the adoption of cloud services · 1.3 connecting the clouds _____ 8 2 definitions of clouds ......
TRANSCRIPT
SEPTEMBER 2012
The Adoption of Cloud Services
ASPIRE
2 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
IntroductionASPIRE - A Study on the Prospects of the Internet for Research and Education
The ASPIRE foresight study has been exploring the implications of potential developments of the Internet up until
2020 and assessing their impact for the Research and Education networking community.
In May 2011, a consultative workshop was held to ascertain what the community considers to be the four topics
that are most likely to have a significant impact on the sector.
The topics chosen as a result of the workshop were:
› Middleware and Managing Data and Knowledge in a Data-rich World
› Cloud Services
› Adoption of Mobile Services
› The Future Roles of NRENs
Four panels of experts were convened during the latter part of 2011, and worked until the spring of 2012,
gathering material and reaching a consensus on the major issues.
This document is the work ASPIRE panel on:
The Adoption of Cloud Services
The conclusions and recommendations from each of the panels will be discussed in a second ASPIRE workshop in
September 2012. The workshop will validate the work of the panels and determine a community strategy for the
future.
The ASPIRE study team at TERENA wish to express their sincere thanks and appreciation for the work undertaken
by the panel members and leaders.
John Dyer Magda Haver
The ASPIRE foresight Study was funded from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 238875, relating to the project ‘Multi-Gigabit European Research and Education Network and Associated Services (GN3)’.TERENA is solely responsible for this publication, which does not represent the opinion of the European Community; nor is the European Community responsible for any use that may be made of this report
3 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
Contents1 ExECuTIvE SuMMARy ________________________________________________________________________ 6
1.1 Consume – use Commodity Services from the Public Cloud _____________________ 6
1.2 Produce - Be a Community Cloud _____________________________________________________ 7
1.3 Connecting the Clouds __________________________________________________________________ 8
2 DEFINITIoNS oF ClouDS ____________________________________________________________________ 9
2.1 Essential Characteristics _________________________________________________________________ 9
2.1.1 “Cloud computing” actually means something (new) _______________________ 9
2.2 Why Some Things are not “Cloud” ___________________________________________________ 10
2.3. Types of Cloud Services _______________________________________________________________ 11
2.3.1 Software as a Service (SaaS) ___________________________________________________ 11
2.3.2 Platform as a Service (PaaS) ____________________________________________________ 11
2.3.3 Infrastructure as a Service (IaaS) ______________________________________________ 12
2.4 Deployment Models ___________________________________________________________________ 12
2.4.1 Private cloud __________________________________________________________________________ 12
2.4.2 Community cloud _______________________________________________________________ 12
2.4.3 Public cloud ______________________________________________________________________ 12
4 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
2.4.4 Hybrid cloud _____________________________________________________________________ 13
3 A CHANgINg WoRlD - ClouD AND THE END-uSER PuSH _________________________ 14
3.1 Cloud Drivers and obstacles __________________________________________________________ 15
3.2 Consequences for Higher Education and Research _______________________________ 16
3.3 Working towards a Cloud Strategy __________________________________________________ 16
3.4 Business Case – the Community Cloud ____________________________________________ 18
3.4.1 Service models for community clouds _______________________________________ 19
3.4.2 Community cloud vs. public cloud ___________________________________________ 19
3.4.3 Community cloud vs. private clouds _________________________________________ 19
3.4.4 Why are community clouds more attractive? _______________________________ 19
3.4.5 Do NRENs have what it takes to operate clouds? __________________________ 20
3.4.6 Possible unintended consequences __________________________________________ 21
3.5 Connecting the Cloud - Interoperability via Trusted Middleware
Collaboration ____________________________________________________________________________ 21
3.6 Cloud Brokering: Aggregation of Demand, vendor Management,
Distribution, and Adoption ___________________________________________________________ 23
3.7 Compliance: legal Aspects, Privacy, and Security ________________________________ 23
4 CASE STuDIES ________________________________________________________________________________ 25
4.1 NREN: gRNET ____________________________________________________________________________ 25
4.1.1 Rationale __________________________________________________________________________ 25
4.1.2 The Implementation ____________________________________________________________ 26
4.1.3 Description of the Work ________________________________________________________ 26
5 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
4.1.4 Impact _____________________________________________________________________________ 26
4.2 NREN: SuRFnet __________________________________________________________________________ 27
4.2.1 Awareness of opportunities in the cloud ____________________________________ 27
4.2.2 Preparing for the cloud _________________________________________________________ 28
4.2.3 Moving to the cloud ____________________________________________________________ 29
5 CoNCluSIoNS AND RECoMMENDATIoNS _____________________________________________ 30
6 gloSSARy _____________________________________________________________________________________ 31
7 CoNTRIBuToRS ______________________________________________________________________________ 36
6 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
1 ExECuTIvE SuMMARyThis cloud services study focuses on the question of how higher education and research can benefit from the
adoption of cloud services.
The authors believe cloud services offer higher education and research organisations the opportunity to provide
their users with a wider range of relevant IT services at a faster pace and fulfil user demand.
IT departments can use the instant availability and elasticity of cloud services to modify their expenditure profile,
reducing the need for periodic and large capital expenditure (CAPEx) to a smoother, increased, but predictable
operational expenditure (oPEx).
Furthermore, the authors of this report see opportunities for NRENs to enhance the quality of cloud offerings (by
facilitating the procurement and delivery of cloud services at the right conditions, and provide more coherence
between them (by means of a middleware cloud collaboration infrastructure). To be able to do this, NRENs should
embrace and make use of:
› the consumerisation of IT: users are choosers (IT departments facilitate the users);
› the power and scale of the cloud distribution model (the profound changes in the way providers deliver their
services);
› the sense of urgency and interest in clouds (the desire of stakeholders to see the adoption of cloud services).
There are two routes to take: › the consumption of services offered by commercial vendors in the public cloud (commodity services);
› the production of services, together at NREN level, in a community cloud (services for the specific needs and
special requirements of the higher education and research community).
Both routes are valid and relevant, but call for a different organisational approach.
1.1 Consume – Use Commodity Services from the Public Cloud
› Software as a Service (SaaS)
This approach can be used when higher education and research have the same needs as other types of
organisations (regular online communication and collaboration).
