Cloud Native: The Cloud Native Computing Foundation (CNCF)

The Cloud Native Computing Foundation (CNCF) is a nonprofit organization that aims to promote and advance the adoption of cloud-native computing practices. Cloud-native computing involves, for example, the use of container technologies and microservices to build and deploy applications in the cloud. Founded in 2015 by the Linux Foundation, CNCF has become a leading force in the cloud native ecosystem. It hosts and sponsors a variety of open-source projects (e.g. Kubernetes, Prometheus, and Envoy) which have become integral components of many modern cloud-native architectures.

One of the main objectives of the CNCF is to create a vendor-neutral environment for the development and promotion of cloud-native technologies, helping organizations build and deploy cloud-native applications more efficiently and effectively. To achieve this goal, the CNCF works closely with a diverse group of companies and organizations, including major cloud providers, software vendors, and developers.

In addition to hosting and supporting open-source projects, the CNCF also offers a range of resources and educational materials for developers and IT professionals. These resources include training courses, certification programs, and conferences (such as the annual KubeCon + CloudNativeCon event), designed to help stay up-to-date with the latest trends and best practices in the cloud native space, and provide opportunities for professionals to learn new skills and advance their careers. To ensure that the CNCF stays up-to-date with the latest trends and best practices in the cloud-native space, the organization has established a number of committees and working groups focused on topics like security, networking, and cloud-native best practices. These committees and working groups provide guidance and direction for the CNCF and the cloud-native community as a whole.

The Cloud Native Landscape

In addition to the educational materials, like training courses, certification programs, and conferences, the CNCF also maintains another valuable resource for developers and IT professionals: the Cloud Native Landscape. The Cloud Native Landscape is a comprehensive guide to the cloud-native ecosystem developed and maintained by the CNCF itself. It is intended to be a resource for developers, IT professionals, and anyone else interested in the cloud-native ecosystem, providing an overview of the various projects, tools, and services that are available for building and deploying cloud-native applications.

The Cloud Native Landscape is organized into several categories, each of which contains a list of relevant projects, tools, and services. Each entry in the Cloud Native Landscape includes a description of the project, tool, or service, along with links to more information and resources. This can help users understand how each technology or tool fits into the larger cloud-native ecosystem and how it can be used to build and deploy cloud-native applications. Some examples of the categories present:

• Infrastructure: This category covers technologies and tools related to cloud-native infrastructures, such as container orchestration platforms (e.g. Kubernetes), container runtime environments (e.g. Containerd), and container registry platforms (e.g. Harbor).
• Observability: This category covers technologies and tools related to monitoring and observability, such as logging platforms (e.g. Fluentd), monitoring systems (e.g. Prometheus), and tracing systems (e.g. Jaeger).
• Security: This category covers technologies and tools related to securing cloud-native applications and environments, such as secrets management platforms (e.g. Vault), identity and access management systems (e.g. Keycloak), and container scanning tools (e.g. Aqua).
• Management: This category covers technologies and tools related to managing and operating cloud-native environments, such as configuration management platforms (e.g. Terraform), deployment tools (e.g. Spinnaker), and service meshes (e.g. Istio).

Maturity Levels

The CNCF has a maturity model that is used to assess the readiness and sustainability of open-source projects that are hosted by the organization in their Landscape. This model has three main levels of maturity:

1. Sandbox: Projects in the sandbox phase are still in development, but have shown potential to become important tools for the cloud-native community. These projects may not yet be ready for graduation, but are considered to be worth watching and supporting.
   
2. Incubating: Projects at this level are new and still being developed. They may not yet have all of the features and capabilities that are needed to be considered production-ready but are stable and a valuable option, with the intent of “graduating” soon.
   
3. Graduated: Projects that have graduated from the incubation phase are considered production-ready and are actively used in cloud-native environments. These projects have demonstrated a high level of stability and a strong community of users and contributors.
   

The CNCF uses this maturity model to help guide the development and support of open-source projects and to provide users with a framework for evaluating the readiness and sustainability of different tools and technologies.

