opsawg Shao Weixiang Internet-Draft Hu Jie Intended status: Standards Track Bhumip Khasnabish Expires: September 27, 2012 ZTE Corporation March 26, 2012 Cloud Service Broker draft-shao-opsawg-cloud-service-broker-03 Abstract This document introduces a Cloud Service Broker (CSB) entity to provide brokering functions between different Cloud Service Providers and Cloud Service consumers. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 27, 2012. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Shao Weixiang, et al. Expires September 27, 2012 [Page 1] Internet-Draft Cloud Service Broker March 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 6 3. CSB Architecture . . . . . . . . . . . . . . . . . . . . . . . 7 3.1. Cloud service publish interface . . . . . . . . . . . . . 7 3.2. Cloud Service Consumer Interface . . . . . . . . . . . . . 8 3.3. Cloud service process . . . . . . . . . . . . . . . . . . 8 3.4. Cloud service adapter . . . . . . . . . . . . . . . . . . 9 4. CSB Interface Definitions . . . . . . . . . . . . . . . . . . 12 4.1. Cloud Service Publish Interface . . . . . . . . . . . . . 12 4.1.1. HTTP Publish Interface Usage . . . . . . . . . . . . . 12 4.1.2. Publish interface Message Package Definition . . . . . 13 4.2. Cloud Service Consumer Interface . . . . . . . . . . . . . 28 4.2.1. HTTP Consumer Interface Usage . . . . . . . . . . . . 29 4.2.2. Consumer interface Message Package Definition . . . . 30 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 5.1. Publish Example . . . . . . . . . . . . . . . . . . . . . 42 5.2. Consumer Example . . . . . . . . . . . . . . . . . . . . . 46 6. Cloud Service Publish Interface XML Schema . . . . . . . . . . 50 7. Cloud Service Consumer Interface XML Schema . . . . . . . . . 65 8. Security Considerations . . . . . . . . . . . . . . . . . . . 79 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 9.1. application/csb-publish+xml MIME Type . . . . . . . . . . 80 9.2. application/csb-consumer+xml MIME Type . . . . . . . . . . 80 9.3. URN Sub-Namespace Registration for csb-publish . . . . . 81 9.4. URN Sub-Namespace Registration for csb-consumer . . . . . 81 9.5. XML Schema Registration for csb-publish . . . . . . . . . 82 9.6. XML Schema Registration for csb-consumer . . . . . . . . . 82 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 83 10.1. Normative References . . . . . . . . . . . . . . . . . . . 83 10.2. Informative References . . . . . . . . . . . . . . . . . . 84 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 85 Shao Weixiang, et al. Expires September 27, 2012 [Page 2] Internet-Draft Cloud Service Broker March 2012 1. Introduction As specified in the NIST Reference Architecture [NIST RA]document, Cloud Broker is an entity manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. As specified in the Technical Considerations for US Government Cloud Computing Deployment Decisions [USG CCDD]document, Broker analogous to Intercloud Exchange where clouds can interoperate. As specified in the ITU-T Focus Group Cloud Computing Draft deliverable on Introduction to the cloud ecosystem: definitions, taxonomies, use cases and high level requirements [ITU-T FGCC Ecosystem]document, Inter-cloud service broker(ISB) is the role of indirect interconnection between two (or more) Cloud Service Providers(CSPs) achieved through an interconnecting CSP, in addition to providing interworking service functions between the interconnected CSPs, also provides brokering service functions for one (or more) of the interconnected CSPs. ISB also covers the case in which one (or more) of the interconnected entities receiving brokering service is a cloud service user(CSU). Brokering service functions generally include, but are not limited to, the following three categories: service intermediation, service aggregation and service arbitrage. As specified in the CSAguide [CSAguide] document, Cloud service broker offers intermediation, monitoring, transformation/portability, governance, provisioning, and integration services and negotiate relationships between various cloud providers and consumers. Cloud service broker will emerge as an important component in the overall cloud ecosystem. It will abstract these possibly incompatible capabilities and interfaces on behalf of consumers to provide proxy in advance of the arrival of common, open and standardized ways of solving the problem longer term with a semantic capability that allows fluidity