Let Stormy Session On Cloud Standards Be Your Guide

A panel Wednesday at the Cloud Connect show in Santa Clara, Calif. to talk about where cloud standards are going did not go as planned. Whatever the script, it was as if the audience had come prepared to present its point of view, and the panel members were forced to listen.
A panel Wednesday at the Cloud Connect show in Santa Clara, Calif. to talk about where cloud standards are going did not go as planned. Whatever the script, it was as if the audience had come prepared to present its point of view, and the panel members were forced to listen.The topic, "Where Standards Are Going" is both an open ended question and a provocation to entrepreneurs, vendors and established interests at a cloud conference.

It's been several years since I've seen a standards discussion that wasn't tacitly bound up to what the dominant vendors were already doing. One either wins out with a defacto standard, or the market leaders collaborate on erasing the different specs they're following to create a cross-vendor standard. The differences were previously painstakingly created in pursuit of one firm's market share. Is cloud computing going to be different somehow?

It may work out only according to the historic pattern. In the cloud there is one prominent vendor, whom many are beginning to describe as dominant. CTO Werner Vogels and his team at Amazon Web Services have forged a brilliant new line of cloud services -- for a business that started out as an online bookseller. This year, network bandwidth consumption by users of Amazon's EC2, with customers self provisioning themselves with compute services, will surpass the bandwidth use of all Amazon's online retailing. But I would wait another year before saying Amazon standards are defacto standards, and I'd rather not say it all. One reason is that Amazon workloads run in their own virtual machine file format, Amazon Machine Images, and AMIs are an imposed difference on an existing public standard, Xen open source code. Why should an arbitrarily imposed variation become a public standard, just because one vendor is currently in a strong position? Not everybody at Wednesday's session felt that way. One member of the audience pointed out early in the proceedings that no Amazon Web Services representative was attending the session. None had expressed any interest in what standards the session would discuss. Amazon, in general, was busy setting patterns in cloud computing that will one day become standards rather than talking abstractly about standards, he said. Speaking from unfettered, entrepreneurial point of view, he added: "Standards bodies are a solution in search of problem… The people on standards bodies are in danger of speaking in an echo chamber. After a while, all they can hear is themselves."

Another member of the audience picked up the theme. "It's a little bit of an oversimplification, but this is a meeting of losers," he said.

The standards defenders on the panel certainly got an earful. They included: William Vambenepe, a native of France and software architect for Oracle; Winston Bumpus, director of standards at VMware and president of the DMTF, formerly known as the Distributed Management Task Force; Archie Reed, distinguished technologist at HP, director of HP cloud security strategy and member of the standards advocating Cloud Security Alliance; and Krishna Sankar, distinguished engineer at Cisco Systems and co-chair of the DMTF's Open Cloud Standards Incubator, set up to generate "informational specifications" and create a well-defined semantics for enterprise-to-cloud operations.

The DMTF is one of a handful of bodies capable of acting in this space. It was the DMTF that gave us one of the few valuable standards that we have today in relation to cloud computing, the OVF format for virtual machines that allows them to be moved around in a neutral format. An OVF file can be recognized, deconstructed and rebuilt in the format favored by the destination hypervisor. It's one of the few tools for moving a virtual machine from one point to another, and cloud workloads are virtual machines bundled with the application and operating system.

Bumpus responded to the outspoken nature of the proceedings by citing OVF, and saying DMTF had been chartered to create management standards. OVF was a way to manage interoperability between clouds. "We didn't go and start a management task force because we didn't know what else to do," he said, matching for a moment the hyperbole being tossed at the panel.

But panel headway soon gave way to more audience blow-down. The WS-Management standard generated by a group vendors and codified by DMTF "was a failure," said one attendee, which quickly became a reference to all WS standards as failures. "WS" bounced around the room like a beach ball. WS* has been beaten out by REST or the Representational State Transfer approach, which uses HTTP and HTML in less structured ways, or contrary to how standards bodies think, said an attendee. "There's value to either side," responded Bumpus. Simple standards like REST often get adopted early, but they don't prescribe how they're to be implemented or set structure. "There are many different REST implementations now. After a while simplicity starts to get complex," he noted. He picked up support from an audience member who countered that the structured WS standards were not all failures. Many, including WS-Security from the Oasis-Open standards group, have been adopted thousands of Web service settings.

The HP representative did not play an outspoken role in this debate, but HP has rarely been a tom-tom beating, look-at-me company. After the session Reed said HP is a supporter of both defacto and dejure standards and thrives as a company by understanding when following standards is in the customer's best interest. While there was anti-standards sentiment in the room, even today's dominant cloud company may find itself ignoring a well received standard for cloud computing at its own peril, he warned.

For example, he's a member of the Cloud Security Alliance and no one needs to advise him that security is a big concern in cloud computing. Yet today's security standards, such as PCI, were defined for an era as different from cloud computing as armored cars are from SWIFT electronic fund transfers. The alliance may play a role in getting security standard writers to update their standards for the cloud environment. NIST will play a role, perhaps in illustrating a new way to implement security in the cloud. HP will play a role, with both expert input to standards bodies and savvy backing of some standards at the expense of others, he said.

Many left the Cloud Connect standards session believing the picture was more muddied at the end than when it bagan. But Krishna Sankar, the panel member who co-chairs of the DMTF Incubator, thought it had been a valuable session. The cloud implementers and entrepreneurs had been anti-regulation and disbelieving in positive governing influence, whether it came from a standards body or the federal government itself. But the crowd had also told him what he was up against as the incubator sets about proposing specs for cloud interoperability. "The feedback was fine, the debate was fine," he said, when I ran into him the following morning. It had given him both stated and unstated guidance on where interoperability standards may be created and on what grounds they might be defended, he said. And he's better prepared for what's to come: "It's fine with me…if we have to engage in hand to hand combat."

[Correction Mar.19: Reference to Amazon bandwidth use in 2010 being greater than Amazon online retailing bandwidth use is a correction. Initial blog posting referred to revenues, not bandwidth.]

Whether government agencies are assessing internal clouds, public cloud services, or private-public hybrid cloud environments, this report shows where open source may fit into those plans. Download it now (registration required).