www.oasis-open.org
Orchestrating Trusted Cloud
Serviced Using TOSCA
Simon Moser
Cloud Computing Architect & co-chair of the TOSCA Technical Committee
IBM Research & Development GmbH, Boeblingen, Germany
Agenda



Introduction to TOSCA
TOSCA and Security
Get Involved!
Even simple cloud services sometimes have complex software and hardware
infrastructures backing them. Think about today's Cloud Standards: How do we
ensure portability?
© 2012 IBM Corporation
What are the Technical Problems ?

No interoperable description exists of what your
application is and what it requires


Another provider might not have a clue how to
install, deploy, run & manage your application


4
Virtual images do not suffice at all
 They are “just” snapshots of the actual state of your
application
Deep detailed skills about the application and its underlying
stack is needed that “arbitrary” providers typically don’t have
Let alone other application aspects like security,
QoS and the like ..
TOSCA: Topology and Orchestration Specification for Cloud Applications
Define composite, high-value services – once!
© 2012 IBM Corporation
TOSCA Service Templates have expert knowledge for management and
orchestration throughout the complete service life cycle built in!
© 2012 IBM Corporation
Portability between Cloud providers using the
very same Service Templates
© 2012 IBM Corporation
TOSCA at a Glance....
Service specific best practices for their
management and orchestration built into
the model
A declarative model spanning
software applications to virtual and
physical infrastructure
N1
N2
Build Plan
N3
Management Plans
Process Model
N4
Structural Model
Service Template
Enables the migration between
Cloud providers using Service
Templates
Service Template includes:
• The structure and composition of the
application and its infrastructure
• The relationships between the parts
• The operational behavior (deploy, patch,
shutdown, etc.)
• The association of that behavior with cloud
infrastructure management
© 2012 IBM Corporation
TOSCA & Security
ServiceMarketplace
•
provide
Customers
buy
Today’s Cloud-Solutions
> provider-lock-in (TOSCA will change)
set up
use
> little amount of standards
SolutionProvider
> rudimentary
interfaces
Cloud-
provide/
use
provide/
use
> noHoster
compliance
Addon-Service
Provider
> no certifications
> little acceptance of users
provide/
use
Manufacturer
of CloudPlatforms
Sponsored by
Parent Project
Projektträger
Cloud Cycle: Defining
Trusted Service Templates



Project funded by the German Government
Work started in October 2011, based on TOSCA
Goals of Cloud Cycle:




Develop Portable and interoperable definitions of security- and
compliance aspects.
Work on Guidelines that define the concrete security and
compliance-requirements of the cloud services
Work on ways how compliance with the guidelines will be assured
through proper integration with the Cloud-Management System
(e.g. TOSCA runtime).
Develop an open Plug-In-Mechanism, allowing for the extension by
new aspects, especially security and compliance (also by third
parties).
Sponsored by
Parent Project
Projektträger
What’s needed from a
technical perspective




Develop the grammar to describe …

… Security requirements for Cloud Services

… Governance aspects for Cloud Services

… Compliance requirements for Cloud Services
Develop extension mechanisms how to plug that grammar
into TOSCA Service Definitions
Extend TOSCA runtime infrastructures by providing “plugins” that handle Security / Governance / Compliance
during deployment & runtime of the cloud service
Interested ? We need help!
Potential technical mean:
TOSCA Node Types Policy
<Policies>?
<Policy
name="string"
type="anyURI">+
policy specific content
</Policy>
</Policies>
Get Involved!
Members in the TOSCA TC
0-H



















3M Health Information Systems
ActiveState Software, Inc.
ASG Software Solutions
Axway Software
Beijing Sursen Electronic Technology Co, Ltd
CA Technologies
Capgemini
CenturyLink
China Internet Network Information
Center(CNNIC)
Cisco System
Citrix Systems
Cloudsoft Corporation Limited
EMC
Fujitsu Limited
Gale
Google Inc.
Hewlett-Packard
Hitachi Ltd.
Huawei Technologies Co., Ltd.
I–Z




















IBM
Jericho Systems
Mitre Corporation
Morphlabs, Inc.
NetApp
Nokia Siemens Networks GmbH & Co. KG
Oracle
PricewaterhouseCoopers LLP
Primeton Technologies, Inc.
Progress Software
Red Hat
rPath Inc.
SAP AG
Siemens Enterprise Comm. GmbH & Co. KG
Software AG, Inc.
VCE
VNomic
WSO2
Yaana Technologies, LLC
Zenoss
Cloud Cycle Consortium
Proposers
Research and CloudTechnology and
Standardisation
Research
and Teaching
Medium Business and
public Sector
Associated Partners
Sponsors
THANK YOU FOR YOUR ATTENTION.
© 2012 IBM Corporation