and agility in a Consumer being able to take advantage of the model that works best for their particular needs. As specified in the CCUCWP [CCUCWP] document, A broker has no cloud resources of its own, but matches consumers and providers based on the SLA required by the consumer. The consumer has no knowledge that the broker does not control the resources. As specified in the SOP Requirements [SOP Requirements]document, A Virtual Provider who does not host or manage services, but redirects requests to other providers who do that. Cloud Service Broker can be considered as a Virtual Provider. Shao Weixiang, et al. Expires September 27, 2012 [Page 3] Internet-Draft Cloud Service Broker March 2012 The simplest deployment view is illustrated in Figure 1. +---+-----+---+ +---+-----+---+ | cloud | | public | | |<-----+ +---->| cloud | +-------------+ | | +-------------+ | | +---+-----+---+ | | +---+-----+---+ | WEB | | | | Private | | Service |<-----+ +---+-----+---+ +---->| cloud | +-------------+ | | cloud | | +-------------+ |---| service |-----| +---+-----+---+ | | broker | | +---+-----+---+ | Application | | +-------------+ +---->| Community | | |<-----+ | | cloud | +-------------+ | | +---+-----+---+ | | +---+-----+---+ | | +---+-----+---+ | user | | +---->| Hybid | | |<-----+ | cloud | +-------------+ +---+-----+---+ Figure 1: Basic Architecture A Cloud Service Broker (CSB) can provide brokering service for different Cloud Service Providers which can base on private cloud, community cloud, public cloud and hybrid cloud. CSB offers intermediation, proxy, monitoring, transformation, portability, governance,provisioning, screening, substitution, security, composition services and negotiate relationships between various Cloud Service Providers and Cloud Service Requesters/Consumers. Cloud Service Requesters/Consumers can be any web services, applications, users (e.g. enterprise users or public consume users), even a cloud. A cloud can through CSB to interworking with other clouds. A CSB can alliance with different clouds, the CSB integrates and composes cloud services by orchestrating the cloud resources and services across various cloud domain and Cloud Service Providers, offers guaranteed cloud services to consumers with SLA. In the cloud ecosystem, the Cloud Service Requesters/Consumers can through CSB to access cloud computing services and resources of Cloud Service Providers. When CSB receives the cloud service consumer requests from Cloud Service Requesters/Consumers, it will select appropriate cloud computing services and resources by Cloud Service Shao Weixiang, et al. Expires September 27, 2012 [Page 4] Internet-Draft Cloud Service Broker March 2012 Providers and specific function pattern to execute related cloud service operations such as intermediation,proxy,monitoring, transformation/portability, governance, provisioning, screening, substitution, security, composition services. CSB will invoke and adapt to the concrete cloud services and resources from various Cloud Service Providers, and return consumer response to Cloud Service Requesters/Consumers. According to SOP Architecture [SOP Architecture]document, CSB is similar to the proxy and specific Cloud Service Providers's platform is similar to Service Node in a SOP Network Architecture. Shao Weixiang, et al. Expires September 27, 2012 [Page 5] Internet-Draft Cloud Service Broker March 2012 2. Conventions and Terminology In this document, BCP 14/RFC 2119 [RFC2119] defines the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL". CSAguide [CSAguide]Cloud Service Broker (CSB): A logical entity that is responsible for offering intermediation, monitoring, transformation, portability, governance, provisioning, and integration services and negotiate relationships between various cloud providers and consumers. NIST Reference Architecture [NIST RA] Cloud Broker:An entity manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. Shao Weixiang, et al. Expires September 27, 2012 [Page 6] Internet-Draft Cloud Service Broker March 2012 3. CSB Architecture +--+-----+----+ +---------------+---------+ +------+------+ |Cloud Service| | Cloud Service Broker | |Cloud Service| | Requesters | | | | Providers | | /Consumers | | +---+-----+ +---+-----+ | | | | +---+-----+ | |-+-|Cloud | |Cloud |-+--| | +---+---+-+ | | | Cloud | | | | |Service | |Service | | | | | IaaS | | | | | | | | |consumer | |publish | | | | | Provider| | | +---------+ | | | |interface| |interface| | | | +---------+ | | | | | +--+------+ +----+----+ | | | | | +---+-----+ | | | | | | | | +---+---+-+ | | | WEB | | | | |------+------| | | | | PaaS | | | | Service | | | | | | | | | Provider| | | +---------+ |-| | +---------+-----------+ | |--| +---------+ | | | | |Cloud Service process| | | | | | +---+-----+ | | | | | | | +---+---+-+ | | |Applicat | | | +---------------------+ | | | | SaaS | | | |ion | | | | | | | | Provider| | | +---------+ | | +---------+-----------+ | | | +---------+ | | | | |Cloud Service adapter| +--| | | | | +---+---+-+ | | | | | | +---+---+-+ | | | user | | | +---------------------+ | | | DSaaS | | | | | | | | | | Provider| | | +---------+ | | | | +---------+ | | | | | | | +-+---------+-+ +-------------------------+ +-------------+ Figure 2: Cloud Service Broker Functional Architecture CSB reference architecture functional groups consists of cloud service consumer interface module, cloud service publish interface module, cloud service orchestration module and cloud service adapter module. 3.1. Cloud service publish interface Cloud service publish interface is used to provide different cloud computing service and resource information for CSB. Through cloud service publish interface, the CSB can subscribe different cloud computing service and resource information from Cloud Service Providers on demand by sending cloud service subscription request and receiving cloud service notification from Cloud Service Providers to get these information. The published information can be any Infrastructure as a Service(IaaS) information, Platform as a service(PaaS) information, Software as a service(SaaS) information and Data Storage as a service(DSaaS) information. Cloud Service Providers (e.g. private cloud, community cloud, public cloud and Shao Weixiang, et al. Expires September 27, 2012 [Page 7] Internet-Draft Cloud Service Broker March 2012 hybrid cloud) can notify their published information to CSB. The subscription/notification can synchronize with the cloud service consumer requests. In dynamic composition service function pattern, when CSB receives the cloud service consumer requests from Cloud Service Requesters/Consumers, CSB can first subscribe the actual cloud service from Cloud Service Providers based on the abstract service logic, then transfer to the concrete service logic to find the concrete services that can fulfil the requirements to replace the service classes and create invoking information for these services. Then the CSB executes the concrete service logic and gets the results of these concrete services. The CSB then produces the final result and returns it to Cloud Service Requesters/Consumers. The subscription/notification can also asynchronous working with the CSB other operations. 3.2. Cloud Service Consumer Interface The Cloud Service Requesters/Consumers(e.g. web services, applications, users, cloud) can through CSB Cloud Service Consumer Interface to access Cloud Service Providers' cloud computing services and resources. It can receive cloud service consumer requests from Cloud Service Requesters/Consumers and return cloud service consumer responses to Cloud Service Requesters/Consumers. According to SOP Architecture [SOP Architecture]document, Cloud Service Consumer Interface can provide similar functions defined in Requesting Proxy. 3.3. Cloud service process The cloud service process module is used to process the cloud service consumer requests from Cloud Service Requesters/Consumers. It can receive the requests by Cloud Service Consumer Interface, analysis the requested cloud services, select appropriate service logics and function patterns based on CSB database information from subscription or internal integration, execute related operations, then invoke and adapt to the concrete cloud services and resources from various Cloud Service Providers through cloud service adapters by sending cloud service adaptation requests to Cloud Service Providers and receiving cloud service adaptation responses from Cloud Service Providers. The cloud service process module basic function pattern is transformation/ translation, that is transfer or translate between the Cloud Service Requesters/Consumers' cloud service consumer requests/ responses and cloud service adaptation requests/ responses for Cloud Service Providers. CSB can provide proxy service or Service Intermediation which is defined in NIST Reference Shao Weixiang, et