Defining Inter Cloud Architecture Framework ICAF for Interoperability

Defining Inter. Cloud Architecture Framework (ICAF) for Interoperability and Integration Yuri Demchenko SNE Group, University of Amsterdam OGF 36, 8 -10 October 2012, Chicago Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 1

Disclaimer • Not trying to make simple – Complexity must be addressed somewhere • Not looking at Cloud provider but looking at developers – Open. Stack is maturing to have/define general architecture for Cloud services and Intercloud integration – Telco’s is a powerful mover to Cloud interoperability Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 2

Outline • Cloud Computing Architecture research at SNE group (Univ Amsterdam) • General use cases for Intercloud Architecture • Related standardisation initiatives – NIST Cloud Computing Reference Architecture (CCRA) and extension for network aware cloud resources provisioning – IEEE Intercloud Working Group – ITU-T Cloud Interest Group final report (Part 1 -7) – OGF ISOD-RG infrastructure services definition – IETF Internet-Draft on Cloud Architecture Framework • Intercloud Architectural Framework (ICA/ICAF) components – – Multi-layer/Layered Cloud Services Model (CSM) Intercloud Control and Management Plane (ICCMP) Intercloud Federation Framework (ICFF) Intercloud Operations Framework (ICAF) • Abstract Model for Cloud Iaa. S Provisioning • Further research and standardisation contribution Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework Slide_3

SNE Cloud Architecture Research Intercloud Architecture for Interoperability and Integration, Release 1, Draft Version 0. 5. SNE Technical Report 2012 -03 -02, 6 September 2012 http: //staff. science. uva. nl/~demch/worksinprogress/sne 2012 -techreport-12 -05 -intercloud-architecturedraft 05. pdf Main contributing research: (1) Generic Cloud Iaa. S Architecture, Release 1, 15 April 2011 Published as http: //staff. science. uva. nl/~demch/worksinprogress/sne 2011 -techreport-2011 -03 -clouds-iaasarchitecture-release 1. pdf • • Virtual Infrastructure Composition and Management (VICM) layer Infrastructure Services Modeling Framework (ISMF) Composable Services Architecture (CSA) Service Delivery Framework (SDF) (2) Inter. Cloud OS/Middleware (low level Intercloud integration) • Targeting for Intercloud BGP-like protocol (3) Security Infrastructure for Cloud (dynamically provisioned) • • • Dynamic Access Control Infrastructure (DACI) Contribution to cloud standardisation by OGF, NIST, IEEE, IETF Implementation – EU projects GEYSERS, GEANT 3 – Telco and NREN driven – core network and last mile Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 4

General use cases for Intercloud Architecture • Clouds are evolving as a common way of provisioning infrastructure services on-demand – In this way, clouds add a new type of services, in addition and on the top of currently existing network based and distributed services • Intercloud Architecture Framework (ICAF) provides a framework to support provisioning of cloud based project oriented infrastructures on-demand distributed virtualised applications mobility – Hybrid Cloud/Grid e-Science collaborative environment • Scientific Data e-Infrastructure for Big Data – Enterprise/campus cloud infrastructure evolution and migration/mobility – Infrastructure disaster recovery (Vodafone NL Datacenter Incident) • Data require supporting infrastructure – Educational Lab deployment in clouds • ICAF intends to open Cloud market to more players and rise socalled “cloud curtain” Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 5

Inter. Cloud: Related standardisation activities • OGF ISOD-RG – BCP on existing on-demand network and cloud infrastructure resources provisioning systems (including GEYSERS) • NIST Cloud definition (NIST SP 800 -145), and Cloud Computing Reference Architecture (CCRA), v 1. 0 (NIST SP 500 -292) • IEEE - WGs on Inter. Cloud issues and Cloud Profiles – IEEE ICWG/2302 WG - Intercloud WG (ICWG) Working Group http: //standards. ieee. org/develop/wg/ICWG-2302_WG. html • ITU-T Focus Group on Cloud: Technical Report (Part 1 to 7) http: //www. itu. int/en/ITU-T/focusgroups/cloud/Documents/FG-coud-technical-report. zip • IETF Internet Drafts – Cloud Reference Framework. Internet Draft, by B. Khasnabish, J. Chu, S. Ma, Y. Meng, N. So, P. Unbehagen, M. Morrow, M. Hasan, Y. Demchenko http: //tools. ietf. org/html/draft-khasnabish-cloud-reference-framework-03. txt – Cloud Service Broker, Internet Draft by Shao Weixiang, Hu Jie, Bhumip Khasnabish. http: //tools. ietf. org/html/draft-shao-opsawg-cloud-service-broker-03. txt Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 6