› Infrastructure as a Service (IaaS)
NRENs can make use of the large-scale and flexible infrastructures offered by commercial vendors and run
virtual machines in the cloud (instead of in a local data centre).
This is a multi-vendor, outsourcing scenario. Efforts are focused externally on the vendors.
NRENs can add value by providing vendor management and brokering to their members. offering this on an
NREN level makes it possible to effectively and efficiently collaborate and negotiate with vendors of cloud services
7 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
to obtain the right agreements and the best conditions for services, availability, service levels, security, privacy,
portability of data, and interoperability.
This can be scaled up to a European level under the management of a pan-European organisation, such as
TERENA. In this context, the NRENs can collectively:
› align roadmaps of online services;
› exchange vendor information;
› share documents;
› negotiate and procure together.
Issues
The Research and Education community should establish a trusted forum to provide independent advice and
recommendations on issues of security, privacy, opaque licensing models, interoperability (standards) and
legislation (national legislation, Eu legislation, and ‘international clouds’).
The three main regulatory topics deal with:
1. storing Personally Identifiable Information (PII) and crossing national borders, both inside the Eu, and
outside the Eu;
2. data processing agreements, which must be signed, and comprehensible, without unilateral
change-management by the cloud provider;
3. auditing requirements – the documentation of procedures is mandatory.
1.2 Produce - Be a Community CloudThe other route is to share resources and cooperate to produce specialised services in a community cloud. This
relates to services that fulfil the specific requirements of the community, and prohibits the use of public cloud
services, because of:
› security and privacy considerations or legal requirements regarding the physical location where data is stored;
› special functional needs that commercial vendors cannot provide.
This is a co-creation scenario. Efforts are internally focused towards the participating organisations.
This scenario can benefit from the fact the NRENs also provide the network. This combination - NREN community
cloud services on top of the network - helps to:
› reduce the costs of data transfer, which can be significant with commercial clouds, especially for ‘big data’
applications;
› assure performance for both throughput and latency;
› create private/community network domains that can be treated preferentially on campus.
8 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
1.3 Connecting the CloudsThe term ‘cloud’ is misleading in the sense that it alludes to a single entity, while there are many organisations
offering cloud services. There are many clouds, but the services they offer are fragmented (vendor- and
product-specific silos). This poses a problem for higher education and research. This is an open community with
inter-organisational collaboration and information exchange and, therefore, it needs interconnected cloud
services.
NRENs have experienced this problem before, with their networks. NRENs were the first to interconnect their
national research and education networks, and to create a global network infrastructure. Now they need to
extend this leadership role for cloud services and work together towards an interconnected cloud infrastructure.
This cloud infrastructure consists of three key elements, all of which are in the middleware space: an area where
NRENs are at the forefront of development:
1. federated authentication and identity management for access to cloud assets (higher education and
research organisations - and not vendors- need to be in control of the user accounts);
2. unified group management and authorisation for the creation of a single point of control where users can
manage their (inter-organisational) teams. These group-related privileges (roles) are automatically used and
updated in all connected cloud services;
3. open data exchange and social networking between online services.
There is an opportunity for the NRENs to lead in the field of cloud brokering and cloud middleware infrastructures.
To be able to connect the clouds and provide added value for their members, NRENs must join forces and
collaborate, as they have done for many years in the area of networks.
9 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
2 DEFINITIoNS oF ClouDSThe subject of cloud computing is surrounded by hype, so it can be difficult to decide what should be considered
“cloud” and what not, or whether “cloud” is really something new or just a cute new name for old-fashioned
technologies.
Fortunately, there is a good definition of cloud computing which has broad support and is actually useful
for distinguishing clouds from other forms of (distributed) computing. This definition has been elaborated
under the auspices of the uS National Institute of Standards and Technology (NIST). The NIST Definition of
Cloud Computing 1 is a fairly short document that is recommended reading for anyone who wants to understand
cloud services.
The NIST definition is structured as five essential characteristics, three service models, and three deployment
models that can be combined into a “hybrid”. In the following paragraphs, these are put into the context of this
study. The NIST publication contains exhaustive explanations of the definitions and these are not included in this
report.
2.1 Essential Characteristics
NIST defines clouds as combining the characteristics of: › on-demand self-service;
› broad network access;
› resource pooling;
› rapid elasticity;
› measured service.
2.1.1 “Cloud computing” actually means something (new)We often hear arguments (by ‘cloud-sceptics’) that there is really nothing new under the sun and that ‘cloud’ is just
a fashionable name for pre-existing things, e.g., grid computing or well-run highly automated datacentres, such
as those found in HPC or other large-scale web or other hosting services, or that cloud computing is merely one
of many forms of outsourcing. However, a combination of these properties really does define a novel kind of IT
service, which has the potential to bring the benefits - but also the risks - of outsourcing to significant new usage
areas and audiences.
While the vision of “utility computing” was famously formulated more than fifty years ago 2, some fairly recent
advances were necessary to make cloud computing come close to that vision. These include:
› warehouse-scale computing, based on cost-efficient commodity systems, and combined with successful
business models to justify the (continued) investments, notably google’s search engine combined with its
auction-based text advertisement system;
1 P. Mell, T. Grance, The NIST Definition of Cloud Computing, NIST Special Publication 800-145, September 2011 http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
2 by the late John McCarthy in a speech at the MIT centennial in 1961
10 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
› virtualisation techniques and their efficient support through hardware assistance, even on commodity
systems;
› decent Internet connectivity becoming widespread enough.
2.2 Why Some Things are not “Cloud”
It is helpful to look at some areas of the research and education ICT environment in relation to the definition of
cloud.
High-Performance Computing (HPC) centres certainly perform pooling of resources, which is an important
justification for their existence. They also allow access over the network (although, in practice, the focus is often
on controlled access, rather than on broad access) and the service is metred, although more frequently for
enforcement of resource limits than for billing. However, there is usually neither seamless self-service nor rapid
elasticity.
The Magellan report 3 explains 4 that while this could be added, there are concerns that doing so would reduce
efficiency, as measured by resource utilisation.
This raises an important issue. Institutions, such as HPC centres, have been set up to manage expensive and scarce
resources and to try to maximise their utilisation, using, for example, elaborate queuing systems and selective
vetting processes, to make sure the resources are not “wasted” by users who do not really need them.
