There is an increasing trend towards the deployment of software applications using software and hardware infrastructures and platforms offered by service providers as services.
Infrastructure as a Service (IaaS) providers offer resources such as hardware or virtualized hardware environments for the deployment of software platforms and applications. IaaS infrastructures can include, inter alia, resources such as hypervisors, storage resources, load balancing resources and network resources. Platform as a Service (PaaS) providers offer platform resources such as, inter alia, operating systems, execution runtime environments, databases, middleware, network services such as web servers and development tools.
Infrastructure and platform services can be implemented so as to abstract any particular deployed application from underlying resources employed. A software application may require specific resources, for example a specific operating system, execution environment, database and web server. The application can be deployed to a platform provided by a platform service provider, the platform having potentially many and numerous alternative resources being selected and configured to satisfy the specific requirements of the application. Further, the platform itself can operate with an infrastructure provided by an infrastructure service provider, certain attributes and resources of which may be at least partly specified for the application. The infrastructure may also have many and numerous alternative resources being selected and configured to satisfy the requirements of the platform and the application. Thus, an application deployment can involve a multiplicity of interconnected resources selected from a potentially greater number of available resources at each of the application, platform and infrastructure level.
A feature of such service-based technologies is that resources can be arranged in a localized or distributed manner. Distributed resources, such as distributed hardware cooperating or managed through physical or logical network arrangements, can provide for the distribution of resources such as, inter alia, distributed execution environments, distributed web servers and distributed database software.
A further feature of such service-based technologies is that resources can be provided in a virtualized manner such as a software implementation of a resource. Thus a hardware device such as a computer system or storage device can be provided as a virtualized device such as a software implementation of a computer system or storage device. Such virtual resources present an abstraction of underlying actual hardware. For example, a computer system resource executing a particular operating system can be provided as a virtual machine {VM) executing with a hypervisor on a hardware device or, potentially, a distributed arrangement of hardware devices. Examples of hypervisor's include native hypervisors that execute in conjunction with specific hardware such as Oracle VM Server for SPARC, Oracle VM Server for x86, the Citrix XenServer, VMware ESX/ESXi, KVM, and Microsoft Hyper-V {Oracle, Oracle VM Server and SPARC are trademarks or registered trademarks of Oracle Corp. in some countries. Citrix and XenServer are trademarks or registered trademarks of Citrix Systems, Inc in some countries. VMware is a trademark or registered trademark of VMware, Inc in some countries. Microsoft and Hyper-V are trademarks or registered trademarks of Microsoft Corp. in some countries.) Additionally, hypervisors can be hosted in existing operating environments, for example BHyVe, VMware Workstation and VirtualBox {VirtualBox is a trademark or registered trademark of Oracle Corp.)
One example of the use of such service-based technologies to deploy software applications is Cloud Computing. Cloud Computing uses hardware and software resources provided as a service over a network, such as the internet. For example, Cloud Computing service providers can employ IaaS and PaaS to provide Cloud Computing services for the deployment of software applications. Applications themselves can also be provided as services (known as Software as a Service or SaaS), such as, inter alia, email applications, office applications, social networking applications, virtual desktops, communications applications and games. Thus, applications deployed to cloud computing environments often involve the selection of IaaS and PaaS and potentially SaaS components.
A further feature of such service-based technologies is an abstraction between resource provision and resource consumption such that the deployment of an application with service-based technologies does not require, and indeed preferably does not involve, a complete understanding of the underlying mechanisms and technologies through and with which the resources are provided. Due to the potentially virtualized, distributed and abstracted nature of the services provided, there is reduced transparency of underlying technologies provided to service consumers. This reduced transparency introduces a dependency of a service consumer on the resource service providers with respect to characteristics of the resources. For example, an application requiring a certain standard of information security, security architecture, data governance or resiliency will depend on service providers to commit to satisfy such requirements and further to actually provide services satisfying the requirements. One way this can be articulated between a service provider and consumer is through a Service Level Agreement (SLA) in which service providers and consumers agree what resources will be provided and what the characteristics of those resources will be. While helpful for service consumers, SLAs provide no technical assurance that required characteristics of a particular service level are provided. Indeed the extent of a lack of transparency of a service-based technology will mean that certain resources and characteristics of resources will not be exposed to a service consumer and, accordingly, may not be readily audited by the consumer or an auditor operating on behalf of the consumer. For example, a standard of encryption used in communication between deep components in a computing platform or infrastructure, a level of security applied to data stored in a data store, or a level of security applied to computing facilities access may not be exposed or exposable to a service consumer or auditor.
The importance of required characteristics of resources cannot be understated, especially for applications having associated legal or regulatory frameworks or constraints. For example, the location and manner of storage and communication of personal information can require strict control in many territories. Similarly, a level of access control and protection against intrusion can be grounded in legal requirements. It is therefore desirable that an extent or level of compliance with required resource characteristics can be assessed.
The Cloud Security Alliance (CSA) has published a set of controls which can be used by Cloud Computing service consumers in assessing the overall security risk of a cloud provider (Cloud Security Alliance and CSA are trademarks or registered trademarks of the Cloud Security Alliance in some countries). Examples of such controls are listed in a Cloud Controls Matrix (CCM) available at cloudsecurityalliance.org/research/ccm. The controls are mapped to security standards, regulations, and controls frameworks such as: the International Organization for Standardization (ISO) information security standards 27001/27002; the Information Systems Audit and Control Association (ISACA) Control Objectives for Information and Related Technology (COBIT); the Payment Card Industry Data Security Standard (PCI DSS); standards of the National Institute of Standards and Technology (NIST) such as NIST Special Publication 800-53 “Recommended Security Controls for Federal Information Systems and Organizations”; and the North American Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (PIP) (ISO is a trademark or registered trademark of the International Organization for Standardization in some countries. COBIT is a trademark or registered trademark of ISACA and The IT Governance Institute (ITGI) in some countries.) The CCM provides a reference for key compliance characteristics applicable across software applications and service-based technologies. While the CCM is helpful in assisting Cloud Computing service providers in identifying desirable characteristics, and the CCM provides a reference for Cloud Computing service consumers in defining characteristics with which compliance is required, the CCM does not provide for an assessment of an extent or level of compliance with required resource characteristics. Manual intervention is required along with service provider transparency to employ the CCM to assess compliance of required resource characteristics.
The CSA further published a Consensus Assessment Intiative (CAI) Questionnaire that provides a set of questions for each control in the CCM that a Cloud Computing service consumer may ask of a service provider (published at cloudsecurityalliance.org/research/cai). The questionnaire provides a series of “yes or no” control assertion questions which can be tailored to suit a service consumer's requirements. While the CAI Questionnaire is helpful to assist service consumers in interrogating service providers, it does not provide for an assessment of an extent or level of compliance with required resource characteristics.
The CSA has also published a network working group internet draft “CloudAudit-Automated Audit, Assertion, Assessment, and Assurance API (A6)” as Internet Engineering Task Force (IETF) draft “draft-hoff-cloudaudit-00” (Hoff et al, July 2010). CloudAudit provides a namespace and interface that allows Cloud Computing service providers to make assertions relating to compliance controls at the request of service consumers. The accuracy and appropriateness of the assertions is dependent on the mechanism for making the assertion, and the CloudAudit draft does not contemplate how such assertions are to be founded. Computer Sciences Corporation (CSC) published a précis for a mechanism for requesting and receiving information about compliance controls from Cloud Computing service providers (“A Precis for the CloudTrust Protocol”, CSC, 2010) (CSC is a trademark or registered trademark of Computer Sciences Corporation in some countries.) The CloudTrust protocol (CTP) defines a “question and response protocol” for communication between Cloud Computing service consumers and Cloud Computing service providers using the CloudAudit namespace and interface. Requests relate to one of 23 defined “Elements of Transparency” where a subset of the elements relate to “evidence requests” and other elements relate to “policy introduction” requests. For example, one element of transparency can be used to request information relating to a current configuration of a hypervisor. While the CTP provides a mechanism for service consumers to request information from a service provider, it does not provide for an assessment of an extent or level of compliance with resource characteristics that can be relied upon. Cloud Computing service providers can choose whether or not to respond to CTP requests, and the response is entirely in the control of the service provider. Further, the CloudAudit interface is fallible. CloudAudit and CTP repositories may not be secure, private or integrity-guaranteed. The name system of CloudAudit and CTP may be susceptible to attack and servers may not be authenticated. CloudAudit servers may make false assertions or may refer to assertions that do not apply to them.
Additionally, service-based technologies such as Cloud Computing services and deployed applications can have a configuration or architecture that is transient in nature. A feature of service-based technologies is their scalability and “elasticity”. Elasticity refers to the ability of service-based technologies to not only scale up or down as required by a deployed application, but also to transition, move, evolve, add, remove or shift services and resources in accordance with changing needs or requirement of a deployed application or service consumer. In this regard, technologies such as autonomic computing provide self-managing distributed computing resources which adapt to changes in requirements. Such scalability and elasticity of service-based technologies can mean the underlying resources employed to provide services such as IaaS, PaaS or SaaS will change. Accordingly, any change in services and/or resources will require a corresponding review of an extent or level of compliance with required resource characteristics.
US published patent application number US 2011/0321033 A1 (Kelkar et al) describes the use of an application blueprint augmented with a deployment model for the provisioning of an application. US 2011/0321033 further describes how compliance policies can be defined in the blueprint/deployment model. The mere definition of policies for an application is not sufficient for identifying or assessing an extent or level of compliance with required resource characteristics of an application. Further, in view of the elasticity of service-based technologies, providing for such an assessment as underlying services and/or resources for a deployed application change or adapt cannot be achieved by defining compliance policies in a blueprint or deployment model for application provisioning.
It would therefore be advantageous to provide a mechanism for determining an extent or level of technical compliance of a service-based technology for the deployment of a software application accounting for the elasticity of the service based technology that and without the aforementioned disadvantages.
Characteristics of the software application can be many and varied and can be distributed throughout the application. Additionally, determining a level of compliance of the software application can require information from multiple sources including the software application itself, a service based environment with which the application operates such as a virtualized computing environment, and software components operating external to both the application and the environment. Further, the elasticity of service based environments can result in changes to the configuration of a deployed application, including changes to the configuration of resources employed by the application and the use of new or alternative resources. Such changes can take place at execution time of an application and any compliance assessment conducted for an application before deployment will be outdated as soon as any such change takes place.
In accordance with a first aspect, the present invention accordingly provides an apparatus for enforcing a compliance requirement for a software application in execution in a virtualized computing environment, the apparatus comprising: an identifier component operable to identify a resource instantiated for execution of the application; a retriever component operable to retrieve a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resource and having associated a compliance criterion based on a formal parameter, the compliance criterion defining a set of compliant resource states; a first selector component operable to select a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning the resource; an evaluator component operable to evaluate the compliance criterion using the actual parameter; an application modifier component operable to, in response to a determination that the resource is outside the set of compliant resource states, the determination being based on the evaluation of the compliance criterion, modify the software application to a modified software application having associated a resource with a state belonging to the set of compliant resource states; and a detector component operable to detect a change to one or more of the resources, wherein the identifier component, selector component and evaluator component are operable in response to a determination by the detector component that one or more resources is changed, and wherein the selector selects the software component based on an identification of one or more data items that the software component is operable to provide.
In this way the application can be transitioned to a compliant state by modification of the application by the application modifier. Further, the operation of at least the evaluator and the application modifier can be repeated in response to changes to the application or one or more resources instantiated for the application, such as a reprovisioning of IaaS, PaaS or cloud computing resources for the application. Thus compliance can be assessed and enforced for applications operating with environments exhibiting characteristics of elasticity.
The present invention accordingly provides, in a second aspect, a method for enforcing a compliance requirement for a software application in execution in a virtualized computing environment, the method comprising: identifying a resource instantiated for execution of the application; retrieving a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resource and having associated a compliance criterion based on a formal parameter, the compliance criterion defining a set of compliant resource states; selecting a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning the resource; evaluating the compliance criterion using the actual parameter; in 10 response to a first determination that the resource is changed, repeating the identifying, retrieving, selecting and evaluating steps; and in response to a second determination that the resource is outside the set of compliant resource states, the second determination being based on the evaluation of the compliance criterion, modifying the software application to a modified software application having associated a resource with, a state belonging to the set of compliant resource states, wherein the selection of the software component is based on an identification of one or more data items that the software component is operable to provide.
The present invention accordingly provides, in a third aspect, a computer program element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer to perform the steps of the method set out above.