architectural requirements for cloud computing systems: an ... · capgemini, bessenveldstraat 19,...
TRANSCRIPT
J Grid Computing (2011) 9:3–26DOI 10.1007/s10723-010-9171-y
Architectural Requirements for Cloud ComputingSystems: An Enterprise Cloud Approach
Bhaskar Prasad Rimal · Admela Jukan ·Dimitrios Katsaros · Yves Goeleven
Received: 9 March 2010 / Accepted: 26 October 2010 / Published online: 7 December 2010© Springer Science+Business Media B.V. 2010
Abstract Cloud Computing is a model of servicedelivery and access where dynamically scalableand virtualized resources are provided as a serviceover the Internet. This model creates a new hori-zon of opportunity for enterprises. It introducesnew operating and business models that allowcustomers to pay for the resources they effectivelyuse, instead of making heavy upfront investments.The biggest challenge in Cloud Computing is thelack of a de facto standard or single architec-tural method, which can meet the requirementsof an enterprise cloud approach. In this paper, we
B. P. Rimal (B) · A. JukanInstitute of Computer and Network Engineering,Technische Universität Carolo-Wilhelmina zuBraunschweig, Hans-Sommer-Straße 66,38106 Braunschweig, Germanye-mail: [email protected]
A. Jukane-mail: [email protected]
D. KatsarosDepartment of Computer and CommunicationEngineering, University of Thessaly,Volos 38221, Hellas, Greecee-mail: [email protected]
Y. GoelevenCapGemini, Bessenveldstraat 19,1831 Diegem, Belgiume-mail: [email protected]
explore the architectural features of Cloud Com-puting and classify them according to the require-ments of end-users, enterprises that use the cloudas a platform, and cloud providers themselves.We show that several architectural features willplay a major role in the adoption of the CloudComputing paradigm as a mainstream commodityin the enterprise world. This paper also provideskey guidelines to software architects and CloudComputing application developers for creating fu-ture architectures.
Keywords Architecture · Cloud Computing ·Grid Computing · Requirements · On-demand
1 Introduction
The overarching goal of Cloud Computing is toprovide on-demand computing services with highreliability, scalability, and availability in distrib-uted environments. Despite this common goal,Cloud Computing [9] has been described in manydifferent ways [2, 73] and no standard definitionhas been adopted until now. Two examples fol-low. Cisco Systems [41] defined Cloud Computingas, IT resources and services that are abstractedfrom the underlying infrastructure and provided“on-demand” and “at scale” in a multitenantenvironment.” Recently, the Information Tech-nology Laboratory at the National Institute of
4 B.P. Rimal et al.
Fig. 1 Cloud computing: everything is a service model
Standards and Technology (NIST) [52] has posteda working definition of cloud computing: “CloudComputing is a model for enabling ubiquitous,convenient, on-demand network access to a sharedpool of conf igurable computing resources (e.g.,networks, servers, storage, applications, and ser-vices) that can be rapidly provisioned and re-leased with minimal management ef fort or serviceprovider interaction. This cloud model promotesavailability and is composed of f ive essential char-acteristics (Rapid Elasticity, Measured Service, On-Demand Self-Service, Ubiquitous Network Access,Location-Independent Resource Pooling), threedelivery models (Software as a Service, Platform asa Service, and Infrastructure as a Service), and fourdeployment models (Public Cloud, Private Cloud,Community Cloud and Hybrid Cloud).”
Conceptually, in Cloud Computing everythingis assumed as a service (XaaS) [33], such as TaaS(Testing as a Service), SaaS (Software as a Ser-
vice), PaaS (Platform as a Service), HaaS (Hard-ware as a Service). This is illustrated in Fig. 1. Tothis end, a large number of cloud service providersand middleware suits have emerged, each pro-viding different Cloud Computing services. Theseproviders include Amazon EC2,1 Google AppEngine (GAE),2 SalesForce.com (SFDC),3 Mi-crosoft Azure,4 IBM Blue Cloud,5 3Tera,6 toname a few. As we will discuss throughout thepaper, the major challenge of the current CloudComputing evolution, with multiple offerings and
1Amazon EC2, http://www.amazon.com/ec2/.2Google App Engine, http://code.google.com/appengine/.3SalesForce.com, http://www.salesforce.com/.4Microsoft Azure, http://www.microsoft.com/windowsazure/.5IBM Blue Cloud, http://www.ibm.com/ibm/cloud/.63Tera, http://www.3tera.com/.
Architectural Requirements for Cloud Computing Systems 5
providers, is the lack of standardized APIs andusage model.
It is important to note that the concept ofCloud Computing is not new, but it representsthe next evolutionary step of several initiativescarried out in the last few years, including Dis-tributed Computing [31], Grid Computing [27],Utility Computing [61], Virtualization [4], andServer Clusters [30]. Examples of such efforts in-clude the seminal work on Grid virtualization byFigueiredo et al. [23], lease-oriented mechanismfor Grid system virtualization by Shirako [39], Au-tonomic Clouds on the Grid by Murphy et al. [54].Other related work focuses on Dynamic VirtualClustering [20], Violin [25], Virtual Workspaces[45], Virtual Cluster [28], In-VIGO [1], Grid andCloud integration for next generation network[60] and Virtual Organization Clusters [53]. Inparticular, Cloud Computing is considered thebusiness-oriented evolution of Grid Computing,which was focused on research and collaboration[29]. In addition, Cloud Computing provides aparadigm shift of business and IT infrastructure,where computing power, data storage and servicesare outsourced to third-parties and made availableas commodities to enterprises and customers. Thebasic differences between Cloud Computing andGrid Computing are shown in Table 1.
In this paper, we would like to considerimportant architectural requirements for CloudComputing systems from the point of view ofenterprise users, such as infrastructure, storage,scalability, compliance and security. These consid-erations provide a guideline for creating architec-tural mechanism that will be helpful for softwarearchitects and developers while designing Cloud-based applications. The specific contributions inthis paper are as follows:
• Delineation of motivation and issues andchallenges specific to enterprise CloudComputing.
• Classification of three layered architecturalrequirements for Cloud Computing, includingprovider requirements, enterprise requirementsand user requirements.
• Discussion and a “vertical” analysis of therequirements common to all three layers.
The rest of this paper is organized as follows.Section 2 describes the architectural requirementsof Cloud Computing systems within the threecategories. Section 3 describes the discussion anda comparative analysis of the common require-ments with partial mapping of requirements andfinally, we conclude the paper with a summary inSection 4.
Table 1 Differences between Grid and Cloud
Parameters Grid Computing Cloud Computing
Focus Predominantly on science, research, On business and web-based applicationsand collaboration purposes
Resource pattern Collaborative use of heterogeneous Mostly the behavior of resource units are homo-resources such as hardware/software geneous and virtualized (e.g., Google andconfigurations, access interfaces and Amazon, in general contain homogeneousmanagement policies resources, operated under central control)
Management Decentralized management systems, Clouds operate as the centralized managementwhich spans across geographically systems from the viewpoint of users withdistributed sites a single access point
Business model There is no fundamental business Pay-per-use/pay-as-you-go business model is amodel for Grid de-facto assumption for cloud services
Interoperability Grid technology deals with the Still vendor lock-in and integration probleminteroperability between providers
Middleware There are many middleware such as There are many middleware such as GlobusUnicorea, gLiteb etc. but Globus Nimbus [44], Open Nebula [64, 65],middleware [26] is a de-facto standard Eucalyptus [55] etc but no single
de facto standardaUnicore project, http://www.unicore.org/bgLite, http://glite.web.cern.ch/glite/
6 B.P. Rimal et al.
2 Architectural Requirements for CloudComputing Systems
Many Cloud Computing systems are availablefrom industry as well as academia. Despite sig-nificant advances, there are several open issueswith cloud such as security, availability, scalabil-ity, interoperability, service level agreement, datamigration, data governance, trusty pyramid, user-centric privacy, transparency, political and legalissues, business service management etc. The ma-jor challenges for the Cloud Computing paradigm,however, will be the standardized API and usagemodel. As of today, there is no general designguideline that architects and developers can fol-low for Cloud-based applications. As discussed in
[5, 14], defining a standard and scalable architec-ture will be pivotal to the success of Cloud Com-puting, as it will serve as a means of coordinationand communication between the service providersand end users. These issues can be addressed byproper design of Cloud Computing architecture.To this end, it is important to start deriving gen-eral architectural requirements as the first step to-wards the future architecture of the cloud systems.
The architectural requirements are classifiedaccording to the requirements of cloud providers,the enterprises that use the cloud, and end-users.A three-layered classification of architectural re-quirements of cloud systems is illustrated in Fig. 2.As it can be seen from this figure, from the ser-vice provider’s perspective, highly efficient service
Fig. 2 Three layered architectural requirements
Architectural Requirements for Cloud Computing Systems 7
architecture to support infrastructure and servicesis needed in order to provide virtualized and dy-namic services. A well-organized and secured datamanagement and storage mechanism is herewithrequired along with an attractive cost model.
From the enterprise’s perspective in the firstplace, a QoS-enabled, secure and scalable systemis needed. The enterprises should have a capabil-ity of providing their business management ser-vices with internal/external interoperable mecha-nism which can be easily deployed within differentcloud models. Finally, from the user’s perspective,the basic requirement is a simplified interfacewith adaptability and self-learning capability thatshould address transparent pricing, metering andservice level agreements (SLAs). A user-centricprivacy, encryption/decryption will increase thestability and usability of the cloud services.
There is a correlation between those require-ments. For example, if the cloud service providersare not fully aware on the issues of transparencyfor billing and data governance, there will alwaysbe concerns about trust. How user trusts the cloudservice provider’s services, depends on the levelof assurance they are given. In a similar fashion, ifthere are data security issues in the cloud services,large corporate firms will not host their applica-tions/data in the cloud. In addition, the aspectsof security, compliance, reliability, migration, andSLAs are directly associated with the performanceof cloud services. Those requirements will playa vital role in the enterprises to develop theirbusiness strategies over the cloud.
