http cloud council org resource hub htm practical guide
play

- PowerPoint PPT Presentation

Jun 21, 2023 •258 likes •469 views

Practical Guide to Cloud Service Agreements, Version 2.0 http://cloud-council.org/resource-hub.htm#practical-guide-to-cloud-service- agreements-version-2 June, 2015 The Cloud Standards Customer Council THE Customers Voice for Cloud Standards!

  1. Practical Guide to Cloud Service Agreements, Version 2.0 http://cloud-council.org/resource-hub.htm#practical-guide-to-cloud-service- agreements-version-2 June, 2015

  2. The Cloud Standards Customer Council THE Customer’s Voice for Cloud Standards! • Provide customer-lead guidance to multiple cloud standards-defining bodies • Establishing criteria for open Organizations standards based cloud computing 500+ participating 2011/2012 Deliverables  Practical Guide to Cloud Computing  Practical Guide to Cloud SLAs  Security for Cloud Computing  Impact of Cloud Computing on Healthcare  Social Business in the Cloud 2013/2014 Deliverables  Big Data in the Cloud  Convergence of SoMoClo  PGCC Version 2  Analysis of Public Cloud SLAs  Migrating Apps: Performance Rqmnts  Cloud Security Standards  Cloud Interoperability/Portability  Migrating Apps to Public Cloud 2015 Projects (partial)  Update to Security for Cloud Computing whitepaper  Update to Practical Guide to Cloud Service Agreements http://cloud-council.org  Practical Guide to Privacy for the Public Sector  Practical Guide to PaaS 2

  3. Practical Guide to Cloud Service Agreements, Version 2 Revision Highlights  Terminology changes have been made - SLA replaced by CSA  The Current CSA Landscape section updated to reflect current market dynamics  All ten steps in the Guide for Evaluating Cloud Service Agreements section have been updated to reflect current best practices  References to cloud computing standards have been updated  References added to published CSCC whitepapers 3

  4. Cloud Service Agreements: Current Landscape Current Landscape  CSA is comprised of three major artifacts: • Customer Agreement • Acceptable Use Policy • Service Level Agreement  Customers must pay close attention to CSA language and clauses • Mismatch between expectations and service terms common  Service level guarantees for IaaS better defined than SaaS or PaaS  Service levels more flexible and negotiable for private cloud than public cloud  Size matters • Larger customers have more power to negotiate favorable terms • Over time, changes imposed by larger customers will trickle down to all customers 4

  5. CSCC Practical Guide to Cloud Service Agreements A reference to help enterprise IT & business decision makers as they analyze and compare service agreements from different cloud service providers. " Cloud service agreements are 10 Steps to Evaluate Cloud Service Agreements important to clearly set 1. expectations for service Understand roles and responsibilities between cloud consumers and 2. Evaluate business level policies providers. Providing guidance to decision makers on what to 3. Understand service and deployment model differences expect and what to be aware of 4. Identify critical performance objectives as they evaluate and compare SLAs from cloud computing 5. Evaluate security and privacy requirements providers is critical since 6. Identify service management requirements standard terminology and values for cloud SLAs are 7. Prepare for service failure management emerging but currently do not exist. “ Melvin Greer, Senior 8. Understand the disaster recovery plan Fellow and Chief Strategist, 9. Define an effective governance process Cloud Computing, Lockheed Martin 10. Understand the exit process 5

  6. Step 1: Understand roles and responsibilities Considerations  Full understanding of responsibilities between the Cloud Service Customer Cloud Service cloud service customer and Partner Cloud Cloud Cloud service Cloud service service business service the cloud service provider is user administrator manager integrator critical Cloud service developer Cloud Service Provider  Ensure CSA makes clear statements about activities cloud Cloud cloud service cloud service cloud service auditor operations deployment service and responsibilities of the business manager manager administrator manager various customer and Cloud provider subroles customer cloud service inter-cloud network service support & care security & risk provider provider broker representative manager  Responsibility for detecting and reporting incidents should be clearly stated in the CSA Source: ISO/IEC 17789 6

  7. Step 2: Evaluate Business-Level Policies The concern here is the alignment of Business Policies the policies expressed (or implied) in  Guarantees the CSA with those of the customer  Acceptable Use Policy (AUP)  List of Services Not Covered  Excess Usage Billing  Service Activation  Payment Terms and Penalties Data Policies  Governance  Change Notification and Management  Preservation and Redundancy  Support, Prioritization, Escalation  Data Location  Definition of Business Hours / Prime Time • Data Residency  Planned Maintenance  • Renewals Notification of Relocation  Transferability  Data Seizure by Law Enforcement  Subcontracted Services  Data Privacy  Licensed Software •  Industry- Specific Standards (HIPAA…) Also see Step 5  Country-Specific Laws & Regulations  Data Availability 7

