Page 1 D2.4 A Common Reference Model to describe, promote and support the uptake of SLAs – Final report www.sla-ready.eu Title: A Common Reference Model to describe, promote and support the uptake of SLAs – Final report Author(s): Ruben Trapero, Neeraj Suri, TUDA Contributor(s): Arthur van der Wees, Arthur’s Legal; Marina Bregou, CSA Date: 31 Dec, 2016
141
Embed
· To this end, SLA-Ready has created a Common Reference Model (CRM) that helps towards the common understanding of SLAs for cloud services. The CRM integrates guidelines, standards
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
SLA-ReadyaimstoincreasethedegreeoftrustausercanputonCloudServiceProviders(CSP)toconsequentlyleveragethehigheruptakeofcloudservices.AsthelinkageacrosstheCSPandtheusertypicallytranspiresviacontractualServiceLevelAgreements(SLAs),the standardisation and transparency of SLAs is paramount to provide Cloud ServiceCustomers (CSCs)with enough informationaboutwhat services touse,what to expectfromthemandinwhattotrust.
To this end, SLA-Ready has created a Common Reference Model (CRM) that helpstowards the common understanding of SLAs for cloud services. The CRM integratesguidelines,standardsandbestpracticestocreateacomponentbasedreferencemodeltodefineSLAswithacommonterminology,SLAattributesandServiceLevelObjectives.
The CRM was introduced in D2.3 by evaluating the requirements elicited in D2.1 andD2.2. An initial evaluation of the CRM was also conducted in D2.3 by evaluating thepertinentstandards,bestpracticesandalsofourrepresentativeusecasesfromrealCSPs.
5.2.19. Use case 19: CSP providing data portability vendor Lock-in of SaaSapplications....................................................................................................................58
5.2.22. Use case 22: SMEmigrating to IaaSwith several duration periods in theagreement......................................................................................................................63
Table1.CRMGroups..............................................................................................................17Table2.GroupsandelementsoftheCRM............................................................................18Table3.StandardsandbestpracticesrelevantforvalidatingtheCRM................................24Table4.CRMcoverageofrelevantstandardsandbestpractices.........................................26Table5.UseCaseTemplate...................................................................................................31Table6.Usecase1:Fintech...................................................................................................32Table7.Usecase2:EstonianGovernmentalCloud...............................................................34Table8.Usecase3:ConsultLess,SMEforusingSaaS............................................................36Table9.Usecase4:SMEmigratingfromoneSaaSCSPtotheother....................................37Table10.Usecase5:CloudBrokering:CloudChargebackandShowback............................39Table11.Usecase6:DistributionofSMETrainingMaterialtoMobileEmployees..............40Table12.Usecase7:EasyAgriSelling,SMEusingIaaS/PaaS..................................................41Table13.Usecase8:VideoStorageandstreamingfromtheCloud.....................................43Table14.Usecase9:Cloud-basedDevelopmentandTesting...............................................45Table15.Usecase10:LogisticsandProjectManagementintheloud.................................46Table16.Usecase11:LocalGovernmentServicesinaHybridCloud...................................47Table17.Usecase12:PayrollprocessingintheCloud..........................................................48Table18.Usecase13:CSPspecifyingcarve-outsinitscloudserviceterms.........................49Table19.Usecase14:CSPchangingSLAatoperationtime..................................................51Table20.Usecase15:CSPprovidingservicesunderdifferentregulations...........................52Table21.Usecase16:CSPprovidingdataservicesforthehealthsector.............................54Table22.Usecase17:ASMEterminatingacontractwithaCSP..........................................56Table23.Usecase18:CSPmigratingdatabetweendifferentjurisdictions..........................57Table24.Usecase19:CSPprovidingdataportabilityvendorLock-inofSaaSapplications..59Table25.Usecase20:SMElookingforInformationSecurityIncidentManagement...........60Table26.Usecase21:CSPallowingdataaccessforlawenforcement.................................62Table 27. Use case 22: SME migrating to IaaS with several duration periods in theagreement..............................................................................................................................64Table28.Usecase23:SMEsettingupitsownhybridcloudecosystem...............................65Table29.CRM-UseCasesCoverage(part1)........................................................................68Table30.CRM-UseCasesCoverage(part2)........................................................................71Table31.CRM-UseCasesCoverage(part3)........................................................................74Table32.Classificationoftheusecaseoftheexample1......................................................88Table33.Classificationoftheusecaseoftheexample2......................................................89Table34.AnswersofthesurveyedCSPs................................................................................98Table35.Answersoftheself-assessedCSPs.......................................................................100
Figure1.DevelopingandvalidatingtheSLA-ReadyCRM......................................................12Figure2.D2.3withinSLA-Ready............................................................................................13Figure3.CRMinceptionandinitialvalidationinD2.3...........................................................14Figure4.FinalCRMandextendedvalidationinD2.4............................................................15Figure5.Requirementselicitation.........................................................................................16Figure6.Groupedrequirements............................................................................................17Figure7.CRMhierarchicalspecification................................................................................21Figure8.ComponentsoftheSLO&MetricselementoftheCRM.........................................22Figure9.RecommendationprocessbasedontheCRMandusecases.................................79Figure10.Exampleofclusteringrepresentation...................................................................81Figure11.DBSCANapproach.................................................................................................82Figure12.Clusteringprocess.................................................................................................83Figure13.Exampleofrepresentativevectorforclusters......................................................84Figure14.ClustersdiscoveredfortheSLA-Readysamples....................................................85Figure15.ClustersandrepresentativesamplesfortheSLA-Readysamples.........................85Figure16.Exampleofrecommendationbasedondistancesbetweensamples...................87Figure17.Recommendationresultsfortheusecaseanalysedinexample1........................88Figure18.Recommendationresultsfortheusecaseanalysedinexample2........................90Figure19.ComputingtheSLA-ReadinessIndex.....................................................................91Figure20.ACSPentryonCSASTAR-AdditionalInfo............................................................93Figure21.StagescomprisingthequantitativeSLAassessment.............................................95Figure22.SLAhierarchycombiningtheCSACCMandtheISO/IEC19086............................95Figure 23. Evaluation done to get the readiness index at different levels in the CRMhierarchy................................................................................................................................97Figure24.ComparisonofsurveyedCSPs:readinessindexglobalscore................................99Figure25.ComparisonofsurveyedCSPsatgrouplevel......................................................100Figure26.Comparisonofself-assessedCSPs:readinessindexgiventheglobalscore........102Figure27.Comparisonofself-assessedCSPsatthegrouplevel..........................................103Figure28.Comparisonofself-assessedCSPsatthe"SLO&Metrics"grouplevel...............103
Deliverabletitle A Common Reference Model to describe, promoteandsupporttheuptakeofSLAs–Finalreport
DeliverableNature Report
Deliverabledisseminationlevel
Public
Contractualdelivery Dec2016
Actualdeliverydate Dec2016
Author(s) RubénTrapero,NeerajSuri,TUDA
Contributor(s) Arthur van derWees, Arthur’s Legal;Marina BregouCSA
Task(s) contributing tothedeliverable
Task 2.3 – SLA challenges and requirements in cloudlandscape
Targetaudience(s) Projectpartners,membersoftheSLA-ReadyAdvisoryBoard and other external experts, EuropeanCommission,projectreviewers
Totalnumberofpages 141
Disclaimer
SLA-Ready has received funding under Horizon 2020, ICT-07-2014: Advanced CloudInfrastructures and Services. The information contained in this document is theresponsibilityofSLA-ReadyanddoesnotreflecttheviewsoftheEuropeanCommission.
