Cloud computing

Blockchain technology has the potential to have a major impact on how institutions process transactions and conduct business.
 
Blockchain technology provides a secure transaction ledger database through a decentralized network. It has the potential to reduce operational costs and friction, create transaction records that are secure and immutable, enable transparent ledgers with nearly instant updates, and open up new opportunities for growth.
 
This whitepaper introduces basic blockchain concepts that define a standard reference architecture that can be used in creating blockchain applications.
 
Sections of the paper include:

• Blockchain fundamentals
• Key characteristics of a blockchain network
• Blockchain reference architecture capabilities
• An example supply chain scenario using the Hyperledger Fabric blockchain implementation
• Cloud deployment considerations
• Specific examples of blockchain applications

Cloud Customer Architecture for Hybrid Integration introduces a core reference architecture and key concepts for hybrid integration in the enterprise.
 
IT environments are now fundamentally hybrid in nature – devices, systems, and people are spread across the globe, and at the same time virtualized. Achieving integration across this ever-changing environment is a significant challenge. This paper explores common architecture patterns seen in enterprises tackling this issue.
 
Hybrid integration can be looked at from many perspectives including application, data, and infrastructure. This whitepaper positions hybrid integration from an application perspective, and presents the reference architecture as a seamless integration from cloud to on-premises for events, APIs, and data.

The “Software Defined Perimeter (SDP) protocol,” is designed to provide on-demand, dynamically provisioned, air-gapped networks. Air-gapped networks are trusted networks that are isolated from all unsecured networks and this may allow them to mitigate network-based attacks. The SDP protocol is based on workflows invented by the Department of Defense (DoD) and used by some Federal Agencies. Networks based on these workflows provide a higher level of security, but are thought to be very difficult to use compared to traditional enterprise networks.
 

The Software Defined Perimeter (SDP) has adapted the generalized DoD workflow but has modified it for commercial use and made it compatible with existing enterprise security controls. Where applicable, SDP has followed NIST guidelines on cryptographic protocols. SDP can be used in government applications such as enabling secure access to FedRAMP certified cloud networks as well as enterprise applications such as enabling secure mobile phone access to public clouds.

The DSP0263 specification describes the model and protocol for management interactions between a cloud Infrastructure as a Service (IaaS) Provider and the Consumers of an IaaS service. The basic resources of IaaS (machines, storage, and networks) are modeled with the goal of providing Consumer management access to an implementation of IaaS and facilitating portability between cloud implementations that support the specification. This document specifies a Representational State Transfer (REST)-style protocol using HTTP. However, the underlying model is not specific to HTTP, and it is possible to map it to other protocols as well.  

CIMI addresses the management of the life cycle of an infrastructure provided by a Provider. CIMI does not extend beyond infrastructure management to the control of the applications and services that the Consumer chooses to run on the infrastructure provided as a service by the Provider. Although CIMI may be to some extent applicable to other cloud service models, such as Platform as a Service (PaaS) or Storage as a Service ("SaaS"), these uses are outside the design goals of CIMI.

This document makes use of the common meta-model used by CIM, the Common Information Model to describe the CIMI logical model. This is defined in DSP004, CIM Infrastructure Specification 2.7.

Transformation of the CIMI CIM into CIM metamodel conformant representations enables access of the services defined by CIMI in CIM-based environments. Such environments encompass a broad range of supported operating systems, languages, platforms, protocols, and other technologies.

This specification describes transformations in a manner that enables any CIM metamodel conformant representation. This document will utilize MOF for examples of such transformations.

The Open Virtualization Format (OVF) Specification describes an open, secure, efficient and extensible format for the packaging and distribution of software to be run in virtual systems. The OVF package enables the authoring of portable virtual systems and the transport of virtual systems between virtualization platforms. This version of the specification (2.1) is intended to allow OVF 1.x tools to work with OVF 2.x descriptors in the following sense:

• Existing OVF 1.x tools should be able to parse OVF 2.x descriptors.
• Existing OVF 1.x tools should be able to give warnings/errors if dependencies to 2.x features are required for correct operation.

If a conflict arises between the schema, text, or tables, the order of precedence to resolve the conflicts is schema; then text; then tables. Figures are for illustrative purposes only and are not a normative part of the standard.