In contrast, usage-based billing or other usage-based revenue generation, in combination with “scale-out”
infrastructures, lead to a sustainable regime of abundance in cloud computing. Increased utilisation is never a
problem, because, in the short term, there is always spare capacity planned in. Clouds avoid full utilisation, and in
the long term, increased use generates increased revenue, which is used to grow the resource.
grid computing comes a bit closer to cloud computing. It explicitly makes use of the network, and provides some
standardised (but hard to use and operate) access protocols that take it a step further to ‘self-service’. However,
resource allocation in today’s grids is based on queuing, (virtual organisation-based) authorisation, and resource
limitations, rather than on charging for usage and dynamic scaling. on the other hand, grids have the important
(defining) aspect of a federation of independently operated resources and this aspect is missing from clouds.
While there are excellent reasons for, and clear benefits of this principle of federation, it also brings significant
complexities in technology, operations, and business relationships, none of which is intrinsic to clouds.
Summary
HPC and Grid computing
allow a selected set of users, controlled access to
a collection of scarce resources
Cloud services
provide as many users as possible, with broad
access to a collection of plentiful resources
3 The Magellan Report on Cloud Computing for Science, U.S. Department of Energy, Office of Advanced Scientific Computing Research (ASCR), December 2011 http://science.energy.gov/~/media/ascr/pdf/program-documents/docs/Magellan_Final_Report.pdf4 page v, finding 9.
11 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
2.3. Types of Cloud ServicesCloud services can easily be categorised into one of three categories.
(diagram A. Steijaert 2011)
2.3.1 Software as a Service (SaaS)Canonical examples for this are Customer Relations Management software, large-scale webmail, and other ‘office
productivity’ solutions such as gmail/google Apps or Microsoft office 365. Many NRENs have some experience
providing application software over the network, such as video Conferencing or other support systems for
collaboration.
However, it is difficult to compete on user-friendliness and scalability with commercial mass-market solutions. on
the other hand, there are certainly applications which are of broader interest in the academic sector, but which
do not (yet) constitute a mass-market business case. Running email systems is perceived as a burden by many
academic organisations, and is a prime candidate for outsourcing to external (cloud) providers, but there are
obstacles related to regulatory and confidentiality issues.
2.3.2 Platform as a Service (PaaS)Systems such as Microsoft Azure or google App Engine provide local software development and testing
environments, and facilities for deploying the developed software in the cloud. While PaaS appears to have great
potential, adoption among potential users seems to lag behind that of IaaS. This probably has to do with:
› their technical requirements - a fixed set of supported program languages and protocols, which lead to a
number of developers feeling limited in their options (running your own virtual machine in the cloud at an
IaaS provider gives more freedom);
› a greater perceived “lock-in” and a lack of data-portability options, compared to the more standardised IaaS
offerings.
12 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
2.3.3 Infrastructure as a Service (IaaS)Basic virtual machine (vM) services and storage services are exemplified by Amazon Web Service (AWS), their EC2
(Elastic Compute Cloud), and their S3 (Simple Storage Services). other companies offering IaaS include Rackspace,
Microsoft, IBM, and HP, as well as many smaller ones. The services they offer and their pricing schemes are very
similar.
The high level of standardisation, along with vibrant development in both commercial and open-source projects
have significantly lowered the entry barrier. Although the scaling efficiencies of “warehouse-scale computing”
require vast investment, credible, smaller-scale IaaS plants have been built by some NRENs.
2.4 Deployment Models
2.4.1 Private cloudSome people think that private clouds should not be called clouds at all and write ‘cloud’ in quotes. This is about
running private data centres like cloud infrastructures, i.e., with large-scale virtualisation and highly automated
provisioning.
2.4.2 Community cloudWhile not very common in the competitive, commercial world, this category is highly relevant in the context
of National Research and Education Networks. The recently announced ‘Helix Nebula’ cloud is an example of a
community cloud operated by a consortium (CERN, ESA, and EMBl, along with some industry partners) on behalf
of the research community. NREN initiatives such as gRNET’s, okeanos, the university Modernisation Fund (uMF)
Eduserv cloud in the united Kingdom, and several similar initiatives also fall in this category.
2.4.3 Public cloudPublic clouds are offered to members of the general public by organisations, such as Amazon, google and a
multitude of others. Many see these as the ‘gold standard’ for clouds, because the scaling benefits become
obvious. others worry about loss of control, privacy, and geographic location of storage, along with possible legal
and regulation issues.
13 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
2.4.4 Hybrid cloudHybrid clouds are systems in which some of the infrastructure is operated in-house (private) and some outsourced
(public). All imaginable combinations of the two are possible. Relevant examples are private/public or private/
community combinations that are used in ‘cloud bursting’ scenarios to extend local (private) IT capacity to the
public cloud in order to meet peaks in demand.
14 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
3 A CHANgINg WoRlD - ClouD AND THE END-uSER PuSH
Why do users push for cloud services?
› It is there - and is usually easily available and integrates with their personal devices.
› It can - and users do not usually need to seek prior approval from institutional IT departments.
› It is good - and SaaS platforms are usually user-friendly and easy to use. PaaS and IaaS services offer extremely
elastic services without the commitment of capital expenditure (CAPEx).
The student push for Bring Your Own Device (BYOD) – the University as a transit hub
universities are turning into network hubs. Mobile devices are carried by students and staff, and these devices
are communicating with the world around them. users are increasingly connecting to the wireless network on
campus. Some universities respond to this by offloading student IT to cloud suppliers (for example google Apps
for Education, or Microsoft office365 for EDu). others respond by enforcing the use of a limited set of services
(lMS/vlE, official email, internal university portal), or with a combinations of solutions.
Because the NREN networks are designed to have sufficient capacity to avoid bottlenecks and hence congestion,
users usually have good access to cloud services, particularly when the connectivity of the service provider of the
cloud has good peering with the NREN.
The e-Science push for clouds
Some e-Science applications are well suited to the use of public clouds, whereas others demand special software/
hardware combinations to run effectively. one of the major challenges for the e-Science community will be
to sort out which applications can take advantage of public or community clouds, and which applications will
require traditional, super-computing facilities. A combination of IaaS and some PaaS is the first step for e-Science,
but there is potential for SaaS, especially for standardised REST APIs where data may flow.
e-Science and Big Data
As “Big Data” is enabled in more and more academic disciplines, the need for cloud computing increases;
consequently, network capacity will have to follow. An example is human genome science, where entire genomes
are sequenced, stored, and consulted for research. Both storage and processing depend on sufficient bandwidth.