Class of data objects, specific to the operation of the cloud service,underthecontrolofthecloudserviceprovider.Cloudserviceproviderdata includes but is not limited to resource configuration andutilization information, cloud service specific virtualmachine, storageand network resource allocations, overall data centre configurationandutilization,physicalandvirtual resource failure rates,operationalcostsandsoon
Thecapabilityofacloudserviceprovidertosupportthecloudservicecustomer in facilitating exercise of data subjects’ rights.�Note: Datasubjects’rightsincludewithoutlimitationaccess,rectification,erasureofthedatasubjects’personaldata.Theyalsoincludetheobjectiontoprocessing of the personal data when it is not carried out incompliancewiththeapplicablelegalrequirements
Dataprotection The employment of technical, organisational and legal measures inorder to achieve the goals of data security (confidentiality, integrityand availability), transparency, intervenability and portability, aswellascompliancewiththerelevantlegalframework
Datasubject An identified or identifiable natural person, being an identifiablepersonisonewhocanbeidentified,directlyorindirectly,inparticularby reference to an identification number or to one or more factorsspecific to his physical, physiological, mental, economic, cultural orsocialidentity
Disaster
recovery
Ability of the ICT elements of an organization to support its criticalbusiness functions to an acceptable level within a predeterminedperiodoftimefollowingadisruption
Failure
notification
policy
Specifiestheprocessbywhichcloudservicecustomerscannotifythecloud service provider that a service outage has been observed, theprocess by which the cloud service provider notifies cloud servicecustomers that a service outage has occurred, the process forprovidingupdates on serviceoutages,who receives notifications andupdates,themaximumtimebetweenthedetectionofaserviceoutageand the issuance of a notice of service outage, the maximum timeinterval between service outage updates and how service outageupdatesaredescribed
A legal document that is the overarching part relating to the cloudservice,whichdescribes the terms agreedbetween theprovider andthe customer under which the cloud service is made available andused. The MSA has a number of synonyms such as "CustomerAgreement", "Terms of Service" or simply "Agreement". The MSAreferences a number of subsidiary parts, such as the cloud SLA,SecurityandPrivacyPolicies,theAcceptableUserPolicy,theBusinessContinuityPolicyandtheServiceDescription.
('data subject'); an identifiable person is one who can be identified,directly or indirectly, in particular by reference to an identificationnumberortooneormorefactorsspecifictohisphysical,physiological,mental,economic,culturalorsocialidentity
Personally
Identifiable
Information
(PII)
Any information about an individual maintained by an agency,including (1)any information thatcanbeused todistinguishor traceanindividual’sidentity,suchasname,socialsecuritynumber,dateandplace of birth,mother’smaiden name, or biometric records; and (2)anyotherinformationthatislinkedorlinkabletoanindividual,suchasmedical,educational,financial,andemploymentinformation
1. IntroductionThisdeliverable validates the final versionof the SLA-ReadyCommonReferenceModel(CRM), an integrated set of SLA components (i.e., attributes and SLOs), including theguidelines/state of practice and standard terminology. A high-level viewof theprocessfollowedtodevelopandvalidatetheCRMisillustratedinFigure1.
Taking as a starting point the initial version of the CRM from deliverable D2.3, thisdeliverable consolidates the elements of the CRM and further validate it (beyond theinitialvalidationdoneinD2.3)withthelateststateofpracticeandrelevantstandardsandwithmoresector-specificusecases.
1.1. PositioningD2.4withinSLA-ReadyThisdeliverable (D2.4), is the final iteration for the creationof theCommonReferenceModel (CRM) todefine cloudSLAs.D2.4buildsuponD2.3 thatprovidedan initial CRMalongwithaninitialvalidationoftheCRM,whichissubsequentlyusedinD2.4toconductacomprehensivevalidationwithrespecttothecurrentmarketstatus.
Figure2showstherelationshipbetweenD2.4andtherestoftheWP2deliverables.TheCRM was created with the inputs received from: (i) WP3 (International cooperation,consensus and standardisation), (ii) the analysis of the state of practice carried out inD2.2,and(iii)thefeedbackreceivedfromtheSLA-Ready’sAdvisoryBoard.
2. ImprovingthevalidationoftheCRMThissectionpresentstheapproachfollowedinD2.4toconsolidateandvalidatetheCRM.Figure3representstheinitialprocessdevelopedinD2.3tovalidatetheCRM.InD2.3theprocess startedbyconductinga two-stepanalysis.First, theCRMwascompared to thedefinitionsandmodelsproposedbythestandardizationcommunityandworkinggroups.More specifically, the analysis was done with respect to five references, namely (a)ISO/IEC 19086, (b) the cloud SLA checklist from the European Union, (c) the CloudStandardsConsumerCouncil,(d)theC-SIGSLAguidelinesand(e)ETSI.
Figure3.CRMinceptionandinitialvalidationinD2.3
Secondly,theCRMwascomparedwithrespecttofourrepresentativeusecasesobtainedfrom the targeteddomainsof financial sector, public sector, and fromSMEs. Thebasicpurpose of this comparisonwas to ensure the broad relevance of the elements of theCRMacrossthediverseusecasebeinganalysed.
Another result obtained from the initial validation of the CRM in D2.3 was a generaloverviewofthetechniquestoevaluatethereadinessoftheCRM,includingalsotheinitialinsightsoftheSLAmarketplacealongwithD4.2.D2.4comprehensivelyextendsthiswithadditionalvalidationactions.
Figure4depictstheoverallprocessfollowedinD2.4.Inordertoimprovetheanalysisofthe CRM, D2.4 reports an extended evaluation of the CRM based on the analysis ofmultipleusecasescoveringinterdisciplinaryareas.TheCRMhasalsobeenupdatedwithrespecttothelatestdevelopmentsinongoingstandardsandworkinggroups.
identifyingthemostrepresentativeusecasesdomains.ThesedomainsareusedtoprovidewiththerecommendationofthemostimportantelementsoftheCRMfornewbusinesscases.Theprocess(asdescribedinSection6)classifiesnewbusinesscasesintodistinctcategories.Foreachcategory,therecommendationmethodologyinforms about the relevance of every element of the CRM. This information isadaptedtothecharacteristicsofthebusinesscasebeingstudied.
• The evaluation of the readiness index of the CRM. The security assessmenttechniquesintroducedinD2.3hasallowedustocomparedifferentrealworldCSPsaccordingtotheirofferedSLAandbasedontheCRM.TheresultscanbeorganizedinarankingthatprovidesCSPswithbothfeedbackandrecommendations.
D2.2conductedacomprehensiveanalysisoffoursignificantdomainsinordertoidentifythe common characteristics of the cloud service provisioning. Figure 5 represents theanalyseddomainsandalsohighlightsthevariedperspectives(i.e.,economic,sociologicalandlegalandgovernance)thatwereconsideredintheanalysisbyconsideringcustomersand stakeholders associated to the SLA-Ready partners. The technical perspectiveanalysedbothresearchprojects(ongoingandfinished)andthepertinentstandards.
Figure5.Requirementselicitation
The result of this analysis derives a list of requirements that represent the expectedinformation to be included in an SLA.We have used these requirements to transcendfromtheinformation“expected”inanSLAtoderivingtheproposedspecificelementsoftheCommonReferenceModel.
The process, to identify the elements of the CRM, starts by grouping the list ofrequirements elicited in D2.2. This identification process results into four initialrequirementsgroupsasdepictedinFigure6:
• The technical SLOs group the requirements related to the definition of technicalaspectsoftheserviceprovisioning.
Figure6.Groupedrequirements
ThisinitialsetofgroupshasbeenusedtofinetunethespecificationoftheelementsthatcomprisestheCRM.Overall,theSLA-ReadyCommonReferenceModelincludescommonvocabularies,SLOmetrics/measurements,bestpractices,recommendationsandstandardtemplates that can be used to define SLAs for different use cases and applicablecertifications.
