WIXLIB

Cloud Computing –A NIST Perspective and BeyondRobert Bohn, PhDAdvanced Network Technologies DivisionJanuary 6, 2016MAGIC MeetingNITRDArlington, VA

In the Beginning Cost & Efficiency drivers - US IT Budget 80B/year: Federal Cloud Computing Strategy (Cloud First)– NIST, GSA, DHS NIST’s Goal – To accelerate the federal government’s adoption ofcloud computing– Build a USG Cloud Computing Technology Roadmap– Lead efforts to develop standards and guidelines Starting Material – NIST Definition of Cloud Computing (SP 800-145) Develop a Reference Architecture for Cloud ComputingDetermine the “What” of Cloud Computing, not the “How”2

NIST Definition of Cloud Computing“Cloud computing is a model for enabling convenient, on-demand network access to a sharedpool of configurable computing resources (e.g., networks, servers, storage, applications, andservices) that can be rapidly provisioned and released with minimal management effort or serviceprovider interaction.” - NIST SP 800-1453 Service Models Software as a Service Platform as a Service Infrastructure as a Service(SaaS)(PaaS)(IaaS)4 Deployment models Public, Private, Community, Hybrid5 Essential Characteristics On demand self-serviceBroad network accessResource PoolingRapid ElasticityMeasured Service3

Building a Roadmap (and more) Organize & collaborate with industry, academia, govt agenciesand host several Public Working Groups– RefArch & Taxonomy, Security, Standards, SAJACC, BUC 2 Volume Roadmap, NIST SP 500-293 (pub. 10/2014)– Vol I contains 10 Requirements & Priority Action Plans– Vol II contains the technical output from the PWGs Also published – Standards Inventory (NIST SP 500-291)– Reference Architecture & Taxonomy (NIST SP 500-292)– Security Reference Architecture (draft NIST SP 500-299)4

USG Cloud Computing Technology RoadmapRequirements (NIST SP 500-293)1. International voluntary consensusbased standards2. Solutions for High-priority SecurityRequirements, technically de-coupledfrom organizational policy decisions3. Technical specifications to enabledevelopment of consistent, high-qualityService-Level Agreements4. Clearly and consistently categorizedcloud services5. Frameworks to support seamlessimplementation of federated communitycloud environments6. Updated Organization Policy thatreflects the Cloud Computing Businessand Technology model7. Defined unique government regulatoryrequirements and solutions8. Collaborative parallel strategic “futurecloud” development initiatives9. Defined and implemented reliabilitydesign goals10. Defined and implemented cloud servicemetrics5

NIST Cloud Computing Reference ArchitectureActors and their RolesCloud ConsumerPerson or organizationthat maintains abusiness relationshipwith, and uses servicefrom Cloud Providers.Cloud ProviderPerson, organization or entity responsible for makinga service available to Cloud Consumers.Cloud AuditorA party that can conductindependent assessmentof cloud services,information systemoperations, performanceand security of the cloudimplementation.CloudBrokerAn entity thatmanages the use,performance anddelivery of cloudservices, andnegotiatesrelationshipsbetween CloudProviders andCloud Consumers.Cloud CarrierThe intermediary that provides connectivity and transport of cloud servicesfrom Cloud Providers to Cloud Consumers.6

NIST CCRA (NIST SP 500-292)Cloud ProviderCloudConsumerCloudBrokerService LayerSaaSCloud acyImpact AuditPerformanceAuditBusinessSupportIaaSResource Abstraction andControl LayerProvisioning/ConfigurationPhysical Resource lityCloud CarrierSecurity & PrivacyEveryone has some responsibility in managing S&P7

Each Service Layer fulfills a different businessneed with different security considerations.Service LayerSaaSBiz sScenariosSoftware as a ServicePaaSIaaSPlatform as a ServiceApplicationDevelopmentResource Abstraction andControl LayerDevelop, Test,Deploy and ManageUsage ScenariosCloud ProviderPhysical Resource LayerInfrastructure as a ServiceIT Infrastructure/OperationCreate/Install,Manage, MonitorUsage ScenariosHardwareFacility8

Security Conservation rtualized InfrastructureIaaSPaaSSaaSPlatform ArchitectureHardwareFacility9