In the following subsections, we provide moredetails on the requirements related to each ofthe layers presented here, i.e., provider, enterpriseand user.
2.1 Provider Requirements
According to J. Dean and S. Ghemawat [18],Google currently processes over 20 terabytes ofraw web data per day. This shows the com-putational volume and complexity that a cloudprovider has to deal with. For example, this kindof load typically increases the complexity of thearchitecture and thus the cost of operating acloud provider system. To try and reduce the
load, cloud service providers could for exampleutilize price discrimination based on several keyfactors such as usage patterns, bandwidth, andservice level. This section describes the require-ments of provider service delivery model require-ments, service-centric issues, data management,storage and processing, fault-tolerance, virtualiza-tion management, and load balancing.
2.1.1 Provider Service Delivery Model
The provider service delivery model can be clas-sified according to the services that they offer.Basically, in cloud systems three service deliverymodels can be considered such as Software as aService (SaaS), Platform as a Service (PaaS), andInfrastructure as a Service (IaaS). These servicesare usually exposed as industry standard inter-faces, such as web services, service oriented ar-chitecture (SOA) [68] or REpresentational StateTransfer (REST) [22] services or any proprietaryservices.
Software-as-a-Service (SaaS) Software as a Ser-vice (or application as a service) is a multi-tenantplatform. It uses common resources and a sin-gle instance of both the object code of an ap-plication as well as the underlying database tosupport multiple customers simultaneously. SaaS[13, 63, 72] commonly referred to as the Appli-cation Service Provider (ASP) model, is heraldedby many as the new wave in application soft-ware distribution. Examples of the key providersare the Salesforce Customer Relationships Man-agement (CRM) system, NetSuite, and GoogleOffice Productivity application. The major con-siderations in SaaS are the integration require-ments with other applications. Another criticalcomponent is the composition of different types oftechnology like J2EE, .Net, Hibernate, Spring,Scalable Infrastructure and Services. At the appli-cation level, the important aspects of scalability,performance, multi-tenancy, configurability andfault-tolerance are primary considerations for thearchitect.
Platform-as-a-Service (PaaS) The idea behindPaaS is to provide developers with a platform
8 B.P. Rimal et al.
including all the systems and environments com-prising the end-to-end life cycle of developing,testing, deploying and hosting of sophisticatedweb applications as a service delivered by a cloudbased platform. Key examples are:
• Integrated-oriented platform, i.e., a platformfor realization of e-business and apps thatprovide a wide range of interaction betweenplatforms, languages in use or users, such asFacebook F8, Salesforge App Exchange.
• Development-oriented platform, i.e., a plat-form that provides an environment for devel-opers to develop, test and deploy their ap-plication easily such as Google App Engine,Bunzee connect, and SF force.com etc.
• Infra-oriented platform, i.e., a platform thatprovides developers a scalable infrastructureand storage such as Amazon EC2, SimpleStorage, Simple DB etc.
Compared with conventional application devel-opment, PaaS can significantly reduce the devel-opment time, and also offers hundreds of readilyavailable services. PaaS provides a solution foroffering multiple applications on the same plat-form thus increasing the economy of scale andreducing complexity.
PaaS is completely reliant on the providerfor complete uptime and operation. There is ahigh possibility of “lock-in” if PaaS needs tooffer proprietary service interfaces or develop-ment languages. Therefore, PaaS providers shouldbe aware these features as well as be capable toredefine the system discovery and services. OpenPlatform as a Service (OPaaS or Open PaaS) [58]is another step in the PaaS evolution. The OPaaSprovides a wide range of facilities to the develop-ers such as any programming language environ-ment, development tools, servers, database etc.
Infrastructure-as-a-Service (IaaS) IaaS is alsosometimes called Hardware as a Service (HaaS).According to Nicholas Carr [10], “the idea of buy-ing IT hardware—or even an entire data center—as a pay-as-you-go subscription service that scalesup or down to meet your needs. But as a result ofrapid advances in hardware virtualization, IT au-tomation, and usage metering and pricing, I thinkthe concept of hardware-as-a-service—let’s call it
HaaS—may at last be ready for prime time...” Thismodel is advantageous to the enterprise users,since they do not need to invest in building andmanaging the IT systems hardware. Aside fromthe higher flexibility, a key benefit of IaaS is theusage-based payment scheme. This allows cus-tomers to pay as they grow. Another importantadvantage is to buy and use the latest technol-ogy. On-demand, self-sustaining or self-healing,multi-tenant, customer segregation are the key re-quirements of IaaS. GoGrid,7 Mosso/Rackspace,8
MSP On Demand,9 masterIT,10 NewServers Inc11
are the pioneer IaaS providers. Dynamicallyconfiguring and managing of network, storageand computing resources in a holistic approach isthe significant challenges. In addition, there aresome critical issues in the architectural strategiesto incorporate IaaS successfully, for instance inanswering the following questions.
• How will the applications behave due to dy-namic infrastructure scaling? Can the usersdesign their application in such a way as tomaximize the scaling advantage?
• How to understand the Cloud workload (e.g.,transactional database, fileserver, web server,application server, batch data processing) todesign successful IaaS?
• How to asses the power consumption and en-vironmental impact?
• How to isolate of service failure within eachtenant?
• How to minimize the response time of elas-tic demand and maximize the throughput ofrequests?
2.1.2 Service-Centric Issues
Cloud Computing as a service needs to respondto the real world requirements of enterprise’s IT
7GoGrid, http://www.gogrid.com/.8Rackspace, http://www.rackspacecloud.com/.9MSP On Demand, http://www.mspondemand.com/.10masterIT, http://master-it.com/index.html.11NewServers, http://www.newservers.com/.
Architectural Requirements for Cloud Computing Systems 9
management. To fulfill the requirements of enter-prise’s IT management, cloud architecture needsto deal with unified service-centric approach. Thecloud services should be:
• Autonomic: Cloud systems/applications shouldbe designed to adapt dynamically to changesin the environment with less human as-sistantship. Autonomic behavior of servicescan be used to improve the quality of services,fault-tolerance and security.
• Self-describing: Self-describing service inter-faces can depict the contained informationand functionality as reusable, and context-independent way. The underlying implemen-tation of a service can be changed simul-taneously without reconfigurations when theservice contract is updated. Every service maybe validated against each potential cloud inruntime before it is deployed. Self-describingservices are advantageous, because they cannotify the client application exactly how theyshould be called and what type of data theywill return.
• Low cost composition of distributed applica-tions as well as it should provide infrastructurefor multi-party interactions and collaboration.
Overall, the service-centric model for CloudComputing needs to include processes related toprovisioning and deployment, service decommis-sioning, and service planning.
2.1.3 Interoperability
Interoperability focuses on the creation of anagreed-upon framework/ontology or open dataformat or open protocols/APIs that enables easymigration and integration of applications and databetween different cloud service providers andalso facilities for the secure information exchangeacross platforms. It is essential requirements forboth service providers and enterprises. For en-terprises, it is important to provide interoperabil-ity between enterprise clouds and cloud serviceproviders. It is about more to its utility as a viableenterprise platform and industry-wise standard.
The issues of interoperability are either to al-low applications to be ported between clouds, orto use multiple cloud infrastructures before crit-
ical business applications are delivered from thecloud. In addition, some issues are relevant in thecontext of enterprises such as mechanism of incre-mentally migration of enterprise applications tocloud platforms, procedure to extend enterprisespolicies and governance to cloud deployments,and design of public clouds to meet enterprisesystems scope etc. Furthermore, interoperabilitymight focus how to integrate entire cloud and gridsystems into each other across service providersand enterprises as well as to investigate the rele-vancy of clouds of grids and grids of clouds.
There are many organizations working in thefield of enterprise cloud interoperability. CloudComputing Interoperability Forum (CCIF) [67]is one of them. In this forums, it is discussedwhether a mechanism like network weather mapis required to monitor the cloud and also whatlevel of user control is needed to allow for inter-operability.
2.1.4 Quality of Service (QoS)
In general, QoS provides the guarantee of per-formance and availability as well as other aspectsof service quality such as security, reliability anddependability etc. QoS requirements are associ-ated with service providers and end-users. SLAsplay a facilitator key role to make agree upon QoSbetween service providers and end-users.
Transparent management systems to monitorresources, storage, network, virtual machine, ser-vice migration, and fault-tolerance are subjectedby QoS. The state of art of QoS concept is exactlysimilar to the Grid Computing paradigm withsome additional issues, such as virtualization of ITand network resources, virtual machine image mi-gration. In the context of cloud service providers,QoS should emphasis on the performance of vir-tualization and monitoring tools.
The question is what the performance require-ments are of applications and services that userplan to utilize from the cloud. In the case of highperformance SLAs, service provider may still notbe able to satisfy the performance levels at all thetime due to inherent network latency of Internet.Since users expectations on QoS will always re-main high, it is important to set the tolerance levelof enterprise business processes.
10 B.P. Rimal et al.
2.1.5 Fault-tolerance
Fault-tolerance enables the systems to continueoperating in the event of the failure of some of itscomponents. In general, fault-tolerance requiresfault isolation to the falling components, andavailability of reversion mode etc. Fault-tolerancesystems are characterized in terms of outages.
