moving to the cloud: nist vision and initiatives - siena
Post on 12-Sep-2021
1 Views
Preview:
TRANSCRIPT
National Institute of
Standards and Technology
Information Technology Laboratory
Moving to the Cloud:
NIST Vision and Initiatives
part of the
US Federal Cloud Computing Strategy
Dawn Leaf
NIST Senior Executive for Cloud Computing
March 16, 2011
National Institute of
Standards and Technology
Information Technology Laboratory
Boulder, Colorado, USA
Gaithersburg, Maryland, USA
Courtesy HDR Architecture, Inc./Steve Hall © Hedrich Blessing
©Geoffrey Wheeler
NIST Mission: To promote U.S. innovation and industrial competitiveness by advancingmeasurement science,
standards, and
technology
in ways that
enhance economic
security and improve
our quality of life ©Robert Rathe
National Institute of
Standards and Technology
Information Technology Laboratory
Purpose Today – Information Exchange
• Background:
– US Federal Cloud Computing Strategy
– universal challenges
– NIST program goals & rationale
• Context: program timeline
• Opportunities: collaboration & working group efforts
• Highlights: progress & examples of useful information for cloud
adopters
• Special focus: Standards Acceleration to Jumpstart the Adoption of
Cloud Computing (SAJACC) & security work
• General Comments & Questions ?
3
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing Program Goal
• Accelerate the federal government’s secure adoption of cloud
computing*
– Build a USG Cloud Computing Technology Roadmap which
focuses on the highest priority USG cloud computing security,
interoperability and portability requirements
– Lead efforts to develop standards and guidelines in close
consultation and collaboration with standards bodies, the private
sector, and other stakeholders
4
* REF http://www.cio.gov/documents/Federal-Cloud-Computing-Strategy.pdf
National Institute of
Standards and Technology
Information Technology Laboratory
Universal Challenges
5
• Adopters need a “Rulebook”
• cloud model is emerging -- there isn’t a large
installed base
• mainly commodity & infrastructure
Rule Book
from the
Chicago,
Milwaukee,
St. Paul and
Pacific
Railroad
Company
dated 1959.,
antiqueradio
museum.org
• Providers need to understand the specific issues
and barriers – not just general security,
interoperability & portability concerns
Improve our music.com, Musicians are Expert Mind Readers, Mark Gibson, January 2009
• Detailed cloud computing services
are defined in the eye of the
beholder – hard to get apples to
apples comparisonCopy right free images
National Institute of
Standards and Technology
Information Technology Laboratory
Universal Challenges
6
The Cloud Computing “space” & community is so broad that it isn’t feasible to cover all relevant work & collaboration opportunities
Copy Right Free Images
Backlog of internet driven policy questions &
decisions (e.g. privacy and security) now need to
be considered in light of cloud roles &
responsibilities
US Library of Congress
Balance -- between advantages of formal standards
development processes and market driven
defacto “standard” specifications
US Library of Congress
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing Program
Concept & Rationale
How to build a USG Cloud ComputingStandards Roadmap
1. Define
Target USG
Cloud
Computing
Business Use
Cases
2. Define
Neutral Cloud
Computing
Reference
Architecture &
Taxonomy
3. Generate Cloud
Computing
Roadmap –
Translate
Requirements
& Identify Gaps
priorities
risks
obstacles
Expand
CC Definition
ref. architecture
Concurrent & Iterative 3-step
process
that drives tactical efforts
Strategic Program Tactical Program
NIST CC efforts
• SDO submissions & support
• Guidance – Special Publications;
technical advisor to Fed CIO Council
• Standards Acceleration to
Jumpstart the Adoption of
Cloud Computing (SAJACC) --through qualitative testing of
specifications against interoperability,
security, and portability requirements
• Complex Computing
Simulation & Modeling – Koala
IaaS resource allocation algorithms
Beneficial bi-product: Identify priorities for
hand-off to other stakeholders – policy
makers, prototypes, pilots, R&D organizations
7
Interagency Report:
USG Cloud Computing
Technology Roadmap –list of Tactical Priorities &
Deliverables
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing Program Timeline
May
2010
Nov
2010S
T
R
A
T
E
G
I
C
NIST
CC