Cloud Standardisation – ITU-T Tech Report • Part 2: Functional requirements and reference architecture: Layered Cloud computing architecture : • Resources and network layer – Including physical resources, pooling and orchestration, pooling and virtualisation • Cloud services layer – Including basic cloud services Iaa. S, Paa. S, Saa. S and also Orchestration service • Access layer – Including endpoint functions and inter-cloud functions, where the role of network service providers is defined as to provide inter-cloud transport network • User layer – Including user functions, partner functions, administration functions Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 7

Work on I-Draft “Cloud Reference Framework” (Version 0. 3) http: //tools. ietf. org/html/draft-khasnabish-cloud-reference-framework-03. txt 1. Introduction. . . 4 2. Terminology. . . 5 3. Cloud Services Reference Model. . . . 6 3. 1. HORIZONTAL LAYERS. . . . . 7 3. 1. 1. Application/Service Layer. . . 7 3. 1. 2. Resources Control Layer. . . . 8 3. 1. 3. Resources Abstraction and Virtualization Layer. . 9 3. 1. 4. Physical Resources Layer. . . . 10 3. 2. VERTICAL LAYERS (planes? ). . . . 10 3. 2. 1. Cloud Management Layer. . . . 10 4. Inter-Cloud Framework. . . . . 17 4. 1. Inter-Cloud Requirements. . . . 17 4. 2. Intercloud Framework Components 4. 3. Intercloud Control and Management Plane (ICCMP) 4. 4. Intercloud Federation Framework (ICFF) 4. 5. Intercloud Operation Framework (ICOF) 5. Use Cases. . . 19 5. 1. Virtual Network Management. . . . 19 5. 2. Telecom Network Virtualization. . . 19 5. 3. Virtual Data Center. . . . . 21 5. 4. Security infrastructure for on-demand provisioned cloud-based services/infrastructures 6. Security Framework for Clouds. . . . 22 7. Conclusion. . . 24 8. Security Considerations. . . . . 25 9. Acknowledgement. . . 26 10. IANA Considerations. . . . . 27 12. Normative references. . . . . 28 Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework B. Khasnabish (ZTE USA) J. Chu S. Ma Y. Meng (ZTE) N. So (Verizon) P. Unbehagen Avaya M. Morrow (Cisco Systems Switzerland) M. Hasan (Cisco Systems) Y. Demchenko University of Amsterdam Version 0. 3 – 29 June 2012 Version 0. 4 – End July 2012 Version 0. 5 – October 2012 (To be considered) 8

Intercloud Architecture - Requirements Intercloud Architecture (ICA) should address interoperability and integration of different cloud service platforms and multi-cloud integration, including with legacy campus/enterprise infrastructure • Be compatible and provide multi-layer integration of existing cloud service models – Iaa. S, Paa. S, Saa. S and Apps clouds • Facilitate interoperable and measurable intra-provider infrastructures • Provide a framework for heterogeneous inter-cloud federation • Common Intercloud Control Plane and signalling for better cloud services and network integration • Explicit/Guaranteed intra- and inter-cloud network infrastructure provisioning and performance (as Naa. S service model) • Support existing Cloud Provider operational and business models and provide a basis for new forms of services provisioning and operation Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 9

General use case for infrastructure provisioning: Workflow => Logical (Cloud) Infrastructure (1) Enterprise/Scientific workflow Storage Data Special Proc 1 Data Filtering Input Data Visual Present Special Proc 2 Instrum. Data Campus A Data Archive Visualisation CE User Group A Campus B CE User User VR 6 VR 2 Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 10

General use case for infrastructure provisioning: Workflow => Logical (Cloud) Infrastructure (2) Enterprise/Scientific workflow Storage Data Special Proc 1 Data Filtering Input Data Visual Present Special Proc 2 Instrum. Data Campus A Data Archive Visualisation CE User Group A Campus B CE User User VR 6 VR 2 Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 11