Cloud Computing outages are associated withthe platforms. Some of the outages reported inthe past were quite lengthy, see Table 2. For ex-ample, Microsoft Azure had an outage that lasted22 hours in March 13th and 14th, 2008 which wasdeadly. If critical data/corporate business applica-tions are hosted in the cloud and face such prob-lems, perhaps it might be loss of billions of dollars.Thus, cloud reliance can cause significant prob-lems if the control of downtime and outages areremoved from cloud service provider’s control.Table 2 also shows failover records for some ofthe cloud service providers. Every year, thou-sands of websites struggle with unexpected down-time, and hundreds of networks break or haveother issues. Indeed, the major problem for cloudprovider is how to minimize such kind of out-age/failover to provide reliable services.
This table also illustrates the service availabilityand reliability of service providers. If the dura-tion attribute is more, this means less reliabilityand availability of that particular service in the
specified date. For instance, from table it seemsthat FlexiScale and Microsoft Azure are less reli-able and having less availability on that particulardate mention above for that service.
Cloud providers need to detect failure in cloudsystems/applications with proper tools and mecha-nism such as application-specific Self-Healing andSelf-Diagnosis mechanism. Furthermore, induc-tive systems like classification or clustering wouldbe helpful not only for detection of failure but alsoto determine its possible cause.
2.1.6 Data Management, Storage, and Processing
The shift of computer processing, local storagelike RAID storage and software delivery awayfrom the desktop and local servers, across theInternet, and into Cloud Computing facilities,results in limitations as well as new opportuni-ties regarding data management. The data willbe replicated across large geographic distanceswhere its availability and durability is paramountfor cloud service providers. If the data is storedat un-trusted hosts that can create enormousrisks for data privacy. Another characteristic ofclouds is that the computing power is elastic inorder to face the changing conditions. For in-stance, additional computational resources canbe allocated on the fly to handle the increaseddemand.
Table 2 Outages indifferent cloud services
Service and outage Duration Date
1 Microsoft Azure: malfunction 22 h March 13–14, 2008in Windows Azure [46]
2 Gmail and Google Apps Engine [15] 2.5 h Feb 24, 20093 Google search outage: 40 min Jan 31, 2009
programming error [51]4 Gmail: site unavailable due to 1.5 h Aug 11, 2008
outage in contacts system [40]5 Google AppEngine partial outage: 5 h June 17, 2008
programming error [59]6 Google AppEngine experienced an outage 5 h 50 min July 2, 2009
that ranged from partial to complete [6]7 S3 outage: authentication service overload 2 h Feb 15, 2008
leading to unavailability [66]8 S3 outage: Single bit error leading to 6–8 h July 20, 2008
gossip protocol blowup [3]9 FlexiScale: core network failure [71] 18 h Oct 31, 2008
Architectural Requirements for Cloud Computing Systems 11
The focus of Cloud Computing is high perfor-mance computation, infinite capacity on-demandand no up-front cost. However, these character-istics may be easier to interpret in the context ofcomputation than of storage. For the latter, theCloud Computing providers must ensure that thestorage infrastructure is capable of providing richquery languages which is based on simple datastructures to allow for scale-up and scale-downon-demand. In addition, the providers need tooffer performance guarantees with the potentialto allow the programmer some form of controlover the storage procedures. These goals are chal-lenging, and currently no commercial solution ex-ists incorporating all these features.
On one side of the spectrum of challenges re-lated to storage is the Elastic Block Store (EBS)offered by Amazon that looks like a physicalstorage and where the programmer is responsiblefor managing the entire software stack. Althoughthis approach gives the programmer full controlover the processes, it is very difficult to providescale-up on-demand and also to allow for thedesign of automatic replication facilities by thecloud provider, because the data storage model isapplication dependent. On the other side of thespectrum is Google’s AppEngine, whose storagemodel is supported by the Bigtable [12], whichprovides excellent scalability, but it is tied to avery specific application model, i.e., that of Webservices. Thus, it is not straightforward for thisapproach to support general purpose computingso as to allow various business applications to runon top of it. Finally, Microsoft’s proposal based onAzure and a restricted view of structure query lan-guage (SQL) is an intermediate approach strivingto gain from both worlds.
Even though these approaches will survive inthe years to come, especially because they aresupported by the today’s software “giants” suchas Amazon, Google, Microsoft, there are two pa-rameters that these approaches currently do notprovide. First, they do not provide the advancesin storage technologies related to solid state disks(SSDs), i.e., flash-based disks. Second, they donot address the need by the scalable storage tosupport both MapReduce [18] operations overthe raw data, and also declarative data man-agement, as it is offered by traditional database
management systems. The noticeable point hereis SSD consumes less power in idle case, whilehard disk drives (HDDs) need significant energyconsumption.
In terms of storage technologies, there shouldbe a shift from HDDs to solid-state drives [36, 47]or, since the complete replacement of hard disksis prohibitively expensive, the design of hybridhard disks–hard disks augmented with flash mem-ories [49], as the latter provide reliable and highperformance data storage. The biggest barriers toadopting SSDs in the data centers have been price,capacity and, to some extent, the lack of sophisti-cated query processing techniques for SSDs. How-ever, this is about to change, because the IOPS(input/output operations per second) benefits ofSSDs are becoming important [48], for their ca-pacity increases at fast pace, and new algorithmsand data structures tailored to solid state disks[70].
The integration of magnetic and solid state disksin data centers is expected to boost the perfor-mance of applications running at cloud providers,but it will depend on the ability of the underlyinginfrastructure to recognize which applications areread-bound (e.g. data mining, processing of datacoming from e-Science experiments), and whichare write-bound (e.g. on-line transactional sys-tems such as e-commerce applications).
Currently, the programming model of data cen-ters supported by the current industry giants is aLisp-based form, termed MapReduce. Despite itsclaimed generality, effort should be spent to con-vert traditional algorithms to this programmingparadigm, since it is too low level and rigid, andleads to a great deal of custom user code that ishard to maintain and reuse.
Although MapReduce is a perfect fit for manytasks related to Web information retrieval (e.g.,PageRank computations, inverted index construc-tion), higher level abstractions are necessary toallow it to be used in enterprise-related tasks thatrequire ad-hoc analysis of extremely large data sets.Towards this direction, new languages and systemsmust be developed to realize hybrid designs amongDBMSs and Map-Reduce-like systems. The PigLatin [57] and Clustera [19] comprise character-istic examples of a language and a system thataddress this goal.
12 B.P. Rimal et al.
2.1.7 Virtualization Management
Virtualization [35] refers to the abstraction oflogical resources away from their underlyingphysical resources in order to improve agility,flexibility, reduce costs and thus enhance busi-ness value. Handling a number of virtualiza-tion machines on the top of operating systemsand evaluating, testing servers and deploymentto the targets are some of the important con-cerns of virtualization. The basic elements ofthe hypervisor include CPU, memory manage-ment, and I/O which provide the greatest per-formance, reliability and compatibility. Virtualiza-tion in the cloud includes server virtualization,client/desktop/application virtualization, storagevirtualization (Storage Area Network), networkvirtualization, and service/application infrastruc-ture virtualization, i.e.,
• Server virtualization: A common interpreta-tion of server virtualization is the mapping ofsingle physical resources to multiple logicalrepresentations or partitions.
• Client/desktop virtualization: Thin client tech-nique is one of the cheapest models of achiev-ing cloud virtualization, with security beingthe major concern.
• Storage virtualization: It provides the ab-straction between logical storage and physi-cal storage. Capacity, performance, durabil-ity, and availability are some of the relatedconsiderations.
• Network virtualization: It provides an envi-ronment to run multiple networks which canbe customized for specific purpose at the sametime over a shared substrate. It is the com-bination of hardware resources and softwareresources.
• Service/application virtualization: It virtualizesthe application and provides an access througha centralized web server. Application licens-ing and user provisioning is easy to manageas well as it reduces application deploymentcosts, and enables delivery of applications asservices.
• Infrastructure virtualization: It deals with theseparation of application and infrastructurelogic which enables the application develop-
ers to focus on building application insteadof building infrastructure code. Infrastructurecan be virtualized on the top of physical in-frastructure. Virtual resource pool with virtualnet resources facilitates to connect virtual in-frastructure and resource virtualization.
• Resource virtualization: The idea behind re-source virtualization is to customize resourceprovisioning in cloud and data center envi-ronment to meet workload requirements andto provide the ability to control the virtualresources execution. Several resources can bevirtualized on the top of physical resources.Developing the strategies for service-specificpolicies and resource-specific policies are al-ways focal concern in resource virtualization.
Virtualization is therefore well suited to a dy-namic cloud infrastructure, because it providesimportant advantages in sharing of cloud facil-ities, managing of complex systems as well asisolation of data/application. Additionally, the sig-nificant idea is to ensure whether the data cen-ters are locked or not into a particular operat-ing system environment through their choice ofa virtualization.
2.1.8 Scalability
Scalability deals with the ability of the softwaresystem to manage increasing complexity whengiven additional resources. Scalability with largedata set operations is a requirement for CloudComputing. Horizontal scalability is what cloudsprovide through load balancing and applicationdelivery solutions. Distributed hash table (DHT),column-orientation, and horizontal partitioningare examples of horizontal scalability. Verticalscalability is related to resources used, muchlike the old mainframe model. If an applicationdoesn’t scale well vertically, it’s going to increasethe costs to run in the cloud. Applications thatfail to vertically scale may end up costing morewhen deployed in the cloud because of the addi-tional demand on compute resources required asdemand increases.
Force.com was designed to run a simple busi-ness application and it is based on a databasecentric architecture. It seems to be limited in
Architectural Requirements for Cloud Computing Systems 13
scalability as it partitions its database per appli-cation. This means that if an application needsto scale more than what a single database canprovide, there is a challenge.
Even though DHT, column-oriented store ordocument-centric approaches were designed toaddress the issues of scaling or write heavy ap-plications, they cannot support for complex joins,foreign keys as well as reporting. They may beconsidered as a part of an overall architecture andthey can play a vital role to reduce writing heavybottlenecks. However, they should not be consid-ered a replacement for a relational database.
