From W3C Wiki
W3C Headlights Program – Cloud Computing Report
The W3C headlights program (see also a separate blog) is a process at W3C whereby new, possible areas of activities are explored. These are technical areas which may have a large impact on the future of the Web, but in which the W3C has not previously been involved. For each of these areas, the fundamental question that has to be answered is “Should the W3C community become involved in this area?”. A number of informal groups have been set up to explore the areas listed. The plan is to make a decision on W3C’s involvement (or not) in these areas in July 2012.
One of the technical areas is Cloud Computing. This is a report from the Cloud Computing area based on discussions over four telephone conferences and several email exchanges. The report consists of three parts: Introductory Discussion, a Possible Approach and a Charter for a Proposed Cloud Computing Community Group.
The following core ideas were generated by the team during a series of conference calls:
- There is a great deal of ferment in Cloud Computing including a general movement from IaaS to PaaS (see below for a detailed explanation of these terms). Perhaps too early to standardize.
- There are already a large number of standards activities in the Cloud space. We should not add to these without good reason.
- Most of the Cloud Computing API work is based on URIs and REST, concepts developed by the W3C. It may be best for the W3C to concentrate on developing such fundamental technologies. See, for example, the proposed Linked Data Patterns WG
Ferment in Cloud Computing
- Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks (networking within IaaS is occasionally referred to as Network as a Service, NaaS), and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
- Platfom as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
- Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings. Examples of such services include DBaaS (Database as a Service)
IaaS Industry Focus
Within the IaaS cloud space there are implementations that let you switch from one Cloud provider to another, like Delta Cloud; other vendors claim you can just move your applications to the Cloud without any reprogramming, like CloudSwitch and others. Thus, there is continuing development about exactly how the IaaS Cloud will be used. In addition to the large companies, there are a number of start-ups in the arena, each with a slightly different take on the situation. It’s not clear when the innovation will plateau or exactly what the stable landscape will look like.
An open source effort that is attracting a great deal of interest is OpenStack. This provides a "Cloud Operating System" and an "eventually consistent" replicated object store along with an identity service, an image service, and an interface. Several companies, both small and large, have become part of the OpenStack family either to build IaaS services on top of OpenStack or, perhaps, merely to use the interfaces which may become a de facto standard.
Many Cloud Computing Standards
To a large extent, industry standardisation has already occurred within the IaaS cloud. The majority of the APIs offered by IaaS clouds, and IaaS standard based interfaces are based on URIs and REST. Cloud-Standards.org lists most of the efforts. It also lists organizations that try and make sense of the standards and offer best practices. Some of the more important ones are listed below:
- Cloud Security Alliance – Created to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
- Cloud Standards Customer Council – The goal of the council is to separate the hype from the reality on how to leverage what customers have today and how to use open, standards-based cloud computing to extend their organizations.
- Distributed Management Task Force (DMTF) has three efforts:
- OVF Open Virtualization Format – An IaaS focused solution for managing virtual machine images.
- Cloud Management Working Group (CMWG) – IaaS focused group to deliver architectural semantics as well as implementation details to achieve interoperable management of clouds
- Cloud Auditing Data Federation Working Group (CADF) – will develop federating cloud audit information, which will instill customers with greater trust in cloud hosted applications.
- Open Grid Forum
- Open Cloud Computing Interface Working Group (OCCI) – IaaS focused group, another specification to provide specifications for cloud-based interactions with resources in a way that is explicitly vendor-independent, platform-neutral.
- OASIS has three relevant technical committees:
- Storage Networking Industry Association (SNIA)
In addition, there are international Cloud standards efforts in INCITS/DAPS38 and ISO JTTC1/SC38. There are also Cloud Standards efforts in the EU.
Web Applications and the Cloud
The majority of cloud standards aim to address IaaS based cloud technology. They do not address PaaS. There is, however, increasing buzz around PaaS. See, for example Open Cloud Conference. In general, the approach taken by PaaS-based clouds restricts web application portability. There is an opportunity for the W3C to utilise its experience in standardising web technology to aid PaaS web application portability and redefine how web applications can be structured to utilise cloud resources. There are a number of existing and ongoing standardisation and development efforts within the W3C which could be leveraged in this endeavour. This is why the W3C is the perfect place to investigate and drive this effort.
PaaS Application Portability
The arrival of cloud technology lowers the cost of entry for many web application developers. The emerging
Rest-based standards do support the creation of portable IaaS based applications. This is achieved by providing a programming language independent interface based on HTTP (Rest). The cloud industry is, however, moving away from the traditional IaaS provider model to a PaaS provider model where the application can be run on a platform without the user having to configure and manage machines, storage and networks.
Currently, there is no PaaS standard and the problems discussed in this section will be ameliorated when there is one but as of now, the facilities offered by PaaS vendors differ significantly. IaaS standards cannot be used to support portable applications within the PaaS world. This is because the cloud (PaaS) platforms often provide programming language specific interfaces, and the traditional cloud resources (compute, storage and networking) are often presented in more abstract ways to those visible to IaaS developers. As an example, within PaaS, computing can be realised as a process, not a full virtual machine.
