Re: [clouds] Scope of the Cloud is too big

["Masum Hasan (masum)" <masum@cisco.com>]

Re. your comment on pursuing "storage API like Amazon's S3" in IETF. Why
that is needed when storage networking SDO SNIA is working on one (SNIA
CDMI)?

 

 

--Masum

 

408 219 9713   Cell                  408 853 5926   Desk

http://home.comcast.net/~masumz/

http://wwwin-people.cisco.com/masum/ (Intranet)

 

 

From: clouds-bounces@ietf.org [mailto:clouds-bounces@ietf.org] On Behalf
Of Sam Johnston
Sent: Thursday, April 08, 2010 8:19 AM
To: Gene Golovinsky
Cc: clouds@ietf.org
Subject: Re: [clouds] Scope of the Cloud is too big

 

Gene,

 

You're definitely not alone in thinking this would be a worthy topic for
IETF and as co-conspirator (along with Cisco's Chris Hoff) and author of
the existing CloudAudit draft spec I'd love to see IETF people starting
to work with the group. We have weekly calls on Monday at 10am PST/1pm
EST and discuss in the cloudaudit Google Group[1]. The goal for v1 is to
create a trivial HTTP-based interface that can be implemented by
uploading files rather than coding. Similarly, OGF's OCCI working group
has produced a number of Internet-Drafts that could be picked up by
IETF.

 

Another area that I think would be very interesting for IETF to take on
(moreso than virtualisation management) is a simple, HTTP-based storage
API like Amazon's S3 - only without the potential patent problems[2]. I
believe that HTTP already takes care of many/most of the issues (e.g.
authentication, encryption, ranged GETs, etc.) and IETF has proven
experience in the area (WebDAV).

 

Another issue I ran into while writing cush[3] was how to remotely
instruct servers to migrate (live?) resources - for example, moving a
virtual machine, database, etc. from one location to another using a
mobile device on a 3G connection. I believe WebDAV's COPY and MOVE verbs
are a good start (this is what we're using for OCCI) but they could be
reviewed and possibly promoted for more generic application.

 

Considering that most of these APIs (at least the ones I'm involved in)
are trying to be as close as possible to the "uniform interface" of
HTTP, I believe there's benefit to be had in reviewing the relevant RFCs
with these new applications in mind. For example, while HTTP has a
perfectly good metadata channel (headers) and thus obviates the need for
envelope formats (Atom, SOAP, etc), it lacks the ability to link,
annotate and categorise resources. It also has some internationalisation
problems (e.g. ASCII) and inefficient serialisation (e.g. SPDY). HTTP
1.1 has served us well for many years but perhaps it's time to start
thinking about what HTTP 2.0 might look like?

 

Sam

 

-- 
Sam Johnston

Technical Program Manager

Site Reliability Engineering

Google Switzerland GmbH

 

1. http://groups.google.com/group/cloudaudit
2. http://tinyurl.com/s3patent

3. http://code.google.com/p/cush/

 

On 8 April 2010 15:40, Gene Golovinsky <gene@alertlogic.com> wrote:

http://www.cloudaudit.org/ is an initiative, not a standard.

The plan for the group is to submit proposal to the IETF:

http://searchsecuritychannel.techtarget.com/news/interview/0,289202,sid9
7_gci1508024,00.html

 

Which means I am not alone thinking this is a worthy topic for IETF to
take on.

When and if the proposal will be submitted there is still going to be a
lot of work to make it a standard.

 

At least two approaches are possible. 1. Do nothing while waiting for
Cloud Audit proposal. 2. Start working with the group.

Considering how fast Cloud technologies have been evolving and how
critical Security is for the adoption of it I am for #2.

 

--Gene

 

 

 

From: Mark Webb [mailto:mwebb@cisco.com] 
Sent: Thursday, April 08, 2010 8:23 AM
To: clouds@ietf.org
Cc: Linda Dunbar; carlw@mcsr-labs.org; Gene Golovinsky


Subject: Re: [clouds] Scope of the Cloud is too big

 

Look at 

 

http://www.cloudaudit.org/

 

For cloud audit.  It is difficult to specify audit when the services are
so different today.  

 

The industry has not settled on a small set of services definitions of
what "cloud" is. So, how does one audit SaaS, PaaS?  When the services
offered in that space are so different?  IaaS is the most mature and
perhaps the lcd of cloud.  

 

So, who here thinks that "IT functions as a service" or ITaaS is
something that IETF can specify?  OK that was rhetorical.  My point is,
the real opportunity is to look for elements that are mature enough to
have some problem to be solved defined.  Then ensure you are not
duplicating what other SDO or Forum are already working on.

 

Mark Webb