI "Open Cloud Computing Interface".

OGF GFD.192 "Web services agreement specification".

OGF DCDL [missing] “Data Format Description Language (DFDL)”

SNIA CDMI: "Cloud Data Management Interface".

Draft NIST SP 500-307: "Cloud Computing Service Metrics Description".

 

Go to top

 

Use Case: Interoperability

Use Case 4: Seamlessly switching your service between 2 or more Cloud Service Providers when one is experiencing outage/availability issues (i.e. low band width or availability problems).

Go to top

 

 

Guidelines

Vendor Lock-In

Within ICT, vendor lock-in is a recognised issue whereby public authorities, who have entered into contracts with providers of ICT products or services for a certain period of time, cannot easily change their provider once the contract ends as essential information is not available to any new suppliers.

Further information are available at:

http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=2327

Within Cloud Computing, vendor lock-in is intrinsically linked to interoperability and portability. If the services/applications provided by the vendor’s current Cloud Service Provider cannot easily interact with the applications and services of other Cloud Service Providers, (i.e. interoperability is low) then the vendor can be locked-into their current service provider.

Similarly, if the vendor is unable to easily move their data and application between different clouds (i.e. portability is low) then the vendor can be effectively locked-into their current cloud services.

Interoperability

Interoperability within cloud computing encompasses both the ability for one cloud service to work with others, as well as the ability of a cloud service customer to interact with a cloud service and exchange information, as a set method to obtain predictable results. In the absence of specific EU legislation on cloud computing, guidelines for achieving interoperability are not linked to applying specific Directives/Regulations:

http://www.ecis.eu/2016/06/special-paper-on-cloud-computing-portability-and-interoperability/

http://www.etsi.org/deliver/etsi_sr%5C003300_003399%5C003391%5C02.01.01_60%5Csr_003391v020101p.pdf

 

Go to top

 

Horizontals

Security and Privacy

ENISA has produced a number of practical guides aimed at the procurement and governance of cloud services. These guides provide advice on questions to ask about the monitoring of security. The goal is to improve public sector customer understanding of the security of cloud services and the potential indicators and methods which can be used to provide appropriate transparency during service delivery.

https://www.enisa.europa.eu/publications/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts/at_download/fullReport

https://www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-clouds/at_download/fullReport 

 

Legal and Contractual

Guidance has been developed by different sources that provide practical templates for SLA contractual clauses and technical specifications.

http://slalom-project.eu/sites/slalom/files/content-files/article/SLALOM%20Legal%20model_clauses%20only_v1.2.pdf

http://ec.europa.eu/newsroom/dae/document.cfm?action=display&doc_id=6138

 

 

Go to top


 

[1] Platform As A Service

Return to Domain Home Page