al. Expires September 27, 2012 [Page 8] Internet-Draft Cloud Service Broker March 2012 Architecture [NIST RA]. Upon the basic function pattern, the cloud service process module can provide advanced function patterns, such as security service, QoS/SLA control service, screening service, substitution service, and composition service. For composition service, the cloud service process module make static service composition and dynamic service composition. The static service composition is equal to Service Aggregation and the dynamic service composition is equal to Service Arbitrage specified in the NIST Reference Architecture [NIST RA]. According to SOP Architecture [SOP Architecture]document, cloud service process module can provide similar functions defined in Serving Proxy. 3.4. Cloud service adapter The cloud service adapter module is used to adapt cloud services and resources from Cloud Service Providers according to the cloud service consuming requests from CSRs, it will transfer and map protocols and formats supported by Cloud Service Providers' services and resources including APIs, parameters and transmission protocols. The cloud service adapter module consists of IaaS adapter module, DSaaS adapter module, PaaS adapter module, SaaS adapter module. Shao Weixiang, et al. Expires September 27, 2012 [Page 9] Internet-Draft Cloud Service Broker March 2012 +------------------------------+------------------------------+ | Cloud Service adapter | | +------------+-------------+ +------------+-------------+ | | | IaaS adapter | | DsaaS adapter | | | | +----+----+ +----+----+ | | +----+----+ +----+----+ | | | | |common | |CSP1 | | | |common | |CSP1 | | | | | |IaaS | |IaaS | | | |DSaaS | |DSaaS | | | | | |adapter | |adapter | | | |adapter | |adapter | | | | | +---------+ +---------+ | | +---------+ +---------+ | | | | | | | | | | +----+----+ +----+----+ | | +----+----+ +----+----+ | | | | |CSP2 | |CSP3 | | | |CSP2 | |CSP3 | | | | | |IaaS | |IaaS | | | |DSaaS | |DSaaS | | | | | |adapter | |adapter | | | |adapter | |adapter | | | | | +---------+ +---------+ | | +---------+ +---------+ | | | +--------------------------+ +--------------------------+ | | | | +------------+-------------+ +------------+-------------+ | | | PaaS adapter | | SaaS adapter | | | | +----+----+ +----+----+ | | +----+----+ +----+----+ | | | | |common | |CSP1 | | | |common | |CSP1 | | | | | |PaaS | |PaaS | | | |SaaS | |SaaS | | | | | |adapter | |adapter | | | |adapter | |adapter | | | | | | | | | | | | | | | | | | | +---------+ +---------+ | | +---------+ +---------+ | | | | | | | | | | +----+----+ +----+----+ | | +----+----+ +----+----+ | | | | |CSP2 | |CSP3 | | | |CSP2 | |CSP3 | | | | | |PaaS | |PaaS | | | |SaaS | |SaaS | | | | | |adapter | |adapter | | | |adapter | |adapter | | | | | +---------+ +---------+ | | +---------+ +---------+ | | | +--------------------------+ +--------------------------+ | | | +-------------------------------------------------------------+ Figure 3: cloud service adapter module IaaS adapter module includes common IaaS adapter module and proprietary IaaS adapter modules. Common IaaS adapter module should support general IaaS protocols mapping: DMTF OVF [DMTF OVF], DMTF CIMI [DMTF CIMI], OGF OCCI [OGF OCCI]. DSaaS adapter module includes common DSaaS adapter module and proprietary DSaaS adapter modules. Common DSaaS adapter module should support general DSaaS protocols mapping: SNIA CDMI [SNIA CDMI]. Shao Weixiang, et al. Expires September 27, 2012 [Page 10] Internet-Draft Cloud Service Broker March 2012 PaaS adapter module includes common PaaS adapter module and proprietary PaaS adapter modules. SaaS adapter module includes common SaaS adapter module and proprietary SaaS adapter modules. Shao Weixiang, et al. Expires September 27, 2012 [Page 11] Internet-Draft Cloud Service Broker March 2012 4. CSB Interface Definitions As discussed in previous sections in this document, the intention is to provide a toolkit for a variety of deployment architectures where Cloud Service broker can take place. As a result, two main interfaces are required to support the differing requirements. The two interfaces are described in the remainder of this section and have been named the 'Cloud Service Publish' and 'Cloud Service Consumer' interfaces. These two interfaces have extremely differing responsibilities and usages which is reflected in the choice of solutions. This includes interpreting the data for the Cloud Service Consumer interface and the Cloud Service Publish interface. It is, however, important that the two interfaces are complimentary so that development of appropriate CSB functionality is supported. 