Considerations of Cloud-based scaling are ba-sically dependent on the nature of the applica-tions and the expected volume of usage. Werner[74] suggested that architect must be carefullyinspect along which axis we expect the system togrow, where redundancy is required, and how oneshould handle heterogeneity in the system, andmake sure that architects are aware of which toolsthey can use under which condition, and whatthe common pitfalls are. Architecting a scalableenterprise application is not a trivial task.
2.1.9 Load Balancing
Load Balancing is an integral part of Cloud Com-puting and elastic scalability which can be pro-vided by software or hardware or virtualware. Itis the mechanism of self-regulating the workloadsproperly within the Cloud’s entities (one or moreservers, hard drives, network, and IT resources).The cloud infrastructures and datacenters needhuge computing hardware, network and IT re-sources which are always subjected to the failoverwhen the demand exceeds. Load Balancing isoften used to implement failover. The failoveroccurs due to the limited resources allocation,hardware failure, power and network interruptionetc. The service components are monitored con-tinually and when one becomes non-responsive,the load balancer is informed and no longer sendstraffic to it. This is an inherited feature fromGrid-based computing that has been transferredto Cloud-based platforms. A load balancer is akey requirement to build dynamic cloud architec-ture. It provides the ways by which applicationinstances can be provisioned and de-provisioned.
There are some architectural considerations whiledesigning the load balancers:
• design to provide scalability that could be atthe CPU level, at the machine level, at thenetwork level, or even at the application leveland data center level
• capability to manipulate the client requestsand forward it to the selected target resourcesby using load balancing policies
• scalability of the request handling capacityautomatically
• fault tolerance for applications• handling of more complex and higher traffic
needs such as Apache traffic server. Apachetraffic server12 provides high performanceweb proxy cache to improve networkefficiency and performance and improvescontent delivery for enterprises backboneproviders and large intranets by maximizingexisting and available bandwidth.
2.2 Enterprise Requirements
Gartner predicated that, by 2012, 20% of enter-prise market e-mail will be hosted on the cloud[32]. Therefore, potential cloud adopters shoulddo their assessment before being “absorbed” bythis trend, thus reading external sources of in-formation and talking to analysts, technologyproviders and experts in order to understand thereal challenges and benefits of this new technol-ogy. According to Robbins [17], an enterpriseshould always make sure that they know what ser-vices they are paying for, and should pay carefulattention to the issues like service levels, privacymatters, compliances, data ownership, and datamobility.
This section describes cloud deployment re-quirements for enterprises, including a long listof requirements ranging from security, cloudo-nomics, data governance over to business processmanagement requirements and transferable skillsrequirements.
12Apache traffic server, http://trafficserver.apache.org/.
14 B.P. Rimal et al.
2.2.1 Cloud Deployment for Enterprises
The cloud services are ubiquitous as a single pointof access with four types of deployment models.These are public, private, community and hybridclouds. Each of types has its trade-offs. Privatecloud involves enterprise firms to deploy theirkey enabling technologies such as virtualizationand multi-tenant applications to create their ownprivate cloud data centers. Individual businessescan pay for using standardized services in linewith agreed charge-back mechanisms. For manyenterprises, this approach is more attractive thanmove to the public cloud.
• Public Cloud: The concept of sharing the ser-vices and infrastructure provided by off-sitethird-party service provider (own and managephysical infrastructure) in a multi-tenant en-vironment, usually called as public cloud. Itdescribes Cloud Computing in the traditionalmainstream sense, whereby resources are dy-namically provisioned on a fine-grained, self-service basis over the Internet, via web ap-plications/web services. Generally, enterprisesdo not want to move their mission-critical andcore-business applications in the public clouddue to security and control.
• Private Cloud: The idea behind private cloudis to share services and infrastructure providedby an organization or its specified serviceprovider in a single-tenant environment. It isnot as cost effective as the public cloud, butit is cheaper than buying and maintaining adata center. Similarly, it gives companies ahigh level of control over the use of cloudresources. Public clouds can access the dataon the private cloud with data services. Theservices in the public cloud communicate witha data service layer. The latter figures outhow to retrieve the physical data from theappropriate location over a secure protocol.The best way to achieve enterprise cloud is tointroduce the private cloud which can be builtfrom both internal and external computingresources. Private cloud provides trusted self-services capabilities.
• Community Cloud: According to NIST [52],the community cloud is shared by several or-
ganizations and is supported by a specific com-munity that has shared concerns (e.g., mission,security requirements, policy, and complianceconsiderations).
• Hybrid Cloud: It consists of multiple internalor external providers. It can provide cost sav-ings, scalable on-demand infrastructure andsecurity. The combination of hybrid cloudwith traditional infrastructure may be a vi-able solution for most of the companies. How-ever, hybrid clouds introduce the complexityof determining how to distribute applicationsacross both a public and private cloud. If thedata amount is small, or the application isstateless, a hybrid cloud can be much moresuccessful than if a large amount of data mustbe transferred into a public cloud for a smallamount of processing.
In summary, enterprises need to build a strat-egy that leverages all four options mentionedabove. The virtual private networks help to isolatethe computing resources, thereby extending theexisting IT resources of enterprises; this is calledVirtual Private Clouds that help to optimize thebusiness service deployment. Table 3 describesthe general summary of requirements of clouddeployment models.
2.2.2 Security
Usually security is the focal concern in terms ofdata, infrastructure and virtualization. In a surveyconducted by IDC13 (2009), almost 75% of ITexecutives reported that security was their pri-mary concern, followed by performance and re-liability, i.e. how enterprise data is safeguardedin a shared environment. It is today widely ac-cepted that cloud introduces new security risks[8, 34]. Corporate information is not only a com-petitive asset, but it often contains informationof customers, consumers and employees that, inthe wrong hands, could create a civil liability andpossibly criminal charges.
In Cloud Computing, a data center holds theinformation that would more traditionally havebeen stored on the end-user’s computer. This
13IDC, http://www.idc.com/.
Architectural Requirements for Cloud Computing Systems 15
Tab
le3
Sum
mar
yof
clou
dde
ploy
men
tmod
els
and
the
corr
espo
ndin
gre
quir
emen
ts
Par
amet
ers
Cos
tM
igra
tion
Clie
ntba
seSe
curi
tyC
ontr
olov
erL
egal
issu
es
Dep
loym
entm
odel
sth
eus
eof
clou
dre
sour
ces
Pri
vate
clou
dE
xpen
sive
Stan
dard
AP
Iis
need
edL
arge
ente
rpri
ses
and
Hig
hH
igh
betw
een
publ
ic,p
riva
teco
rpor
atio
nsan
dhy
brid
clou
dP
ublic
clou
dL
ess
expe
nsiv
eth
anSt
anda
rdA
PI
tom
ake
data
Lar
geas
wel
las
SME
s–
Low
,mor
ech
ance
sof
Low
Nat
iona
lbou
ndar
ypr
ivat
ecl
oud
mov
emen
tsea
mle
ssm
alic
ious
acti
viti
essu
chfo
rda
tast
orag
eD
DoS
atta
cks
–T
rust
edvi
rtua
ldat
ace
nter
isre
quir
edC
omm
unit
ycl
oud
Rel
ativ
ely
chea
per
Stan
dard
AP
Iis
need
edSm
allS
ME
sL
owL
owth
anot
her
thre
eto
mig
rate
data
wit
hin
clou
dm
odel
ssp
ecif
icco
mm
unit
yH
ybri
dcl
oud
Cos
tsav
ings
Stan
dard
AP
Ito
mak
eda
taM
ulti
ple
inte
rnal
and/
orA
pplic
atio
nco
mpa
tibi
lity
Hig
hN
atio
nalb
ound
ary
mov
emen
tsea
mle
ssex
tern
alpr
ovid
ers
issu
esfo
rda
tast
orag
e raises concerns regarding user privacy protection,since the users do not “own” their data. Also,the move to centralized services may affect theprivacy and security of users’ interactions. Secu-rity threats may happen in resource provisioningand during distributed execution of user appli-cations. Also, new threats are likely to emerge.For instance, hackers can use the virtualized in-frastructure as a launching pad for new attacks.Cloud services should preserve the integrity ofdata and the privacy of users. In this context,new data protection mechanisms to secure dataprivacy, resource security, and content copyrightsshould be investigated along with the traditionalones.
To this end, the authorization managementand control in Web 2.0 are considered importantand critical. Authorization can be course-grainedwithin an enterprise. Private clouds will needgranular authorization (such as role-based con-trols) that can be persistent throughout the data’slifecycle. Authentication may be multi-factor au-thentication with one-time password technology,federation within and across enterprises, or risk-based authentication that measures behavior his-tory, current context etc. Federated-type sin-gle sign-on models based on SAML (SecurityAssertion Markup Language) protocol [56] andOpenID14 are positioned to manage the authenti-cation issues between users and cloud applicationproviders. The user identity is also important inthe growth of sensitive data and confidential rela-tionships online [76].
2.2.3 Cloudonomics
The Economics of Cloud Computing is calledCloudonomics [75]. The enterprises will have achoice of cloud vendors based on their pric-ing, and billing systems for pay-per-use model.The problem with Cloud Computing is the lackof cost based transparency. It is actually verydifficult to quantify the cost benefits of usingtraditional infrastructure versus using a remoteservice providers (Amazon EC2, GoGrid etc). Forexample, cost of buying a cluster assuming that
14OpenID Foundation, http://openid.net/.
16 B.P. Rimal et al.
runs 24*7 for 5 years versus cost of same numberof hours on cloud infrastructure.