Inorder to facilitate theapplicabilityof theCRMand to increase thegranularityof theanalyses that will be done using it, we have split these fourmain groups into severalsubgroups. This allows us to better adjust the elements of the CRM thatwill fulfil therequirementsidentifiedinD2.2.Furthermore,wehaveusedtherecommendationsfromtheISO/IEC19086toidentifythesegroups.Table1describesthe8groupsoftheCRM.
Changes Describe features related toeventualmodifications carriedout in theSLAand themanagementassociatedtothosechanges
Reporting Describe the features related to the communications that theCSP transmit to thecustomerswithrespecttotheSLAmanaged
SLO&Metrics Describe the features related to the technical elements of the SLA and itscorrespondingcomponents.
Eachidentifiedgroupwillcontainoneormoreelementswheretheseelementshavebeenextracted from the CRM requirements. Some of requirements can be directlyextrapolated from the CRM requirements while the other more implicit requirementshavebeendividedintomorethanoneelementasdepictedinTable2.
Table2categorizestheelementsidentifiedineachgroup.Asalreadypointedout,someCRMrequirementsdirectlymaptothesamegroup.Others,suchas"Choiceoflaw"havebeenmoved to the general group, as it describes the scopeof applicabilityof the SLA,whichrepresentsageneralaspect.
Table2.GroupsandelementsoftheCRM
Group NameofCRMelement Description
General SLAURL NeededforSMEstoeasilyreferencetheSLA.
Findable This element represents the difficulty to find the SLAontheCSP´swebsite.
Freshness Revisiondate The revision date might be important for theuser/customerthatalreadycreatedSLAsbeforewithaCSP toeasily identify that theremaybe changes thatneedtobereviewed.
UpdateFrequency MostoftheCSPswillonlyupdatetheSLAwhenanewfunctionalityorway touse the services areprovided.For public SLA, CSP’s will avoid to have to managemultipleapplicableSLA. Inmostof thecases, the lastoneistheoneapplicableforallservicetransactions.Inmany cases, SLA updates are related to the monthlybillingprocess(anewSLAstartswithanewmonthandanewwaytocalculatethebill).
The CSP should have a repository with the previousversions/revisionsoftheirSLAs.
SLAduration The common practice is to have a SLA valid until thenext one is released. The CSPwill try to have a validSLAaslongaspossibletoavoidanydisagreementwiththecustomer.
Support Contactdetails Easy to locate contact details benefit SME trying tosolvequestions about the SLAduring the life cycleofthecloudservice.
Contactavailability Helpdesk availabilitymay benefit the SMEperceptionofassuranceontheCSP.
Credits ServiceCredit CreditreferstotheamountofmoneythatusuallytheCSPsparestotheCustomerforusingitsservices(e.g.,pre-payment).AftertheprovidedCredit,theCustomerwillbebilledbytheCSP.Forpubliccloud,thestateofpractice is "pay as you go". For most of CSP, thisfeatureisnotyetimplemented.Forsomeservices,thisfeaturecoulddamagethecustomer(forexample:endofthecredit,endofthecloudserviceanduncertaintyaboutcustomerdataifany).
Servicecreditsassignment
Refers to the stakeholder (CSP or Customer)determiningofthecreditsareprovided.
Maximumservicecredits(Euroamount)providedbytheCSP
Refers to the amount of credits (in Euros) that areprovidedinorderfortheCustomertousetheservicesfromtheCSP.
Changes SLAchangenotifications Thecommonpracticeistonotifyonlychangesthatcanimpact the service provided to the customer. Ascommon practice,minor changeswill not be notifiedto the customer. The number of change notificationsto customer have an impact on the customerperception of quality of the cloud platform, so CSPswillonlynotifymajorchanges.
Unilateralchange ThecommonpracticeistochangetheSLAunilaterally.The terms and conditions of the new SLA inmost ofthe case may have been evaluated through a set of"beta testers" chosen among trusted
Reporting ServiceLevelsreporting Refers to the reporting done by the CSP (eithercontinuous or not) related to the achieved ServiceLevels in a period of time. This is useful for theCustomertocomparewithrespecttotheagreedSLOs.ThecommonpracticeistojointheSLAreportingwiththecustomer'sbill.
ServiceLevelscontinuousreporting
Specifies if the Service Levels reporting is actuallycontinuous.
Feasibilityofspecials&customisations
For IaaSCSP, theCustomer shouldexpect thatall thecustomisationsarefeasibleontheinstalledsoftware.
GeneralCarveouts Describes the potential exclusions of someprovisionsof the SLA, according to some kind of condition orassumption.
SLOs&
Metrics
SpecifiedSLOmetrics IndicateswhetherSLOmetricsareincludedintheSLA.Only few CSP describe the mechanism used tomeasuretheSLAattributes.Mainlybecauseitisnotaneasy task and the customer needs to be matureenough to analyse the rightness of themeasurementmechanism.
GeneralSLOs SLOs related to general aspects of the SLA, such asAvailability.
Therefore,theCRMfollowsahierarchicalstructure(asdepictedinFigure7).ThetoplevelrepresentsthemainCRMGroupsthatorganizetherestoftheelementsoftheCRM.Thecore of the CRM is the CRM Element level that includes the main parts that can bemappedtothedifferentaspectsofSLAs.
The lowest level comprises the CRM Components that could be part of some CRMElements. Currently just the "SLOs & Metrics" group contains elements that includescomponentsatthelowestlevelofthehierarchy.Figure8depictsthe7elementsthatarepart of the "SLO & Metrics" group and the components that are included in everyelement.ThosecomponentsarecompliantwiththeclassificationofSLOsasdescribedinthe ISO/IEC 19086 specification. Two elements of the "SLO & Metrics group" providegeneralinformation:
• The "Specified SLOmetrics" element is used to represent the existence of SLOsandmetrics in thedescriptionof theSLA.Obviously, if theSLAdoesnot specifysuchinformation,therestofthecomponentsofthisgroupwillalsonotappearintheSLA.
• The"General"elementisusedtorepresentwhetherthegeneralelementsoftheISO/IEC 19086 specification are included in the SLA. More specifically, the twocomponentsexpectedunderthiselementare(i)theexistenceofafieldintheSLAtodescribetherolesandresponsibilitiesand(ii)theexistenceofafieldtoexplainthecloudSLAdefinitions.
The rest of the elements of this group represent technical aspects of the SLA (such assecurityorprivacy).Forconsistency,thenamingconventionusedhereinhasbeentakenfromthe ISO/IEC19086specification.Thesecomponentsof theCRMareused tocheckwhetherthosetechnicalaspectsareincludedinSLAs.
• From the industrial perspectives by analysing use cases from representativesectors(suchasfinancial,SMEandpublicsectors).
3.1. SummarytakeawaysSummarytakeaways
• TheCRMisbasedonrequirementsgatheredfromthestudyoffourdifferentdomainsspanning the technical domains (including standardization bodies and researchprojects),theeconomicdomain,plusthesociologicalandlegaldomainsbyanalysingthecurrentstateofpracticeonSLAsintheindustrialsector.
• Thecompiledrequirementsweregroupedaccordingtofourmainareas identified inthestudyoftheaforementioneddomainsas:generalaspectsofSLAs(relatedtothesociological analysis), responsibility related aspects (related to the legal analysis),economicaspects(relatedtotheeconomicanalysis)andtechnicalaspects(relatedtotheanalysisoftheresearchandstandardizationdomains).
• TocreatetheCRM,wehaveevaluatedthecompiledrequirementsandsplitthefourareas identified in the requirements into eight derived groups compliant with thelatestISO/IEC19086specification.
• TheElementsof theCRMhavebeentakeneitherdirectly fromtherequirementsorfrom the current relevant standards, when a directmapping requirement-standardwaspossible.
