- Trusted Computing Group (TCG)
- Organization for the Advancement of Structured Information Standards (OASIS)
- SNIA Security Technical Workgroup
- IEEE Storage in Security Workgroup (SISWG) P1619
- INCITS T10 – SCSI
- INCITS T11 – Fibre Channel Interfaces
- INCITS T13 – ATA
- Internet Engineering Task Force (IETF)
- Distributed Management Task Force (DMTF)
- SNIA Storage Management Initiative Specification (SMI-S)
- SNIA Cloud Data Management Interface (CDMI)
- SNIA Extensible Access Method (XAM)
- Open Compute Project (OCP)
- SNIA Solid State Storage Initiative (SSSI) Technical Development Subcommittee
- SNIA Solid State Storage Initiative (SSSI) PCIe SSD Taskforce
- SNIA Non-Volatile Memory Programming (NVMP) Technical Work Group
- SCSI Trade Association (STA) SCSI Express
- SATA Express (SATA-IO)
- NVM Express
- JEDEC JC-64.8 Subcommittee for Solid State Drives
- Distributed Management Task Force (DMTF)
- DMTF Cloud Management Working Group (CMWG)
- DMTF Cloud Auditing Data Federation Working Group (CADF)
- DMTF Software Entitlement Working Group
- DMTF System Virtualization, Partitioning, and Clustering Working Group (SVPC)
- National Institute of Standards and Technology (NIST)
- Object Management Group (OMG)
- Open Cloud Consortium (OCC)
- Organization for the Advancement of Structured Information Standards (OASIS)
- OASIS Cloud Application Management for Platforms (CAMP) TC
- OASIS Cloud Authorization (CloudAuthZ) TC
- OASIS Identity in the Cloud (IDCloud) TC
- OASIS Open Data Protocol (OData) TC
- OASIS Privacy Management Reference Model (PMRM) TC
- OASIS SOA Reference Model TC
- OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) TC
- Storage Networking Industry Association (SNIA)
- The Open Group Cloud Work Group
- TM Forum Cloud Services Initiative
- Cloud Security Alliance
- Storage Security
- Storage Protocols
- Storage Management Protocols
- Non-Volatile Memory and Flash
- Cloud Organizations
In particular the Storage Workgroup (SWG), which writes two standards (Enterprise and Opal) for securing drives that use ATA or SCSI interfaces. All of the rotating media vendors are implementing security as described in this workgroup. ATA and SCSI provide pass-through commands to allow this protocol to be used to secure manage the drive.
Within OASIS, the Key Management Interface Protocol (KMIP) workgroup defines a standard for interoperable key management between key servers and clients. This group dovetails with the TCG SWG to allow devices or computers to securely acquire keys need to unlock or encrypt/decrypt storage from any vendor’s key server.
This group focuses on overall security standards and issues that will affect storage security across a broad range of national and international organizations.
This workgroup defines the encryption techniques used to data securely in tape and block devices. This group has been inactive since 2013.
This is the group which defines the Small Computer System interface. Within the T10 , there are several working groups:
- CAP (Commands, Architecture, and Protocol). Core SCSI architecture.
- PQI (PCI Queuing Interface): This workgroup defines the transport layer for the SCSI over PCIe initiative – SCSI Express.
- SOP (SCSI over PCIe): This workgroup defines various changes to the SCSCI protocol to accommodate any changes or additions require by the PCIe interface.
This is the Fibre Channel, HIPPI, and IPI interface working group. This group also includes the Fibre Channel over Ethernet (FCoE) specification.
This is the standards body defining ATA, SATA, and ATAPI interfaces.
This work group is aimed primarily at internet standards, notably iSCSI.
The DMTF supports management standards for hardware, software, and service vendor. This DMTF management initiatives form the basis for the SNI SMI-s and CDMI initiatives (see below).
SMI is an initiative created by the SNIA to develop and standardize interoperable storage management technologies.
The Cloud Data Management Interface defines the functional interface that applications will use to create, retrieve, update and delete data elements in cloud storage environments.
XAM provides an application programming interface (API) that allows XAM applications to store data in a fashion that does not depend on the specific storage system. This provides a standard access API for application, middleware, and cloud storage interfaces.
This is a Facebook initiative to provide an efficient, standardized, and low cost computing infrastructure. The two primary subcommittees in this group are the management and storage committees.
The SSSI Technical Development Subcommittee (TechDev) is responsible for identifying the technical work that is needed to develop SSSI-related specifications. This includes the Solid State Storage (SSS) Performance Test Specification (PTS).
This is a technically oriented committee of the SSSI to provide guidance to the SSD marketplace on PCIe SSDs. This takes the form of educational materials, best practices documents and SNIA standards.
