Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is one of the series of standards for financial applications of cloud computing technology, which include:
——Financial application specification of cloud computing technology - Technical architecture;
——Financial application specification of cloud computing technology - Security technical requirements;
——Financial application specification of cloud computing technology - Disaster recovery.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by the People's Bank of China.
This standard is under the jurisdiction of the National Technical Committee on Finance of Standardization Administration of China (SAC/TC 180).
Financial application specification of cloud computing technology - Technical architecture
1 Scope
This standard specifies the requirements for technical architecture of the cloud computing platform in financial field, covering the contents such as service categories, deployment model, parties, architectural characteristics and architecture system of cloud computing.
This standard is applicable to cloud service providers, cloud service users, cloud service partners, etc. in the financial field.
2 Normative references
The following documents for the application of this document are essential. Any dated reference, just dated edition applies to this document. For undated references, the latest edition of the normative document (including any amendments) applies.
GB/T 32400-2015 Information technology - Cloud computing - Overview and vocabulary
GB 50174-2017 Code for design of data centers
JR/T 0071-2012 Implementation guide for classified protection of information system of financial industry
JR/T 0131-2015 Financial information system room power system specification
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
party
one or a group of natural or legal persons, regardless of whether the legal person is registered
[GB/T 32400-2015, Definition 3.1.6]
3.2
cloud computing
a kind of model in which extensible and elastic sharable physical and virtual resource pool is supplied and managed by means of on-demand self-service via network
Note: resources include the server, operating system, network, software, application and storage equipment.
[GB/T 32400-2015, Definition 3.2.5]
3.3
cloud service
one or more capabilities provided through the interfaces already defined by cloud computing
[GB/T 32400-2015, Definition 3.2.8]
3.4
cloud service provider
the party providing cloud service
[GB/T 32400-2015, Definition 3.2.15]
3.5
cloud service user
the party using cloud service
3.6
cloud service partner
the party who supports or assists cloud service provider activities, cloud service user activities, or both
3.7
cloud service auditor
the cloud service party responsible for auditing the provision and use of cloud service
3.8
cloud computing platform
the collection of cloud computing infrastructure and its service software provided by the cloud service provider and cloud service partner
3.9
private cloud
a cloud deployment model in which a cloud service is used only by one cloud service user and the resources are controlled by this cloud service user
3.10
community cloud
a cloud deployment model in which a cloud service is used and shared by a specific set of cloud service users, and the resources are controlled by the cloud service provider or users, both of whom have identical or highly similar supervision policies, security requirements, etc.
3.11
public cloud
a cloud deployment model in which a cloud service can be used by any cloud service user and the resources are controlled by cloud service provider
3.12
hybrid cloud
a cloud deployment model including two or more deployment models
3.13
infrastructure as a service
a cloud service category providing the cloud service user with the infrastructure capability type among the cloud capability types
3.14
platform as a service
a cloud service category providing the cloud service user with the platform capability type among the cloud capability types
3.15
software as a service
a cloud service category providing the cloud service user with the application capability type among the cloud capability types
3.16
tenant
one or more cloud service users accessing a group of physical or virtual resources in sharing mode
3.17
multi-tenancy
the characteristic ensuring multiple tenants and their calculation and data being isolated and inaccessible mutually via distribution of physical or virtual resource
[GB/T 32400-2015, Definition 3.2.27]
3.18
physical machine
the physical server corresponding to the virtual machine, which can provide a hardware environment for the virtual machine
3.19
physical machine service
the service providing the cloud service user with physical machine directly
3.20
virtual machine
a general term for the operating system and the application operating environment provided to the user, which are the same as the original physical server via various virtualization technologies. The virtual machine typically uses the resources of the physical server, which appears to the user that its usage model is identical to that of the physical server
3.21
hypervisor
the virtualization module managing the physical machine operating system, and controlling the flow of demands between the user’s operating system and physical hardware
3.22
container
the operating environment providing a lightweight and isolated set of processes and resources through the technology of operating system virtualization
3.23
resource pool
a collection of physical resources or virtual resources, which the resources can be obtained from and released to as well as recycled by the resource pool according to certain rules, including physical and virtual machines, physical and virtual storage resources and physical and virtual network resources
3.24
sensitive data
the data which, once revealed, may possibly cause damage to the user or financial institution, including but not limited to:
a) sensitive data of user , e.g. user password and key;
b) sensitive data of system , e.g. system key and key system management data;
c) other sensitive business data required to be kept secret;
d) crucial operational order;
e) main configuration documents of system;
f) other data required to be kept secret.