4. CRMmappingtostandardsandbestpracticesInordertomaximizetheimpactandtofacilitatetheadoptionofthecontributedCRMbythe industrial stakeholders, and in particular by SMEs, it is necessary to ensure itsalignmentwith relevant standards and best practices. This taskwill also benefit SMEs,whoaretypicallynotcloudexperts,andoftenhavevery limitedunderstandingofcloudSLAsandespeciallytheroleofrelevantrelatedstandards/bestpractices.
Consequently, this section starts thealignmentprocessby conductingagapanalysisoftheCRM from the standardisationandbestpracticesperspectivebyusingas input theworkdonebySLA-Ready'sWP3relatedtorelevantstandards/bestpracticesinthisfield.OurgoalistoascertainthedegreeofstandardisationrelatedcoverageoftheCRM,suchthattheSMEsusingithaveassurancethattheprovidedSLAguidanceisalignedwiththerelevant standards and best practices. Furthermore, the results of the gap-analysisperformed in this section can be used by the SLA-Ready marketplace (please refer toWP4) in order to create interactive guides that, based on the SMEs requirements, canrealise both the (i) CRM elements to consider for their own use cases, and (ii) outlinestandards/best practices that could be taken into consideration either as developmentguidelinesorreferences.
4.1. InitiativesbeinganalysedBased on the activities performed by WP3, this section focuses on gap analysing thecontributed CRM with respect to the following relevant set of standards and bestpractices:
The EU SLALOM projectproposed a cloud SLA model,including related best practices,which are also aligned to therelevant ISO/IEC19086 familyofstandards.
EUH2020SLALOMProject
SLALOM Model contract for CloudComputing[23]
This SLALOM deliverabledocuments he legal modelproposedbytheproject,whichisaimed to complement SLALOM’sSLASpecification.
Pleasenotethattheapproachfollowedinthissectionisdesignedtobeeasilyextendable(after the endof SLA-Ready) as new standards andbest practices (also relevant to theCRM)getreleased.
Table 4 summarizes the results of the performed gap analysis. For each analysedstandard/bestpractice,weassessifthecorrespondingCRMelementisbeingreferencedornot.Fromtheperformedanalyses,itmaybenotedthatthecontributedCRMhasthepotentialtoimprovecloudcustomers’understandingrelatedtoSLAs,whileatthesametimeprovidinggoodcoverageoftheelementsincludedintheserelevantstandards/bestpractices.ThemostevidentbenefitoftheCRMwithrespecttosurveyedworksisinthefollowinggroups:General,Freshness,ReadabilityandCredits.Asalreadymentioned,theresults shown in Table 4 were used to structure SLA-Ready’s guidance documentsproduced byWP3 andWP4. The current versions of the ISO/IEC 19086-1/-4 standardsusedfortheCRManalysishavenotbeenchangedsincetheresultsshowninthepreviousdeliverable(D2.3).
identified.Thedistancetoeachrepresentativesample isthencalculated(d1,d2andd3forclusters #1,#2 and#3 respectively).Asd3 is theminimumdistance,wechoose the
representative sample of cluster #3 as the recommendation result.
This company provides IT services for hospitals and is moving towards providing computational resources for research activities required by hospitals. More specifically, this company provides computational resources for processing genetic based information from patients. The new service is designed in such a way that, depending on the workload, the data is moved between different clouds (public or private), in order to maximize efficiency. The service is also based on previous services that the company has moved to the cloud to save costs and increase performance. The company needs to change the service terms provided to their customers. As a result, a new SLA will have to be offered to its customers. In order to deal with the features of the new service this company is asking for a recommendation on the terms of the SLA to which they should pay more attention.
The following is theexampleof company thatwants tomovecriticaloperations to the
cloud:
A company wants to support the activities of a rail transport operator with cloud services (for example for incident response management). The target customer is a critical infrastructure provider (the rail transport operator), thus the cloud service must be reliable and with high availability.
Following the recommendationmethodologydescribed in Section6, thenew service is
analysedaccordingtotherequestedparameters:
• Baseusecase(accordingtoETSICSCclassification).Thetargetoftheserviceistomove the current operations carried by rail transport companies to the cloud.
Therefore, we can initially classify it as AP (moving application to the cloud).
The CSP SLA information collected into the SLA-Repository is structured in a way that
allows for its quantitative reasoning; in particular, we refer to its aggregation into auniquequantitative/qualitativeleveli.e.,theSLA-ReadinessIndex.Atthestateoftheart,
theevaluatedCSPs,CSP1isthebestone,followedbyCSP2andCSP5.Ofcourse,thisisan aggregated evaluation and does notmean that CSP1 is better than the rest of the
AswecanseeCSP1isespeciallygoodinthe"Readability"(RE)andinthe"Changes"(CH)groups. CSP4 provides detailed information about general aspects of the SLA and
especially in what regards to the "Freshness" (FR) group (which is the specification of
theglobalscoreatthehighestleveloftheCRM.Aswecansee,thistimeitisCSP7thatstands out overCSP8 andCSP6 in this order. Far behind them it isCSP9. Again, thisprovides just a global score and does not allow us to know how well or bad these
[3] European Commission, "Standards terms and performance criteria in service levelagreements for cloud computing services", [Online]. Available:https://ec.europa.eu/digital-single-market/en/news/study-report-standards-terms-and-performances-criteria-service-level-agreements-cloud-computing,2015
[4] ETSI,TR.103125V1.1.1:"CLOUD."SLAsforCloudservices(2012).[5] International Organization for Standardization (ISO/IEC), "ISO/IEC 19086, Information
[6] ETSI. "Cloud Standards Coordination. Final Report". 2013. [Online]. Available:http://csc.etsi.org/resources/CSC-Phase-1/CSC-Deliverable-008-Final_Report-V1_0.pdf.2013.
[7] ENISA. "Security Framework for Governmental Clouds". [Online]. Available:https://www.enisa.europa.eu/publications/security-framework-for-governmental-clouds,2015.
[8] Riigi Infosüsteemi Amet. "Estonian Security System Overview". [Online]. Available:https://www.ria.ee/public/ISKE/ISKE_english_2012.pdf.2016
[9] ENISA. "Cloud Security Guide for SMEs". [Online]. Available:https://www.enisa.europa.eu/publications/cloud-security-guide-for-smes,2015.
[10] Ester, Martin, Hans-Peter Kriegel, Jörg Sander, and Xiaowei Xu. "A density-basedalgorithmfordiscoveringclustersinlargespatialdatabaseswithnoise."InKdd,vol.96,no.34,pp.226-231.1996.
[11] MacQueen, James. "Some methods for classification and analysis of multivariateobservations." InProceedings of the fifth Berkeley symposium on mathematicalstatisticsandprobability,vol.1,no.14,pp.281-297.1967.
[13] Wang,Wei, Jiong Yang, and RichardMuntz. "STING: A statistical information gridapproachtospatialdatamining."InVLDB,vol.97,pp.186-195.1997.
[14] Fraley, Chris, and Adrian E. Raftery. "MCLUST: Software for model-based clusteranalysis."JournalofClassification16,no.2:297-306.1999
[15] Tung, Anthony KH, Jiawei Han, Laks VS Lakshmanan, and Raymond T. Ng."Constraint-based clustering in large databases." In International Conference onDatabaseTheory,pp.405-419.SpringerBerlinHeidelberg,2001.