The role of CNCF in OpenCloudification

The CNCF Landscape has a central role in OpenCloudification as a point of reference for open-source tools, applications and best practices. Nevertheless, with 100+ projects hosted, there may be some challenges or difficulties in using it, depending on goals, needs, and your level of knowledge of the cloud-native ecosystem. What OpenCloudification can do to address these challenges:

• Guide through an overwhelming amount of information. The CNCF Landscape contains a large amount of information about a wide range of tools and technologies, which can be overwhelming for users who are new to cloud-native computing or who are unfamiliar with the landscape. OpenCloudification can provide guidance in navigating the landscape and point in the right direction based on specific needs, knowledge, and ad-hoc use cases.
  
• Explain the complex relationships between tools and technologies. The CNCF Landscape shows the relationships between different tools and technologies, which can be helpful for understanding how they fit together and how they can be used together. However, these relationships can be complex, and it may be difficult for users to fully understand the implications of using one tool or technology over another. OpenCloudification will unravel these complex relationships, making them easy to understand for all users, no matter their knowledge level.
  
• Deepen the limited contexts. The CNCF Landscape provides information about tools and technologies, but it does not provide much context about how they are used or why they might be suitable for certain tasks or environments. This can make it difficult for users to determine which tools and technologies are most relevant to their needs and how they should be used. With extra documentation, white papers, events and workshops, OpenCloudification can explore more in-depth tools and technologies, going beyond what is provided by the CNCF Landscape.
  
• Inform about outdated information. The CNCF Landscape is updated regularly, but it is still possible for the information to be outdated or incomplete. This can be a problem if users rely on the landscape to make decisions about which tools and technologies to use, as they may not have access to the most current information. With a roster of experts and researchers in cloud technologies, OpenCloudification will provide the most up-to-date information for all the tools and components. In addition, state-of-the-art research is combined and applied to the most recent technologies, to provide improvements and incomparable results.

Alternatives to CNCF

There are a number of organizations and initiatives that focus on promoting the adoption of cloud-native computing practices and technologies. While these organizations and initiatives focus on different aspects of cloud-native computing, they all aim to promote the adoption of innovative technologies and practices that enable organizations to build and deploy cloud-native applications more efficiently and effectively. Some examples include:

• The OpenStack Foundation (an OpenInfra project): This is a nonprofit organization that promotes the use of the OpenStack open-source cloud computing platform. OpenStack is designed to provide infrastructure as a service (IaaS) for building and deploying cloud-native applications.
  
• The Cloud Foundry Foundation: This is a nonprofit organization that promotes the use of the Cloud Foundry open-source platform as a service (PaaS) for building and deploying cloud-native applications. Cloud Foundry is designed to be vendor-neutral and to support a wide range of programming languages and runtime environments.
  
• The Cloud Native Application Bundle (CNAB): This is an open-source specification for packaging and distributing cloud-native applications. It was developed by Docker, Inc. and Microsoft, and it is designed to work with a variety of container orchestration platforms, including Kubernetes.

Cloud Basics

Cloud Computing is the model of delivering computer system resources generally over the internet. End-users have access to flexible and scalable resources like computing, storage, or networking, having removed the maintenance role of the infrastructure below them.

Overview 

Cloud computing makes strong use of virtualization, abstracting the physical resources into one or multiple independent virtual resources. It observes a service-oriented architecture with three standard models defined by the National Institute of Standards and Technology (NIST): Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). These models differ in the level of abstraction and the type of responsibility handled by a cloud provider.

Clouds are also categorized in one of the following definitions: Public, Private, Hybrid or Multi.

Public Cloud Providers

Companies offer cloud services over the internet in a multi-tenant architecture in which users have access to an isolated section of the same shared resources. Popular public clouds are Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), IBM Cloud, Oracle Cloud Infrastructure, and Alibaba Cloud. In a public cloud, tools and solutions are often offered out of the box, i.e. talking about CyberSecurity or Artificial Inteligence tools, there are Amazon fraud detector, Sagemaker, or Google Vertex AI platform, etc.