General use case for infrastructure provisioning: Logical Infrastructure => Network Infrastructure (1) Resource and Cloud Provider Domains Cloud 1 Iaa. S VR 3 VR 1 Cloud 2 Paa. S VR 5 VR 7 Campus A Infrastructure Campus B Infrastructure VR 4 VR 2 Campus A VR 6 Cloud Carrier Network Infrastructure Visualisation CE User Group A Campus B CE User User VR 6 VR 2 Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 12

General use case for infrastructure provisioning: Logical Infrastructure => Network Infrastructure (2) Resource and Cloud Provider Domains VR 3 VR 1 VR 5 VR 7 Campus A Infrastructure Campus B Infrastructure VR 4 VR 2 VR 6 Network Provider 1 Campus A Visualisation Network Provider 2 Visualisation CE User Group A Campus B CE User User VR 6 VR 2 Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 13

Intercloud Applications Interaction (1) - ICCMP Iaa. S Domain Inter. Cloud Control and Management Plane (ICCMP) Cloud Layers Paa. S Domain Layer 7 - Applications User defined Platform and SW&Apps User defined SW&Apps Layer 6 – Saa. S/Apps Layer 5 - Paa. S Cloud based Platform Layer 4 - Paa. S Layer 4 - Iaa. S Cloud Infrastructure Layer 3 - Iaa. S Provider defined Infrastr. and Virt&OS Platform Layer 3 – Composition Campus A Provider defined Virt&OS Platform Visualisation Layer 2 - Virtualisation Visualisation Layer 1 - Physical HW Platform/Network CE User Group A Campus B CE User User VR 6 VR 2 Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 14

Intercloud Applications Interaction (2) - ICFF Intercloud Federation Infrastructure Iaa. S Domain Paa. S Domain Registry Discovery User SW&Apps Layer C 3 -Iaa. S Broker GW Trust Broker Provider Virt&OS Platform Campus A User SW&Apps Id. P Provider Virt&OS Platform Trust Broker Attribs Visualisation Layer. C 4 -Paa. S GW Visualisation Trust CE User Group A Campus B CE User User VR 6 VR 2 Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 15

Intercloud Applications Integration (3) - ICOF Storage Data Special Proc 1 Data Archive Data Filtering Input Data Business Processes Management and Services Operation Support • SLA Management • Business roles and Actors • Business level Service Registry and Broker Intercloud Federation Infrastructure Registry Disco-very User SW&Apps Visual Present Layer C 3 -Iaa. S Broker GW Trust Broker Provider Virt&OS Platform Special Proc 2 Instrum. Data Layer. C 4 -Paa. S Provider Virt&OS Platform Layer 6 – Saa. S/Apps Layer 5 - Paa. S Cloud based Platform Visualisation Provider defined Infrastr. and Virt&OS Platform Layer 3 – Composition Provider defined Virt&OS Platform Trust Layer 4 - Paa. S Layer 4 - Iaa. S Cloud Infrastructure Layer 3 - Iaa. S Trust Broker Paa. S Domain User defined SW&Apps Layer 7 - Applications User defined Platform and SW&Apps CE Layer 2 - Virtualisation User User VR 6 VR 2 Campus B CE Layer 1 - Physical HW Platform/Network User Group A GW Id. P Attribs Iaa. S Domain Cloud Layers Campus A User SW&Apps Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 16

Inter. Cloud Architecture components • Multi-layer Cloud Services Model (CSM) – Combines Iaa. S, Paa. S, Saa. S into multi-layer model with inter-layer interfaces – Including interfaces definition between cloud service layers and virtualisation platform • Inter. Cloud Control and Management Plane (ICCMP) – Allows signaling, monitoring, dynamic configuration and synchronisation of the distributed heterogeneous clouds – Including management interface from applications to network infrastructure and virtualisation platform • Inter. Cloud Federation Framework (ICFF) – Defines set of protocols and mechanisms to ensure heterogeneous clouds integration at service and business level – Addresses Identity Federation, federated network access, etc. • Inter. Cloud Operations Framework (ICOF) – RORA model: Resource, Ownership, Role, Action • RORA model provides basis for business processes definition, SLA and access control – Broker and federation operation Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 17

