What are the technical requirements for a certified offering?

The Cloud Foundry PaaS Certification requires that the certified offerings meet technical requirements as defined by the foundation’s PMC Council. The PMC Council is the group charged with technical governance of the Cloud Foundry Foundation projects. The requirements for the 2016 program year are posted here.

How is compliance governed?

The organization certifying an offering must sign a license agreement with the Foundation for the use of the Cloud Foundry Certified logo. As part of that agreement, they contractually obligate themselves to maintain compliance with the technical requirements published by the foundation’s PMC Council for the certified offering during the program year. The Foundation inspects technical compliance of the offering and subsequently grants certification rights.

In the case of any uncertainty regarding these requirements, program participant must ask for clarification by the Foundation via certification@cloudfoundry.org. The Foundation reserves the right to determine how these requirements are interpreted in cases where clarification is required.

What if you download the open source software code and compile as is? Are you certified?

You would be using the software in a way that is likely compliant with the certification requirements, however certification is about a formal assurance that a product or service is in compliance with these requirements. That formal assurance results in a contractual relationship with the Foundation and submission to technical verification, which provides a license to use our certification mark to reflect compliance.

If you are certified, does it mean you are using all open source checked in code?

Being certified means that you are using the required “core” parts of the Cloud Foundry platform as released by the Foundation’s project teams.

Offerings are encouraged to differentiate through operational attributes and by adding extensions at the platform’s defined extension points (including, but not limited to, specific services, CLI plugins, logging integrations, buildpacks, CPIs, stacks, and further surfaces as developed in the project).

Who hands out the certifications? Who can certify?

The Cloud Foundry certification program is a program of the Foundation itself. The certification is a contractual agreement between the Foundation and the organization responsible for the certified offering, stating that in return for meeting the Foundation’s certification requirements, the organization may use the certification mark to claim that their offering is certified.

Any organization offering a product or service based on the Cloud Foundry platform is encouraged to certify that offering. Organizations need not be members of the Foundation to achieve certification.

What types of tests do they run?

The Cloud Foundry certification program is based on the requirement for the certified offering to use the exact required software components, as released by the Foundation’s projects. While there are limited exceptions for minor patches, there is a requirement that these patches are sent upstream.

Unlike many industry certification programs, compliance is not just API-level compatibility with a documented API or reference implementation. The Cloud Foundry Certified PaaS certification requires certified offerings to actually use the software released by the foundation’s project teams.

Do you need to be a Cloud Foundry Foundation member to be certified?

No, you do not need to be a member of the Foundation to be certified. The certification does come from the Cloud Foundry Foundation, but any product or services that is based on Cloud Foundry is encouraged to participate in the certification program.

How often does my code/product need to be certified? How long is my certification good for?

The Cloud Foundry PaaS Certification is an annual certification, and the certification badge reflects the program year of the certification. The technical requirements are reviewed and potentially updated at least once a year. We recommend more consistent integration with the upstream project, which is updated frequently with new releases.

What about security patches?

Security of our users is a primary concern for the Cloud Foundry Foundation. We have designed the certification program to allow providers of certified offerings to immediately patch their systems if they discover a vulnerability. However, all certifying providers are also obligated to report the discovered vulnerability to the upstream project and accept the remediation when provided by the project teams.

How much does it cost to be certified?

The cost for certification of an offering is $50K USD for this certification year, discounted to $30K USD for Cloud Foundry Foundation members.

You are an open source software project, why are you charging for certification?

Part of our mission, as a nonprofit, is to make sure that developers can run their apps across any Cloud Foundry instance. In order for that to happen, we have to be able to offer a guarantee that they are the same. We do that through certification. The certification process itself costs money and as a nonprofit, we must neither gain nor lose money through this process.

If you want to provide certified Cloud Foundry services for a nonprofit cause, please contact us at certification@cloudfoundry.org.

As an application developer, how can I tell if a service is certified? What if it’s certification is revoked, will I be notified?

All certified offerings are allowed to display and use the Cloud Foundry Certified annual certification mark on their websites and marketing material during the course of that program year. Developers considering the use of a Cloud Foundry based product or service should look for this mark to ensure that they are purchasing a certified product or service.

Users of certified offerings will not be directly notified by the foundation in cases where an offering ceases to be certified. It is the responsibility of the organization providing that offering to remove any reference to it being certified and discontinue all use of the Cloud Foundry Certified logo, but this removal is mandated by the Foundation’s license agreement.

I’m not distributing Cloud Foundry, I’m just offering it as a service, do I need to be certified?

The Cloud Foundry PaaS Certification program is designed to support a number of different delivery models for the platform. These include delivery models such as software distributions, public PaaS platforms, and managed private and on-premises PaaS offerings.

Since our software is licensed via the Apache Software License version 2, any person or organization has the right to use the software under the terms of that license.

However, the Foundation does not permit the use of the Cloud Foundry Certified mark or the use of the name Cloud Foundry as part of an offering’s name without certification. If we are asked if the given service is a Cloud Foundry service we will have to say “no”. When applied to cloud services, stating that it is “Cloud Foundry” means that it has achieved Cloud Foundry Certification.

Can certified offerings call themselves “Cloud Foundry”?

The CLOUD FOUNDRY mark is a registered mark of the Cloud Foundry Foundation. Its use is permitted in product or service names with an explicit license agreement from the foundation. This license agreement is an addendum to the Cloud Foundry Certified mark license agreement, and requires that any product or service licensed to use the CLOUD FOUNDRY mark also maintains it’s Cloud Foundry Certified status.