  8. Step 3: Understand Service & Deployment Model Differences CSA contents will vary according to the choice of service model and deployment model Deployment Model Service Model   IaaS Private (on premises) • • Similar to IT outsourcing IT department needs to establish a service agreement with internal users • Metrics focused on availability and  performance of the servers, Private (outsourced) network and data storage • Similar to traditional IT outsourcing  PaaS  Public • Distinguish “integrated solutions” • Stronger requirements to make and “deploy - based solutions” multitenancy safe and effective • Consider requiring compliance with  Hybrid standards like OASIS’ TOSCA • Same as public but with added  SaaS integration requirements between • Focus on the end-to-end internal and external resources performance of the application  Community • Very dependent on the specific app • Similar to public 8

  9. Step 4: Identify Critical Performance Objectives  Adopt standard definitions (e.g., from IEEE) of availability and response times  Consider not just the computing hardware, but also the facility (backup, power, etc.)  Identify critical metrics based on business needs  The guide provides a sample set of CSA content: • Availability and response time metrics • Constraints • Collection methods and frequency • Usage in Service Level Agreement (e.g., to calculate penalties for violations) 9

  10. Step 5: Evaluate Security and Privacy Requirements a) Security Evaluate Security  The key difference with  Asset sensitivity traditional IT environments is the  Understand the legal and regulatory extra level of concern among requirements, especially on data breaches stakeholders, due in particular to multitenancy  Establish security metrics  Implement policies and procedures against  Need to secure all assets: the unauthorized use of data information and applications • Including technical measures such  Define (if it doesn’t yet exist) and as IP range blocking, etc. apply a security classification  Assess provider security capabilities scheme for all assets  Assess provider governance   The Cloud Security Alliance Assess provider security compliance (CSA) provides useful guidance 10

  11. Step 5: Evaluate Security and Privacy Requirements (cont’d) b) Privacy Evaluate Privacy  PII = Personally Identifiable  Assess the presence and characteristics of PII Information (name, DOB, address, • What PII is being stored? national ID no., etc.) • Where is it being stored?  Tangled web of national, • Where is the customer based? international, industry and local • Where is the provider based? regulations… • Where are the users of the data located? •  … that are evolving rapidly What are the nationalities of the people whose data is being stored?  Data may fall under different  Based on all this, which laws and regulations jurisdictions over time or even at apply? the same time  Are they addressed in the CSA?  Moving data for backup and load  What are the rules about data movement, balancing purposes may have backup, and retention? privacy implications, and this is  Do these processes risk violating the laws and less predictable in the cloud regulations? 11

  12. Step 6: Identify service management requirements Considerations  Organizations must monitor and manage the cloud services they use  Aspects contributing to service management • Auditing • is the provider’s management system adequate? • Monitoring and reporting • visibility of service performance • Measurement & metering • are you getting what you’re paying for? • Provisioning • can you change resources quickly? • Change management • transparent process for changes • Upgrades & patching 12

Recommend

The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David

The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David

The Practical Guide to Levitation By Ahmad Salim Al-Sibahi Supervisors: Dr. Peter Sestoft David R. Christiansen A Practical Guide to Levitation http://wordswithoutborders.org/article/a- practical-guide-to-levitation Excellent, but

589 views • 40 slides
Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive

Trusting Trusting the Cloud with the Cloud with Practical Interact Practical Interactive ive Proofs Proofs Graham Cormode G.Cormode@warwick.ac.uk Amit Chakrabarti (Dartmouth) Andrew McGregor (U Mass Amherst) Justin Thaler (Harvard/Yahoo!)