Private Cloud Technologies

Contrary to public ones, private clouds are entirely controlled by a single organization. Resources are not shared, and the deployment is often on-premises. Multiple public cloud providers offer a private version of their cloud, but usually, open-source projects are widely adopted in this scenario, like OpenStack, CloudStack, Apache Mesos, or Open Nebula, to cite some of the most popular. They all offer complete control over the infrastructure, in which your solutions can be deployed and adapted based on the specific needs.

Hybrid/Multi-Cloud Environments

A hybrid cloud defines the combination between at least one public and one private cloud, while a multi-cloud is a combination of two or multiple public clouds. These combinations lead to multiple advantages, but at the same time, increase the complexity of the system and its deployment and maintenance. 

Cost Modeling 

Public clouds follow a “pay-as-you-go” model, in which costs are calculated based on resource consumption (e.g. computational power, data storage, traffic exchanged). There is no need for on-premises hardware and the consequential maintenance of it. On the other side, there is the risk of a vendor lock-in situation. To mitigate the problem hybrid/multi-cloud solutions are more and more adopted.  

Private clouds require proprietary hardware and a skilled workforce to maintain them up and running, but usually, no subscriptions are required.

Hybrid clouds are placed in between as they are composed of public and private clouds.

Organizations should evaluate their approach to the cloud by considering essential factors, like use cases, in-house knowledge, experience, security challenges, level of control, etc.

Moving to the Cloud

Deployments in a cloud environment require a different set of skills and knowledge, sometimes not immediate to acquire and master. The subject is very broad and multiple factors are involved. In this section, we want to provide some initial considerations that are usually taken before moving to the cloud about internal evaluations, challenges and advantages.

Moving to the cloud is a big step that usually is not taken in the blink of an eye. Multiple variables and considerations need to be evaluated, and making a list of all the steps makes sense only partially, as it depends on your use case and other hundreds of factors. Every big project starts with a brainstorming session, here we try to list some of the most important aspects that should be considered while moving to the cloud (and also which one to choose):

• Pros/cons evaluation. It sounds trivial, but considering what are the advantages and disadvantages at this stage might help save a lot of time and money. The focus should be on your use case/application: is the cloud the best environment? What are the advantages that the cloud can bring? How much should the use case be adapted to properly work in the cloud? Is there any extra advantage to migrating to a specific public cloud? Etc.
  
• Public or Private. The main point is the evaluation of whether is better to migrate to a cloud provider or have your on-premises environment (or both). All cases have specific advantages that need to be carefully evaluated.

• In-house knowledge. Another important aspect is the knowledge brought by the working staff of your company: there might be a preference for some technologies, expertise or familiarity with specific tools or cloud services, better knowledge of some architectures, and so on. Knowing all these aspects will help in selecting a specific solution and some of the technologies to use.

• Available services. Cloud providers offer dozens, if not hundreds, of services that can be used out-of-the-box. Finding a perfectly fitting, or one to integrate, or multiple of them to replace, or even improve, your application could be another important component for choosing a specific cloud instead of another. Of course, these services come with extra costs, that also needs to be considered.

• Open-source components. Opposite to the previous point, but somehow still complementary, the open-source alternatives should be evaluated and considered every time it is possible. There are thousands of open-source components available, why not considering them? Several well-known open source platforms, frameworks, and tools are largely used, managed, and perfectly integrated within the various public clouds. 

• Training and learning. It is important to take into account that specific training might need to be taken, as well as learning how to use new environments, tools, or services. This process usually does not stop with the migration to the cloud but remains an ongoing component and a very good practice to remain up to date with the best technologies available.

• Cost models. Paid services differ, cost-wise, from open-source alternatives, as well as deciding which cloud components and resources should be used or not in your use case. Cloud costs need to be evaluated before moving your application. This is a big and complex subject that requires a more in-depht evaluation.