About the European Cloud Partnership

From Report from the European Cloud Partnership Steering Board meeting of 4 July 2013 in Tallinn, 12 August 2013: “On 27 September 2012 the Commission adopted the European Cloud Strategy in the form of a Communication entitled “Unleashing the Potential of Cloud Computing in Europe”, in which it announced the intention to set up a European Cloud Partnership (ECP). Under the guidance of the Steering Board, the ECP brings together public authorities and industry consortia to advance the objectives of the Strategy towards a digital single market for cloud computing. On the 4th of July 2013, the ECP organised its second full Steering Board meeting in Tallinn.” The full report can be downloaded here. Report European Cloud Partnership Steering Board Meeting July 2013

Some thoughts on the two topics discussed:

PRISM: No big surprise to see that on the agenda. Hope is that  a high-profile activity like the ECP is not engaging in the just too frequent FUD-type of discussions but will support their strategy and implementation with solid social and technology research.

Cloud Standards: From the report “There is a need to identify minimal standards, based on existing best practices. These should focus on public sector needs, but the private sector is free to adopt these if it sees a benefit to doing so. Past experiences with the GSM standards are recalled, where a strong and forced EU level standardisation push made the EU a global leader in mobile technology.”  –  To draw a line between GSM and Cloud Computing looks just too typical for the European ICT sector, which is mostly known for their Telco incumbents. It would be interesting to learn more about the actual motivations behind this bold statement. So far, the Cloud Computing sector proves that standards are not needed. Also, since this statement is from a Telefonica representative, this needs to be viewed in the context of Telco standardization efforts beyond communication systems, WAC, GSMA, Parlay/Parlay-X, RCSe to name a few, all of which still have to prove real impact on the Internet.

Cloud for Europe: Is this any connected to the FI-PPP, and most importantly FI-WARE? Or the EGI Federated Cloud? The document refers to a presentation of Helix Nebula but given the fact that Cloud For Europe is a new project (a large one, IP with 20+ partners from 11 EU countries), one risk fragmentation across the meanwhile many different European Cloud research and development activities.

The core components of any HA strategy

In his excellent article in Linux Technical Review #04 Jens-Christoph Brendel proposes a new way how to implement High Availability (HA) in current IT architectures. According to Bendel, modern IT architectures continually gain in complexity. This fact makes it difficult to guarantee availability on a certain level. Nevertheless High Availability is not merely a competitional advantage: for many companies keeping availability levels above 99,999 % per year is a matter of existence. Therefore a few systematic steps should help in planning and implementing high availability in your IT environment. This article shows a possible strategy on how to plan High Availability in the Mobile Cloud environment.

Redundancy vs. Complexity

According to Brendel, every HA-strategy starts with an evaluation of necessary degrees of availability each architecture component requires. Basically availability can be increased by adding redundant components (as mentioned in my former article). On the other hand, every new component makes the overall system more complex and increases the risk of component failures.  In short: there is always a trade off between avoiding system component outages and adding complexity (and possible points of failure) to the overall architecture by adding redundant components to an IT architecture. For the OpenStack environment this means one has to classify the different OpenStack components according to the availability an OpenStack user requires.

AEC-classification proposal for OpenStack

One possible classification for IT components is the AEC-classification developed by the Harvard Research Group. The AEC-classes reach from AEC-0 (non-critical systems, typically 90% availability) to AEC-5 (disaster-tolerant systems, 99.99999% or “Five-Nines” availability). OpenStack basically consists in the following components: Nova (including Nova-Compute, Nova-Volume and Nova-Network), Horizon, Swift (ObjectStore), Glance, Cinder, Quantum and Keystone. A typical OpenStack end user has to deal with these components in order to be able to handle his cloud installation. One has to think about the targeted availability levels of these components in order to know more about the overall stability of the OpenStack cloud environment. Some components need not be AEC-5, but for others AEC-5 is a must. The following table is a proposal of AEC-classes for each of the OpenStack components.

table_aec

Of course the real availability architecture of a productive OpenStack implementation also depends on how many OpenStack nodes are used and on the underlying virtual and even physical infrastructure, but this proposal serves as a good starting point to think about adequate levels of availability in productive OpenStack architectures. How do we secure critical components like Nova or Keystone against failures? Any OpenStack HA strategy must focus on this question first.

Risk Management and the “Chaos Monkey”

The next steps towards developing an OpenStack HA strategy are risk identification and risk management. It is obvious that the risk of a component failure depends on the underlying physical and virtual infrastructure of the current OpenStack implementation and also on the requirements of the end users, but to investigate risk probabilities and impacts, we must have a test on what happens to the OpenStack cloud if some components fail. One such test is the “Chaos Monkey” test developed by Netflix. A “Chaos Monkey” is a service which identifies groups of systems in an IT architecture environment and randomly terminates some of the systems. The random termination of some components serves as a test on what happens if some systems in a complex IT environment randomly fail. The risk of component failures in an OpenStack implementation could be tested by using such Chaos Monkey services. By running multiple tests on multiple OpenStack configurations one can easily learn if the current architecture is able to reach the required availability level or not.

Further toughts

Should OpenStack increase in terms of availability and redundancy? According to TechTarget, the OpenStack Grizzly release should become more scalable and reliable than former releases. A Chaos Monkey test could reveal if the decentralization of components like Keystone or Cinder can lead to enhanced availability levels.