The emergence and popularity of Cloud Com-puting does not necessarily mean that it is thebest solution for any enterprises from the eco-nomic perspective. It might be the best alterna-tive at some point in enterprise’s lifetime andunder specific market conditions. To understandthe economy of Cloud Computing, we recall thebasic premises of clouds:
• they provide true on-demand services, by mul-tiplexing demand into a common pool of dy-namically allocated resources,
• (large) cloud providers operate at a scalemuch greater than even the largest privateenterprises,
• whereas enterprises’ private data centers tryto reduce cost via consolidation and con-centration, the clouds exploit geographicdispersion.
Based on these observations, Joe Weinman [75]documented the superiority of the clouds usingthe “10 Laws of Cloudonomics”. Herewith, wewill summarize the major points of Cloudonomics,focusing our description around the pay-as-you-go (i.e., usage-based) pricing model employed byCloud Computing.
Contrary to leased, owned or financed services,even in the cases when the cost per unit timeis higher for cloud providers, this cost is amor-tized over the usage (Cloudonomics Law #1)—thecloud user pays for just the resources that a par-ticular computation requires; computations thatrequire additional resources, simply request themfrom the cloud up to the cloud’s overall capacity.Therefore, Cloud Computing does not require up-front investments, and lets user’s access capacityexactly when they need it (Cloudonomics Law #2).
Within the cloud, the laws of probability givethe cloud provider great leverage through statis-tical multiplexing of varying workloads (Cloudo-nomics Law #3), thus enabling him to supporta wide range of peak demands which due tothe multiplexing appear smother (CloudonomicsLaw #4).
The magnitude of the infrastructure of a (large)cloud provider provides tremendous economic ad-vantages, since it can acquire hardware/software
at lower prices (Cloudonomics Law #5), and im-plement parallel processing at a much greaterscale (Cloudonomics Law #6 and #7) even for real-time tasks.
Finally, the ability of the cloud provider toimplement its data centers at geographically dis-persed regions provides unique opportunities forlatency reduction (Cloudonomics Law #8), simi-larly to the Content Distribution Networks thatmove data close to the edge of the Internet,for survivability and availability (CloudonomicsLaw #9), and allow for enterprise “mobility”(Cloudonomics Law #10), since an enterprise’sprivate data center can rarely be build on locationsaway from the enterprise’s geographic basis, eventhough such a decision would be more profitable,e.g., for its users.
2.2.4 Data Governance
Geographical and political issues are the key re-quirements for enterprise cloud. When data beginsto move out of the organizations, it is vulnerableto disclosure, or loss. The act of moving sen-sitive data outside the organizational boundarymay violate national regulations for privacy. InGermany15 passing data across national territorycan be a federal offense [21, 38]. Also in someof the European countries require services andcustomer data be retained within a country’s bor-ders. Governance in the cloud “who and how”is a big challenge for enterprise cloud. There aresome questions that need to be solved before mis-sion critical data and functionality can be movedoutside a controllable environment. How SLAcontrolled and enforced, what will happen if aprovider goes insolvent? Some of the data mightreside in China or India while it is processedin Europe or North America. What will happenif a country changes its laws unexpectedly? Themissing control could easily bring a business downwhen relying on cloud services that do not deliveranymore. This is a serious issue if mission critical
15German data protection law called “InformationelleSelbstbestimmung”.
Architectural Requirements for Cloud Computing Systems 17
data is inaccessible for a longer period. There-fore, many government agencies do not want tomove their mission critical data like defense data,government strategy and certain important policydata.
In a true market-based economy, a client isable to select the provider of the goods s/he needsbased on a combination of factors related to cost,quality etc. This means a user should be able tomove data/programs to another cloud provider, ifthe second provider is more profitable. In otherwords, the cloud users must be protected against“data lock-in”.
One of the central questions here is, which tech-nology and development platform are being usedby your organization? Vendor lock in is one of theimportant considerations for an enterprise. Thereare currently no standardized ways to plug into acloud, and this makes it hard to switch to a newvendor. For example, users can try to move theirMySpace profile and its content to Facebook with-out manually retyping the profiles. Cloud serviceproviders can provide a service for their customerto move data in and out of their systems withouttoo much hassle by adopting open standards. Thiswould be a good chance for providers to competeon openness from the outset.
Currently, due to the lack of interoperabilityamong cloud platforms and the lack of standard-ization efforts, cloud providers cannot guaranteethat a cloud user can move its data/programs toanother cloud provider on demand. Cloud Com-puting would become much more appealing if pro-tection against data lock-in is fully implemented,since it would liberate the users from possiblemonopolies, make them less vulnerable to priceincreases, and increase competition among cloudproviders for offering better quality vs. price ra-tios. Finally, it would also guarantee longevity ofthe cloud users, since they would not be afraid ofcloud providers going out of business.
For the time being, this issue is still unresolved,and the current situation implies that once thecloud users upload their data to the data center,the data is locked-in. This issue is of paramountimportance and, together with the security top-ics, comprise a key factor that will determine theextent to which Cloud Computing will be widelyadopted by the enterprises.
2.2.5 Data Migration
The issue of distributing information to web usersin an efficient and cost-effective manner is a chal-lenging problem, especially, under the increasingrequirements emerging from a variety of mod-ern applications, e.g., voice-over-IP, and stream-ing media. Starting from the early approachesbased on proxy caches, currently, Content Distri-bution Networks (CDNs), e.g., Akamai, have metthese challenges by providing a scalable and cost-effective mechanism for accelerating the deliveryof web content, based on more or less sophisti-cated data migration (outsourcing) policies for thesurrogate servers of a CDN [42].
In the context of Cloud Computing though,such policies are ineffective, since they must col-lectively ensure the following goals:
1. No data loss: The system must ensure witha high probability that data will not be lostpermanently.
2. High availability: Data must be available tousers/owners when they want the data witha reasonably high probability, though someoccasional temporary outages are acceptable.
3. High performance: The system should notperform significantly worse than the currentusual alternatives notably NFS.
4. Scalability: The system must scale to largenumbers of clients, large numbers of storage‘nodes’, large aggregate storage spaces, etc.
5. Cost efficiency: Since there are existing solu-tions to buy large, reliable storage, the systemmust be inexpensive in hardware, softwareand maintenance.
6. Security: The system must be able to matchthe confidentiality, data integrity and autho-rization standards expected by users. This isparticularly challenging given that data willbe stored on the remote machines of cloudproviders.
Apparently, the 4th and 5th items are “by-definition” offered by the cloud infrastructure it-self, since cloud users are not supposed to worryabout the hardware and scalability.
The first three items are extremely significantsince current data centers suffer from failuresdue to overheating, power failures, rack failures,
18 B.P. Rimal et al.
network failures, hard drive failures, networkrewiring and maintenance, and even due to nat-ural disasters (e.g., a tornado may destroy a wholedata center), or due to malicious human behav-ior (DDoS, terrorism). These situations requirefail-over processing and migration for seamlessservices.
To collectively address the first three goals,data replication in the cloud seems the most con-venient approach. Replication presents some fun-damental differences when viewed in the cloudcontext: it must be fully distributed, must be dy-namically adapted the number of replicas to thequery load and the capabilities of the underlyingservers, must be provided different data consis-tency levels (strong, weak, differentiated), andmust be cost-effective, ensuring the highest possi-ble availability for the consumers of the data andalso for the owner of the data.
Although several caching and replication al-gorithms are widely available to address eachgoals individually (or subsets of these goals), noveltechniques are required towards this direction.The relevant cloud literature lacks sophisticatedcaching/replication solutions and only a coupleof recent proposals seem to have understood theimportance of the problem [7, 16]. Process migra-tion is a valuable resource management tool thatrequires continuity of process to keep its processin local stack of data and operations. The majordifficulty lies in providing an efficient method fornaming resources that is entirely independent oftheir location.
2.2.6 Business Process Management (BPM)
Business process management systems provide abusiness structure, security and consistent rulesacross business processes, users, organization andterritory. This classical concept is enhanced inthe context of Cloud-based BPM, as cloud deliv-ers a Business Operating Platform for enterprisessuch as combining SaaS and BPM applications(e.g., customer relationship management (CRM),workforce performance management (WPM), en-terprise resource planning (ERP), e-commerceportals etc.) which helps for the flexibility, deploy-ability and affordability for complex enterpriseapplications. When the enterprises adopt Cloud-
based services or business processes, the returnof investment (ROI) of overall business measure-ment is important. There are still many debatesare on-going about Cloud Computing ROI andthe methodology of its measurement and associ-ated parameters. Cloud Business Artifacts (CBA)project of The Open Group Cloud ComputingWork Group [69] identified the following issues;how to measure
• Pricing and costing of cloud services• Funding approaches to cloud services• Return of Investment (ROI)• Capacity and utilization (called as Key Perfor-
mance Indicators (KPIs))• Total cost of ownership• Risk management• Decision and choices evaluation processes for
cloud services
CBA also describes approaches to measuringthis ROI, absolutely and in comparison with tra-ditional approaches to IT, by giving an overviewof cloud KPIs and metrics. Reusability of businessprocesses can help the enterprises to maximizetheir profits and some of the intelligent/innovativebusiness processes such as situational businessprocesses [24] would be fruitful to drive the busi-ness values.
2.2.7 Third Party Engagement
The involvement of third-party in enterprises canhelp for establishing a robust communication planwith provider landscape, continuity of cloud ser-vice engagements, legal implications (e.g., SLAs,potential intellectual property (copyrights, trade-marks, and patents) infringement issues), cloudaudit, and reporting capabilities etc.
A key requirement to move the on-premise ITsystems to Cloud Computing is the existence ofthe business model. An enterprise should takethe onus of encouraging the supply chain manage-ment (SCM), enterprise resource planning (ERP)and enterprise content management (ECM) pack-age vendors to come-up with a Cloud Licensemodel which takes machine instances to consid-eration. The major problem with offerings likeAmazon EC2 or Google AppEngine is, that en-terprises might get a refund if their SLAs with
Architectural Requirements for Cloud Computing Systems 19
Amazon have been violated, but there is no wayto have stronger contractual bounds with serviceprovider. Therefore, enterprises might have touse smaller, more specialized semi-private cloudofferings, and those again might be more sub-jected to attacks.
