IETF Logo Mail Archive

Re: [clouds] Scope of the Cloud is too big

Gene Golovinsky <gene@alertlogic.com> Thu, 08 April 2010 13:41 UTC

Return-Path: <gene@alertlogic.com>
X-Original-To: clouds@core3.amsl.com
Delivered-To: clouds@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F72028C101 for <clouds@core3.amsl.com>; Thu, 8 Apr 2010 06:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.601
X-Spam-Level:
X-Spam-Status: No, score=-1.601 tagged_above=-999 required=5 tests=[AWL=0.663, BAYES_00=-2.599, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3HDwxcdwNnsf for <clouds@core3.amsl.com>; Thu, 8 Apr 2010 06:40:58 -0700 (PDT)
Received: from smtp121.dfw.emailsrvr.com (smtp121.dfw.emailsrvr.com [67.192.241.121]) by core3.amsl.com (Postfix) with ESMTP id 5F7113A6A45 for <clouds@ietf.org>; Thu, 8 Apr 2010 06:40:58 -0700 (PDT)
Received: from relay12.relay.dfw.mlsrvr.com (localhost [127.0.0.1]) by relay12.relay.dfw.mlsrvr.com (SMTP Server) with ESMTP id EDDDA2081660; Thu, 8 Apr 2010 09:40:54 -0400 (EDT)
Received: from smtp192.mex07a.mlsrvr.com (smtp192.mex07a.mlsrvr.com [67.192.133.192]) by relay12.relay.dfw.mlsrvr.com (SMTP Server) with ESMTPS id DCC1C2081697; Thu, 8 Apr 2010 09:40:54 -0400 (EDT)
Received: from 34093-MBX-C01.mex07a.mlsrvr.com ([192.168.1.62]) by 152333-HUB01.mex07a.mlsrvr.com ([192.168.1.195]) with mapi; Thu, 8 Apr 2010 08:40:52 -0500
From: Gene Golovinsky <gene@alertlogic.com>
To: Mark Webb <mwebb@cisco.com>, "clouds@ietf.org" <clouds@ietf.org>
Date: Thu, 08 Apr 2010 08:40:52 -0500
Thread-Topic: [clouds] Scope of the Cloud is too big
Thread-Index: AcrXHrRieHAe1ZKCSZCZFf4aHaSMTAAATaLQ
Message-ID: <C6A1D07CACFDBD4D9422C7D7ED288D41041896160C@34093-MBX-C01.mex07a.mlsrvr.com>
References: <C6A1D07CACFDBD4D9422C7D7ED288D41041896117A@34093-MBX-C01.mex07a.mlsrvr.com><4BBC9B0C.5050207@stpeter.im><C6A1D07CACFDBD4D9422C7D7ED288D41041896119B@34093-MBX-C01.mex07a.mlsrvr.com><D7AB7C87-E8F6-496B-9D37-E13FAED746F2@cisco.com><008001cad669$a4d0add0$440c7c0a@china.huawei.com><010401cad673$9e2ca6f0$da85f4d0$@org> <00d001cad676$0be2fa30$440c7c0a@china.huawei.com> <C6A1D07CACFDBD4D9422C7D7ED288D4104189615B3@34093-MBX-C01.mex07a.mlsrvr.com> <9DF482BD-96B8-4E85-941C-190134DBB2CC@cisco.com>
In-Reply-To: <9DF482BD-96B8-4E85-941C-190134DBB2CC@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_C6A1D07CACFDBD4D9422C7D7ED288D41041896160C34093MBXC01me_"
MIME-Version: 1.0
Subject: Re: [clouds] Scope of the Cloud is too big
X-BeenThere: clouds@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Clouds pre-BOF discussion list <clouds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/clouds>, <mailto:clouds-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/clouds>
List-Post: <mailto:clouds@ietf.org>
List-Help: <mailto:clouds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clouds>, <mailto:clouds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2010 13:41:08 -0000

http://www.cloudaudit.org/ is an initiative, not a standard.
The plan for the group is to submit proposal to the IETF:
http://searchsecuritychannel.techtarget.com/news/interview/0,289202,sid97_gci1508024,00.html

Which means I am not alone thinking this is a worthy topic for IETF to take on.
When and if the proposal will be submitted there is still going to be a lot of work to make it a standard.

At least two approaches are possible. 1. Do nothing while waiting for Cloud Audit proposal. 2. Start working with the group.
Considering how fast Cloud technologies have been evolving and how critical Security is for the adoption of it I am for #2.

--Gene



From: Mark Webb [mailto:mwebb@cisco.com]
Sent: Thursday, April 08, 2010 8:23 AM
To: clouds@ietf.org
Cc: Linda Dunbar; carlw@mcsr-labs.org; Gene Golovinsky
Subject: Re: [clouds] Scope of the Cloud is too big

Look at

http://www.cloudaudit.org/

For cloud audit.  It is difficult to specify audit when the services are so different today.

The industry has not settled on a small set of services definitions of what "cloud" is. So, how does one audit SaaS, PaaS?  When the services offered in that space are so different?  IaaS is the most mature and perhaps the lcd of cloud.

So, who here thinks that "IT functions as a service" or ITaaS is something that IETF can specify?  OK that was rhetorical.  My point is, the real opportunity is to look for elements that are mature enough to have some problem to be solved defined.  Then ensure you are not duplicating what other SDO or Forum are already working on.