[17] Jolliffe,Ian.Principalcomponentanalysis.JohnWiley&Sons,Ltd,2002.[18] A. Li, X. Yang, S. Kandula, and M. Zhang, "Cloudcmp: Comparing public cloud
providers," IEEE Internet Computing, vol.15, no. 2, pp. 50-53, March/April 2011,doi:10.1109/MIC.2011.36.�
[19] S. K.Garg, S. Versteeg, andR. Buyya, "SMICloud: A framework for comparing andranking cloud services," InUtility and Cloud Computing (UCC), 2011 Fourth IEEEInternationalConferenceon,pp.210-218.IEEE,2011.�
[20] R.Henning, "SecuritySLAs:Quantifiable security for theenterprise?" inProc.ACMWorkshopNewSecurityParadigms,1999,�pp.54–60.���
[22] A. Taha, R. Trapero, J. Luna, and N. Suri, "AHP-based quantitative approach forassessingandcomparingcloudsecurity,"inProc.IEEEConferenceTrust,SecurityPrivacyinComputingCommunications,2014,�pp.284–291.�
[23] J.Luna,R.Langenberg,andN.Suri,"Benchmarkingcloudsecurity levelagreementsusing quantitative policy trees," in Proc. �ACM Cloud Computing Security Workshop,2012,pp.103–112.�
Okeanos is an open-source IaaS cloud software for the deployment ofcloud services. The software is modular, comprising a number ofcomponentsthatcanbedeployedandexploitedindependently.Accesstothe services is through an intuitive user-friendly web interface andcommand line tools. It is currently being tested with beta releaseexpectedinspring2013.Programmatically,itoffersasetofdocumentedproprietaryRESTAPIsandstandardAPIs likeOpenStackCompute(Nova)andOpenStackObjectStorage(swiftcompliant).
It creates a new ecosystem that focuses on the most profitable cloudservicesforsustainabledevelopmentwhileensuringinformationsecurity.The programme has applied the agile development methods of thesoftware industry in collaboration with companies and researchinstitutions.Client-centricapproachesenabletherapidcreationofaddedvalue services and flexible models of operation. The programme alsoproposes a set of "standard contract clauses",which canbeoffered forvoluntary adoption for cloud service providers and customers andcompletedafterriskanalysis.
Develop a ‘blueprint’ for EGI resource centres wishing to securelyfederate and share their local virtualised environments externally withcollaboratorsaspartoftheproductioninfrastructure.Ongoingeffortsarecentredaroundninecorecapabilities requiredofa futureEGI federatedcloud. Implement interoperability across different cloud platforms.The core capabilities are virtual machine management, storage/datamanagement,informationdiscovery,accounting,monitoring,notification,federated authentication& authorisation infrastructure, virtualmachineimage sharing, brokering. The capabilities are currently implemented orbeing tested through resource provider test cases to cover all thenecessaryfunctionalities.EGI'sCloud InfrastructurePlatformisbasedontheuseoftechnicalstandardsdefiningtheinterfacesandexchangepointsbetweentheservicesexposedto thepublic.The followingcloudrelatedstandards are of key importance: OCCI as the universal and extensibleinterface description for the provisioning of virtualised computingresources; CDMI for describing the access interface to generic cloudstorageresources(bothblockandobjectstorageresources)andOVFasadeclarative language for pre-packaged virtual server images andnecessary contextualisation information. Several complementarystandards are used to integratewith EGI's Core Infrastructure Platform:X.509v3-based federated authentication is used for safe and secureidentification for services and end users; the Usage Resource isextensively used to account for resource usage (virtualised computeresources).TheemergingTOSCAlanguageisofinterestforextendingOVFwith a richer deployment language across all cloud deployment levels(IaaS,PaaS,SaaS).
End users access the enterprise applications and data hosted in virtualdesktopswhicharecreatedwithinaDaaSserver.Thesalesstaffalsocanviewcustomerinformationandmarketingrecordsontheenterprisewebsite.The DaaS server interacts with traditional enterprise IT facilities toachievemanycontroltasks,forinstance,authenticationviaADenterpriseserver.
Amobile cloud application can be developed by service partners, or bythecloudprovider,orbythird-partyserviceproviderandcanbestoredinamarketplace.The mobile cloud application sends processing tasks to the cloud andstoresdatainthecloud,andreceivesresultsgeneratedbytheresourcesfromthecloud,includingcomputingresourcesandstoragesources.
Large-scaletelecomoperatorsgeneratealotofinformationinthenormalcourseofrunningtheircommunicationnetworks.TypicaldatacomprisesCall Data Records (CDR) and Internet-surfing data records (IDR). Inaddition, the network also generates various signalling data betweenswitches and nodes. We need all the data to complete the telecomservices and bill customers. At the same time, we also need them toanalyse and predict user behaviour, optimize network QoS, filter spammessages,andsoforth.Becauseofthelimitationsofthecurrentsystem,the parallel data inquiry and mining tool, set on the cloud distributedparallel processing systems could be a better solution and achievemassivescalabilityandhigh-speedprocessing.
CSP-ISB is the contact point for CSU, and there is SLA (SLA0) betweenthem.CSP-ISB integrates services from multiple CSPs, for instance, storageservicefromCSP-1andcomputingservicefromCSP-2.ThereareB2BlevelSLA between CSP-ISB and CSP-1, CSP-2 respectively (SLA1, SLA2).ForCSP-ISB,inordertoguaranteeSLA0forCSU,itneedstomapSLA0toSLA1andSLA2,becauseSLA0isactuallyimplementedbySLA1andSLA2.
CSP
CloudServicePartner
Acquisition Prepare&ProcureService
Contractingguaranteedperformanceregardingdelay
CSP-ISBisthecontactpointforCloudServiceUser(CSU),andthereisSLA(SLA0)betweenthem.CSP-ISBintegratesservicesfrommultipleCSPs,forinstance, storage service fromCSP-1andcomputing service fromCSP-2.ThereareB2BlevelSLAbetweenCSP-ISBandCSP-1,CSP-2
The e-application service provided by City A has been pre-arranged toallow interaction with other provider’s services (e.g., family registrymanagement service in a municipality cloud, passport managementserviceofthenationalgovernment,etc.)bynegotiatingthemethodsforcoordinatingIDinformationandsecuritymeasures.A citizen in City A applies for his or her passport using the relevant e-application service providedby themunicipality A.Whenhe or she hasenteredrequiredinformation,suchashisorheridentityinformation,theinput data is transferred to other cloud system’s services (e.g., familyregistry management service, passport management service, etc.) toauthenticate, sharing user ID information entered for application, theninformation acquisition and inquiry take place. The results of theinteractedservicesareprovidedtotheconsumer.Thus,theconsumercanreceiveaone-stopservice,whichenhanceshis/herconvenience.
Whenaconsumerwantstousesservicesprovidedbycloudsystems,heorsheneedstocomparehisorherqualityrequirementsfortheserviceswith the SLAs ofmultiple providers, and to select themost appropriateprovider.Forthispurpose,theconsumerprovidesBrokerAwithinformationabouthis or her quality requirements for services. By receiving informationprovidedbyBrokerA,thatProviderBprovidesanSLAthatbestmeetsthequality requirementsof consumer, consumer canuse serviceswithbestfit to his or her quality requirement. The consumer selects a cloudprovider included in the provider list provided by broker, and contractswithProviderB.
Apotentialconsumerofacloud-basedservicerequestsadministrationofacontract.Administration is distinguished from changing a service becauseadministrationdoesnotaffectthetechnicaldeliveryofaservice.Usually,contract administration involves actions like adding new users orchanging user passwords that are associatedwith an umbrella contract(usuallycalledthe"relationship"),notacontractforaspecificservice.
Acquisition Prepare&ProcureService AddSubscriberThe consumer enters into a business relationship with the provider toenableittouseanagreedtosetacloudservice.
Customersanddevelopers shopacrosshostedorpublic cloud searchingfor services offering adequate price and the desired level of non-functional properties like performance, security, availability, expressedviaServiceLevelAgreements(SLAs)/certificates.