Multilayer Cloud Services Model (CSM) CSM layers Layer C 7 User Client/ Application User Applications Security Infrastructure Management Iaa. S Saa. S Paa. S Saa. S-Paa. S IF Layer C 5 Cloud Platform (Paa. S) Paa. S-Iaa. S Interface Iaa. S – Virtualisation Platform Interface Cloud Management Software (Functional Definition Proposed) Virtualisation Platform Cloud Management Software/Platforms Open. Neb ula Open. Sta ck KVM VM VM VPN Other CMS XEN VMWare Network Virt Proxy (adaptors/containers) - Component Services and Resources Storage Resources Compute Resources Network Infrastructure Hardware/Physical Resources Inter. Cloud Architecture 2012 Layer C 6 Cloud Applications (Saa. S) Inter. Cloud Architecture Framework Layer C 4 Cloud Infrastructure (Iaa. S) Layer C 3 Virtual Resources Composition and Control (Orchestration) (C 7) User Client/Application (C 6) Cloud Application (Saa. S) (C 5) Cloud Platform (Paa. S) (C 4) Cloud Infrastructure (Iaa. S) (C 3) Virtual Resources Composition and Orchestration (C 2) Virtualisation Layer (C 1) Hardware platform and dedicated network infrastructure Layer C 2 Virtualisation Layer C 1 Physical Hardware Platform and Network Control/ Mngnt Links Data Links Slide_18

Multilayer Cloud Services Model (CSM) – In development Compose into one Cloud Services layer and define intra-model User Applications Security Infrastructure Management Iaa. S Access layer Layer C 7 User Client/ Application Saa. S Paa. S Saa. S-Paa. S IF Layer C 5 Cloud Platform (Paa. S) Paa. S-Iaa. S Interface Iaa. S – Virtualisation Platform Interface Cloud Management Software (Functional Definition Proposed) Virtualisation Platform Cloud Management Software/Platforms Open. Neb ula Open. Sta ck KVM VMWare Network Virt Proxy (adaptors/containers) - Component Services and Resources Storage Resources Compute Resources VPN Other CMS XEN Network Infrastructure Hardware/Physical Resources Layer C 6 Cloud Applications (Saa. S) Layer C 4 Cloud Infrastructure (Iaa. S) Layer C 3 Virtual Resources Composition and Control (Orchestration) CSM layers (C 7) User Client/Application (C 6) Cloud Application (Saa. S) (C 5) Cloud Platform (Paa. S) (C 4) Cloud Infrastructure (Iaa. S) (C 3) Virtual Resources Composition and Orchestration (C 2) Virtualisation Layer (C 1) Hardware platform and dedicated network infrastructure Layer C 2 Virtualisation Layer C 1 Physical Hardware Platform and Network Control/ Mngnt Links Data Links

Inter. Cloud Control and Management Plane (ICCMP) • Supports messages delivery/routing, signaling, monitoring, dynamic configuration and synchronisation between the distributed heterogeneous cloud instances • Includes management interfaces from upper layers and applications to network infrastructure and virtualisation platform (virtualised resources) • Layer 1 - Layer 4 interfaces are being developed and prototyped in the framework of the GEYSERS project Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 20

Intercloud Control and Management (1) Iaa. S Domain Inter. Cloud Control and Management Plane (ICCMP) Cloud Layers Paa. S Domain Layer 7 - Applications User defined Platform and SW&Apps User defined SW&Apps Layer 6 – Saa. S/Apps Layer 5 - Paa. S Cloud based Platform Layer 4 - Paa. S Layer 4 - Iaa. S Cloud Infrastructure Layer 3 - Iaa. S Provider defined Infrastr. and Virt&OS Platform Layer 3 – Composition Campus A Provider defined Virt&OS Platform Visualisation Layer 2 - Virtualisation Visualisation Layer 1 - Physical HW Platform/Network CE User Group A Campus B CE User User VR 6 VR 2 Cloud 2 Paa. S User Group B VR 7 VR 4 VR 1 VR 5 Resource/ Service Provider VR 3 Enterprise/Project based Intercloud Infrastructure Cloud 1 Iaa. S Resource/ Service Provider CN CN CN Cloud Paa. S Provider CN CN CN Cloud Iaa. S Provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 21