2.2.8 Transferable Skills
Transferable skills deals with the technology dis-semination, technical supports, discussion withconsulting expert groups, or of fshore outsourcingthat help for the adaptation and stability of sys-tems/applications. Cloud Computing comes withits own set of management tasks that need tobe executed by the enterprises staff, for examplestaff needs to monitor current computing capac-ity and to increase or decrease it depending onusage, or developers might have to implement anew feature of the system as business processeschange. Before choosing a cloud provider system,the enterprise should have a look at the skill setof their existing workforce to identify those skillsthat are transferable to the new environment inorder to make the transition as fluent as possiblebecause there is a wide variation in maturity ofenterprise cloud software and services.
2.3 User Requirements
Users’ requirements are the third key factor tothe adoption of any cloud system within an en-terprise. Cloud should be trustworthy enough tomigrate critical user data. Users need assurancethat their sensitive data and information are pro-tected from compromise and loss that their datais available when required from anywhere of theworld. For users, the trust issues are a majorconcern to the adoption of the cloud services.Trust-based [34] cloud is therefore an essentialpart to the success of enterprise cloud. Stabil-ity and security can play a vital role to increasethe trust between user and service providers.Cloud-based applications should be architected tobe able to support personalization, localizationand internationalization to make user-friendlyenvironment.
This section describes user consumption-basedbilling and metering requirements, user centric
privacy requirements, service level agreements,adaptability and learning requirements, and userexperience requirements.
2.3.1 User Consumption-based Billingand Metering
The individual end-user consumption-based bill-ing and metering in cloud systems is simi-lar analogy with the consumption measurementand allocation of costs of water, gas and elec-tricity consumption on a consumption unit ba-sis. Cost management is important for planningand controlling decision. It helps to check theutilized resources versus cost. Cost breakdownanalysis, tracing the utilized activity and adaptivecost management are important considerationsas well. Users always want transparency of con-sumption and billings. What is the frequency ofusage of services? How frequent is the serviceusage? Very frequent usage in fact makes lesseconomic sense to go for cloud a based pay-per-use model. An architect needs to pay special at-tention to provide this visibility while architectingcloud systems. Activity-Based Costing (ABC) [50]is a profiler that the user can use it to under-stand how much their implementation will cost interms of Cloud Computing charges. Such kind ofapplication may be helpful for user to test costtransparency.
2.3.2 User-Centric Privacy
The main consideration regarding Cloud Comput-ing for end users is related to the storage of per-sonal/enterprise sensitive data. Cloud Computingbrings with it the fact that most of the users’ cre-ations, data that the user would regard as his/herpersonal intellectual property, will be stored atmega-data centers located around the world. Inthis environment, privacy becomes a major issue[11]. Therefore, the cloud providers are makingall to efforts to win is the trust of their users;in general, a corporation would not be willing tostore any sensitive data on the cloud. Even thoughthis seems to be an unsolvable problem, there areindications that it can be overcome. First, manyusers have already been exposed to some formof Cloud Computing, mainly in a form of email
20 B.P. Rimal et al.
service (e.g., Gmail) or a Web 2.0 application(Facebook, Myspace etc), without much concernabout privacy. Therefore, users may be used toa level of privacy as they know today. Second,there are currently technologies that can assuredata integrity, confidentiality, and security for theclouds to be trusted. These technologies include:
• data compressing and encrypting at the stor-age level, thus the cloud provider can’t reallyuse the sensitive data,
• virtual LANs, that can offer secure remotecommunications,
• network middleboxes (e.g., firewalls, packet fil-ters), to further failsafe secure communications.
These technologies are quite mature and thereis no technical difficulty per se in providing thesetools for clouds. They will certainly need adjust-ments and improvements in order to be appliedat the huge scale of clouds, but this is somethingthat can be achieved. For example, the Sector [37]provides authentication, authorization, and accesscontrol, and, as measured by the TeraSort bench-mark, is faster than Hadoop, which currentlydoes not have user-level authentication or accesscontrol.
2.3.3 Service Level Agreements (SLAs)
The mutual contract between providers and usersis usually called SLAs, i.e., the ability to deliverthe services according to pre-defines agreements.Currently, many cloud providers offer SLAs, butthese are rather weak on user compensations onoutages. The lists of important architectural issuesare:
• How and who will measure the delivery ofservices?
• How to develop an agreed method of monitor-ing performance?
• What will happen if the provider unable orfails to deliver the services as contract?
• What will be the mechanism to change SLAover time?
• What will be the compensation mechanism ifservice provider violates any elements of theSLA?
Users always want stable and reliable systemservices. Cloud architecture is considered to behighly available, up and running 24 hours by7 days. Many cloud service providers have madehuge investments to make their system as reliableas they can give the scale of their system. Mostcloud vendors today do not provide high avail-ability assurances; this is particularly an issue withenterprise Mashups [43, 62] that need a set ofweb services hosted in various Cloud Computingenvironments and many may stop working at anytime. If a service goes down (refer back to Table 2)for whatever reasons, what can users do? How canusers access their documents stored in the cloud?In such case, the provider may offer to pay a fineto the consumer as compensation.
2.3.4 Adaptability and Learning
Cloud Infrastructure must handle more resources,data, services and users; all of this makes Cloud-based enterprise application/systems more com-plex to control, to keep coherence between ser-vices and resources. The biggest challenge forevery user is to get acquainted with an applica-tion presented by the enterprises when trying todeal with clouds. To this end, users must be em-powered to execute effective controls over theirpersonal information [11]. Cloud Computing isbeing adopted by business leaders and most of theprocesses in Cloud Computing are for sensitivebusiness processes such as online purchases ofproducts or acquisition of services. If the usersdo not fully aware about its usage, they wouldnot be benefited with those services or could evenbe exposed to different types of security attacks.Some of the guidelines are listed below to makelearning and users adaptation in the Cloud-basedapplication/systems:
• identify the suitable approaches based on ob-servation, data recording and users demandto make learning and adaptation environmentto the users so that they can easily use thesystems
• design the applications to meet the goalof reconfiguration, personalization andcustomization
Architectural Requirements for Cloud Computing Systems 21
• intelligent, and interactive demonstrationwould be helpful to aware the users aboutthe usage of application. Artificial intelligenceand semantic techniques are also helpful here.
2.3.5 User Experience (UX)
The notion of UX is to provide the insight into theneeds and behaviors of end-user that can help tomaximize the usability, desirability, and produc-tivity of the applications. UX-driven design anddeployment may be the next step in the evolutionof Cloud Computing. The screens or user inter-faces must be simple, uncluttered, and designedaccording to a workflow or process you expectyour users to follow. For example, in the case ofSaaS application, AJAX based UIs, and SmartClients have an interesting impact on users expe-rience sharing and practice that can help to elabo-rate the scope of software products and services aswell as its business value. On the other hand, cloudapplication and devices evolution such as mobilebrings new opportunities to user involvement andinteraction. Mobile devices have drag and dropfeatures of Gadgets that provides information andfun-like news, pictures, games etc. Furthermore,Human-Computer Interaction, ergonomics, andusability engineering are the some of the impor-tant key requirements to design UX-based cloudapplications. Some of the important considera-tions are listed below, i.e.,
• Identification of most potential services fromusers and business point of view
• analysis of service possibilities, context forthe problem, and describes the rationale be-hind the solution by implementing UX designpatterns
• ensuring that UX involvement from the begin-ning of service/product life-cycle
• incorporation of end-user involvement indesign
• conducting reality demonstration of the ser-vices/applications
In addition, Cloud-based application/systemsshould be easy to use, capable of providingfaster and reliable services, easily scalable, and
customizable to meet the goal of localizationand standardization. They should also ensurethe impact of rich Internet applications (RIAs)such as EyeOS16. For instance, EyeOS 2.0 is theperfect development framework for quick andeasy creation of RIAs that provides effectiveness,usefulness, versatility/appropriateness and com-fortableness environment to the users.
3 Discussion and a Comparative Analysisof the Common Requirements
The Table 4 gives a comparative analysis of the re-quirements discussed in the prior sections. It alsoillustrates the relationships between architecturalrequirements layers and components describedabove.
There are various architectural styles of soft-ware architecture such as client/server, pipe-and-filter, distributed object, event-based integration,virtual machine etc. Table 5 summarizes the map-ping of architectural requirements to the generalarchitectural components.
Furthermore, some of the important issues aregiven below that should be considered while map-ping the requirements to architectural components.
• What kind of architectural components arefrequently made in building dynamic largecloud systems?
• How do architectural components relate to pro-vider’s and enterprise’s system requirements?
• How can we able to extract the genericand reusable model to classify relations be-tween requirements and architectural compo-nents/patterns?
• How do we abstract key architectural as-sessment made in existing cloud applica-tion/systems?
In addition, we have figured out three gen-eral architectural components to couple those ar-chitectural styles such as workf low orchestration,single f low and types of requirements. Workfloworchestration provides the pipe-and-filter archi-tectural styles [5] to manage business, service
16EyeOS, http://www.eyeos.org.