The SNIA NVMP TWG acts as the primary technical entity for the SNIA to identify, develop, and coordinate systems standards for software enabling NVM hardware, with the goal of producing a comprehensive set of specifications and to drive consistency of software interface standards and messages related to NVM hardware. The TWG will develop a programming model specification for in-kernel NVM interfaces and will develop a specification defining the interaction between applications and the kernel for applications directly using NVM storage (such as database software).
SCSI Express is an initiative of the SCSI Trade Association to compete directly with the NVM Express initiative by implementing SCSI over PCIe rather than a T13 ATA register based interface.
The Serial ATA International Organization (SATA-IO) is the group responsible for developing, managing, and driving adoption of the Serial ATA specifications. In particular, SATA Express is a new specification under development by SATA-IO that combines SATA software infrastructure with the PCI Express interface to deliver high-speed storage solutions. The goal of this technology is to provide a cost-effective means to increase device interface speeds to 8Gb/s and 16Gb/s.
The NVM Express 1.0 specification defines an optimized register interface, command set, and feature set for PCI Express® (PCIe®)-based Solid-State Drives (SSDs). This specification uses the T13 ATA interface rather than the SCSI over PCI (SOP) specification used by the SCSI Trade Association (STA).
The goal of this committee is to provide meaningful, real-life, endurance and reliability metrics to better enable customers to select the right SSD for their expected applications and workloads. This group published two standards for solid state drives: JESD218 Solid-State Drive (SSD) Requirements and Endurance Test Method and JESD219 Solid-State Drive Endurance Workloads. These are available for free download.
The CMWG is focused on standardizing interactions between cloud environments through specifications to achieve interoperable cloud infrastructure management between service providers and their consumers and developers.
The Cloud Infrastructure Management Interface (CIMI) Specification is a key piece of DMTF’s overall cloud strategy and is the first standard from the Cloud Management Working Group (CMWG). CIMI is an interface for infrastructure clouds, allowing cloud users to dynamically provision, configure and administer their cloud usage using a high level interface that abstracts away much of the complexity of systems management.
Additional standards and documents include:
- Cloud Infrastructure Management Interface (CIMI) Primer,
- Cloud Infrastructure Management Interface – XML Schema
- Cloud Infrastructure Management Interface – CIM (CIMI-CIM)
The CADF is working to develop open standards for audit data which can be federated from cloud providers, with the intent to elevate customer’s trust in cloud hosted applications. Specifications and profiles produced by the CADF will help protect the investments of companies seeking to move their applications to cloud deployment models and preserve their ability to audit operational processes, regardless of their chosen cloud provider. The CADF develops specifications for audit event data and interface models and a compatible interaction model that will describe interactions between IT resources for cloud deployment models.
The key specification of this group is the Cloud Auditing Data Federation (CADF) – Data Format and Interface Definitions Specification.
The Software Entitlement Working Group is focused on addressing software license management challenges in cloud systems and virtual environments. This group is working to develop a set of recommendations to guide future industry standardization of software license management in these environments.
This group develops white papers focused on the challenges identified to enable the industry to manage licensed software product(s) and product usage, and to move closer to interoperable solutions. It also identifies real world use cases and scenarios, and capture existing or proposed solutions that identify licensed software products and product usage based on a common set of definitions.
The SVPC creates standards for managing virtualized environments, helping to manage the lifecycle of a virtual computer system, discover inventory virtual computer systems and to monitor virtual systems for health and performance.
The primary specification produced by this group is the Open Virtualization Format (OVF) Specification, which is a packaging standard designed to address the portability and deployment of virtual appliances. OVF enables simplified and error-free deployment of virtual appliances across multiple virtualization platforms. OVF is a common packaging format for independent software vendors (ISVs) to package and securely distribute virtual appliances, enabling cross-platform portability. By packaging virtual appliances in OVF, ISVs can create a single, pre-packaged appliance that can run on customers’ virtualization platforms of choice.
NIST has published two new documents on cloud computing: the first edition of a cloud computing standards roadmap and a cloud computing reference architecture and taxonomy. These documents can be found at:
- NIST Cloud Computing Standards Roadmap
- Inventory of Standards Relevant to Cloud Computing
- NIST Cloud Computing Reference Architecture
OMG is an international, open membership, not-for-profit computer industry consortium. OMG has several hundred members including commercial concerns, universities, and government agencies. Cloud issues are handled in the Cloud Standards Customer Council whose goals are:
- Deliver customer-focused content in the form of best practices, patterns, case studies, use cases, and standards road maps.
- Influence the standards development process for new cloud standards.