257 views • 14 slides
Practical Guide to Determination of Practical Guide to Determination of Binding Constants

Practical Guide to Determination of Practical Guide to Determination of Binding Constants

Practical Guide to Determination of Practical Guide to Determination of Binding Constants Binding Constants The correlation of H , S , K and temperature according to the vant Hoff equation. (K. Hirose, in Analytical Methods in

460 views • 18 slides
TCP/IP Sockets in C: Practical Guide for Computer Chat Programmers ! How do we make computers

TCP/IP Sockets in C: Practical Guide for Computer Chat Programmers ! How do we make computers

TCP/IP Sockets in C: Practical Guide for Computer Chat Programmers ! How do we make computers talk? http://cs.ecs.baylor.edu/~donahoo/practical/CSockets/ ! How are they interconnected? Michael J. Donahoo Kenneth L. Calvert Internet Protocol

359 views • 12 slides
A Practical Guide to Testing in DevOps Presented by:

A Practical Guide to Testing in DevOps Presented by:

T17 DevOps & The Cloud 2019-05-02 13:30 A Practical Guide to Testing in DevOps Presented by: Katrina

291 views • 10 slides
Mainstreaming transport co- benefits approach: a practical guide benefits approach: a practical

Mainstreaming transport co- benefits approach: a practical guide benefits approach: a practical

Mainstreaming transport co- benefits approach: a practical guide benefits approach: a practical guide to evaluating transport projects Jane Romero Cli Climate Change Group Ch G IGES Outline Out e o Overview o Why quantify co-benefits?

345 views • 15 slides
Chapter 6 Cloud Resource Management and Scheduling Contents Resource management and

Chapter 6 Cloud Resource Management and Scheduling Contents Resource management and

Chapter 6 Cloud Resource Management and Scheduling Contents Resource management and scheduling. Policies and mechanisms. Applications of control theory to cloud resource allocation. Stability of a two-level resource allocation

1.47k views • 39 slides
Presentation Skills for Scientists with DVD-ROM: A Practical Guide, 2010, 68 pages, Edward

Presentation Skills for Scientists with DVD-ROM: A Practical Guide, 2010, 68 pages, Edward

Presentation Skills for Scientists with DVD-ROM: A Practical Guide, 2010, 68 pages, Edward Zanders, Lindsay MacLeod, 0521741033, 9780521741033, Cambridge University Press, 2010 DOWNLOAD http://bit.ly/1PUbkse

795 views • 27 slides
Resource Management for Isolation Enhanced Cloud Services Enhanced Cloud Services Himanshu Raj ,

Resource Management for Isolation Enhanced Cloud Services Enhanced Cloud Services Himanshu Raj ,

Resource Management for Isolation Enhanced Cloud Services Enhanced Cloud Services Himanshu Raj , Ripal Nathuji, Abhishek Singh, Paul England XCG, Microsoft Research Motivation Isolation issues in shared-resource computing infrastructures

408 views • 13 slides
DC-DRF : Adaptive Multi- Resource Sharing at Public Cloud Scale ACM Symposium on Cloud

DC-DRF : Adaptive Multi- Resource Sharing at Public Cloud Scale ACM Symposium on Cloud

DC-DRF : Adaptive Multi- Resource Sharing at Public Cloud Scale ACM Symposium on Cloud Computing 2018 Ian A Kash, Greg OShea, Stavros Volos 1 Public Cloud DC hosting enterprise customers O(100K) servers, mostly small tenants 2

1.21k views • 87 slides
KAFKA STREAMS CLOUD MONITORING AWS CLOUD MONITORING AWS APP CLOUD MONITORING AWS HTTP APP

KAFKA STREAMS CLOUD MONITORING AWS CLOUD MONITORING AWS APP CLOUD MONITORING AWS HTTP APP

FROM USE CASE TO PRODUCTION KAFKA STREAMS CLOUD MONITORING AWS CLOUD MONITORING AWS APP CLOUD MONITORING AWS HTTP APP CLOUD MONITORING AWS METRICS NRDB HTTP APP CLOUD MONITORING SCHDLR JOBS AWS NRDB METRICS HTTP WORKER CLOUD

1.43k views • 124 slides
Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In

Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In

Empirical Evaluation of Workload Forecasting Techniques for Predictive Cloud Resource Scaling In Kee Kim , Wei Wang, Yanjun (Jane) Qi, and Marty Humphrey Computer Science @ University of Virginia Motivation Cloud Resource Scaling Approach

449 views • 31 slides
Benchmarking) A Practical Guide to Experimentation (and publics ou privs. recherche franais

Benchmarking) A Practical Guide to Experimentation (and publics ou privs. recherche franais

HAL Id: hal-01959453 scientifjques de niveau recherche, publis ou non, panion: Proceedings of the Genetic and Evolutionary Computation Conference Companion, Jul 2018, Nikolaus Hansen. A Practical Guide to Experimentation (and Benchmarking).