22 B.P. Rimal et al.
Tab
le4
Com
para
tive
anal
ysis
ofth
eco
mm
onre
quir
emen
ts
Par
amet
ers
Secu
rity
Inte
rope
rabi
lity
Dat
am
anag
emen
t,SL
AM
eter
ing
Vir
tual
izat
ion
Use
r-ce
ntri
cD
ata
mig
rati
onR
equi
rem
ents
stor
age
and
proc
essi
ngan
dbi
lling
man
agem
ent
priv
acy
Pro
vide
rC
anbu
ildup
the
Ope
nda
tafo
rmat
,Sh
ould
capa
ble
ofIf
they
offe
rC
anbu
iltup
Can
max
imiz
eC
anbu
ildup
Reg
iona
ldat
are
quir
emen
tstr
usta
mon
gO
pen
AP
Iis
prov
idin
gri
ch99
.99%
ofSL
Ath
etr
ustw
ith
prof
itby
the
trus
tce
nter
iste
nant
sm
ore
help
fulf
orqu
ery
lang
uage
serv
ice,
this
ente
rpri
ses
and
virt
ualiz
ing
easi
lyne
eded
ifth
ere
inte
rope
rabl
eto
allo
wsc
ale-
upm
eans
thei
ren
d-us
ers
byap
plic
atio
n,is
aco
untr
ycl
oud
serv
ices
scal
e-do
wn
serv
ice
ism
ore
offe
ring
effi
cien
tne
twor
k,bo
unda
ries
for
-fle
xibl
ean
dre
liabl
em
eter
ing
and
data
base
,da
tam
igra
tion
elas
tic
stor
age
billi
ngse
rvic
esin
fras
truc
ture
serv
ices
wit
hdu
rabi
lity
isne
eded
Ent
erpr
ise
Org
aniz
atio
nal
Allo
wto
beE
last
icst
orag
e,C
ancl
aim
the
Can
build
upth
eC
anm
axim
ized
Can
build
upP
olit
ical
and
requ
irem
ents
conf
iden
tial
port
edbe
twee
nno
need
tow
orry
char
gefo
rtr
uste
asily
prof
its
the
trus
tle
gali
ssue
sda
taan
dm
issi
oncl
ouds
befo
reab
outs
tora
gese
rvic
eou
tage
betw
een
betw
een
asso
ciat
edcr
itic
alda
tacr
itic
alte
nant
ste
nant
sw
ith
itca
nm
ove
onbu
sine
sscl
oud
ifth
ere
appl
icat
ion
isa
secu
rear
ede
liver
edse
rvic
esfr
omcl
ouds
Use
rsT
rust
yen
viro
nmen
tU
ser
can
take
Can
bebe
nefi
ted
Leg
alag
reem
ent
Tra
nspa
rent
Vir
tual
izat
ion
mak
esU
ser’
spo
into
fC
anm
ove
thei
rre
quir
emen
tsw
illcr
eate
tous
ese
rvic
esfr
omw
ith
on-d
eman
dis
impo
rtan
tm
eter
ing
and
clou
dse
rvic
esvi
ewpr
ivac
yda
tain
thei
rcl
oud
serv
ices
any
prov
ider
stor
age
serv
ice
ifth
ese
rvic
ebi
lling
affe
ctth
ech
eape
r,so
user
sis
the
prim
ary
regi
onal
easi
lyif
the
data
isdo
wn
user
sus
er’s
inte
nsio
nca
nbe
easi
lyco
ncer
nto
data
cent
erpo
rtab
ility
can
clai
mto
use
the
bene
fite
dfr
omit
trus
tser
vice
isea
sy.
refu
nd.
serv
ices
offe
red
prov
ider
s.by
prov
ider
s.
Architectural Requirements for Cloud Computing Systems 23
Table 5 Partial mappingof requirements toarchitectural components
NFR NFR/FR FR
Single flow R5, R6, R8, R11, R12, R13, R7, R18 R1, R4, R10, R14R16, R17, R19, R20, R21
Workflow orchestration R9, R15, R22 R2 R3
Requirements
R1 Service delivery model (SaaS, PaaS, IaaS)R2 Service-centricR3 Data management and storageR4 Virtualization managementR5 Cloud deploymentR6 Fault toleranceR7 SecurityR8 Quality of serviceR9 CloudonomicsR10 Load balancingR11 InteroperabilityR12 ScalabilityR13 Data governanceR14 Data migrationR15 Business process managementR16 Third party engagementR17 Transferable skillsR18 User consumption-based billing and meteringR19 User-centric privacyR20 Service level agreementsR21 Adaptability and learningR22 User experience
and scientific data managements. The functionalrequirements (FRs) deal with the set of opera-tion/functions that the system offers while non-functional requirements (NFRs) refer to the man-ner in such a way those functions are executed.Some of the NFRs need to be captured and an-alyzed from the very early stages of the applica-tion/system development process but NRFs arealways coupled with FRs. The preliminary ideaof dividing functional and non-functional require-ment is to figure out the whole scenario of Cloud-based applications. That could be helpful for ar-chitects to set up the criteria for the solution interms of the operational, and service-level objec-tives in the phase of requirement engineering.
4 Conclusions
Clear understanding of requirements and theirrelationships with respect to architectural choicesis a critical for any enterprise system transforming
the corporate culture into a co-operative businessculture by sharing/reusing business processes withhelp of the cloud services. The biggest challengein Cloud Computing is the lack of a de factostandard or single architectural method, whichcan meet the requirements of an enterprise cloudapproach. In this paper, we explored the architec-tural features of Cloud Computing and classifiedthem according to the requirements of end-users,enterprises that use the cloud as a platform, andcloud providers themselves. We show that severalarchitectural features will play a major role in theadoption of the Cloud Computing paradigm as amainstream commodity in the enterprise world.This paper also provides basic guidelines to soft-ware architects and Cloud Computing applicationdevelopers for creating future architectures.Although the abstract nature of cloud makes itchallenging to analyze the coverage of all re-quirements and architectural components with re-spect to a generic enterprise cloud system, our setof general, and preliminary requirements can be
24 B.P. Rimal et al.
used as the first step towards a more specific setof properties and requirements for the emergingenterprise cloud services.
Acknowledgements The authors would like to thank theanonymous reviewers for their valuable comments whichhelped us to improve the quality of our initial manuscript.This work has been partially supported by the EU FP7-ICT-248657 GEYSERS project.
References
1. Adabala, S., Chadha, V., Chawla, P., Figueiredo, R.,Fortes, J., Krsul, I., Matsunaga, A., Tsugawa, M.,Zhang, J., Zhao, M., Zhu, L., Zhu, X.: From virtualizedresources to virtual computing Grids: the In-VIGOsystem. Future Gener. Comput. Syst. 21(6), 896–909(2005)
2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D.,Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A.,Rabkin, A., Stoica, I., Zaharia, M.: Above theclouds: a Berkeley view of cloud computing. TechnicalReport No. UCB/EECS-2009-28, Electrical Engineer-ing and Computer Sciences, University of California atBerkeley (2009)
3. AWS Service Health Dashboard: Amazon S3 avail-ability event. Available online at http://status.aws.amazon.com/s3-20080720.html (2009). Accessed onMarch 2009
4. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris,T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xenand the art of virtualization. In: Proceedings of theNineteenth ACM Symposium on Operating SystemsPrinciples (2003)
5. Bass, L., Clements, P., Kazman, R.: Software Ar-chitecture in Practice. Addison-Wesley, Reading,Massachusetts (1998)
6. Beckmann, C.: Google App Engine. http://tinyurl.com/l949tp (2008). Accessed on July 2009
7. Bonvin, N., Papaioannou, T.G., Aberer, K.: Dynamiccost-efficient replication in data clouds. In: Proceedingsof the 1st Workshop on Automated Control for Data-centers and Clouds (2009)
8. Brodkin, J.: Gartner: seven cloud-computing securityrisks. Available online at http://tinyurl.com/3okysm(2008). Accessed on March 2009
9. Carr, N.: The Big Switch—Rewiring the World fromEdisson to Google. W. W. Norton (2008)
10. Carr, N.: Rough Type. Available online at http://www.roughtype.com (2010). Accessed on January 2010
11. Cavoukian, A.: Privacy in the Clouds—A WhitePaper on Privacy and Digital Identity: Implications forthe Internet. Information and Privacy Commission ofOntario (2008)
12. Chang, F., Dean, J., Ghemawat, S., Hsieh, W.C., Wal-lach, D.A., Burrows, M., Chandra, T., Fikes, A., Gru-ber, R.E.: Bigtable: a distributed storage system for
structured data. ACM Trans Comput. Syst. 26(2), 1–26(2008)
13. Choudhary, V.: Software as a service: implications forinvestment in software development. In: Proceedingsof the 40th Hawaii International Conference on SystemSciences (2006)
14. Clements, P., Northrop, L.M.: Software architecture:an executive overview. Software Engineering Insti-tute, Carnegie Mellon University, Technical ReportCMU/SEI-96-TR-003 (1996)
15. Cruz, A.: Gmail site reliability manager, update inGmail. Available online at http://tinyurl.com/b2vzka(2009). Accessed on March 2009
16. Dash, D., Kantere, V., Ailamaki, A.: An economicmodel for self-tuned cloud caching. In: Proceedings ofthe IEEE International Conference on Data Engineer-ing (2009)
17. David, R.: Cloud computing explained. Available on-line at http://tinyurl.com/qexwau (2009). Retrieved on1 Sept 2009
18. Dean, J., Ghemawat, S.: MapReduce: simplified dataprocessing on large clusters. Commun. ACM 51(1),107–113 (2008)
19. DeWitt, D.J., Robinson, E., Shankar, S., Paulson, E.,Naughton, J., Krioukov, A., Royalty, J.: Clustera: anintegrated computation and data management system.In: Proceedings of the Very Large Databases (2008)
20. Emeneker, W., Stanzione, D.: Dynamic virtual clus-tering. In: IEEE International Conference on ClusterComputing (2007)
21. Federal Data Protection Act, Bundesdatenschutzgesetz(BDSG), http://tinyurl.com/37sf3ly (1990). Accessed 10December 2009