[JR/T 0071-2012, Definition 3.1]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
ACL Access Control List
CPU Central Processing Unit
DSaaS Data Storage as a Service
HTTP Hypertext Transfer Protocol
I/O Input/Output
IaaS Infrastructure as a Service
NaaS Network as a Service
PaaS Platform as a Service
QoS Quality of Service
SaaS Software as a Service
SQL Structured Query Language
TCP Transmission Control Protocol
VPN Virtual Private Network
5 General
5.1 Service category
Cloud services mainly include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). In addition, according to service content, they can be divided into specific service categories such as Network as a Service (NaaS) and Data Storage as a Service (DSaaS).
IaaS provides basic resource services such as computing, storage and network. Cloud service users may use, monitor and manage the resources on the cloud computing platform via management platform, Application Programming Interface (API), etc.
PaaS provides the software development and operating platform services on the cloud computing infrastructure. Cloud service users can perform system development, testing, integration, deployment, operation, maintenance, etc. based on the PaaS provided by the cloud computing platform.
SaaS provides the application software services that run on the cloud computing infrastructure, such as email services.
Foreword II
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 General
6 Architectural characteristics
7 Architecture system
JR/T 0166-2018, JR 0166-2018, JRT 0166-2018, JR/T0166-2018, JR/T 0166, JR/T0166, JR0166-2018, JR 0166, JR0166, JRT0166-2018, JRT 0166, JRT0166
Introduction of JR/T 0166-2018
Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is one of the series of standards for financial applications of cloud computing technology, which include:
——Financial application specification of cloud computing technology - Technical architecture;
——Financial application specification of cloud computing technology - Security technical requirements;
——Financial application specification of cloud computing technology - Disaster recovery.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by the People's Bank of China.
This standard is under the jurisdiction of the National Technical Committee on Finance of Standardization Administration of China (SAC/TC 180).
Financial application specification of cloud computing technology - Technical architecture
1 Scope
This standard specifies the requirements for technical architecture of the cloud computing platform in financial field, covering the contents such as service categories, deployment model, parties, architectural characteristics and architecture system of cloud computing.
This standard is applicable to cloud service providers, cloud service users, cloud service partners, etc. in the financial field.
2 Normative references
The following documents for the application of this document are essential. Any dated reference, just dated edition applies to this document. For undated references, the latest edition of the normative document (including any amendments) applies.
GB/T 32400-2015 Information technology - Cloud computing - Overview and vocabulary
GB 50174-2017 Code for design of data centers
JR/T 0071-2012 Implementation guide for classified protection of information system of financial industry
JR/T 0131-2015 Financial information system room power system specification
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
party
one or a group of natural or legal persons, regardless of whether the legal person is registered
[GB/T 32400-2015, Definition 3.1.6]
3.2
cloud computing
a kind of model in which extensible and elastic sharable physical and virtual resource pool is supplied and managed by means of on-demand self-service via network
Note: resources include the server, operating system, network, software, application and storage equipment.