Mark Webb

On Apr 8, 2010, at 8:36 AM, Gene Golovinsky wrote:


While I agree that SaaS, IaaS and PaaS are different categories they all basically do the same thing - letting people consume IT functions as service.
As a result the same multiple problem spaces apply: users need to be authenticated, their access need to be controlled, activities audited, data protected, functionality provisioned and the list goes on.

Cloud Security Alliance mentioned earlier does not necessarily deal with those issues. I read their guidelines and it mostly deals with deployment recommendations, but the area of auditing for example is not really covered.

Ability to audit is really important if we want to insure that people that care about compliance actually use cloud technologies. Yet neither ability, nor technology for that is there. While traditional logging (syslog) is not good enough for the cloud simply because we are dealing with shared and dynamically allocated resources and user info is not consistently available.

--Gene



From: clouds-bounces@ietf.org<mailto:clouds-bounces@ietf.org> [mailto:clouds-bounces@ietf.org] On Behalf Of Linda Dunbar
Sent: Wednesday, April 07, 2010 12:16 PM
To: carlw@mcsr-labs.org<mailto:carlw@mcsr-labs.org>; 'Mark Webb'; clouds@ietf.org<mailto:clouds@ietf.org>
Subject: Re: [clouds] Scope of the Cloud is too big

I find it difficult that people in the same room talking about totally different subjects. Very hard to get the discussion moving forward.

Linda

________________________________
From: Carl Williams [mailto:carlw@mcsr-labs.org]
Sent: Wednesday, April 07, 2010 11:59 AM
To: 'Linda Dunbar'; 'Mark Webb'; clouds@ietf.org<mailto:clouds@ietf.org>
Subject: RE: [clouds] Scope of the Cloud is too big

The name is irrelevant and perhaps in future it could change to avoid distraction.  The technology discussions is what is key and that is what was discussed in the informal meeting.  From what I can tell the purpose was to get some informal discussion going first and see what people are thinking.  There seems to be some conclusion that the next step was to conduct a gap analysis.

Carl


From: clouds-bounces@ietf.org<mailto:clouds-bounces@ietf.org> [mailto:clouds-bounces@ietf.org] On Behalf Of Linda Dunbar
Sent: Wednesday, April 07, 2010 11:48 AM
To: 'Mark Webb'; clouds@ietf.org<mailto:clouds@ietf.org>
Subject: [clouds] Scope of the Cloud is too big

I attended the CLOUD's bar BOF. I don't think it is appropriate for IETF to have a working group on "CLOUD" because it means different things to different people. Cloud computing is a general term for anything that involves delivering services over the Internet. I can see three basic categories:
*  Infrastructure-as-a-Service (IaaS<http://searchcloudcomputing.techtarget.com/sDefinition/0,290660,sid201_gci1358983,00.html>),
*  Platform-as-a-Service (PaaS)<http://searchcloudcomputing.techtarget.com/sDefinition/0,,sid201_gci1332892,00.html> and
*  Software-as-a-Service (SaaS<http://searchcloudcomputing.techtarget.com/sDefinition/0,290660,sid201_gci1170781,00.html>)

There are a lot of stuff under each of the categories above. I suggest separating them and further studying if there are enough contents for one of them to become a working group.

Linda Dunbar

________________________________
From: clouds-bounces@ietf.org<mailto:clouds-bounces@ietf.org> [mailto:clouds-bounces@ietf.org] On Behalf Of Mark Webb
Sent: Wednesday, April 07, 2010 10:09 AM
To: clouds@ietf.org<mailto:clouds@ietf.org>
Subject: Re: [clouds] Use cases

I was not there at the BoF, but did get reports from a couple of people in attendance.

An important perspective is to ensure IETF does NOT start a new effort that overlaps with other SDO and Forum already underway.  The industry does not need more SDO declaring they are relevant to cloud computing IMO.

Seeking contributions on relevant & IETF appropriate gap analysis is the _most_ that should be pursued at this point in time.

Mark Webb


On Apr 7, 2010, at 10:57 AM, Gene Golovinsky wrote:


Well, I think this is a topic worthy of IETF time and attention.
How can I help to move the discussion forward?

Was there any specific area out of the white paper discussed?
I think Cloud interoperability and security are topics were IETF is traditionally focusing its efforts.

--Gene


-----Original Message-----
From: clouds-bounces@ietf.org<mailto:clouds-bounces@ietf.org> [mailto:clouds-bounces@ietf.org] On Behalf Of Peter Saint-Andre
Sent: Wednesday, April 07, 2010 9:48 AM
To: clouds@ietf.org<mailto:clouds@ietf.org>
Subject: Re: [clouds] Use cases

On 4/7/10 8:40 AM, Gene Golovinsky wrote:

>    2. I saw references to bar BoF at last IETF meeting, but could not
>       really figure out if the WG was chartered.

It was a bar BoF, not a real BoF. And IMHO the discussion was so nebulous that folks are a long way from forming a WG.

Peter

--
Peter Saint-Andre
https://stpeter.im/



_______________________________________________
clouds mailing list
clouds@ietf.org<mailto:clouds@ietf.org>
https://www.ietf.org/mailman/listinfo/clouds

v2.23.0 | Report a Bug | By Email