Cloud Standards: Bottom Up, Not Top Down - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Infrastructure as a Service
12:40 PM
Connect Directly

Cloud Standards: Bottom Up, Not Top Down

IT has good reason to demand standardization in SaaS, IaaS and PaaS offerings. But what's interesting is that vendors themselves are just as interested, and in many cases, are driving standards efforts.


Standards for cloud portability ideally will enable IT to port applications and data from one provider to another. There are three potential components of portability: data (for all cloud services), configuration (for most cloud services) and images (for IaaS services). Let's look at these by service type.

>> SaaS: Portability with SaaS is fairly straightforward: Either you can export data and configuration from a provider or you can't. Unfortunately, whether export capabilities actually prevent vendor lock-in isn't quite as clear. Can you export the data in a timely and reasonable fashion? Can your alternative vendor import the exported data? While the DataPortability Project promotes standards and policies around data transfers, it's in early stages. Expect to do application-specific investigative legwork.

>> IaaS: An IaaS deployment consists of data, virtual machine images and server configuration, including software installed on the image after launch. IaaS vendors, by definition, export data, so the only question is, how difficult will the process be? Exporting 500 GB from a database running on an IaaS virtual machine to another major vendor is fairly simple, but it may take the better part of a day. On the other hand, when exporting 500 GB of records from a cloud database-as-a-service (like DynamoDB), the transform and load process into another vendor's service (assuming such a service exists) is hit or miss, and it also may take much longer. There aren't any significant standards in data portability for IaaS vendors at this point.

There is, however, a fairly clear standard for image portability: Open Virtualization Format, released by the Distributed Management Task Force and created by Dell, HP, IBM, Microsoft, VMware and XenSource. Still, "really large image sizes break down the standard," warns Michael Biddick, CEO of Fusion PPT and an InformationWeek contributor. "And if you're moving among different hypervisors, you have to make some changes to the OVF files to make the images work." That said, OVF is about as mature a cloud standard as you'll find and, generally speaking, does deliver on image portability.

>> PaaS: While using PaaS can expose you to some lock-in risk because these vendors tend to rely on one IaaS provider, migrating shouldn't be difficult. In an ideal PaaS deployment, you bring your own code and data and rely on the PaaS vendor for the server configuration that you would have had to do yourself with IaaS, so switching PaaS services should be simple. How well that theory matches reality depends on your vendor. Heroku, for example, presents a fairly straightforward export path, whereas Google App Engine's data extraction process is painful in comparison. The good news is that a number of leading technology vendors, including Oracle, Rackspace and Red Hat have, through the standards body Oasis, proposed the Cloud Application Management for Platforms spec, which is designed to make porting applications among PaaS vendors much easier.


Here we're talking the ability to share cloud services across multiple environments, including a company's own data center, using a private cloud architecture or colocated, noncloud services. Some of the strongest cloud standards have sprung up around identity and access management (IAM) in particular, enabling single sign-on and eliminating the need to control access from multiple management interfaces. IAM dramatically simplifies rolling out new services. There are three main standards in cloud IAM:

>> Security Assertion Markup Language, from Oasis, allows cloud applications to leverage the authentication approaches a company is already is using.

>> System for Cross-domain Identity Management, created by Google, WebEx and but now under the IETF's auspices, lets cloud applications use directory information from within the enterprise to provide information on user and group permissions within cloud applications.

>> OAuth, originally by Twitter and Google but also now under the IETF, allows cloud users to extend access to resources that they control to other cloud services. For example, you can use OAuth to give LinkedIn access to your Twitter account so that LinkedIn can tweet for you.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 3
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Moderator
1/24/2013 | 8:26:21 PM
re: Cloud Standards: Bottom Up, Not Top Down
Still a lot of room to improve but the momentum of the various open standards groups like Openstack is promising -- in good part because of the involvement of some smart minds from providers like VMware, HP, etc. Consistent development and friendly competition is sure to lead to a better product all the way around. I would hope that what businesses draw from all the standards development is the need/importance of building out a strategic plan themselves while making cloud investments. Realizing the anticipated benefits only comes with solid plans.
User Rank: Apprentice
1/29/2013 | 4:50:14 PM
re: Cloud Standards: Bottom Up, Not Top Down
Also look at - a group that has been coordinating the various cloud standards efforts for years now. Representatives from the various organizations maintain this wiki and keep it up to date.

-- mark
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll