10 steps to avoid cloud vendor lock-in

The Open Group consortium releases guidelines on what enterprises should be aware of, and what actions the industry should be taking to achieve greater standardization in the cloud.
Written by Joe McKendrick, Contributing Writer

Along with security, one of the most difficult issues with cloud platforms is the risk of vendor lock-in. By assigning business processes and data to cloud service providers, it may get really messy and expensive to attempt to dislodge from the arrangement if it's time to make a change.

Buildings-Time Warner Columbus Circle NY 2-photo by Joe McKendrick
Photo credit: Joe McKendrick

There are ways enterprises, as well as the industry in general, can address these lock-in issues. Solutions to potential vendor lock-in were recently surfaced in a new guide from The Open Group.

The guide, compiled by a team led by Kapil Bakshi and Mark Skilton, provides key pointers for enterprises seeking to develop independently functioning clouds, as well as recommendations to the industry on standards that need to be adopted or extended.

Here are 10 key problems and recommendations identified by The Open Group team for achieving cloud formations based on standards, rather than on vendor technology:

Platform-platform interfaces:  A universally used standard for platform-platform interfaces — the Internet, HTTP and message envelope layers of web service APIs — "would provide a major part of the basis for real cloud interoperability," the guide states.  The two styles of web service interface handled by platforms — WS-I and raw HTTP — each has strengths for specific applications. "Many small-scale integrations that originally used WS-I with SOAP and XML, because JSON was not mature enough at the time, are now moving towards raw HTTP and JavaScript Object Notation because it is better suited to their needs. However, for enterprise-level integrations, SOAP is still king."


  • Use WS-I as the service platform interoperability interface between cloud services.
  • Use direct HTTP with JSON as the service platform interoperability interface.
  • "The industry should identify best practice in use of direct HTTP and JSON, including means of authentication and access control (such as OAuth), and develop standard profiles for interoperability between service platforms using this approach."

Application-platform interfaces: "Currently, there are a number of programming languages that might be used for the interface; there is no agreement on what functionality is needed; there are no commonly-accepted application-platform interface standards that cover the full range of functionality; however, it might be agreed. There are, however, products, both commercial and open source, that implement parts of the functionality, such as Enterprise Service Buses (ESBs), and some vendor-independent interface standards for part of the functionality, such as the Java Message Service (JMS)."


  • "Enterprises should seek to use cloud platforms with vendor-independent programming interfaces."
  • "PaaS vendors stating that they support .NET or J2EE should say which versions they support."
  • "A language-independent specification of a standard cloud application platform interface should be defined."
  • "Instantiations of this should then be developed for the most widely-used programming languages."

Service descriptions: The accepted standard for service descriptions, the Web Service Description Language (WSDL), has limitations, the guide says: "Its descriptions are machine-readable rather than human-friendly; it describes the functional characteristics of services, but does not cover non-functional characteristics such as quality of service and conditions of contract; it has no real ability to describe service data models; and it applies to services that use the WS-I approach, but not to services that use the direct HTTP approach." Bodies working to develop standards for service descriptions that address some of these limitations include the Web Application Description Language (WADL) authors, the Open Data Center Alliance (ODCA), the SLA@SOI Consortium, and the OASIS TOSCA Technical Committee.


  • "Produce clear human-readable descriptions of them, covering functional and non-functional characteristics."
  • "Enterprises developing services using the WS-I approach should also produce WSDL descriptions of them."
  • "Insist on the availability of clear and stable human-readable descriptions and, for services using the WS-I approach, of WSDL descriptions."
  • "The industry should work to establish best practice for human-readable service descriptions covering all service characteristics, building on the work of bodies currently active in this area."
  • "The industry should work to establish standards for machine-readable service descriptions, including templates and component schemas."
  • "These standards should cover all service characteristics and parallel the human-readable descriptions. They should include or be linked to descriptions of service data models, and be applicable to services that use the direct HTTP approach as well as to those that use the WS-I approach. WSDL forms a good starting point for such standards."

Service management interfaces: "Standardization of these interfaces will enable the development of cloud management systems as commercial off-the-shelf products," according to the guide." Initiatives alreday underway include the "DMTF Cloud Infrastructure Management Interface (CIMI) and Virtualization Management (VMAN) standards, the OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA), the Open Grid Forum Open Cloud Computing Interface (OCCI), and the SNIA Cloud Data Management Interface (CDMI). The Openstack APIs may also provide de facto standards."


  • Ensure that "management interfaces follow emerging standards where possible."
  • Look for services "whose management interfaces follow emerging standards."
  • The industry should support the ongoing cloud management standardization work, including the work in the DMTF, OASIS, OGF, and SNIA, and the Openstack open source initiative."

Data models: "These do not cover the new 'NoSQL' paradigms that are increasingly being used in cloud computing," the guide states. "Also, the schema standards do not enable correspondences between different data models to be established, and this is crucial for interoperability. The semantic web standards and the Universal Data Element Framework (UDEF) can be used to define correspondence between data models, but their application is not widely understood, and they are little used."


  • Describe data models clearly, "using text and applicable schema standards. The descriptions should be computer-readable and have good human-readable documentation. A well documented XML schema would achieve this, for example, but just using XML probably would not."
  • Look for clear data model descriptions.
  • "The industry should establish best practice to describe correspondences between data models, should ensure that the standards in this area are fit for purpose, and should work to improve understanding of them."

Loose coupling: "Tightly-coupled components are difficult and expensive to integrate, particularly over the lifetime of a system that undergoes change (as most do)."


  • "Cloud application components should be loosely coupled with the application components that interact with them."

Service orientation: "Cloud offerings are packaged as services (IaaS, PaaS, SaaS). Cloud platform-platform interfaces, whether in the WS-I or raw HTTP style, assume client-server interaction. Service orientation encompasses and reinforces other principles – loose coupling, service descriptions, and described interfaces."


  • "Cloud applications should be service-oriented."

Marketplaces: "Use of marketplaces and app stores is growing, but there are as yet no standards or established good practice for their operation," according to the guide. "This means that product vendors must cater for the different requirements and practices of all the marketplaces in which their products appear, that customers must understand the different features of all the marketplaces that they use, and that marketplace operators are spending effort on unnecessary differentiation."


  • "Industry bodies should seek to identify the best practices for marketplace operation, with a view to defining standards and working with governments on any legislation that may be needed to underpin them."

Representational State Transfer (REST): "There is a need for robust and scalable services that are loosely-coupled and have stable interfaces that are easy to describe."


  • "Applications should be designed using the Representational State Transfer (REST) style, though without insisting on its full rigor."

Machine image formats: "The ability to load a machine image containing an application together with its application platform onto different cloud infrastructure services is a new form of portability that is made possible by cloud computing. A standard machine image format makes portability possible across different infrastructure service providers, as well as across infrastructure services of a single provider.


  • "The Open Virtualization Format (DMTF OVF) standard is designed to meet the need for a machine image format standard."
  • Evaluate the OVF standard "and support it if feasible."


Editorial standards