4.1. Cloud Service Publish Interface The Cloud Service Publish interface is responsible for providing an CSB with appropriate Cloud Service and resource information. Service flow of cloud service subscription include: CSB send cloud service subscription request to Cloud Service Providers using Publish interface message Package within request message for subscription of cloud services from Cloud Service Providers. CSB receive response reply by Cloud Service Providers for acceptance or fail reasons. Service flow of cloud service notification include: Cloud Service Providers send notification to CSB using Publish interface message Package within notification message for publishing cloud services. CSB return response to Cloud Service Providers for acceptance or fail reasons. According to Service Orchestration Protocol [Service Orchestration Protocol]document, The Cloud Service Publish interface can do similar operations as Service Publishing and Subscribing. 4.1.1. HTTP Publish Interface Usage The following description will describe the use of HTTP [RFC2616] and HTTPS [RFC2818] as transport for a subscription/notification and the appropriate response. The cloud service subscription request, as defined by the element of element from Section 6, MUST be carried in the body of an HTTP/HTTPS request. The MIME type contained in the HTTP/HTTPS request/response MUST be 'application/ Shao Weixiang, et al. Expires September 27, 2012 [Page 12] Internet-Draft Cloud Service Broker March 2012 csb-publish+xml'. This value MUST be reflected in the appropriate HTTP headers like 'Content-Type' and 'Accept'. The body of the HTTP/ HTTPS request MUST only contain the 'csbrequest' element as defined in Section 6. The 'csbrequest' element is the primary container of information related to a Cloud service subscription request. The Cloud service subscription response, as defined by the element from Section 6, MUST be carried in the body of an HTTP/HTTPS 200 response to the original HTTP/HTTPS request. The MIME type contained in the HTTP/HTTPS request/response MUST be 'application/csb-publish+xml'. This value MUST be reflected in the appropriate HTTP headers like 'Content-Type' and 'Accept'. The body of the HTTP/HTTPS 200 response MUST only contain the 'csbresponse' element as defined in Section 6. The 'csbresponse' element is the primary container of information related to a Cloud service subscription response. The cloud service notification, as defined by the element from Section 6, MUST be carried in the body of an HTTP/HTTPS request. The MIME type contained in the HTTP/HTTPS request/response MUST be 'application/csb-publish+xml'. This value MUST be reflected in the appropriate HTTP headers like 'Content-Type' and 'Accept'. The body of the HTTP/HTTPS request MUST only contain the 'csbnotification' element as defined in Section 6. The 'csbnotification' element is the primary container of information related to a Cloud service notification. CSB can map existing HTTP verbs to operation for accessing and controling an appropriate Cloud Service and resource. POST map to Create operation, GET map to Retrieve operation, PUT map to Create or Update operation, DELETE map to Delete operation. 4.1.2. Publish interface Message Package Definition This Publish interface Message package is uesd for cloud services information publishing between Cloud Service Providers and Cloud Service Requesters/Consumers by CSB. 4.1.2.1. Element Definitions This section defines the XML elements for the Publish interface message package defined in Section 4.1. The formal XML schema definition for the Publish interface can be found in Section 6. The root element is . All other XML elements (request, response, notification) are contained within it. The CSB Publish interface request element is detailed in Section 4.1.2.2. The CSB Publish interface notification element is detailed in Shao Weixiang, et al. Expires September 27, 2012 [Page 13] Internet-Draft Cloud Service Broker March 2012 Section 4.1.2.3. CSB Publish interface response element is contained in Section 4.1.2.4. The element has the following attributes: version: a token specifying the csb-publish package version. The value is fixed as '1.0' for this version of the package. The attribute MUST be present. The element has the following child element, only one of which is allowed to occur in a request. for sending an CSB request. See Section 4.1.2.2. for sending an CSB response. See Section 4.1.2.4. for sending an CSB notification. See Section 4.1.2.3. 