A table may constrain the text but it shall not conflict with it.

The profile conforms to the cited CIM Schema classes where used. Any requirements contained in the cited CIM Schema classes shall be met. If a conflict arises the CIM Schema takes precedence.
The profile conforms to the cited OVF XML Schema. It may constrain the schema but it shall not conflict with it. If a conflict arises the OVF XML Schema takes precedence.
 
This standard is also published as ISO/IEC 17203:2017

Concerns over cloud provider security remain one of the top inhibitors to adoption of cloud deployment models. Potential consumers of cloud deployments need assurance that the security policies they require on their applications are consistently managed and enforced “in the cloud” as they would be in their enterprise.
A cloud provider’s ability to provide specific audit event, log, and report information on a per-tenant and application basis is essential. It is apparent that in order to meet these customer expectations, cloud providers must provide standard mechanisms for their tenant customers to self-manage and self-audit application security that includes information about the provider’s hardware, software, and network infrastructure used to run specific tenant applications.
A proven method to address such needs is to develop open standards to enable information sharing. Specifically, this specification provides a data format and interface definitions that support the federation of normative audit event data to and from cloud providers in the form of customized reports and logs. This specification also defines a means to attach domain-specific identifiers, event classification values, and tags that can be used to dynamically generate customized logs and reports for cloud subscribers or customers.
Adoption of this and other open standards by cloud providers’ management platforms would go far to instill greate trust in “cloud hosted applications” and be a significant step forward in fulfilling the promise of an open cloud marketplace.

This document makes use of the common meta-model used by CADF, the Cloud Audit Data Federation to describe the events used by the OpenStack Cloud Management Platform.
 
The document DSP0262 defines the CADF model.

In order to promote the wide spread adoption of OVF it is important that software vendors have confidence in the ability to build an OVF that can be deployed on a set of target virtualization platforms (aka hypervisors). To this end it is useful to define additional constraints and requirements on the OVF package to enable automated deployment and portability. Interoperability, i.e., the ability to be deployed on target virtualization platforms, is also enhanced.
The Open Virtualization Format standard defines conformance requirements, but these are not sufficient for the use cases that this specification addresses. Conformance can be done by inspection, checking for the ovf:required tag in the OVF and noting the conformance level as specified in the standard.
Software developers need guidelines for what needs to be included in each section of the environment file to ensure that a deployment function is capable of deploying the OVF.

The Cloud Data Management Interface defines the functional interface that applications will use to create, retrieve, update and delete data elements from the Cloud. As part of this interface the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface.
 
This interface is also used by administrative and management applications to manage containers, accounts, security access and monitoring/billing information, even for storage that is accessible by other protocols. The capabilities of the underlying storage and data services are exposed so that clients can understand the offering.
 
The CDMITM International Standard specifies the interface to access cloud storage and to manage the data stored therein. This International Standard applies to developers who are implementing or using cloud storage. It documents how to access cloud storage and to manage the data stored there.
 
This standard is also published as ISO/IEC 17826:2016.

Cloud Customer Architecture for API Management is an introduction to API Management and the architecture elements of an effective API Management Platform.
 
An API (Application Programming Interface) exposes defined business assets, data, or services for public consumption. APIs allow companies to open up data and services to create innovative channel applications that drive digital transformation. An effective API Management Platform provides a layer of controlled and secure self-service access to these core business assets for reuse.
 
This whitepaper describes the lifecycle approach to creating, running, managing and securing APIs. It covers the principles and characteristics of selecting an API Management Platform, as well as runtime

Cloud Customer Architecture for Big Data and Analytics describes the architectural elements and cloud components needed to build out big data and analytics solutions.
 
Big data analytics and cloud computing are a top priority for CIOs. Harnessing the value and power of big data and cloud computing can give your company a competitive advantage, spark new innovations, and increase revenue. Many companies are experimenting and iterating with different cloud configurations as a way to understand and refine requirements for their big data analytics solutions without upfront capital investment.
 
This whitepaper includes proven architecture patterns that have been deployed in successful enterprise projects and a description of capabilities offered by cloud providers.