Welcome!

Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


If you're having trouble getting your head around a single cloud deployment, please feel free to skip this article.  Now if you're someone who thinks that most IT resource will eventually live in a private or public cloud-based domain, you're not alone, and you may start looking into how best to work in a multi-cloud environment.

Paul Krill's article "Cerf urges standards for cloud computing" highlights cloud interoperability and portability issues discussed by Vint Cerf, co-designer of the TCP/IP protocol that forms the back bone of modern communication.  It behooves us to consider Cerf's viewpoint on what's required for successful cloud computing.  Some of the points that he makes are as follows:

Authentication/Security
According to Cerf, "Strong authentication will be a critical element in the securing of clouds."  We know that authentication is a core for establishing trust between transacting parties.  This requirement is now further heightened because of the expansion of corporate boundaries out to cloud-based services.  Authenticating to cloud services and accessing only authorized services in a multi-tenant environment will continue to be the most important aspect of establishing trusted connections between enterprises and IaaS, PaaS and SaaS providers.

Now imagine having a set of enterprise applications and systems that have to interact with a set of cloud providers, in a many-to-many topology.  You may, for example, call a SaaS for a commodity business service to create your composite service, while archiving information to Amazon S3 and running intensive business intelligence queries on Amazon EC2.  In this scenario, cloud services, even from the same vendor, may expect different identity tokens, some standards-based, others proprietary.  The problem of multi-cloud computing decomposes to fundamental issues including identity token management, security, and central management and control of such functions.

Here are a couple of resources that are helpful in highlighting identity related issues surrounding cloud computing:

Portability
The second item that Cerf points out is regarding moving your data (business information, virtual images, algorithms, database instances, etc.) between different cloud providers. According to Cerf, "At some point, it makes sense for somebody to say, 'I want to move my data from cloud A to cloud B,' " but the different clouds do not know each other."

Cloud interoperability has a number of dimensions including communication interoperability (HTTP, SOAP, REST), cloud management and interaction API interoperability (createImage, terminateImage, etc.), and image portability.

The good news is that at least most cloud providers have a REST-XML/JSON or a SOAP-based API.  The API calls signatures are all different, but one can readily consume such APIs for image provisioning/de-provisioning and other IaaS functions.  There has been a recent effort to standardize cloud API operations including Open Cloud Computing Interface Working Group.

In addition to such API standardization, moving entire images between various cloud providers would also provide the portability necessary for establishing reliability across multi-cloud environments.  Instead of maintaining multiple images for say Amazon EC2 and Rackspace, having a single image that runs across IaaS providers would reduce management burden on enterprises.  The DMTF Open Virtualization Format provides a common container formats for greater multi-cloud portability.  Here are a couple of resources that one should review while looking at best practices for cloud interoperability and portability:
Cloud gateways have become a core component of managing not just the traffic between enterprises and their cloud providers, but also for managing and protecting security and identity tokens required for enterprise-to-cloud interaction. To avoid Multi-cloud Mayhem, the industry now needs to show greater commitment towards standardization for inter-cloud interoperability, portability and security. Unless our desire is to relive the stone-age era of pre-TCP/IP communication, ask Vint Cerf, he'll give you a few reason on why not to.

Read the original blog entry...

More Stories By Mamoon Yunus

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, he pioneered XML Security Gateways & Firewalls and was granted a patent for XML Gateway Appliances. He has spearheaded Forum's direction and strategy for eight generations of award-winning XML Security products. Prior to Forum Systems, Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.

He holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Yunus as one of four "Up and coming CTOs to watch in 2004." He is a sought-after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."