22. Fielding, R.T.: The representational state transfer(REST). Ph.D. Dissertation, Department of Informa-tion and Computer Science, University of California,Irvine. Available online at http://www.ics.uci.edu/∼fielding/pubs/dissertation/top.htm (2000)
23. Figueiredo, R.J., Dinda, P.A., Fortes, A.B.: A case forGrid computing on virtual machines. In: Proceedingsof the 23rd International Conference on DistributedComputing Systems (2003)
24. Fingar, P.: Extreme Competition: Cloud OrientedBusiness Architecture. Business Process Trends (2009)
25. Flouris, M.D., Lachaize, R., Bilas, A.: Violin: a frame-work for extensible block-level storage. In: Knowledgeand Data Management in Grids, CoreGRID series,vol. 3, pp. 83–98. Springer Verlag (2007)
26. Foster, I., Kesselman, C.: Globus ametacomputing in-frastructure toolkit. Int. J. Supercomput. Appl. 11(2),115–128 (1997)
27. Foster, I., Kesselman, C., Tuecke, S.: The anatomyof the Grid: enabling scalable virtual organizations.Int. J. High Perform. Comput. Appl. 15(3), 200–222(2001)
28. Foster, I., Freeman, T., Keahey, K., Scheftner, D.,Sotomayor, B., Zhang, X.: Virtual clusters for Gridcommunities. In: 6th IEEE International Symposiumon Cluster Computing and the Grid (2006)
29. Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud comput-ing cloud computing and Grid computing 360 degree
Architectural Requirements for Cloud Computing Systems 25
compared. In: Grid Computing Environments Work-shop (2008)
30. Fox, A., Gribble, S.D., Chawathe, Y., Brewer, E.A.,Gauthier, P.: Cluster-based scalable network services.In: Proceedings of the Sixteenth ACM Symposium onOperating Systems Principles (1997)
31. Garg, V.K.: Elements of Distributed Computing.Wiley-IEEE Press. ISBN 0471036005 (2002)
32. Gartner Research: Predicts 2009: Cloud ComputingBeckons (2009)
33. Gathering Clouds of XaaS! http://www.ibm.com/developer (2008)
34. Gellman, R.: Privacy in the clouds: risks to privacyand confidentiality from cloud computing. In: WorldPrivacy Forum (2009)
35. Golden, B.: Virtualization for Dummies. Wiley Pub-lishing, Inc. (2008)
36. Graefe, G.: The five-minute rule twenty years later,and how flash memory changes the rules. In: Proceed-ings of the 3rd International Workshop on Data Man-agement on New Hardware (2007)
37. Gu, Y., Grossman, R.L.: Sector and sphere towardssimplified storage and processing of large scale distrib-uted data. Philos. Trans. R. Soc. Lond. A. 367(1897),2429–2445 (2009)
38. Hoeren, T.: The new German data protection act andits compatibility with the European Data ProtectionDirective. J. Comput. Law, Security Review, Elsevier25(4), 318–324 (2009)
39. Irwin, D., Chase, J., Grit, L., Yumerefendi, A., Becker,D., Yocum, K.: Sharing networked resources withbrokered leases. In: USENIX Technical Conference(2006)
40. Jackson, T.: We feel your pain, and we’re sorry. Avail-able online at http://tinyurl.com/58mqho (2008). Ac-cessed on March 2009
41. Kapil Bakshi, K.: Cisco cloud computing-data centerstrategy, architecture, and solutions. Point of ViewWhite Paper for U.S. Public Sector (2009)
42. Katsaros, D., Pallis, G., Stamos, K., Vakali, A.,Sidiropoulos, A., Manolopoulos, Y.: CDNs contentoutsourcing via generalized communities. IEEE Trans.Knowl. Data Eng. 21(1), 137–151 (2009)
43. Kavis, M.: Enterprise mashups—the icing on yourSOA. Available online at http://socialcomputingjournal.com (2008). Accessed on July 2009
44. Keahey, K., Foster, I., Freeman, T., Zhang, X.: Vir-tual workspaces: achieving quality of service and qual-ity of life in the Grid. Sci. Program. J. 13(4), 265–276(2005)
45. Keahey, K., Foster, I., Freeman, T., Zhang, X., Galron,D.: Virtual workspaces in the Grid. In: 11th Interna-tional Euro-Par Conference (2005)
46. Kolakowski, N.: Microsoft’s cloud azure service suffersoutage. Available online at http://tinyurl.com/yhqo5t3(2009). Accessed on April 2009
47. Lee, S.W., Kim, W.: On flash-based DBMSs: issues forarchitectural re-examination. J. Object Technol. 6(8),39–49 (2007)
48. Lee, S.W., Moon, B., Park, C.: Advances in flash mem-ory SSD technology for enterprise database applica-
tions. In: Proceedings of the ACM Conference on theManagement of Data (SIGMOD) (2009)
49. Lim, K., Ranganathan, P., Chang, J., Patel, C., Mudge,T., Reinhardt, S.K.: Server designs for warehouse-computing environments. IEEE Micro 29(1), 41–49(2009)
50. Louth, W.: Metering the cloud: applying activity basedcosting (ABC) from code profiling up to perfor-mance & cost management of cloud computing. In:The International Conference on JAVA Technology(2009)
51. Mayer, M.: This site may harm your computer on everysearch results. Available online at http://tinyurl.com/cd76r3 (2009). Accessed on February 2009
52. Mell, P., Grance, T.: Perspectives on Cloud Comput-ing and Standards. National Institute of Standards andTechnology (NIST), Information Technology Labora-tory (2009)
53. Murphy, M.A., Goasgue, S.: Virtual organization clus-ters self-provisioned clouds on the Grid. Future Gener.Comput. Syst. (Elsevier) 26(8), 1271–1281 (2010)
54. Murphy, M.A., Abraham, L., Fenn, M., Goasguen, S.:Autonomic clouds on the Grid. J. Grid Computing8(1), 1–18 (2010)
55. Nurmi, D., Wolski, R., Grzegorczyk, C., Obertelli, G.,Soman, S., Youseff, L., Zagorodnov, D.: The euca-lyptus open-source cloud-computing system. In: Pro-ceedings of Cloud Computing and its Applications(2008)
56. OASIS: Security services technical committee, SecurityAssertion Markup Language (SAML). 2.0 TechnicalOverview Working Draft (2004)
57. Olston, C., Reed, B., Srivastava, U.: Pig latin: a not-so-foreign language for data processing. In: Proceedingsof the ACM Conference on the Management of Data(2008)
58. Open Platform as a Service: Available online athttp://www.openplatformasaservice.com/ (2009). Ac-cessed on December 2009
59. Pete: App Engine outage today. Available online athttp://tinyurl.com/2atu68l (2008). Accessed on April2009
60. Rings, T., Caryer, G., Gallop, J., Grabowski, J.,Kovacikova, T., Schulz, S., Stokes-Rees, I.: Grid andcloud computing: opportunities for integration with thenext generation network. J. Grid Computing 7(3), 375–393 (2009)
61. Ross, J.W., Westerman, G.: Preparing for utility com-puting: the role of IT architecture and relationshipmanagement. IBM Syst. J. 43(1) (2004)
62. Siebeck, R., Janner, T., Schroth, C., Hoyer, V., Wörndl,W., Urmetzer, F.: Cloud-based enterprise mashup inte-gration services for B2B scenarios. In: 2nd Workshopon Mashups, Enterprise Mashups and LightweightComposition on the Web (MEM 2009) in Conjunctionwith the 18th International World Wide Web Confer-ence (2009)
63. Software & Information Industry Association: Soft-ware as a service: strategic backgrounder (2001)
64. Sotomayor, B., Montero, R.S., Llorente, I.M.,Foster, I: Capacity leasing in cloud systems using the
26 B.P. Rimal et al.
opennebula engine. In: Workshop on CloudComputing and its Applications (2008)
65. Sotomayor, B., Montero, R.S., Llorente, I.M., Foster,I.: Virtual infrastructure management in private andhybrid clouds. IEEE Internet Computing 13(5), 14–22(2009)
66. Stern, A.: Update from Amazon regarding Friday’sS3 downtime. Available online at http://tinyurl.com/2wtwdr7 (2008). Accessed on April 2009
67. The Cloud Computing Interoperability Forum (CCIF):Available online at http://www.cloudforum.org/ (2009).Accessed on March 2009
68. The Open Group, Service Oriented Architecture(SOA): Available online at http://www.opengroup.org/projects/soa/ (2010). Accessed on July 2009
69. The Open Group: Building return on investmentfrom cloud computing. A white paper, cloud busi-ness artifacts project. Cloud Computing Work Group(2010)
70. Tsirogiannis, D., Harizopoulos, S., Shah, M.A., Wiener,J.L., Graefe, G.: Query processing techniques for solid
state drives. In: Proceedings of the ACM Conferenceon the Management of Data (2009)
71. Tubanos, A.: theWHIR.com, FlexiScale suffers 18-houroutage. Available online at http://tinyurl.com/y965dv8(2008). Accessed on January 2009
72. Turner, M., Budgen, D., Brereton, P.: Turning softwareinto a service. Computer 36(10), 38–44 (2003)
73. Vaquero, L.M., Rodero-Merino, L., Caceres, J., Lindner,M.: A break in the clouds towards a cloud definition.ACM SIGCOMM Comput. Commun. Rev. 39(1), 50–55 (2009)
74. Vogels, W.: A word on scalability. Available onlineat http://tinyurl.com/yj2vpus (2006). Accessed on April2009
75. Weinman, J.: The 10 laws of cloudonomics. Availableonline at http://tinyurl.com/5wv9d7 (2008). Accessedon 14 July 2009
76. Working Party on Information Security and Pri-vacy: The role of digital identity management inthe internet economy: a primer for policy makers(2009)