A global insurance company named "ABC" uses manuals and videos toteachthecompany’sagentsandaffiliatesabouttheirnew life insuranceproduct.Thecompanydistributes theeducationalmaterials throughthecompany’s PDAs assigned to every agent considering mobilecharacteristicsof theirwork. Theuse casedescribes technicalprocessesandconsiderationstodistributecompany’seducationalmaterialfornewproduct to their agents. A correct version of thematerial among threedifferent versions shouldbedelivered toagents inaqualifiedVOgroupwithanauditableaccesscontrolmechanismthatenforcesthecompany’ssecuritypolicies.
Customer uses public cloud storage as a service offering to store ever-increasing volumes of data as an alternative to adding to on-premisesstorageinfrastructure
The cloud broker offers cloud service intermediation for services to addvalue-additionandcloudserviceaggregationbringingtwoormorecloudbased services. The Cloud Brokerage use case brings out the followinginnovations/value to the cloudecosystem.A)provide support formulti-cloud deployment B) provide standards-based SLA negotiation andagreementmechanismstoallowthebrokertoperformamatchbetweenthe requirements of the C) Allows the broker to make SP-IP matchesbased on the Trust, risk, eco-efficiency and cost. D) The servicedeploymenttakesintoaccountthelegalboundariesasconstraintsintheservicemanifest. E) The cloud broker provides a framework to providevarietyofvalueaddedservicestotheSP.Sometheexistingvaluedaddedservicesimplementedasasupportfortheserviceincludes,VPNoverlay,IntelligentProtectionsystemandSecuredatastorage.F)Thecloudbrokerallows deployment of service in the non-optimis IP, providinginteroperabilitysupport.
CSC,CSP,CloudServicePartner
Acquisition Prepare&ProcureService goBerlin
The focus of goBerlin is the provisioning of a service marketplacecombiningcommercialservicesandpublicgovernmentalservicestostate-of-the-artapplicationswithpersonalisedSaaSforadministrativematters(e.g. birth, marriage, children). The architecture is a loosely coupledcombination of functional and security related aspects, e.g. accesscontrol,privacy,multi-tenancy. It canbeapplied toother cloudservicesrunninginsimilarcloudinfrastructures,operatedbypublicdatacentres.
Provide a framework for the seamless execution of widely usedbioinformatics tools in theVENUS-C cloud (IaaS,PaaS), easingmigrationacross target platforms (commercial and non-commercial providers).The aim of the VENUS-C user scenario on bioinformatics (TechnicalUniversityofValencia)wastoaddressthechallengesfacedbybiomedicalresearchers in coping with the exponential growth of annotateddatabases and increases in the throughput of sequencing. The overallobjectivewas towrapdifferentprocessing tools (e.g. for alignment andphylogeny) inauser-friendly framework running in thecloud.Migrationacross target platforms is ensured by implementation of standards, e.g.OGF-BES, OCCI, OVF, CDMI. Cost-effectiveness, flexibility and scalabilityovergridinfrastructureshavebeendemonstrated.
Provideaframeworktoexecutefireriskestimationsandfirepropagationmodels,enablingend-useractors(e.g.fire-fighters,emergencycrewsandcivilprotectionauthorities) to run themodels in thecloudusingauser-friendlyweb-basedgraphicaluserinterface.TheaimoftheVENUS-Cuserscenario,Wildfire(UniversityoftheAegean)was toprovidea tool for calculating fire risk indexes (hourlyandover5days) and the expected propagation, usingweather forecasts (includingthe direction of the wind), topography, vegetation and socio-economicparameters. Itusesahybridcloudapproach(MSAzureandOpenNebulaviatheEngineeringGroup)andhasbeentestedandusedbyfire-fightingcrews inGreece,who can respond todifferentworkload situations; e.g.unpredictable and/or predictable bursting of CPU needs during thesummerperiod.
Provide an eIMRT platformwith remote tools to facilitate physicians indefining cancer treatment plans and verification using Monte Carlosimulations.Generateasinglevirtualclusterforeachrequesttomovethecomputingback-endtothecloud,whichensuresindependentprocessingforeachrequest.TheVENUS-Cpilot,CloudERT, is ledbytheCentreofSupercomputingofGalicia (CESGA). It is aimed at improving hospital planning for cancertreatmentwithapilotdeployment inSpain,whichcurrently involves65usersfrom47hospitals.TheeIRMTplatformhasbeenanalysedfromthepointofviewofSaaS,whichmustscaletothousandsofusersandservicerequestseveryday.Itleveragesthecloudtoovercomethelimitationsoflocal clusters,which increase time-to-solutionanddecreaseQoS,andofthegrid,duetotaskgroupingandthemovementoflargefiles.
Provide a framework to calculatemolecular virtual profiles that includeshape/docking characteristics and QSAR biological activity predictions.Theshape/dockingcalculationoffersanembarrassinglyparallelexecutionmodel, and has been parallelised with the use of OpenMP threads.Molplex requires regular access to computer resources to calculate thevirtualprofilesofmolecules.TheaimoftheMolplexpilot(CloudAgainstDiseases) in VENUS-C is to boost the performance of the comany'ssystemsand reduce costsby allocating computing resources asneeded.The virtual profiles are calculated using two techniques: shape/dockingprofileandQSARprofile.Thedeploymentof former is supportedby theBarcelonaSupercomputingCenterviatheCOMPSSinterface,whilepartofthe QSAR application is deployed on Azure using a legacy system fromNewcastle University. Being able to solve a higher number of scientificproblems (virtual profiling) gives the SME better market exposure andopportunities,aswellasincreasestaffproductivity.
Interconnectpublicandprivateplatformvendors fordevelopers tohelpcompare, manage and migrate between vendors by offering an open-sourceaddedvaluefeaturesetforPaaScustomers(developersandSaaSproviders).Cloud4SOA interconnects platforms for added-value capabilities such asmulti-platform management, comparative monitoring and applicationportabilityacrosscollaboratingorcompetingofferings.ItpreparesforthewiderpotentialasthePaaSsegmentofcloudcomputingevolves,pointingtowards concepts such as federation of multiple platforms andmanagement between hybrid use cases of public and private PaaS. ItleveragesexistingPaaSAPIsandbringsaharmonisedlayerandadaptersto support its advanced features. Standardisation focuses on basicmanagement protocols to enable platforms to focus on innovativeconceptsandecosystem-empoweredcapabilities.
•ACSPguarantees its serviceperformance,evenwhenanunexpectedsurgeofaccesstotheservicearises,byusingcloudresourcesprovidedbyotherCSPsonatemporarybasis.•Network connections among interworking CSPs are instantaneouslyestablishedor reconfigured.Then service-relateddata includinguser ID,userdata, andapplicationdata are transferred from theoriginal CSP totheCSPthatisleasingtheresources.•AccessfromCSUsisappropriatelychangedtotheinterworkingCSPssoas to achieve load distribution, and thus mitigate the overload of theoriginalCSP.
•CSPscontinuetheirserviceofferingbytheresourcesleasedfromeachother, even when systems in one CSP are damaged due to naturaldisastersorlarge-scalefailures.• Available resources in other CSPs are autonomously discovered andreservedthroughtheinter-cloudfederation.• The services with a high priority are only recovered if availableresources are not enough to recover all services. In examining theavailabilityof theresourcesgivenfromotherCSPs, theguaranteed levelofqualityoftheresourcesistakenintoaccount.• The services requiring early recovery are recovered using availableresources on a best-effort basis even if their quality requirements arepartlysatisfied.• Network connections among interworking CSPs are instantaneouslyestablished or reconfigured. The lead CSP, which is preconfigured andgovernstherecoveryprocedure,managestherolesofavailableCSPsandinstructsservicecontinuationbasedontheoriginalCSPdata.•AccessfromCSUsisappropriatelydistributedtotheinterworkingCSPsso as to achieve the disaster recovery, and thus mitigate the servicediscontinuity.