The ability to customise large-scale services should fit well with the needs of research projects but the regulation
of this space is not clear. This may prevent cautious scientists from taking advantage of cloud services until the
cloud services industry matures and many of the issues are resolved.
15 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
3.1 Cloud Drivers and Obstacles
As with any outsourcing activity, organisations are keen to make use of the external expertise and the attendant
cost savings. Moving IT services to a cloud gives organisations access to services without the risks inherent in self-
provisioning. This is especially apparent when the cloud providers are demonstrably experts in their field, and the
services involved are not the key business of the outsourcing organisation.
In contrast to the normal decisions for choosing suppliers for outsourcing, cloud providers present a different set
of drivers and obstacles for their clients, and this is particularly relevant against the backdrop of specialisation in
the higher education and research community.
Summary of the drivers and obstacles to moving services to the cloud
Drivers Obstacles
The drivers that are particularly relevant to education
and research clients and cloud vendors are principally:
› funding;
› innovation;
› elastic supply to match user demand for resources;
› the desire of stakeholders to see cloud models in
action;
› security - a strength and a weakness.
The main issues blocking a widespread use
of cloud computing are:
› charging model versus funding model;
› costs are not clear;
› data protection legislation controls on
where data owners may host data;
› end users, data owners have no appetite
for international legal disputes
See also http://tiny.cc/eqpz2
16 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
What are your biggest concerns surrounding the Cloud today?
Copyright © The Open Group 2011
See also: http://tiny.cc/eld45
3.2 Consequences for Higher Education and ResearchHow are higher education and research organisations affected by cloud services? What does it mean for the way
they offer and organize IT facilities? The next paragraphs propose a route forward.
3.3 Working towards a Cloud StrategyCloud services are not an isolated phenomenon. They are related to developments in other fields of IT.
Networks and the rise of mobile connectivity
Wi-Fi and mobile networks allow users to be online anytime and anywhere.
Hardware
There has been a transformation from expensive computers confined to a desktop, to affordable mobile devices.
users can take these devices anywhere they want (laptop computers, mobile phones and tablets).
Software and data
Benefiting from the new opportunities in networks and devices, software can now be used online (as online
applications) and data can be stored externally (somewhere on the Internet).
IT used to be scarce and is now available in abundance (‘the consumerisation of IT’). Devices are becoming
personal and users keep them close. on the other hand, software and data are moving away from the user, into
the cloud. A cloud strategy needs to take this radical shift in the availability of IT and the effect this has on users
into account. In the past, users predominantly received their IT supplies from their home organisation (their
employer). Now, they increasingly choose their own hardware and software and they choose where they store
17 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
their data. They are tech-savvy, and have excellent IT facilities at home. They expect the same experience in the
workplace. This is most visible in the trend to ‘bring your own device’.
Higher education and research organisations are right in the middle of these developments. They feel the
pressure from vendors (supply side) and their users (demand side).
› vendors, often with large-scale infrastructures, target their users directly;
› users want to choose the IT services they use, and want to have them available anytime and anywhere.
Furthermore, collaboration in higher education and research increasingly extends beyond the institution.
However, IT departments are traditionally focused internally, and organised around a restricted set of IT services
that are produced and controlled with a limited set of resources (staff, technical infrastructure, and finances). This
leads to a gap between users with high expectations and almost endless possibilities because of a multitude of
online offerings and organisations that are confined and bound by limited resources.
Cloud services can bridge this divide. Higher education and research want to know which IT services to produce
internally and which to consume externally. Further, they want to know what services they should provide and
what the users can arrange for themselves.
Produce vs. consume
The main reason to produce internal IT solutions is to be able to have full control and to create a custom-made
product that fits the specific needs of the organisation. on the other end of the spectrum are IT solutions without
qualitative differentiation: commodity services.
Consume - use the public cloud
The first step in bridging the divide is for higher education and research to work towards a situation where their
users can choose from a wide variety of online services, allowing users to consume commodity services from the
public cloud.
Software as a Service - higher education and research institutions have the same needs as other organisations
(regular online communication and collaboration).
Infrastructure as a Service – the higher education and research sector can make use of the large scale and flexible
infrastructures offered by commercial vendors and run virtual machines in the cloud (instead of in a local data
centre).
By aggregating demand, the higher education and research sector can collectively negotiate deals with vendors
of cloud services and establish the required:
› conditions of use (service specifications and service levels, pricing, security and privacy agreements, data
portability);
› middleware connections and standardisation to achieve interoperability.
18 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
This is a multi-vendor outsourcing scenario. Higher education organisations offer the opportunity for individual
users to choose from numerous public cloud services (a one-to-many approach to consumption).
From a vertical approach (silos) To a horizontal approach (modular)
› organising the production of a limited number
of monolithic (closed) services at individual
institutes
› High capital expenditures (CAPEx)
› Focus on customisation within the system
to adapt to user needs (custom-made/tailor-
made)
› Product-specific (deep)
› long term commitment, because of
investment in customisation of the services
(fixed)
› organising the consumption of a large number of
external modular services together at NREN level -
cross-institutional
› High operating expenditures (oPEx)
› Focus on providing interoperability between off-the-
shelf services, via open standards
› Cross-product (wide)
› Short term commitment on services, long term
commitment on standards to achieve interoperability
(freedom of movement)
Produce - become a community cloud
A second way to bridge the divide is for higher education and research organisations to share resources and
cooperate to produce specialised services together, in a community cloud:
› services in which all higher education and research organisations have the same needs (study tracking,
learning analytics and online grading systems);
› services that have a certain amount of specialisation but can be shared across a number of organisations (for
example, online learning environments, lecture streaming and research tools);
› services (both SaaS and IaaS) that have special requirements that prohibit the use of public cloud services
(because of security and privacy considerations or legal requirements regarding the physical location where
data is stored). This might apply to online assessment and grading tools.
This is a co-producing scenario that allows a number of higher education and research organisations to get
together (at an NREN level), to create and provide a specialised online service (a many-to-one approach to
production).
3.4 Business Case – the Community Cloud There are many possible areas where NRENs can help their constituencies to benefit from the new possibilities
of cloud services. one option that deserves special attention is whether NRENs should build and/or operate
dedicated cloud infrastructures, i.e., produce and provide community clouds for their constituencies.