Intercloud Control and Management (2) Iaa. S Domain Cloud Layers Paa. S Domain Layer 7 – Applications User defined Platform and SW&Apps Layer 6 – Saa. S/Apps Cloud based Apps/Software Layer 5 - Paa. S Cloud based Platform Layer 4 - Iaa. S Cloud Infrastructure Iaa. S Mware Provider defined OS&Virt Platform Layer 3 - Composition Virtual Resources Composition Layer 2 - Virtualisation Resources Abstraction and Virtualisation User defined SW&Apps Layer 5 - Paa. S Mware Provider defined Infrastructure and OS&Virt Platform Layer 1 - Physical HW Platform/Network Inter. Cloud Control and Management Plane (ICCMP) Standard Interface Inter. Cloud Architecture 2012 Non-standard/proprietary Interface Inter. Cloud Architecture Framework 22

Inter. Cloud Control and Management Plane (ICCMP) • Allows signaling, monitoring, dynamic configuration and synchronisation of the distributed heterogeneous clouds • Including management interface from applications to network infrastructure and virtualisation platform • Main functional components include – Cloud Resource Manager – Network Infrastructure Manager • Possible ICCMP Interfaces include – – – Signaling Control Monitoring Management Location Message routing Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 23

Inter. Cloud Federation Framework (ICFF) • Defines set of protocols and mechanisms to ensure heterogeneous clouds integration at service and business level • Addresses Identity Federation, federated network access, etc. • Main functional components include – Service and Trust brokers – Intercloud gateway including attribute/namespace translator • Attribute/namespace resolver – – Service Registry Service discovery service Identity provider Trust manager/router • Possible ICFF Interfaces – – – Naming, Addressing and Translation (if/as needed) Publishing Discovery Attributes management Trust/key management Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 24

Inter. Cloud Operations Framework (ICOF) • Defines the main roles and actors – RORA model: Resource, Ownership, Role, Action • Provides basis for business processes definition, SLA management and access control policy definition • Broker and Federation operation • Main functional components include – Cloud Service Provider, Cloud Operator, Cloud (physical) Resource provider, Cloud Carrier – Service Registry – Service Broker • Possible ICOF Interfaces – – Provisioning, Deployment, Decommissioning/Termination SLA management and negotiation Services Lifecycle management Services deployment Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 25

Main Actors in Cloud/Inter. Cloud Architecture • • • Cloud Service Provider Intercloud (Cloud Service) Operator Cloud Customer Cloud User Cloud Carrier Cloud Broker Cloud Auditor Cloud Resource Provider Physical Resource Provider Ownership/Management model needs to be applied to these actors using extended RORA model – Can also be a “fixed” resources provider Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 26

Implementation: Architectural Framework for Cloud Iaa. S • Abstracted from the GEYSERS LICL (Logical Infrastructure Composition Layer) architecture • Includes Composable Services Architecture (CSA) being developed in GEANT 3 JRA 3 • Incorporates RDF based Network and Infrastructure Description Languages (NDL, NML, INDL) research at SNE/Uv. A • Includes the following main components – Infrastructure Services Modeling Framework (ISMF) – Composable Services Architecture (CSA) – Service Delivery Framework (SDF) • Additional components (orthogonal) – Cloud Security Infrastructure – Control and Management Plane Published as SNE Technical Report (2011) http: //staff. science. uva. nl/~demch/worksinprogress/sne 2011 -techreport-2011 -03 -clouds-iaasarchitecture-release 1. pdf Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 27

GEYSERS Layered Architecture – CSM and ICCMP • Developed and implemented in the GEYSERS project http: //www. geysers. eu/ Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 28

Abstract (Cloud) Iaa. S Provisioning Model Virtual Infrastructure (VI) (operated by VIO 1) VRI 2 Application/Service Layer Service Middleware Layer (SML) User/ Applic A VRI 5 VRI 4 VRI 1 VRI 6 User/ Applic B VRI 3 VI Comp & Mngnt (Upper LICL) SLC Metadada Logical Abstraction Layer PR Virtualis & Mngnt (Lower LICL) Pi/PR Adaptation Layer Resource Config SLA/ SLM Security Context VR 1 IT infrastructure virtualisation Composition Logical Rsr Ctrl & Mngnt (Orchestratn) AAI/Policy Security VI Operator Layer VIO 1 VI/VR Adaptation Layer VR 2 VR 3 VIProvider 1 PIP 2 ND-PIP 1 ND-PIP 2 VR 4 VR 5 VIProvider 2 PIP 3 PIP 4 Pi/PR Layer Network Infrastructure Provisioning User. ND-A ND-PIP 3 -PIP 4 VR 6 VI Provider Layer PI Provider Layer User. ND-B Network Control Plane Resource Config SLA/ SLM Security Context ND-VIP 1 ND-VIP 2 Network Domain ND-VIO 1 Network Infrastructure virtualisation and instantiation Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework Legend ND* - Network Domain VIR* - VI Resource (deployed) VR – Virtual Resource LR – Logical Resource PR – Physical Resource 29