 

 

 

 

 

European Commission Cloud Announcements

While the [ICCLab presented](http://ec.europa.eu/information_society/events/cf/ictpd12/document.cfm?doc_id=23258) at the [ICT Proposer’s Day in Warsaw](http://ec.europa.eu/information_society/events/ictproposersday/2012/index_en.htm), a very interesting announcement was made in relation to Europe’s strategy on Cloud Computing.

On Thursday, the vice president of the European commission, [Neelie Kroes](http://en.wikipedia.org/wiki/Neelie_Kroes), announced [further details](http://europa.eu/rapid/pressReleasesAction.do?reference=IP/12/1025&format=HTML&aged=0&language=EN&guiLanguage=en) on the European Cloud Partnership.

From the ICCLab’s perspective this is a very exciting announcement as it underlines some of our key research themes that investigated here, namely [dependability and interoperability](http://www.cloudcomp.ch/research/foundation/themes/). Also encouraging is [the reuse](http://ec.europa.eu/information_society/activities/cloudcomputing/docs/com/swd_com_cloud.pdf) of much good work carried out in the area of standardisation by [the SIENA initiative](www.sienainitiative.eu) as quoted in the “[Staff Working Paper](http://ec.europa.eu/information_society/activities/cloudcomputing/docs/com/swd_com_cloud.pdf)”.

In the announcement on Thursday arguments for why Europe should be engaging more with cloud were given. For many in the ICT domain these are well known but what is more interesting in this announcement and the accompanying report are the set of 3 key actions ([from the accompanying ECP document](http://ec.europa.eu/information_society/activities/cloudcomputing/docs/com/com_cloud.pdf)):

1. Cutting through the Jungle of Standards
– Promote trusted and reliable cloud offerings by tasking ETSI to coordinate with stakeholders in a transparent and open way to identify by 2013 a detailed map of the necessary standards (inter alia for security, interoperability, data portability and reversibility).
– Enhance trust in cloud computing services by recognising at EU-level technical specifications in the field of information and communication technologies for the protection of personal information in accordance with the new Regulation on European Standardisation.
– Work with the support of ENISA and other relevant bodies to assist the development of EU-wide voluntary certification schemes in the area of cloud computing (including as regards data protection) and establish a list of such schemes by 2014.
– Address the environmental challenges of increased cloud use by agreeing, with industry, harmonised metrics for the energy consumption, water consumption and carbon emissions of cloud services by 2014.
2. Safe and Fair Contract Terms and Conditions
– Develop with stakeholders model terms for cloud computing service level agreements for contracts between cloud providers and professional cloud users, taking into account the developing EU acquis in this field.
– In line with the Communication on a Common European Sales Law29, propose to consumers and small firms European model contract terms and conditions for those issues that fall within the Common European Sales Law proposal. The aim is to standardise key contract terms and conditions, providing best practice contract terms for cloud services on aspects related with the supply of “digital content”.
– Task an expert group set up for this purpose and including industry to identify before the end of 2013 safe and fair contract terms and conditions for consumers and small firms, and on the basis of a similar optional instrument approach, for those cloud-related issues that lie beyond the Common European Sales Law .
– Facilitate Europe’s participation in the global growth of cloud computing by: reviewing standard contractual clauses applicable to transfer of personal data to third countries and adapting them, as needed, to cloud services; and by calling upon national data protection authorities to approve Binding Corporate Rules for cloud providers.30
– Work with industry to agree a code of conduct for cloud computing providers to support a uniform application of data protection rules which may be submitted to the Article 29 Working Party for endorsement in order to ensure legal certainty and coherence between the code of conduct and EU law.

3. Establishing a European Cloud Partnership to drive innovation and growth from the public sector.
– identify public sector cloud requirements; develop specifications for IT procurement and procure reference implementations to demonstrate conformance and performance.33
– Advance towards joint procurement of cloud computing services by public bodies based on the emerging common user requirements.
– Set up and execute other actions requiring coordination with stakeholders as described in this document.

This annoucement was coupled with the news that the EU commission will supporting its cloud strategy with [160B EUR to the EU GDP by 2020](http://techcrunch.com/2012/09/27/europe-shoots-for-the-clouds-ec-lays-out-new-cloud-strategy-to-add-e160b-to-eu-gdp-by-2020/).

# What is the ECP?
The ECP is a coming together of public authorities and industry, both Cloud buyers and suppliers. It consists of 3 main phases:

1. Common requirements for cloud technology procurement. Typical examples here include standards and security.
2. The delivery of proof-of-concepts for the common requirements
3. Creation of reference implementations

It was originally outlined [in a speech](http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/12/38&format=HTML&aged=0&language=EN&guiLanguage=en) by Neelie Kroes in late January.

ICCLab Research

The InIT Cloud Computing Lab adopts a comprehensive and holistic approach to science . The entire approach is based on three driving principles, namely **Scientific Foundation**, **Strategic Impact**, and **Knowledge Transfer**. The entire scientific work of the ICCLab is aligned and directed along these inter-linked dimensions.

[Read more about the ICCLab’s approach to research and education](http://www.cloudcomp.ch/research/).