In contrast to many other fields of activity, building cloud infrastructures requires significant resources in terms of
money and expertise, and if successful, their operation will have to satisfy demands of high stability, and will also
require sustainable models of funding. Note that all of this is also true for operating backbone networks, a field in
which NRENs have demonstrated that they can generate value.
There is a vibrant commercial market of public cloud offerings, as well as a widespread move to “private clouds”
within the IT organisations of universities. Is there a place for such academia-specific community clouds at all?
19 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
3.4.1 Service models for community cloudsA community cloud could offer all types of cloud services:
› community members could run virtual machines (vMs) and store data in them (IaaS);
› they could use the community cloud to develop and deploy applications (PaaS);
› they could access generic or community-specific applications running on the cloud (SaaS).
In order to focus the discussion, we have focused on IaaS offerings. There are several on-going projects in this area
that are described in the case studies in this document. An IaaS and the infrastructure that supports it can be used
to build community-specific PaaS and SaaS offerings.
3.4.2 Community cloud vs. public cloudThe commercial market is very competitive and full of interesting offers. large vendors have built huge
infrastructures to support these services, so it seems obvious that even if the entire research and education
community united its efforts, it would be impossible to reach similar economies of scale.
on the other hand, there is an abundance of smaller commercial players building IaaS offerings using their
own infrastructures. They usually target local markets and niches, and/or add IaaS to existing portfolios in IT or
telecommunication services. This is an indication that these companies see a market 5 for smaller-scale cloud
services.
3.4.3 Community cloud vs. private cloudsAt the other end of the spectrum, many academic institutions are adopting cloud-inspired technologies, such as
large-scale virtualisation and automated provisioning systems to make their own IT centres more efficient. This is
often called “private cloud”.
Therefore, an organisation that is considering building a community cloud should anticipate a situation where
many of its member organisations - especially the larger ones - will already be running their own highly
streamlined environments. A community cloud should be positioned so that it is still viable in such a world. For
example, it could leverage relative advantages in scale and try to be more (cost) efficient. It could also address the
“long tail” of organisations that are not in a good position to run private clouds. Further, it could focus on drivers
and use-cases that are more critical on a community-wide level than on a per-organisation level, such as national
or European initiatives for open access and data archiving.
3.4.4 Why are community clouds more attractive?The main attraction of community clouds versus commercial public clouds is related to issues of trust and control.
These issues are often regarded as ‘perceived risks’ in areas such as, regulatory environment, dependence on
external providers, data security, service availability, and portability (when one wants to leave a given cloud).
These trust issues would be significantly reduced through the use of community clouds, especially when these are
provided by an organisation that is already well known to the community (“the devil you know”). This provides a
major role for NRENs and similar organisations.
There are some network-related commercial and technical reasons that make NREN-operated community clouds
attractive. The fact that the NREN controls the network can help in many ways:
5 It is unclear whether they expect this market to be profitable in itself. In some cases, suppliers may feel that their customers expect cloud services as part of a “full-service” portfolio. Therefore, cloud activities can be a means to generate revenue in other areas such as telecommunications or IT services/consulting.
20 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
› by reducing the costs of data transfer, which can be significant with commercial clouds, especially for “big
data” applications;
› by assuring performance concerning both throughput and, perhaps more importantly, latency (delay), to
make both data-intensive and highly interactive uses possible;
› by creating private/community network domains that can be treated preferentially on campus security
devices, in order to mitigate or eliminate the performance-impact of such technologies as firewalls that are
likely to limit performance.
3.4.5 Do NRENs have what it takes to operate clouds?Considering the expertise NRENs have developed in producing and operating backbone networks and the
current market situation, it seems reasonable to further investigate the opportunities for community cloud
services. However, are NRENs really in a position where operating such a cloud is a realistic option?
There are several areas in which this is questionable: › NRENs may be restricted to specific geographic and “vertical” communities, and cannot hope to reach the
scale of the international mega-providers. Therefore, for every cloud offering under consideration (not just
community cloud infrastructure), the sustainability that can be attained at realistically achievable levels
should be carefully studied;
› most NRENs do not operate large quantities of general-purpose computers, and have no experience in selling
processing and storage as services (although there are some NRENs with strong links to supercomputing
centres);
› most NRENs do not have access to suitable datacentre space. The usual arrangement is that they use small
amounts of space in their customers’ (universities) datacentres, and/or in commercially operated datacentres.
on the other hand, in other aspects, NRENs are quite well positioned: › they have long-term relationships with their communities, who have come to trust them to operate and grow
other (network) infrastructures;
› these long-term relationships, as well as existing sustainable economic models from the networking space,
can provide the groundwork for sustainable economic models for cloud infrastructures;
› by controlling the backbone network, NRENs are well-positioned to provide cloud services with good and
assured performance, and to create trusted network zones for integrating cloud resources with campus
networks;
› as long as cloud computing is seen as a “hot” topic in research, NRENs can draw on expertise from researchers
within their community. Conversely, they can offer something unique to these researchers by giving them
insights into the infrastructure that commercial providers cannot give;
› there is a long history of successful inter-NREN collaboration, which is an excellent basis for learning from each
other.
21 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
3.4.6 Possible unintended consequencesAssuming that NRENs will successfully operate cloud infrastructures for their communities, there are a few
possible issues that should be kept in mind.
one is the possibility of alienating existing customers, in particular, university IT organisations, by creating the
perception of wanting to grab and centralise what has historically been the universities’ domain. To avoid this, an
NREN should focus on areas where these IT organisations are already considering outsourcing, and/or areas where
there are clear benefits to having a community-wide, rather than a per-campus solution.
Another issue is that when such an infrastructure exists, under the governance of the community, there could be
strong incentives to use it by default (“because it’s there”), even when other providers could provide a better and/
or cheaper service. To limit the negative effects of this, there should be transparent cost/charging models that do
not hide the true costs. Also, NRENs should not attempt to force their communities to use their services by policy,
but rather attract them with useful and economic services that are tailored to the communities’ needs.
3.5 Connecting the Cloud - Interoperability via Trusted Middleware CollaborationThe challenge for higher education and research organisations is to facilitate freedom of choice, while still
providing a safe online work and study environment, bringing together a combination of:
› public cloud consumption by end-users and the availability of co-produced community cloud services;
› the requirements for a secure, controllable ecosystem (auditing accountability and responsibility).