NIST SP 500-299:Cloud Security Reference Architecture10

Present At NIST––––––––Work on Cloud Metrics (NIST SP 500-307 - draft)Cloud Accessibility (NIST SP 500-317 - draft)Advanced Actor Analysis (Broker, Carrier, Auditor)Description of Cloud ServicesDevelop Service Level Agreement taxonomyInteroperability & PortabilitySecurityContinue Strong Outreach – Workshop #9 September 13-15, 2016 Standard Development Organizations– ISO-IEC/JTC1 Vocabulary & RA (17788, 17789); SLAs - 4 part(19086); Interop/Portability (19941); Data & Data Flow (19944)11

Cloud Procurement Problem StatementBe able to procure cloud services in a secure, reliable, repeatable, andmeasureable manner which reflect the business & technical requirements of anorganization.Future VisionThe convenience of reliable, trusted and measureable cloud services become afoundational element of the global economy.12

Pete’s Journey to CloudCloud. blah. blah.Services. blah. blahSLAs. blah. blah1. To know the business & technical requirements of his organization.2. To understand landscape of cloud computing, cloud services andservice level agreements (SLAs).13

Apples to Apples5 Essential Characteristics On demand self-serviceBroad network accessResource PoolingRapid ElasticityMeasured Service14

Cloud Service Level Agreements (SLAs) Cloud Service Level Agreement: A document stating thetechnical performance promises made by the cloud provider, howdisputes are to be discovered and handled, and any remedies forperformance failures. Differs from Master Service Agreement(MSA). No standard cloud computing contracts exist. Little agreement with respect to:– which elements should appear within a SLA– which metrics to use– how terms are defined15

Contents of an SLABusiness Level Objectives Roles & Responsibilities Requirements Operational Policies Continuity Limitations Financial Glossary of TermsService Level Objectives Resources Performance Indicators Service Deployment Service Management Description Security Privacy16

SLAs & MetricsSelecting & Decision MakingCloud CustomerMetricsCloud ACloud BPropertiesProperties17

SLAs & Metrics - Monitoring ServicesCloud abilitiesCloud B offering18

SLA Performance Metric - Service Availability An Availability Metric could be based on differentdefinitions for measures: Most commonly, availability is evaluated based on thepercentage of “uptime” (available state) of a resource, oversome period of time. service uptime percentage: the percentage of qualifiedservice availability time over the observation time, asdefined by the expression:𝐪𝐮𝐚𝐥𝐢𝐟𝐢𝐞𝐝 𝐮𝐩𝐭𝐢𝐦𝐞 𝐭𝐨𝐭𝐚𝐥𝒔𝒆𝒓𝒗𝒊𝒄𝒆 𝒖𝒑𝒕𝒊𝒎𝒆 % ��𝐧 𝐭𝐢𝐦𝐞 𝐭𝐨𝐭𝐚𝐥(NIST SP 500-307)19

Three parts to the processDecide - lay out therequirements for the serviceAgree - the MSA/SLA is theagreement connecting customerand providerMeasure - are the SLAobjectives met ?20

ContactsDr. Abdella BattouDr. Robert BohnJohn MessinaDr. Michaela IorgaAnnie SokolMike HoganEric SimmonFrederic de VaulxLisa .govNIST ITL Cloud Computing Home PageCC Lead/ANTD ChiefProgram MgrRA/Tax, Federated CloudSecurityInterop/Port, StandardsStandardsCloud Services/StandardsMetricsConformity Assessmenthttp://www.nist.gov/itl/cloudNIST Cloud Metrics Collaboration Site puting /bin/view/CloudComputing/RATax CloudMetricsSAVE THE DATECloud Computing Forum & Workshop #9 September 13-15, 201621

NIST Big DataStandardization ActivitiesWo Chang , NISTDigital Data AdvisorN I S T B i g D a t a P u b l i c Wo r k i n g G r o u p , C o - C h a i rI S O / I E C J T C 1 / W G 9 Wo r k i n g G r o u p o n B i g D a t a , C o n v e n o rwchang@nist.govJanuary 6, 2016NIST Big Data Standardization Activities, Wo Chang, Jan. 6, 201622