Abstract (Cloud) Iaa. S Provisioning Model Virtual Infrastructure (VI) (operated by VIO 1) VRI 2 Application/Service Layer Service Middleware Layer (SML) User/ Applic A VRI 5 VRI 4 VRI 1 VRI 6 VRI 3 VI Composition & Management Layer Logical Abstraction Layer PR Virtualis & Mngnt (Lower LICL) Pi/PR Adaptation Layer Resource Config SLA/ SLM Security Context VR 1 IT infrastructure virtualisation Composition Logical Rsr Ctrl & Mngnt (Orchestratn) SLC Metadada VI Operator Layer VIO 1 VI/VR Adaptation Layer AAI/Policy Security VR 2 VR 3 VIProvider 1 PIP 2 ND-PIP 1 ND-PIP 2 VR 4 VR 5 VIProvider 2 PIP 3 PIP 4 Pi/PR Layer Network Infrastructure Provisioning User/ Applic B User. ND-A ND-PIP 3 -PIP 4 VR 6 VI Provider Layer PI Provider Layer User. ND-B Network Control Plane Resource Config SLA/ SLM Security Context ND-VIP 1 ND-VIP 2 Network Domain ND-VIO 1 Network Infrastructure virtualisation and instantiation Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework Legend ND* - Network Domain VIR* - VI Resource (deployed) VR – Virtual Resource LR – Logical Resource PR – Physical Resource 30

Abstract (Cloud) Iaa. S Provisioning Model Virtual Infrastructure (VI) (operated by VIO 1) VRI 2 Application/Service Layer Service Middleware Layer (SML) User/ Applic A VRI 5 VRI 4 VRI 1 VRI 6 User/ Applic B VRI 3 VI Comp & Mngnt (Upper LICL) SLC Metadada Logical Abstraction Layer en PR Virtualisation & Management Pi/PR Adaptation Layer Resource Config SLA/ SLM Security Context VR 1 IT infrastructure virtualisation Composition Logical Rsr Ctrl & Mngnt (Orchestratn) AAI/Policy Security VI Operator Layer VIO 1 VI/VR Adaptation Layer VR 2 VR 3 VIProvider 1 PIP 2 ND-PIP 1 ND-PIP 2 VR 4 VR 5 VIProvider 2 PIP 3 PIP 4 Pi/PR Layer Network Infrastructure Provisioning User. ND-A ND-PIP 3 -PIP 4 VR 6 VI Provider Layer PI Provider Layer User. ND-B Network Control Plane Resource Config SLA/ SLM Security Context ND-VIP 1 ND-VIP 2 Network Domain ND-VIO 1 Network Infrastructure virtualisation and instantiation Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework Legend ND* - Network Domain VIR* - VI Resource (deployed) VR – Virtual Resource LR – Logical Resource PR – Physical Resource 31

Abstract (Cloud) Iaa. S Provisioning Model Virtual Infrastructure (VI) (operated by VIO 1) VRI 2 Application/Service Layer Service Middleware Layer (SML) User/ Applic A VRI 5 VRI 4 VRI 1 VRI 6 User/ Applic B VRI 3 VI Comp & Mngnt (Upper LICL) Composition Logical Rsr SLC Metadada VR 1 IT infrastructure virtualisation Ctrl & Mngnt (Orchestratn) AAI/Policy Security Logical Abstraction Layer PR Virtualis & Mngnt (Lower LICL) Pi/PR Adaptation Layer Resource Config SLA/ SLM VI Operator Layer VIO 1 VI/VR Adaptation Layer Security Context VR 2 VR 3 VIProvider 1 PIP 2 ND-PIP 1 ND-PIP 2 VR 4 VR 5 VIProvider 2 PIP 3 PIP 4 Pi/PR Layer Network Infrastructure Provisioning Network Control Plane Resource Config SLA/ SLM Security Context User. ND-A ND-PIP 3 -PIP 4 ND-VIP 1 ND-VIP 2 Network Domain ND-VIO 1 Network Infrastructure virtualisation and instantiation Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework VR 6 VI Provider Layer PI Provider Layer User. ND-B Legend ND* - Network Domain VIR* - VI Resource (deployed) VR – Virtual Resource LR – Logical Resource PR – Physical Resource 32

