Talking about standards apparently brings out some very strong feelings in a whole lot of people.

From “it’s too early” to “we need standards now” to “meh, standards will evolve where they are necessary”, some of the discussions at CloudConnect this week were tinged with a bit of hostility toward, well, standards in general and the folks trying to define them. In some cases the hostility was directed toward the fact that we don’t have any standards yet.

[William Vambenepe has a post on the subject, having been one of the folks hostility was directed toward during one session ]

Lee Badger, Computer Scientist at NIST, during a panel on “The Standards Real Users Need Now” offered a stark reminder that standards take time. He pointed out the 32 months it took to define and agree on consensus regarding the ASCII standard and the more than ten years it took to complete POSIX. Then Lee reminded us that “cloud” is more like POSIX than ASCII. Do we have ten years? Ten years ago we couldn’t imagine that we’d be here with Web 2.0 and Cloud Computing, so should we expect that in ten years we’ll still be worried about cloud computing?

Probably not.

The problem isn’t that people don’t agree standards are a necessary thing, the problem appears to be agreeing on what needs to be standardized and when and, in some cases, who should have input into those standards. There are at least three different constituents interested in standards, and they are all interested in standards for different reasons which of course leads to different views on what should be standardized.

And while everyone talks about these nebulous “standards”, very few explain what those standards are. Are they APIs? Are they protocols on the order of IP and TCP? Are they data exchange formats? Or are they properly the standardization of policies and information into a portable metadata that can be used to exchange information such as SLA and infrastructure service requirements that can be packaged easily with the application for portability and that can be interpreted by infrastructure to provision and execute such services?

Most folks seem interested in “cloud” standards as a means to achieve portability across and interoperability between cloud computing implementations, both on and off-premise. But once the “edge” of the cloud is penetrated, the mechanisms become, well, cloudy and obscured and are often portrayed more as a “black box” than as the integral piece of the interoperability puzzle they are.

Applications are not islands; they rely on infrastructure to provide everything from IP addresses to packet and data filtering to scalability to performance enhancements and security. These infrastructure services must necessarily be a part of the "portability plan” that allows applications to migrate from one environment to another and still behave as expected. The concern is that standardization inside the cloud environment might (a) restrict innovation and (b) expose the “secret sauce” of individual providers, rendering their investments and innovations moot.

As explained by Krishna Sankar during a subsequent panel at CloudConnect on “Where are standards going?”, it is not so much that the interfaces, the APIs, become standardized as it is that the policy and configuration metadata be based on a standardized model. Doing so allows components from multiple vendors to implement specific services and support in  innovative ways without compromising the ability of providers and organizations from migrating application dependent on those components. It is the model that is important and must be standardized, not necessarily the means by which that model is exchanged and transported. Ideally this metadata would correlate closely to what consumers of cloud computing are looking to standardize – namely the means by which capabilities and prices and services can be discovered and compared. James Urquhart’s pCard proposal heavily invests itself in a common, standardized metadata model that describes both capabilities and services in a way that makes it possible for consumers and ultimately applications themselves to query, compare, and choose from across cloud computing providers in a dynamic and autonomous way.

It is tempting to view cloud computing implementations as black boxes, particularly when they are of the “public” ilk. But surveys, polls, and research continues to offer strong evidence that organizations are not solely interested in “public” cloud computing, but are also interested in “private” and hybrid cloud computing models. This means that standardization inside at the infrastructure service and component layers must be considered as important as the interfaces to the cloud computing environments themselves, lest implementers suffer the same problems as providers: lock-in and inability to change “providers”.

In the case of infrastructure, specifically the focus of much of Infrastructure 2.0, is the necessity of standardization not only to address concerns regarding vendor lock-in, but to make cloud computing work the way it was intended. Without standardization the cost of managing such volatile environments will certainly become as prohibitive as IPAM (IP Address Management) today, and thus the “benefits” of cloud computing would surely be lost to organizations as they struggled to integrate, automate, and orchestrate their environment into a dynamic infrastructure capable of automatically dealing with the rapid rate of change associated with dynamic and virtualized environments.

The “secret sauce” of the provider, and ultimately any business, are the processes they employ to perform business, whether technologically or on a product level. It is the processes that ultimately define a “cloud” and thus it is those operational processes that are the source of efficiency gains and a fluid architecture. Those processes cannot be automated without a common model for policy metadata that provides the base information necessary for infrastructure to configure itself, to take action, to interpret SLAs and work toward meeting them.

We don’t need more APIs. We need a model. That’s what we should be standardizing. And not just at the cloud interface layer, but inside at the infrastructure service layer.