• A CSP continues its service offering by the collaboration with otherCSPs,evenwhentheoriginalCSPterminatesitsbusiness.•AvailableresourcesinCSPsotherthantheservice-terminatingCSParediscoveredandreservedinadvance.• Network connections among interworking CSPs are established orreconfigured.Thenservice-relateddata includinguser ID,userdataand,applicationdataaretransferredfromtheoriginalCSPtonewCSPs.•AccessfromCSUsisappropriatelychangedtotheinterworkingCSPssothatthesameserviceiscontinuouslyoffered.•Ifthecapabilities(VMandapplications)attheoriginalCSPmigratetootherCSPs,theCSU,whokeepsthesameuserID,cancontinuouslyaccesstheserviceatthesamelevelofperformancesasbefore.
CSPCloudService
Partner
Operation OperateService-Manage
Markettransactionsviabrokers
•TheCSPwithanISBrole(CSP-ISB)mediatesbetweenCSPsmeetingtheCSU’squality requirementsandprovides the listof selectedCSPs to theCSU.•TheCSP-ISBcoordinatesmultipleservicesofferedbyotherCSPs
Normally,ifthebusinessofProviderAissuspended,theconsumersneedto re-register with similar services that are provided by differentproviders.To avoid a situation above, resources, applications, and consumer’s IDdatafortheservicesprovidedbyProviderAaretransferredtothecloudsystems of Providers B and C in advance. Then, in the situation of thebusiness suspension of Provider A, its consumers can continue to usesimilarservicesprovidedbyProvidersBandC.Thisarrangementcanalsobe applied when a service consumer requests a transfer of his or herservicetoanotherprovider.
CSPCloudService
Partner
Operation OperateService-Manage ContractBilling
A cloud service provider issues an invoice for contracted or consumedservices.
CSPCloudService
Partner
Operation OperateService-Manage
ChangeResourceCapacity
A cloud service consumer adds or changes the capacity or resourcesassociated with a service instance, which is an instance of a servicetemplate. This can include adding or removing whole resources, orexpandingorcontractingresourcelimitsassociatedwiththeservice.
CSPCloudService
Partner
Operation OperateService-Manage Hibernate/Resume
Puts a running application into hibernation. Resume a hibernatingapplication. CSC
Operation OperateService-Manage Stop/Restart
Stop a running application and create a "snapshot". Resume from asnapshot. CSC
The cloud consumerwishes to create a new instanceof a "network". Anetwork isanabstractionofa layer2broadcastdomain.Anytwonodes(machines, volumes,etc.)attached to the samenetworkcanconnect tooneanother.Toconnecttoanodeonanothernetworkaroutemustbecreated between the source network and the destination network. Acommonreasonforcreatingnetworksistoisolatemachinesandvolumesintoprotectedsub-domainsforsecurityandadministrationpurposes.
Sometimesreferredtoasacloudburstscenario,theapplicationnormallyrunningon-premisesorinaprivatecloudneedstoelasticallyrunonotherclouds in the cases of short-term, significant increase in user demandload. Cloud tenants can use both their own private clouds as well ashosted/publiccloudsastheworkloadmayrequire.VMsandapplicationscan migrate between private cloud and public/hosted clouds and canseamlesslybemanagedfromeithersideregardlessoftheirlocation.
CSPCloudService
Partner
Operation OperateService-Manage
Documentreleasetowardsanadministration
An Electronic Document Storage (EDS) is a secure storage for officialdocumentsprovidedasSaaS.Governmental institutionsorotherpartiessuchasemployerscanaccesstheEDStoenterdocuments(suchasofficialnotifications, certificates of salary, rental contracts, insurance policies,etc.) fortheowneroftheEDS,andaccessthosedocuments ifnecessaryto perform an administrative procedure. The use case describes how apublicadministrationrequestsadocumentfromacitizeninthecourseofanadministrativeprocess.
CSC
Operation OperateService-Manage BurstCapacity
Asystemorservicerunsinadefined"source"location,andburstsintoanalternatelocationorcloudenvironmentsuchasasharedorpubliccloud(target) to obtain additional resources to accommodate business peakprocessingrequirements.Requireslicenseflexibility,andsufficientnetworkandsecuritycontrols.
CloudservicecustomermakesuseofpubliccloudIaaSresourcesforsomeworkloads but still has other workloads retained on-premises, with theneedtolinktheon-premisesworkloadsandthepubliccloudworkloads CSC
Within the context of an existing contract, an administrator allocatesresourcesfromthecontractedpool.Theresourcescouldbeofawidevariety,suchasvirtualsystemplatformsor a preconfigured mini data centre that contains virtual systems andvirtualstorage,connectedviaavirtualnetwork.
The cloud user or third party software provider has a local copy of a"machine image" (a snapshot of a stack of softwarewhichmay includeoperating systems, virtual machine runtimes, database servers,applicationservers,applications,etc.)thattheywishtomakeavailablefordeploymentonanIaaScloud.
The cloud consumerwishes to create a new instanceof a "machine" (alogical instance of one or more CPUs connected to local memory and,optionally, local data storage) with software loaded from a machineimage.
The cloud consumer wishes to attach a persistent storage volume to amachine instance.Onceattached, thevolume isaccessiblebyprocessesresident on that machine instance, usually as a local device (e.g./dev/sd2).
The Cloud User wishes to detach a persistent storage volume from amachine instance.Oncedetached,thevolumeisno longeraccessiblebytheprocessesresidentonthatmachine.
The Cloud User wishes to detach a machine from a network. This isusually a step in a higher-level network management process such as"attach this machine to the back-end, database network and detach itfromthedefaultnetwork".
TheCloudUserwishestoattachavolumetoanetwork.Thehigherlevelgoal is to allow this volume to be attached to one or more of themachinesonthetargetnetwork(seeAttachStorageVolumetoMachine).
The cloud consumerwishes todetacha volume fromanetwork. This isusually a step in a higher-level network management process such as"attachthisvolumetotheback-end,databasenetworkanddetachitfromthedefaultnetwork".
A cloud service consumer requests and receives a report about anestablishedservicecontract.
CSCCSP
CloudServicePartner
Operation OperateService-Monitor
MonitorServiceResources
A cloud consumer configures amonitor for a deployed service instanceand resources that support the service instance. Amonitormay collectdata(forexample,resourceconsumption,throughput,responsetimes,oravailability)orestablishanexceptionthreshold.
A servicehasbeenconfiguredand is inoperation.Certain conditionsorruntime operational events have been identified or detected that aresignificantenoughtodemandimmediatenotificationoftheconditionoreventtotheservicecustomer.Anexampleisthedetectionofanintrusionoranunexpectedconfigurationchange.
CSCCSP
CloudServicePartner
Operation OperateService-Monitor
Monitoring&managementofdeployedsoftware
Monitor the health of infrastructure & perform capacity planning forfutureneeds
An organization moves a three-tier application (front-end web server,back-enddatabase, andmiddle-tierbusiness logic) fromanon-premisesdatacentretoacloudinfrastructureproviderthatwillruntheapplicationoff-premises.Platformservicesfordata,identityandaccessareconsideredavailableforsource and target clouds but not addressed in this case.Thisusecaserepresentsthemostcommontypeofweb-basedapplicationdeployedbothinenterprisesandmid-sizedcompanies
CSPCloudService
Partner
Operation OperateService-Migrate
Movethree-tiercloudapplicationtoanothercloud
An organization moves a three-tier application from one cloudinfrastructureprovidertoanother.
Anorganizationmovesoneormoreparts–ortiers–ofanon-premisesapplication to the cloud, in order to separate data storage fromprocessing, for example. This creates a cloud that is a hybrid of bothpublic(off-premises)andprivate(on-premises)clouds.
Anorganizationmovesoneormoreparts–ortiers–ofanon-premisesapplicationtothecloudandchoosestoimplementcloudcomponentsofa hybrid application using platform services available from the cloudplatform provider, such as structured or unstructured cloud storage oridentityandaccesscontrolservices.