Background: NIST Big Data PWG Charter and DeliverablesCharterThe focus of the (NBD-PWG) is to forma community of interest from industry,academia, and government, with thegoal of developing a consensusdefinitions, taxonomies, securereference architectures, and technologyroadmap. The aim is to create vendorneutral, technology and infrastructureagnostic deliverables to enable big datastakeholders to pick-and-choose bestanalytics tools for their processing andvisualization requirements on the mostsuitable computing platforms andclusters while allowing value-added frombig data service providers and flow ofdata between the stakeholders in acohesive and secure manner.Launch Date: June 26, 2013Deliverables:1.2.3.4.5.6.7.8.Big Data DefinitionsBid Data TaxonomiesBig Data Use Cases & RequirementsBig Data Security & Privacy RequirementsArchitectures SurveyBig Data Reference ArchitectureBig Data Security & Privacy ArchitectureBig Data Standards RoadmapURL: http://bigdatawg.nist.govNIST Big Data Standardization Activities, Wo Chang, Jan. 6, 201623

NIST Big Data Standardization ActivitiesApproaches NIST Big Data Public Working Group (NBD-PWG) ISO/IEC JTC 1/WG 9 Working Group on Big Data ISO/IEC JTC 1/SC 32/WG 11 – MPEG ISO/TC 69 – Applications of Statistical Methods ISO/TC 204 -- Intelligent TransportationNIST Big Data Standardization Activities, Wo Chang, Jan. 6, 201624

NIST Big Data Standardization ActivitiesNIST Big Data Public Working Group (NBD-PWG)5 Subgroups (June 2013 – continue):1. Definitions & TaxonomiesV1 (high-level RA components and descriptions)Big Data Interoperability Framework:Released on September 16, 2015:2. UC & Requirements3. Security & PrivacyNIST SP1500-1:DefinitionsNIST SP1500-2:TaxonomiesNIST SP1500-3:Use Cases &RequirementsNIST SP1500-4:Security &PrivacyNIST SP1500-5:ArchitectureSurvey – WhitePaperNIST SP1500-6:ReferenceArchitecture4. Reference Architecture5. Standards RoadmapNIST SP1500-7:StandardsRoadmapNIST Big Data Standardization Activities, Wo Chang, Jan. 6, 201625

NIST Big Data Standardization ActivitiesNIST Big Data Public Working Group (NBD-PWG)Vendors Big Data architecturesNIST Big Data Standardization Activities, Wo Chang, Jan. 6, 2016CODATA Big Data Workshop, Wo Chang, NIST/ITL, June 9, 20142626

NIST Big Data Standardization ActivitiesNIST Big Data Public Working Group (NBD-PWG)V2 focuses on interface between NBD-RA components through use cases by: Analyze activities diagramsI N F O R M AT I O N V A L U E C H A I N Analyze functional diagramsSystem OrchestratorDATAAccessSWKEY:DATASWProcessing: Computing and AnalyticBatchStreamingInteractiveResource ManagementMessaging/ CommunicationsBig Data Framework ProviderPlatforms: Data Organization and DistributionIndexed StorageFile SystemsInfrastructures: Networking, Computing, StorageVirtual ResourcesPhysical ResourcesBig Data InformationFlowService UseSWSoftware Tools andAlgorithms TransferI T VA LU E C H A I NVisualizationAnalyticsSWManagementPreparation/ CurationData ConsumerCollection Apply DevOps small scaleimplementationsSecurity & PrivacyDATADATAData ProviderBig Data Application ProviderGoals: Aggregate low-levelinteractions into high-levelgeneral interfaces Produce set of white papersto demo how NBD-RA canbe used Produce preliminaryinterface by summer 2016NIST Big Data Standardization Activities, Wo Chang, Jan. 6, 201627

NIST Big Data Ref. Arch. – A Big RoadmapDataScientistResource Management/Monitoring, Analytics Libraries, etc.BDRA InterfaceBDRA Ecosystem ComponentsData Sources- Sensors- Simulations- Modeling- Etc.ComputingResourcesSupport InfrastructureData Sources ServicesDatabase ServicesDistributed File System ServicesInfrastructure ServicesData Consumers- End users- Repositories- Systems- Etc.AnalyticsResourcesAnalytics ApplicationAnalytics ServicesVisualization & BI ServicesValue-added Content ServicesSecurity and Privacy ServicesNIST Big Data Standardization Activities, Wo Chang, Jan. 6, 201628