DefinitionTactical efforts
Outreach & Fact finding with
USG, Industry, SDOs
Evaluate past models &
lessons learned
Define fresh approach
to support secure &
effective USG cloud
computing adoption, prioritize interoperability,
portability, & security
requirements, collaborate,
more quickly respond to
operational needs
Launch CC
Strategic Program
Initiate
Stakeholder
Meetings
Collaboratively
define working
group scope &
resources
Develop Detailed
Plan
March
2011
Execute CC
Strategic
program
Continue
Stakeholder
meetings
Integrate results
into tactical
priorities
NIST CC
Forum &
Workshop I
NIST CC
Forum &
Workshop II
NIST CC
Forum &
Workshop III
Oct
2011
Complete
USG Cloud
Computing
Standards
Roadmap
Interagency
Report
Assess
Results &
Replan
NIST CC
Forum &
Workshop
8
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing
Forums & Workshops
• Cloud Computing Forums & Workshops (May & Nov. 2010)
– 300-500 attendees with broad industry, SDO, government & international community program participants
NEXT ONE is April 7 & 8, 2011 on the NIST Gaithersburg MD campus
9
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing Collaboration Site
10
each strategic &
tactical effort is a
NIST-led project &
working group
http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/WebHome
Public NIST cloud web site url
http://www.nist.gov/itl/cloud/index.cfm
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing Program Highlights –
May 2010 through February 2011
Reference Architecture -- surveyed and completed initial analysis of (10) cloud reference architecture models proposed by known cloud organizations, providers and federal agencies, including: Cloud Computing Use Case Discussion Group, Distributed Management Task Force, Cloud Security Alliance, IBM Cloud Reference Architecture, GSA: Federal Cloud Computing Initiative, Cisco Cloud Reference Architecture Framework Open Security Architecture: Secure Architecture Models, SNIA standard: Cloud Data Management Interface , Elastra: A Cloud Technology Reference Model for Enterprise Clouds; Developed reference architecture & taxonomy concepts to facilitate working group efforts
Developing neutral reference architecture & companion taxonomy
System
Developers
CIOs and
IT Managers
Biz Users
Cloud Service
Developers,
Vendors
Software as a Service
Platform as a Service
Infrastructure as a Service
Application
Middle
ware
OS
Hype
rvisor
Hard
ware
IaaS
PaaS
SaaS
Concept only…..
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing Program Highlights –
May 2010 through February 2011
Standards Developing Organizations participation –• NIST submitted the NIST Definition of Cloud Computing, V15, as a proposed US National Body
contribution to the International Organization for Standardization/International Electrotechnical Commission - Joint Technical Committee 1/Subcommittee 38, Distributed Application Platforms & Services (JTC 1/SC 38 Cloud Computing Study Group) (Jan 2011)
Standards Acceleration to Jumpstart Adoption ofCloud Computing (SAJACC) • Portal launched September 2010; • (24) interoperability, security, & portability
requirements draft use cases publically availableNovember 2010;
• Proof of concept test driver available fordata interface February 2011
NIST Cloud Standards Portal
Use Cases
Validated
Specifications
“reference”
Implementations
Standards
Development
Organizations
specifications
standards
Existing Standards
Working Groups
Community
OutreachNIST
SAJACC
Process
National Institute of
Standards and Technology
Information Technology Laboratory
NIST Cloud Computing Program Highlights –
May 2010 through February 2011
Special Publications:1. SP 800 -125, DRAFT Guide to Security for Full Virtualization Technologies, July 2010; revised Dec 2010 2. SP 800 – 144, DRAFT Guidelines on Security and Privacy Issues in Public Cloud Computing, Jan 20113. SP 800 – 145, DRAFT Cloud Computing Definition, Jan 2011
SPs inform best practices, but are not a “rule book” -- key considerations
• Cloud computing is another model – each organization best understands its’ mission and requirements, and can best assess the deployment strategy, benefits, & risks
• Need an Exit Strategy• Need to retain policies – cloud is not an abdication of responsibility• Consider negotiated service level agreements
National Institute of
Standards and Technology
Information Technology Laboratory
Questions?
14
top related