Virtual Infrastructure Composition and Management • Main actors involved into provisioning process – Physical Infrastructure Provider (PIP) – Virtual Infrastructure Provider (VIP) – Virtual Infrastructure Operator (VIO) • Virtual Infrastructure Composition and Management (VICM) layer includes – VICM middleware - defined as CSA – Logical Abstraction Layer and the VI/VR Adaptation Layer facing correspondingly lower PIP and upper Application layer. • The infrastructure provisioning process is defined by the Service Delivery Framework (SDF) – Defines services lifecycle • VICM redefines Logical Infrastructure Composition Layer (LICL) proposed by GEYSERS project – Basic functionality is implemented as GEMBus/ESB/CSA Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 33

Services Lifecycle/Provisioning Workflow • – Service Request/ (SLA Negotiation) Composition/ Reservation (SLA enforcement) Re-Planning/ Re-Composition Main stages/phases – – Service Lifecycle Metadata Service (SL MD) Deployment – – • Additional stages – Registr&Synchro (Security Bootstrap) Recovery/ Migration Operation (Monitoring) (SLA enforcement) – Provisiong Session Managnt • • Decommissioning (Security Recycling) Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework Service Request (including SLA negotiation) Composition/Reservation (aka design) Deployment, including Reqistration/Synchronisation Operation (including Monitoring and SLA enforcement) Decommissioning (including Dynamic Security Associations destroying/recycling) Re-Planning/Re-Composition should address incremental infrastructure changes Recovery/Migration can use SLMD to initiate resources resynchronisation but may require recomposition The whole workflow is supported by the Service Lifecycle Metadata Service (SL MD) Provisioning session provides a framework for services context and security context management Slide_34

Summary and Future works • The proposed ICAF is based on existing standards and proposes their integration and extension – Includes 4 components: CSM, ICCMP, ICFF, ICOF • Addresses cloud services/infrastructure lifecycle management • Future research and development primarily focused on inter-layer and inter-cloud interfaces definition – Re-factor GEYSERS Infrastructure virtualisation interfaces – Testbeds: Iaa. S (GEYSERS) and Paa. S (GEANT 3) • Standardisation activity in IETF, OGF, TMF – Partnership with industry Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 35

Questions and Discussion Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 36

Additional Information • ISMF resources virtualisation • NIST Cloud definition and standardisation activity • Useful links on Cloud standardisation and practice Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 37

ISMF – Virtual Resource Lifecycle Network Segment {LR 0} -> LR 2 Planning Composition Reservation VRs Composed Registered . LRs Physical Resource PR-LR 1 Config& Instantiation LR 0 Re-usable (Published) PRs PIP 1 Inter. Cloud Architecture 2012 Virtual Infrastructure Deployed Virtual Resource LR 2 -> VR VI Deployment Network Segment Topology Pool Logical Resource Network Segment PIP 2 Inter. Cloud Architecture Framework 38

ISMF - Relation between PR-LR-VR-VI • • Virtual Resource lifecycle – defines relations between different resource presentations along the provisioning process Physical Resource information is published by PIP to the Registry service serving VICM and VIP – Logical Resource representing PR includes also properties that define possible (topological) operations on the PR, such as e. g. partitioning or aggregation. • • Published LR information presented in the commonly adopted form (using common data or semantic model) is then used by VICM/VIP composition service to create requested infrastructure as combination of (instantiated) Virtual Resources and interconnecting them with the available network infrastructure Network infrastructure can be composed of a few network segments (from the network topology pool) run by different network providers. Composed LRs are deployed as VRI/VI to VIP/VIO and as virtualised/instantiated PR-LR to PIP Resource/service description format considered – NDL/NML (Network Description Language / Network Markup Language at OGF) – Compatibility with VXDL infrastructure service request format by INRIA Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 39