The answer lies in finding the right balance between:
› end user choice/end-user freedom;
› institutional control.
This is possible by creating an infrastructure that interconnects cloud services to each other and to the identity
management systems of the institutions. In doing this, users can access all of these cloud services with their
trusted institutional accounts, which provide ease of use, choice, and single sign-on. Their institutions manage
these accounts and subsequently manage their access to these cloud services.
Such an infrastructure is an extension to the federated authentication systems, which have been put in place
over the past couple of years. These existing federations can be expanded by bringing together the institutes
(the identity providers with their users) and the cloud vendors (the service providers with their services) into a
collaboration infrastructure.
The following are the key elements in a collaboration infrastructure:
1. Identity management for access to cloud assets and trustworthy online collaboration;
› secure, federated user authentication and single sign-on, based on standards, in order to achieve
interoperability. Federations would then connect an entire campus to the cloud service community. SAMl 2
and oAuth are widely used protocols;
› unified group management and authorisation. The infrastructure creates a single point of control where users
can manage their teams, and an online application in which users can set up groups, invite team members,
and define roles and permissions. These group-related privileges are automatically used and updated in all
22 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
connected cloud services. This makes membership rosters easy to manage and keeps them consistent. It
makes the simultaneous use of multiple cloud services a true possibility. Currently, grouper, developed in the
united States by the NSF and Internet2, is an example of this approach;
2. open data exchange and social networking;
› research and education are inherently social activities. To support the social aspect of online collaboration,
is should be possible to exchange data between online services. In addition, users want to use specific
components of cloud applications and bring these together into a portal (a single screen-view with gadgets
or widgets). openSocial enables this. This open standard is embraced by established players in the enterprise
software market.
This combination of identity management and open data exchange allows users to log in to numerous cloud
services with their own trusted institutional accounts. They can collaborate in all these services in their established
team set-up (unified group management). The institutions are in control of the available services (conditions for
use and distribution) and the identity and access management. The interoperability features (via openSocial)
provide users with useful facilities to mix and match services and their components.
To achieve such a collaboration infrastructure, it is important that NRENs and service providers work together,
discussing the required protocols and agreeing on standards).
SuRFnet, the NREN of the Netherlands, has a collaboration infrastructure in place that includes the above-
mentioned components, called SuRFconext.
http://www.surfnet.nl/en/Thema/coin/Pages/default.aspx
23 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
3.6 Cloud Brokering: Aggregation of Demand, Vendor Management, Distribution, and Adoption
NRENs create and operate a network from a centralised location and offer it to their member organisations. They
offer what they create in their organisation to the outside world; they are the provider and the brand.
Facilitating the consumption of cloud services calls for the opposite approach - to take the outside world
in. In order to offer cloud services, NRENs need to aggregate demand from their member organisations and
negotiate with vendors to reach agreements on their behalf, with better conditions than the individual users or
organisations can establish themselves. Finally, they need to organise the distribution and adoption of the cloud
services. This is a brokering role, and a facilitating role. NRENs thinking of undertaking such a role, should carefully
examine the internal organisational structure that would be required.
Key components in vendor management and cloud brokerage include:
Procurement – negotiate with vendors on behalf of the constituency to obtain good terms and conditions, such
as prices and SlA for services accessible to anyone within that constituency;
Infrastructure – achieve interoperability via standards and a collaboration infrastructure to interconnect the
institutions with the vendors and the vendors with the collaboration infrastructure;
Distribution – provide an online shop to show the connected cloud services (shop window), and provide facilities
to users to acquire these services;
Adoption – create and maintain communication and marketing programmes and facilitate the use of the service.
3.7 Compliance: Legal Aspects, Privacy, and SecurityCloud services are limited by the same regulatory framework as other services, and have restrictions for privacy,
compliance, and risk assessment. Many of the issues are similar to traditional outsourcing: obtaining audit
information, conserving documentation trails, preserving privacy, and avoiding lock-in. Since clouds may be
multinational, are often large scale, and may depend on sub-contractors, the outsourcing issues intensify as the
clouds drift across international regulatory borders and security domains.
The Eu/EEA regulations differ substantially from uS regulations, with many of the major cloud providers operating
under uS regulations. This poses challenges, for example, with regard to preservation of privacy and compliance
with the Eu privacy regulations. Since these regulations are stricter for NRENs and universities than for individuals,
there is a tendency to push decisions about the use of cloud services from the organisational level to the
individual level, since this “lets the university off the hook”.
There are three main issues with cloud services and Eu privacy regulations: 1. Storing Personally Identifiable Information (PII) inside the Eu, but crossing national borders is allowed.
Storing PII outside the Eu is more complicated;
2. Data processing agreements must be signed, and must be comprehensible. unilateral change
management by the cloud provider is not permitted;
3. Auditing requirements include mandatory documentation of procedures.
24 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
Many services in the cloud are based on policies that may be changed unilaterally by the service provider. Social
media, such as Facebook, reserve the right to change terms and policies at will, and this is not in compliance with
the Eu regulations on privacy. Service providers address this by requesting users to signify their agreement to
changes by clicking an “oK” box, which many users will do with little thought or care.
A key recommendation to the users is to never put any sensitive data, in unencrypted form, outside of your
organisation. If you put unencrypted data in the cloud, regard them as effectively in the public domain. The onus
is on the data owner to decide the balance of the trade-off between the functionality obtained from the cloud
and the risk of data being exposed.
Additional risks can arise from the data being in “the cloud”, which essentially means at unknown locations
anywhere that is off your organisation’s core network. If critical data are hosted on your own local Area Network,
there is a pretty good chance you can retrieve them, should parts of the network fail. Most people are pretty
confident that the NREN networks and gÉANT can provide them with reliable access to critical data. This may not
be the case when data are stored on remote servers in the cloud.
The world of physical machines with unique addresses is becoming a thing of the past. NAT routers have been
breaking that paradigm for several years. However, virtualisation and customisation of service is creating a
landscape of interconnected APIs, leading to an increasingly complex global tangle that is impossible for
authorities to understand, let alone regulate. How do we address the risk under such circumstances?