Portinganapplication thatusesservicesprovidedby thecloudplatformto another cloud platform implies these requirements: 1) bulkimport/export of customer data, and 2) Semantic cloud applicationmanagementprotocol.
CSPCloudService
Partner
Operation OperateService-Migrate
CaptureAggregateAssembly
Thecloudconsumerwishestocaptureanaggregateassemblyconsistingofzeroormoremachineinstances,zeroormorevolumeinstances,zeroor more network instances, and the attachments/connections betweenthese entities. The artefacts generated by this capture operation (the"assemblypackage")canbeusedtodeploy"acopy"oftheassemblyontothisorsomeothercloud.
CSC
Operation OperateService-Migrate
UploadAggregateAssembly
Thecloudconsumeror thirdpartysoftwareproviderhasa localcopyofanassemblypackagewhichincludeszeroormoremachineimagesalongwithmetadatathatdescribesthemachinesonwhichtheseimagesmustbe deployed, zero or more volume images along with metadata thatdescribesthevolumesonwhichtheseimagesmustbedeployed,zeroormore descriptions of network instances, and a map of theattachments/connectionsbetweentheseentities.TheCloudconsumerorthirdpartysoftwareproviderwishestomakethisassemblyavailablefordeploymentonanIaaScloud.
Thecloudconsumerwishestodeployanaggregateassemblyconsistingofzeroormoremachineinstances,zeroormorevolumeinstances,zeroormore network instances, and the attachments/connections betweenthese entities for the purposes of re-creating the system that wascapturedinIR01.25(CaptureAggregateAssembly).
CSC
Operation OperateService-Migrate
Movethree-tierapplicationfromon-premisestocloud
An organization (customer) moves a three-tier application from an on-premises datacenter to a cloud infrastructure provider thatwill run theapplicationoff-premises.Thedataassociatedwiththeapplicationissensitiveandconfidentialanditisnecessarytoassureitsintegrity.Issues to be considered include:•suitableSLA/certificate,•responsibilityfortheprovisionandapplicationofencryption,•keymanagementprocesses•datavalidation•etc.…
Anorganization(customer)movesoneormoreparts–ortiers–ofanon-premisesapplicationtothecloud,inordertoseparatedatastoragefromprocessing, for example. This creates a cloud that is a hybrid of bothpublic(off-premises)andprivate(on-premises)clouds.
This use case is the same as the use case "Move part of on-premisesapplication to cloud to create 'hybrid' application" with the addedcondition that user ID and access are shared between on-premises andcloud components. This requires a common user ID and access controlmethodology between components based on either on-premisesdirectoryaccessoridentityfederation.
An organization (customer) moves the cloud portions of a hybridapplication from cloud A to cloud B, both of which support commoninfrastructuresandVMpackages.
CSPCloudService
Partner
Operation OperateService-Migrate
Hybridcloudapplicationthatusesplatformservices
This use case is similar to the use case "Move part of on-premisesapplication to cloud to create 'hybrid' application" except the cloudapplication developer in this case chooses to implement cloudcomponentsofahybridapplicationusingplatformservicesavailablefromthe cloud platform provider, such as structured or unstructured cloudstorageoridentityandaccesscontrolservices.
An Electronic Document Storage (EDS) is a secure storage for officialdocumentsprovidedasSaaS.Governmental institutionsorotherpartiessuchasemployerscanaccesstheEDStoenterdocuments(suchasofficialnotifications, certificates of salary, rental contracts, insurance policies,etc.) fortheowneroftheEDS,andaccessthosedocuments ifnecessaryto perform an administrative procedure. To reduce its own operationalcosts,theEDSproviderdecidestoacceptanIaaSofferfromanothercloudprovideranduseitsvirtualizedresourcedtoprovidetheEDSservice.
CSPCloudService
Partner
Operation OperateService-Migrate
DocumentMigration
An Electronic Document Storage (EDS) is a secure storage for officialdocumentsprovidedasSaaS.Governmental institutionsorotherpartiessuchasemployerscanaccesstheEDStoenterdocuments(suchasofficialnotifications, certificates of salary, rental contracts, insurance policies,etc.) fortheowneroftheEDS,andaccessthosedocuments ifnecessaryto perform an administrative procedure. The use case describes how apublicadministrationrequestsadocumentfromacitizeninthecourseofanadministrativeprocess.Theusecasedescribes themigrationprocessofdocumentsfromoneEDS(EDS1)hostedbyEDSspaceproviderAintoanotherone(EDS2)(hostedbyproviderB):
Anorganization(cloudservicecustomer)obtainingacloudservicefromacloud service provider directly or via a cloud service partner (a broker)wouldliketoterminateitscontract.Therecanbemanyreasonsfordoingso, for example the organization would like to changing cloud serviceproviderofpartnerorwantsexiting thecloudandmove toanon-cloudenvironment.Theuse case is focusingon the termsandconditions thatshouldbe inaSLA,andtheenforceabilityofthosetermsandconditionstodoso.
Establishing an independent third party assurance (a regulator) to buildtrust whereby European SME's and other organizations (cloud servicecustomers) will use cloud computing services moreAn independent third party assurance can contribute to building trustwhereby European SME's and other organizations will use cloudcomputing services more. The idea is to establish a kind of active andproactiveescrowservice(aregulatorrole)byathirdpartyinsuchawaythat this party can assure a seamless takeover of the cloud operationsthat provider A executes for a user to cloud provider B. This shouldtherefore includethe(functionalityofthe)software,theusers’dataandthecurrentstateoftransactions.
Does your SLA specify SLOs relatedto aspects like service monitoring,accessibility,availability,terminationof service, applicable certifications,andgovernance?
0=n/aorNo,1=Yes
CloudServicePerformanceSLOs
Does your SLA specify SLOs relatedto aspects like response time,capacity,andelasticity?
0=n/aorNo,1=Yes
ServiceReliabilitySLOs
Does your SLA specify SLOs relatedto aspects like service resilience,disaster recovery, and customer’sdatabackup/restore?
0=n/aorNo,1=Yes
DataManagementSLOs
Does your SLA specify SLOs relatedto aspects like IPR, CSC/CSP data,derived data, account data,portability, datadeletion/location/examination, andlaw enforcement access to CSCdata?
0=n/aorNo,1=Yes
SecuritySLOs
Does your SLA specify SLOs relatedto aspects like cryptography,physical/operational/communicationsecurity, incident management,compliance, and businesscontinuity?
Does your SLA specify SLOs relatedto aspects like consent and choice,limitation, accountability, PIIcollection/use/retention/disclosurelimitation,andprivacycompliance?
b) Whichindustrialsectorisyourmaincloudservicecustomer?[]SmallandMedium-sizedEnterprise(SME,privatesector)
[]Non-SME(privatesector)
[]Publicsector
c) Whichmarketverticalbestdescribesyourcloudservicecustomerbase?(Pleasetickjustoneanswer)
14Pleaserefertohttp://www.sla-ready.eu/
15CRMfollowsa3-levelhierarchicalstructure:thetoplevelcontainseight(8)groups,organizethirty(30)elements that include the main notions that can be mapped to the different aspects of cloud SLAs.
d) Howwellthefollowinghigh-levelusecases16describetheinterestsofyourcloudservicecustomers?(Pleaserankfrom1(better)to5(worst))[ ]ApplicationonaCloud.AnEnterprisedevelopsanApponaCloudService for
theirendusers.
[ ] Cloud bursting. Describes the scenario where workloads are migrated on-
demandtoapublicCSPasneededbythecloudcustomer.
[ ] Processing sensitive data. An enterprise wants to use an online cloud
application (SaaS) to process sensitive data, including Personally Identifiable