970 views • 78 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation

Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation

Communication Skills A Practical Guide to Improving Your Social Intelligence Presentation Persuasion and Public Speaking Positive Psychology Coaching Series Book Volume 9 by Ian Tuhovsky You're readind a preview Communication Skills A Practical

266 views • 4 slides
Rule The Room: A Unique, Practical and Comprehensive Guide to Making a Successful Presentation

Rule The Room: A Unique, Practical and Comprehensive Guide to Making a Successful Presentation

Rule The Room: A Unique, Practical and Comprehensive Guide to Making a Successful Presentation Jason Teteak Click here if your download doesn"t start automatically Rule The Room: A Unique, Practical and Comprehensive Guide to Making a

301 views • 5 slides
Diocese of Worcester Pastoral Council Guide Diocesan Pastoral Council 2015 What is a Pastoral

Diocese of Worcester Pastoral Council Guide Diocesan Pastoral Council 2015 What is a Pastoral

Diocese of Worcester Pastoral Council Guide Diocesan Pastoral Council 2015 What is a Pastoral Council ? A group of dedicated and faithful parishioners that meet on a regularly scheduled basis to advise and assist the pastor in his leadership

516 views • 17 slides
Ed Grant, Emmaline Lambert and Isabella Buono 18 June 2020 Practical Guide: Chapters Practical

Ed Grant, Emmaline Lambert and Isabella Buono 18 June 2020 Practical Guide: Chapters Practical

Ed Grant, Emmaline Lambert and Isabella Buono 18 June 2020 Practical Guide: Chapters Practical Guide: Chapters 1. Duties and responsibilities of expert witnesses 1. Duties and responsibilities of expert witnesses 2. Effective proof-writing 2.

490 views • 32 slides
The ABCs of Subparts AA, BB, and CC: A Practical Guide to Compliance with RCRA Air Emission

The ABCs of Subparts AA, BB, and CC: A Practical Guide to Compliance with RCRA Air Emission

The ABCs of Subparts AA, BB, and CC: A Practical Guide to Compliance with RCRA Air Emission Standards Over the past several years, a specially trained team of the Indiana Department of Environmental Management (IDEM) has conducted approximately

51 views • 4 slides
TCP/IP Sockets in C: Computer Chat Practical Guide for Programmers How do we make

TCP/IP Sockets in C: Computer Chat Practical Guide for Programmers How do we make

TCP/IP Sockets in C: Computer Chat Practical Guide for Programmers How do we make computers talk? How are they interconnected? Michael J. Donahoo Kenneth L. Calvert Internet Protocol (IP) Morgan Kaufmann Publisher $14.95

289 views • 11 slides
Helpful Resources Misc CG Tutorials with a CS-slant http://www.fundza.com RMS 3.0

Helpful Resources Misc CG Tutorials with a CS-slant http://www.fundza.com RMS 3.0

2011.02.16 Helpful Resources Misc CG Tutorials with a CS-slant http://www.fundza.com RMS 3.0 Documentation Rendering & Compositing http://cloud.cs.berkeley.edu/~cnm/pixar/docs/RMS_3 The RenderMan Shading Language Guide

475 views • 4 slides
1 (Cloud) Colocation Games Colocation Games: Questions IaaS cloud providers offer

1 (Cloud) Colocation Games Colocation Games: Questions IaaS cloud providers offer

Do you trust that the price is right? I n Cloud ( Markets) W e Trust Towards a Trustworthy Marketplace for Cloud Resources Holistic system (social) view is pass Azer Bestavros Tenants make resource acquisition/ control

481 views • 7 slides
The Challenge Mobile Phone Data in the cloud H OW TO KEEP DATA ON YOUR DEVICE F RESH ? Polling

The Challenge Mobile Phone Data in the cloud H OW TO KEEP DATA ON YOUR DEVICE F RESH ? Polling

G OOGLE CLOUD MESSAGING FOR ANDROID Bindu Priya Infosys Limited Image Courtesy: http://developer.android.com/guide/google/gcm The Challenge Mobile Phone Data in the cloud H OW TO KEEP DATA ON YOUR DEVICE F RESH ? Polling Pushing Polling is

462 views • 25 slides
Synergy a new approach for optimizing the resource usage in OpenStack Overview Synergy cloud

Synergy a new approach for optimizing the resource usage in OpenStack Overview Synergy cloud

Lisa Zangrando INFN Padova Synergy a new approach for optimizing the resource usage in OpenStack Overview Synergy cloud service developed in the context of the INDIGO-DataCloud European project which aims to develop a new cloud software

629 views • 16 slides

More recommend