4.1.2.2. This section defines the element used to initiate requests from an CSB to a Cloud Service Provider. The element is a container for information relevant for the interrogation of a Cloud Service Provider. The element has no defined attributes. The element has the following sub-elements which are defined in the remainder of this section: for initiating a subscription to a Cloud Service Provider from an CSB. See Section 4.1.2.2.1. 4.1.2.2.1. The element is included in a request from an CSB to a Cloud Service Provider to provide the details relating to the cloud service and resource information. This element can be used either to request a new subscription or to update an existing one (e.g., to change the frequency of the updates), and to remove ongoing subscriptions as well (e.g., to stop an indefinite update). The CSB will inform the Cloud Service Provider how long it wishes to receive updates for and the frequency that updates should be sent. Updates related to the subscription are sent using the element. The element has the following attributes: Shao Weixiang, et al. Expires September 27, 2012 [Page 14] Internet-Draft Cloud Service Broker March 2012 id: indicates a unique token representing the subscription between the csb and the Cloud Service Provider. The attribute MUST be present. seqnumber: indicates a sequence number to be used in conjunction with the subscrition id to identify a specific subscription command. The first subscription MUST have 1 as 'seqnumber', and following subscriptions MUST increment by 1 the previous 'seqnumber' value. The attribute MUST be present. action: provides the operation that should be carried out on the subscription: * The value of 'create' instructs the Cloud Service Provider to attempt to setup a new subscription. * The value of 'update' instructs the Cloud Service Provider to attempt to update an existing subscription. * The value of 'remove' instructs the Cloud Service Provider to attempt to remove an existing subscription and consequently stop any ongoing related notification. The attribute MUST be present. The element has the following child elements: expires: Provides the amount of time in seconds that a subscription should be installed for notifications at the Cloud Service Provider. Once the amount of time has passed, the subscription expires and the csb has to subscribe again in case it is still interested in receiving notifications from the Cloud Service Provider. The element MAY be present. frequency: Provides the frequency in seconds that the csb wishes to receive notifications from the Cloud Service Provider. The element MAY be present. Please note that these two optional pieces of information provided by the csb only act as a suggestion: the Cloud Service Provider MAY change the proposed values if it considers the suggestions unacceptable (e.g., if the csb has requested a too high notification frequency). In such case, the request would not fail, but the updated, acceptable values would be reported in the accordingly. Shao Weixiang, et al. Expires September 27, 2012 [Page 15] Internet-Draft Cloud Service Broker March 2012 4.1.2.3. The element is included in a request from a Cloud Service Provider to an csb to provide the details relating current status. The Cloud Service Provider will inform the csb of its current status as defined by the information in the element. Updates are sent using the element contained in an element. The element has the following attributes: id: indicates a unique token representing the subscription between the csb and the Cloud Service Provider and is the same as the one appearing in the element. The attribute MUST be present. seqnumber: indicates a sequence number to be used in conjunction with the subscription id to identify a specific notification update. The first notification MUST have 1 as 'seqnumber', and following notifications MUST increment by 1 the previous 'seqnumber' value. The attribute MUST be present. The element has the following child elements: for Cloud Service Provider information. See Section 4.1.2.3.1. for specific Cloud Service information. See Section 4.1.2.3.2. for whether use encryption or not. See Section 4.1.2.3.3.