Additionally, PaaS vendors provide language-specific platform services that can be used by applications such as message queue, servlet container and database, but differ from provider to provider. This has resulted in an environment where a number of cloud platforms exist with each supporting differing sets of programming languages, and each platform providing its own set of platform services. In this environment, moving an application between platforms requires, at best, that the developer rewrite the portions of their application which interact with the platform services. At worst, it means that the developer must rewrite their entire application in a different programming language.
To summarise, there are three core issues which currently limit PaaS application portability:
- There are widely differing abstractions of traditional cloud resources available within the PaaS industry. This makes it hard for developers to create applications which can port easily between PaaS providers.
- The varying set of platform services available on PaaS providers means that a developer who commits to using one set of technology with a chosen provider may find that the same technology is not available on other PaaS providers.
- The URI and Rest approach to standards taken within the IaaS Cloud environment doesn’t provide application portability for PaaS. Even if the URI / REST based interfaces are available with PaaS, as the supported languages available from each PaaS provider can differ, the developer will still have to re-implement their application code in a different development language to move between PaaS providers supporting different languages.
These issues are affecting web application developers using PaaS providers to develop new sites and services. This limited interoperability forces developers to focus on a specific technology, and therefore a provider.
Leveraging the Power of the Client and Cloud
The increasing use of HTML5 within the client and the adoption of concepts such as Web Workers allow the client components of a web application to become more complex. This is offering new application architectures and structures.
A typical web application is structured as follows: A web server provides a browser with a set of assets which compose the application; these are HTML, CSS, JS and images etc. Once downloaded the browser effectively executes the client side of the web application. During the lifetime of the application the client side code will typically call back to the issuing domain via, e.g., xHTTP requests; these in turn provide the client application with access to the services provided by the cloud environment. For instance calls back to the domain could request additional compute or data storage for the client. To support this model the developer effectively creates a working REST based API, which provides an interface between the client front end and the cloud provider's services. This is essentially boilerplate code. Creating and maintaining that boilerplate is an additional cost to the developer.
One Application Many Development Environments
Ultimately the developer has to keep several different parts of their application in several different languages, and then needs to keep all of the functionality in lock step and in sync. New feature development requires both server code and client side code changes, and can often also mean changes to the underlying database structures. This increases application complexity, increases the time and costs of developing and maintains applications.
IaaS providers and technology developers do not address this technology rift. This is because IaaS developers provide only infrastructure. A future PaaS solution could address this, if it did so it would reduce technology complexity for 3rd party developers and make their web application development cheaper and quicker.
A Possible Way Forward
The adoption of the same interfaces removes the need for developers to create and maintain their own boiler plate code, further reducing the cost of cloud based web application development.
- Cloud storage
- Cloud computing
Web Application Cloud Interface Community Group
At some point in future, considering the outcome of the Community Group's work, it will be decided whether the specification should be advanced to a W3C Recommendation, via a dedicated Working Group.
Proposed Charter Text
Creating a charter helps to aid the establishment of a community group, by providing focus and direction. The following is a proposed charter which aims to enable the group to investigate and evaluate the proposed approach. The charter allows the group to propose ways to realise its goals via the influence on other W3C groups, or by suggesting the creation of new groups.
The Web Application Cloud Interface (WACI) Community Group will provide a set of use cases and white papers which capture the identified gaps for web application developers inside the PaaS cloud ecosystem; application portability on PaaS clouds and lowering the cost and complexity of web application development. It will focus on a single interface for cloud compute, messaging, networking and storage available from both client and server (cloud) locations.
The group aims to leverage existing web technology being developed within the W3C to fulfill the requirements identified within the use cases and white papers.
This initiative will identify missing functionality which needs to be developed to address the use cases. Any such missing functionality, once identified, will be documented, and addressed in one of two ways:
- The group may suggest that specifications to address this functionality may be developed within an existing working/community group within the W3C
- The group may suggest that a new working/community groups should be formed to focus on the specific missing functionality
The WACI community group will not directly define standards, nor will it create technical specifications. Existing working groups will be leveraged, and new working groups recommended to be formed to define technical specifications and standards which meet the community group’s identified requirements.
As noted above the WACI CG will neither create technical specifications nor define standards. Therefore as defined in the Contributor License Agreement (CLA), there will be no new patent licensing commitments due to participation in this group.
"Infrastructure as a Service" (IaaS) based cloud services defined the core components of cloud technology, like computing in the form of Virtual Machines, networking in the form of load balancers and firewalls, and network based storage. The PaaS cloud industry has taken these core concepts (compute, storage, and communication) further and has re-defined them as more abstract concepts (for instance compute is a process, not a full virtual machine). These PaaS abstractions are offered to users as language extensions or libraries. However, the widely differing implementations available within the PaaS industry make it hard for developers to develop portable applications, i.e., applications that can move among different PaaS providers.