- Facilitate the exchange of real-world stories, practices, lessons and insights.
As such, there are no standards generated by this portion of the organization.
The OCC is an international not for profit organization that manages and operates cloud computing infrastructure to support scientific, medical, health care and environmental research. There are approximately 30 OCC members who include universities, companies, government agencies and national laboratories. The OCC is designed to serve medium to large size research projects by managing and operating a cloud computing infrastructure that can be shared across these projects.
There are several technical committees in OASIS that are addressing cloud issues.
The OASIS CAMP TC advances an interoperable protocol that cloud implementers can use to package and deploy their applications. CAMP defines interfaces for self-service provisioning, monitoring, and control. Based on REST, CAMP is expected to foster an ecosystem of common tools, plugins, libraries and frameworks, which will allow vendors to offer greater value-add.
The OASIS CloudAuthZ TC develops enhanced models for managing authorizations and entitlements in SaaS, PaaS, and IaaS contexts. CloudAuthZ enables contextual attributes and contextual entitlements sets to be delivered to Policy Enforcement Points in real time. With CloudAuthZ, authorization decisions can be informed by data such as where users are, what they are doing, which device they are using, etc.
The OASIS IDCloud TC works to address the serious security challenges posed by identity management in cloud computing. The TC identifies gaps in existing identity management standards and investigates the need for profiles to achieve interoperability within current standards. It performs risk and threat analyses on collected use cases and produces guidelines for mitigating vulnerabilities.
The OASIS OData TC works to simplify the querying and sharing of data across disparate applications and multiple stakeholders for re-use in the enterprise, Cloud, and mobile devices. A REST-based protocol, OData builds on HTTP, AtomPub, and JSON using URIs to address and access data feed resources. It enables information to be accessed from a variety of sources including (but not limited to) relational databases, file systems, content management systems, and traditional Web sites. OData provides a way to break down data silos and increase the shared value of data by creating an ecosystem in which data consumers can interoperate with data producers in a way that is far more powerful than currently possible, enabling more applications to make sense of a broader set of data.
The OASIS PMRM TC works to provide a standards-based framework that will help business process engineers, IT analysts, architects, and developers implement privacy and security policies in their operations. PMRM picks up where broad privacy policies leave off and provides a guideline for developing operational solutions to privacy issues. It also serves as an analytical tool for assessing the completeness of proposed solutions and as the basis for establishing categories and groupings of privacy management controls.
The OASIS Service Oriented Architecture (SOA) Reference Model TC develops a reference model to encourage the continued growth of different and specialized SOA implementations while preserving a common layer of understanding about what SOA is.
The OASIS TOSCA TC works to enhance the portability of cloud applications and services. TOSCA will enable the interoperable description of application and infrastructure cloud services, the relationships between parts of the service, and the operational behavior of these services (e.g., deploy, patch, shutdown)–independent of the supplier creating the service, and any particular cloud provider or hosting technology. TOSCA will also make it possible for higher-level operational behavior to be associated with cloud infrastructure management.
The primary cloud standard produced by SNIA is the Cloud Data Management Interface (CDMI). CDMI defines the functional interface that applications will use to create, retrieve, update and delete data elements from the Cloud. As part of this interface the client will be able to discover the capabilities of the cloud storage offering and use this interface to manage containers and the data that is placed in them. In addition, metadata can be set on containers and their contained data elements through this interface. This interface is also used by administrative and management applications to manage containers, accounts, security access and monitoring/billing information, even for storage that is accessible by other protocols. The capabilities of the underlying storage and data services are exposed so that clients can understand the offering.
The Open Group is a global consortium that enables the achievement of business objectives through IT standards. The Open Group Cloud Computing Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include cloud computing technology in a safe and secure way in their architectures to realize its significant cost, scalability and agility benefits. It is aimed at eliminating vendor lock-in for enterprises looking to benefit from cloud products and services.
TM Forum is an international, non-profit industry association focused on enabling service provider agility and innovation. The TM Forum Cloud Services Initiative includes the Enterprise Cloud Leadership Council (ECLC), Multi-Cloud Management tools, the Cloud Services Community, and a collection of demonstrations. The Forum’s work in cloud is targeted at developing best practices and tools that help all players meet the needs of their clients and partners as they deliver and consume digital services hosted in the cloud.
This organization includes over 900 organizations, including almost all of the major technology corporations, universities, and governmental agencies. This organization is focused on management of cloud services.
The Cloud Security Alliance (CSA) is a not-for-profit organization to promote the use of best practices for providing security assurance within Cloud Computing and to provide education on the uses of Cloud Computing to help secure all other forms of computing. This group has approximately 100 corporate members, mostly security related organizations and some OSVs.