25 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
4 CASE STuDIES4.1 NREN: GRNET
gRNET’s mandate affirms the management’s commitment to provide innovative networking and computational
services to the greek R&E community, as well as supporting the development of Information and Communication
Technologies. Cloud services are among the top priorities on the agenda and consequently, a strategy to develop
these services was developed the last few years.
4.1.1 RationaleA substantial number of reasons led to the decision to invest in cloud services. The most important are described
below:
1. “legacy”
› involvement with computational services was not something new for gRNET. Apart from its well-established
role as the NREN, gRNET also operates the country’s National grid Initiative (NgI), orchestrating grid activities
and providing computational infrastructure to its customers. Cloud initiatives may be considered as a logical
extension to its core business;
› the concept of the “Service Box”, namely a stand-alone linux server hosting a plethora of pre-configured
services installed at the customers’ premises, was initially introduced to assist under-staffed NoCs, by
facilitating the deployment of traditional services, and to strengthen and disseminate the use of new services
by providing the means to adapt complicated setups easily and quickly. The Service Boxes may be considered
as a simplistic, initial SaaS, in which end users can deploy services by configuring only the parameters related
to their institutions;
2. “Community needs”
› the phenomenon of understaffed NoCs in many institutions or departments is not uncommon. This results
in poor performance of the services and/or unmaintained hardware components. Core services hosted in
the cloud can be centrally managed and operated by experienced personnel. This raises the quality of the
services, and simultaneously, minimises the investment in equipment and support;
3. “Potential for the R&E community”
› the importance of cloud services was raised by the greek R&E community and addressed to gRNET during
technical workshops and meetings to determine requirements. valuable input was provided by a diverse
community of users, including advanced users, system administrators and grid users;
26 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
4. “Pave the way for the public sector”
› a potential beneficiary of this initiative may be the greek public sector. gRNET is developing an open IaaS
platform that can easily be integrated into their existing datacentre and can offer virtualisation capabilities. It
is expected that the transfer of physical machines to virtual ones will save tremendous amounts of investment
in the future, a high priority of the government.
4.1.2 The Implementationokeanos is an IaaS and offers virtual computing resources. It is being developed by gRNET, to be offered to the
whole greek research and academic community. The software powering okeanos is available via an open source
license.
okeanos offers its users access to virtual Machines, virtual Ethernets, virtual Disks, and virtual Firewalls, through a
simple web-based graphical user Interface (guI). okeanos was conceived to offer its users easy and secure access
to gRNET’s datacentres, focusing on user friendliness and simplicity, while being able to scale up to the thousands
of virtual Machines and users, and terabytes of storage.
4.1.3 Description of the WorkThe goal of the okeanos project is to deliver a production quality IaaS. gRNET has operated a working alpha
version since July 2011; the alpha version comprises 350 vMs and 200 users.
In order to provide all of the services, okeanos is built as a jigsaw puzzle of many pieces: the guI, an Application
Programming Interface (API), an image registry, a vM management component, networking facilities, storage,
monitoring, identity management, accounting, problem handling, and a helpdesk. It goes beyond commercial
IaaS providers in several ways. While okeanos is designed to be used by people with little computer experience,
Amazon EC2, and comparable commercial offerings are not end-user services. At the same time, it aims to meet
the needs of advanced users in technical departments by offering persistent, long-term servers with custom
networking capabilities.
The software underlying okeanos, called Synnefo, is customised cloud management software with a google
ganeti backend. ganeti was chosen because, when possible, gRNET tries to use available software. ganeti is a
scalable and proven software infrastructure, and gRNET already has long experience with it, using it to provide
vMs to Network operation Centres. gRNET is also involved in ganeti development, and contributes patches
upstream.
okeanos has been developed, and is designed to operate on commodity hardware. It implements the openStack
Compute API v. 1.1, with custom extensions whenever necessary.
4.1.4 Impactokeanos impacts all aspects of virtualised environments: computing, networking, vM storage, and images.
users have access to vMs powered by Kernel-based virtual Machine (KvM), running linux and MS-Windows
guests on Debian hosts and using google ganeti for vM cluster management. The vMs are accessible by the end-
user over the web or programmatically (openStack Compute v. 1.1). users have full control over their vMs. They
can create new ones, start them, shut them down, reboot them, and destroy them. For the configuration of their
vMs, they can select, from pre-defined images, the number of CPus, the size of the RAM and system disk, and the
operating system, including popular linux distros (Fedora, Debian, ubuntu) and MS-Windows Server 2008 R2.
There is an out-of-band console over vNC – remote access software - for troubleshooting. The REST API for vM
management, is openStack Compute v. 1.1-compatible, and can interoperate with third party tools and client
27 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
libraries. It is a Python and Django implementation and gRNET has added custom extensions for yet-unsupported
functionality. The web guI is written in Javascript/jQuery, and is just another API client; in fact, all guI operations
happen over the API.
The networking functionality includes dual IPv4/IPv6 connectivity for each vM, and easy, platform-provided
firewalling either through an array of pre-configured firewall profiles, or through a roll-your-own firewall
inside the vM. users may create multiple, private, virtual l2 networks, so that they construct arbitrary network
topologies (e.g., they can deploy vMs in multi-tier configurations). The functionality is exported all the way to the
API and the guI.
At the current stage, IaaS storage is via redundant storage based on vMs to survive node downtime or failure.
gRNET is testing reliable distributed storage over RADoS, combined with custom software for snapshotting and
cloning.
okeanos allows users to use untrusted images. The host cannot touch user-provided data.
4.2 NREN: SURFnetIn the Netherlands, higher education and research is embracing the cloud. Their collaborative IT organisation,
SuRF, coordinates the joint efforts. These activities can be divided in three distinct phases:
1. Awareness of opportunities in the cloud
2. Preparing for the cloud
3. Moving to the cloud
4.2.1 Awareness of opportunities in the cloudDuring the past few years, higher education and research have become aware of the potential benefits cloud
services can offer. Higher education and research institutions find themselves in a much-changing world. SuRF’s
Strategic Plan for 2011–20141 notes that education is becoming “open”: communication between students and
instructors and is no longer restricted to within the walls of the institution and from nine to five. Both students
and staff have of personal devices, such as mobile phones, smartphones, laptops, and e-readers, and they use
these to access everything that they need for their studies or their work.
online collaboration has become perfectly normal, not just within individual institutions but also between them.
