www.oasis-open.org Orchestrating Trusted Cloud Serviced Using TOSCA Simon Moser Cloud Computing Architect & co-chair of the TOSCA Technical Committee IBM Research & Development GmbH, Boeblingen, Germany Agenda Introduction to TOSCA TOSCA and Security Get Involved! Even simple cloud services sometimes have complex software and hardware infrastructures backing them. Think about today's Cloud Standards: How do we ensure portability? © 2012 IBM Corporation What are the Technical Problems ? No interoperable description exists of what your application is and what it requires Another provider might not have a clue how to install, deploy, run & manage your application 4 Virtual images do not suffice at all They are “just” snapshots of the actual state of your application Deep detailed skills about the application and its underlying stack is needed that “arbitrary” providers typically don’t have Let alone other application aspects like security, QoS and the like .. TOSCA: Topology and Orchestration Specification for Cloud Applications Define composite, high-value services – once! © 2012 IBM Corporation TOSCA Service Templates have expert knowledge for management and orchestration throughout the complete service life cycle built in! © 2012 IBM Corporation Portability between Cloud providers using the very same Service Templates © 2012 IBM Corporation TOSCA at a Glance.... Service specific best practices for their management and orchestration built into the model A declarative model spanning software applications to virtual and physical infrastructure N1 N2 Build Plan N3 Management Plans Process Model N4 Structural Model Service Template Enables the migration between Cloud providers using Service Templates Service Template includes: • The structure and composition of the application and its infrastructure • The relationships between the parts • The operational behavior (deploy, patch, shutdown, etc.) • The association of that behavior with cloud infrastructure management © 2012 IBM Corporation TOSCA & Security ServiceMarketplace • provide Customers buy Today’s Cloud-Solutions > provider-lock-in (TOSCA will change) set up use > little amount of standards SolutionProvider > rudimentary interfaces Cloud- provide/ use provide/ use > noHoster compliance Addon-Service Provider > no certifications > little acceptance of users provide/ use Manufacturer of CloudPlatforms Sponsored by Parent Project Projektträger Cloud Cycle: Defining Trusted Service Templates Project funded by the German Government Work started in October 2011, based on TOSCA Goals of Cloud Cycle: Develop Portable and interoperable definitions of security- and compliance aspects. Work on Guidelines that define the concrete security and compliance-requirements of the cloud services Work on ways how compliance with the guidelines will be assured through proper integration with the Cloud-Management System (e.g. TOSCA runtime). Develop an open Plug-In-Mechanism, allowing for the extension by new aspects, especially security and compliance (also by third parties). Sponsored by Parent Project Projektträger What’s needed from a technical perspective Develop the grammar to describe … … Security requirements for Cloud Services … Governance aspects for Cloud Services … Compliance requirements for Cloud Services Develop extension mechanisms how to plug that grammar into TOSCA Service Definitions Extend TOSCA runtime infrastructures by providing “plugins” that handle Security / Governance / Compliance during deployment & runtime of the cloud service Interested ? We need help! Potential technical mean: TOSCA Node Types Policy <Policies>? <Policy name="string" type="anyURI">+ policy specific content </Policy> </Policies> Get Involved! Members in the TOSCA TC 0-H 3M Health Information Systems ActiveState Software, Inc. ASG Software Solutions Axway Software Beijing Sursen Electronic Technology Co, Ltd CA Technologies Capgemini CenturyLink China Internet Network Information Center(CNNIC) Cisco System Citrix Systems Cloudsoft Corporation Limited EMC Fujitsu Limited Gale Google Inc. Hewlett-Packard Hitachi Ltd. Huawei Technologies Co., Ltd. I–Z IBM Jericho Systems Mitre Corporation Morphlabs, Inc. NetApp Nokia Siemens Networks GmbH & Co. KG Oracle PricewaterhouseCoopers LLP Primeton Technologies, Inc. Progress Software Red Hat rPath Inc. SAP AG Siemens Enterprise Comm. GmbH & Co. KG Software AG, Inc. VCE VNomic WSO2 Yaana Technologies, LLC Zenoss Cloud Cycle Consortium Proposers Research and CloudTechnology and Standardisation Research and Teaching Medium Business and public Sector Associated Partners Sponsors THANK YOU FOR YOUR ATTENTION. © 2012 IBM Corporation