NIST Publications on Cloud Computing • • • [NIST CC] NIST SP 800 -145, “A NIST definition of cloud computing”, [online] Available: http: //csrc. nist. gov/publications/nistpubs/800 -145/SP 800 -145. pdf [NIST CCRA] NIST SP 500 -292, Cloud Computing Reference Architecture, v 1. 0. [Online] http: //collaborate. nist. gov/twiki-cloudcomputing/pub/Cloud. Computing/Reference. Architecture. Taxonomy/NIST_SP_500 -292__090611. pdf [NIST Synopsis] DRAFT NIST SP 800 -146, Cloud Computing Synopsis and Recommendations. [online] Available: http: //csrc. nist. gov/publications/drafts/800 -146/Draft. NIST-SP 800 -146. pdf Draft SP 800 -144 Guidelines on Security and Privacy in Public Cloud Computing. [online] Available: http: //csrc. nist. gov/publications/nistpubs/800 -144/SP 800 -144. pdf [NIST CC Roadmap] DRAFT NIST SP 800 -293, US Government Cloud Computing Technology Roadmap, Volume I, Release 1. 0. [online] http: //www. nist. gov/itl/cloud/upload/SP_500_293_volume. I-2. pdf NIST SP 500 -291 NIST Cloud Computing Standards Roadmap. [online] Available: http: //collaborate. nist. gov/twiki-cloudcomputing/pub/Cloud. Computing/Standards. Roadmap/NIST_SP_500 -291_Jul 5 A. pdf Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 40

NIST Cloud definition – Draft SP 800 -145 (1) • NIST Definition of Cloud – missing network provisioning, just “limited control over network” Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e. g. , networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. Cloud Infrastructure as a Service (Iaa. S). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e. g. , host firewalls). Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 41

NIST Cloud definition – Draft SP 800 -145 (2) Draft SP 800 -145 A NIST Definition of Cloud Computing (published) http: //csrc. nist. gov/publications/nistpubs/800 -145/SP 800 -145. pdf • Five essential clouds characteristics – – – On-demand self-service Broad network access Resource pooling Rapid elasticity Measured Service • 3 service/provisioning models – Software as a Service (Saa. S) – Platform as a Service (Paa. S) – Infrastructure as a Service (Iaa. S) • 4 deployment models – – Public cloud Private cloud Community cloud Hybrid cloud Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 42

NIST Cloud Computing Reference Architecture (CCRA) 2. 0 - Main Roles (1) • Cloud Carrier as a role to accommodate telco’s interests Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 43

NIST Cloud Computing Reference Architecture (CCRA) 2. 0 - Provider Functions (2) Add: Service Delivery (Framework) • Request&SLA • Reservation/ Composition • Deployment • Operation • Decommissioning Provider functions • Defined ambiguously • Need clear separation between Delivery process, Operation and Control&Mngnt functions • Service Orchestration is a Control function Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 44

NIST Cloud Computing Reference Architecture (CCRA) 2. 0 – Consolidated View (3) • txt Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 45

Dedicated Network Provisioning in Clouds • This issue is not addressed in details in any of currently proposed CC architectures • It can not be consistent infrastructure Qo. S without (dedicated) network provisioning – Specifically for Optical networks • Telco, network providers and telecom equipment vendors are working in this direction – GEYSERS project is an example of network+IT infrastructure virtualisation • Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 46

Extending NIST Cloud Iaa. S definition to support Naa. S (in the context of Network Infrastructure provisioning) The suggested extensions to the Cloud Iaa. S model to meet requirements of the critical enterprise services: • Define layered cloud services model that should be suitable for defining main inter-layer and inter-service (functional) interfaces • Add topology aware infrastructure view • Define resources and services virtualisation as one of generic cloud features (TBD) • Include improved network services definition capable of provisioning required Qo. S and allowing control from user run applications • At the business/operational level, the CCRA should be extended to address the following features: – Improved definition of the Cloud Carrier role, operational model and interaction with other key actors – Extended set of basic roles to reflect typical for telecom operators/providers business relations: • Cloud/infrastructure Operator, Customer, and User (in place of the currently used consumer role) • Other cloud service models Paa. S and Saa. S should also allow management of Qo. S and other network related parameters Inter. Cloud Architecture 2012 Inter. Cloud Architecture Framework 47