[GB/T 32400-2015, Definition 3.2.5]
3.3
cloud service
one or more capabilities provided through the interfaces already defined by cloud computing
[GB/T 32400-2015, Definition 3.2.8]
3.4
cloud service provider
the party providing cloud service
[GB/T 32400-2015, Definition 3.2.15]
3.5
cloud service user
the party using cloud service
3.6
cloud service partner
the party who supports or assists cloud service provider activities, cloud service user activities, or both
3.7
cloud service auditor
the cloud service party responsible for auditing the provision and use of cloud service
3.8
cloud computing platform
the collection of cloud computing infrastructure and its service software provided by the cloud service provider and cloud service partner
3.9
private cloud
a cloud deployment model in which a cloud service is used only by one cloud service user and the resources are controlled by this cloud service user
3.10
community cloud
a cloud deployment model in which a cloud service is used and shared by a specific set of cloud service users, and the resources are controlled by the cloud service provider or users, both of whom have identical or highly similar supervision policies, security requirements, etc.
3.11
public cloud
a cloud deployment model in which a cloud service can be used by any cloud service user and the resources are controlled by cloud service provider
3.12
hybrid cloud
a cloud deployment model including two or more deployment models
3.13
infrastructure as a service
a cloud service category providing the cloud service user with the infrastructure capability type among the cloud capability types
3.14
platform as a service
a cloud service category providing the cloud service user with the platform capability type among the cloud capability types
3.15
software as a service
a cloud service category providing the cloud service user with the application capability type among the cloud capability types
3.16
tenant
one or more cloud service users accessing a group of physical or virtual resources in sharing mode
3.17
multi-tenancy
the characteristic ensuring multiple tenants and their calculation and data being isolated and inaccessible mutually via distribution of physical or virtual resource
[GB/T 32400-2015, Definition 3.2.27]
3.18
physical machine
the physical server corresponding to the virtual machine, which can provide a hardware environment for the virtual machine
3.19
physical machine service
the service providing the cloud service user with physical machine directly
3.20
virtual machine
a general term for the operating system and the application operating environment provided to the user, which are the same as the original physical server via various virtualization technologies. The virtual machine typically uses the resources of the physical server, which appears to the user that its usage model is identical to that of the physical server
3.21
hypervisor
the virtualization module managing the physical machine operating system, and controlling the flow of demands between the user’s operating system and physical hardware
3.22
container
the operating environment providing a lightweight and isolated set of processes and resources through the technology of operating system virtualization
3.23
resource pool
a collection of physical resources or virtual resources, which the resources can be obtained from and released to as well as recycled by the resource pool according to certain rules, including physical and virtual machines, physical and virtual storage resources and physical and virtual network resources
3.24
sensitive data
the data which, once revealed, may possibly cause damage to the user or financial institution, including but not limited to:
a) sensitive data of user , e.g. user password and key;
b) sensitive data of system , e.g. system key and key system management data;
c) other sensitive business data required to be kept secret;
d) crucial operational order;
e) main configuration documents of system;
f) other data required to be kept secret.
[JR/T 0071-2012, Definition 3.1]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
ACL Access Control List
CPU Central Processing Unit
DSaaS Data Storage as a Service
HTTP Hypertext Transfer Protocol
I/O Input/Output
IaaS Infrastructure as a Service
NaaS Network as a Service
PaaS Platform as a Service
QoS Quality of Service
SaaS Software as a Service
SQL Structured Query Language
TCP Transmission Control Protocol
VPN Virtual Private Network
5 General
5.1 Service category
Cloud services mainly include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). In addition, according to service content, they can be divided into specific service categories such as Network as a Service (NaaS) and Data Storage as a Service (DSaaS).
IaaS provides basic resource services such as computing, storage and network. Cloud service users may use, monitor and manage the resources on the cloud computing platform via management platform, Application Programming Interface (API), etc.
PaaS provides the software development and operating platform services on the cloud computing infrastructure. Cloud service users can perform system development, testing, integration, deployment, operation, maintenance, etc. based on the PaaS provided by the cloud computing platform.
SaaS provides the application software services that run on the cloud computing infrastructure, such as email services.
Contents of JR/T 0166-2018
Foreword II
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 General
6 Architectural characteristics
7 Architecture system
