The OGF Open Cloud Computing Interface andCloudAudit

Shlomo Swidler

OGF OCCI WG Member, CloudAudit WG Member

March 17, 2009

Common OCCI & CloudAudit Vision:Open Cloud Ecosystem

OpenCloud

Open Formats

OpenInterfaces

OpenData

Open Source

Goal of OCCI

• Interoperability• Let different cloud systems

work together

• Portability• Move services between clouds

• Integration• Wire up cloud with legacy

At all levels of the stack

Who is OCCI

• Open Grid Forum Working Group

• OGF IP umbrella for copyrights, patents, trademarks

• More than 200 participants

• Industry: Rackspace, GoGrid, Sun/Oracle, RESERVOIR, …

• Academia: UCMadrid (OpenNebula), SLA@SOI w/Intel, …

• Service providers: CohesiveFT, RabbitMQ, …

• End users, developers

Current Status of OCCI

• Infrastructure layer spec finalized, in public review• Reference implementation underway

• OpenNebula, other implementations in the works, too…

• Working on Extensions (reservations, snapshots, etc.)• Building demo integrations with other standards

• SNIA CDMI - storage

• Proposed Roadmap:• Draft Platform spec – October 2010• Final – late 2011

20,000-foot Look at OCCI

• Protocol

• Lightweight, extensible

• Format-agnostic

• Built on HTTP, RESTful

Create: HTTP POST

Retrieve: HTTP GET

Update: HTTP GET & HTTP PUT

Delete: HTTP DELETE

OCCICore

OCCI Infrastructure

HT

TP

Hea

der

Ren

derin

g

XH

TM

L5 +

RD

Fa

Ren

derin

g

OCCI Platform

OCCI Application

Extensions

5,000-foot Look at OCCI

Provider

Compute

Storage

Network

AttributesOperations

Instance

Links

GET http://abc.com/uid123foobar/

OCCI

*

*

*

*

*

*

HTTP LINK

header

Atom-like categories

RE

SP

ON

SE

RE

QU

ES

T

Eye-level Look at OCCI> GET /us-east/webapp/vm01 HTTP/1.1 > User-Agent: occi-client/1.0 (linux) libcurl/7.19.4 OCCI/1.0 > Host: cloud.example.com > Accept: */* > < HTTP/1.1 200 OK < Date: Sat, 10 Oct 2009 12:56:51 GMT < Content-Type: application/ovf < Link: </us-east/webapp/vm01;start>; < rel="http://purl.org/occi/action/start"; < title="Start" < Link: </us-east/webapp/build.pdf>; < rel="related"; < title="Documentation"; < type="application/pdf" < Category: compute; < label="Compute Resource”; < scheme="http://purl.org/occi/kind/" < Server: occi-server/1.0 (linux) OCCI/1.0 < Connection: close < < <?xml version="1.0" encoding="UTF-8"?> < <Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" < xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1" < xmlns="http://schemas.dmtf.org/ovf/envelope/1" < xml:lang="en-US”< ...

Get the resource,in whatever

format

It’s in OVFformat

You can “start” it

Related “documentation”

It’s a “compute” resource

The OVF payload

Goal of CloudAudit (“A6”)

• Provide a common interface that allows cloud computing providers to automate the audit, assertion, assessment, and assurance (“A6”) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments.

• Allow authorized consumers of these services to do the same via an open, extensible, and secure interface and methodology.

Who is CloudAudit

• Over 250 participants across the industry• Cloud operators

• Auditors

• Security professionals

• Developers, Integrators

• Affiliations include

CloudAudit Current Status

• Currently standardizing the data footprint

• Allows consistent automation for provider and consumer

• HTTP chosen as the protocol

• Format-agnostic, human or machine client

• Inspired by OCCI

• First draft expected in 90 days

A Look at CloudAudit Thinking

• http://www.cloudaudit.net/.well-known/cloudaudit/com/rackspace

A Look at CloudAudit Thinking

• http://www.cloudaudit.net/.well-known/cloudaudit/com/rackspace

The OGF Open Cloud Computing Interface and CloudAudit

Shlomo Swidler

shlomo.swidler@orchestratus.com

@ShlomoSwidler

Copyright Notice

Copyright (C) Open Grid Forum (2009). All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works.

The limited permissions granted above are perpetual and will not be revoked by the OGF or its successors or assignees.