The need for far-reaching open and online collaboration is particularly pressing for research. The research field
is undergoing a real “data explosion”; it is not only the hard sciences that generate enormous quantities of data
but almost all fields of research, including the humanities. Research breakthroughs increasingly take place at the
junction between disciplines, and on the basis of joint efforts. Although institutions are spending a great deal on
ICT facilities to meet all these demands and keep pace with developments, they are now required to economise at
the same time.
28 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
Cloud computing can become an indispensable tool.
› The user push-consumerisation and commoditisation:
•Utilisingcloudservicesmakesitpossibletoprovidehigh-qualityICTservicesthatmeettherequirements
of students, instructors, researchers, and other staff;
•Theinstitutionscanalsokeeppace–morethaniscurrentlythecase–withthoserequirementsandmake
use of the range available: rapid adoption and availability of new facilities;
•Thecloudmakesitpossibletoprovideservices“atanytime”,
“at any place”, and – of increasing importance – “on any device”.
› Business and financial aspects:
•Cloudservicescanhelptoachievetheneededcostreductions(moreOPEXandlessCAPEX);
•Ifappliedeffectively,cloudservicescanmakeacontributiontoareductioninenergyconsumptionand
therefore help to achieve the sustainability goals that the institutions have set for themselves.
4.2.2 Preparing for the cloudA first set of ‘experiments’ and small-scale deployments were started:
› SaaS: outsourcing student e-mail to google and Microsoft at a handful of institutions;
› IaaS: pilots with ‘virtual machines’ in the cloud, with greenqloud as the supplier;
› In addition, a ‘sourcing toolbox’ was created: a set of guidelines for outsourcing IT services.
The tipping point was a study trip in March 2011. A group of board members from universities, accompanied
by representatives of SuRF, visited suppliers and universities in San Francisco and Seattle. This successful study
trip showed the enormous potential of cloud computing, but it also made clear the attendant risks. Three major
players – google, IBM, and Microsoft – provided a clear picture of their cloud strategy, their strengths, and their
weaknesses. Important initiatives for decision models were also shown. The study trip generated the following
insights:
› the question is not whether we should “enter the cloud” but when and how that should happen;
› working together in the context of SuRF has added value for higher education and research in the
Netherlands in general, and also for the individual institutions.
At the end of March 2011, the SuRF Board of Directors decided on a joint policy for cloud computing and the use
of cloud services. To coordinate these efforts, the ‘SuRF Task Force Cloud’ was created for the purpose of:
› organising discussion meetings with the Board members, IT managers and IT specialists of the SuRF member
organisations;
› consulting a number of external IT specialist with expertise on cloud computing;
29 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
› organising several ‘vendor cloud demonstration days’.
This resulted in a position paper: a draft version of a cloud strategy for higher education. At the end of 2011, this
position paper was officially accepted. The paper is based upon the following principles:
› ‘Cloud first’ - generic IT services in higher education and research will be provided via the public cloud as
much as possible.
› When the required services are not available in the public cloud, or when they cannot be used due to legal
considerations, community cloud services (specifically tailored to the needs of higher education) will be
implemented.
› For much of higher education, this means a change in their current procurement policies. users should be
able decide which devices and applications they use. They will be able to choose between multiple cloud
vendors and cloud services (a multi-vendor approach).
› SuRF will provide an excellent infrastructure, which interconnects these services.
› organisations of higher education will move to the cloud together, via SuRF.
4.2.3 Moving to the cloudAt the end of 2011 and in the beginning of 2012, SuRF undertook a number of internal organisational changes to
adapt to the new policy.
A new vendor management team was created. This team negotiates with vendors and maintains the relationship
with these parties on behalf of the whole SuRF community.
An adoption team was created to facilitate the use of cloud services. The SuRF member organisations receive
support, if desired, to use the SuRF cloud strategy as a foundation to shape their own cloud strategy and
roadmap. Institutes and SuRF work together to implement and adopt cloud services and benefit from each
other’s knowledge and experience.
The technical basis is the SuRFconext collaboration infrastructure.
30 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
5 CoNCluSIoNS AND RECoMMENDATIoNS
The development of cloud services is changing rapidly, offering users new ways to obtain the services they really
want in an easy, and often economically attractive manner. users are making these choices now, and there is a
real danger that if NRENs and institutions doing nothing, users will drift into fragmented islands of incompatible
services that may not have a sustainable future.
There is a chance for the NRENs to lead in the field of cloud brokering and cloud middleware infrastructures. To be
able to connect the clouds and provide added value to their members, NRENs must join forces and collaborate, as
they have done for many years in the area of networks. NRENs should work together on:
› consuming the public cloud: aggregating demand, vendor management and cloud brokering;
› producing community clouds: business cases;
› connecting the clouds, by means of collaboration infrastructures and federations;
› legal issues (on Eu level), standardisation, and interoperability.
31 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
6 gloSSARy
3G 3rd generation (mobile telecommunications technology)
3GPP 3rd generation Partnership Project
AAI Authentication and Authorisation Infrastructure
AKA Authentication and Key Agreement
ALMA Atacama Millimetre Array
API Application Programming Interface
APN Access Point Network
ARC AlMA Regional Centre
ASDM AlMA Science Data Model
ASKAP Australian SKA Precursor
ASPIRE A Study on the Prospects of the Internet for Research and Education
ATLAS A particle physics experiment at the large Hadron Collider at CERN
AUP Acceptable use Policy
AWS Amazon Web Service
BYOD Bring your own Device
CA Certification Authority
CAD Computer Aided Design
CAI Community Anchor Institutions
CAPEX Capital Expenditure
CEF Connecting Europe Facility
CEF/DSI Connecting Europe Facility/Digital Service Infrastructure
CERN European organisation for Nuclear Research
CERT Computer Emergency Response Teams
CIDOC-CRM International Committee for Documentation - Conceptual Reference Model
CP Connection Policy
CPU Central Processing unit
DANTE Delivery of Advanced Network Technology to Europe
DARIAH Digital Research Architecture for the Arts and Humanities
DC Dublin Core
DCH Digital Cultural Heritage
DCH-RP Digital Cultural Heritage Roadmap for Preservation
DC-NET Digital Cultural heritage NETwork
32 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
DEAS Delegate eduroam® Authentication System
DL Distance learning
DNA Deoxyribonucleic acid
DRDB Distributed Replicated Block Device (software)
DSI Digital Service Infrastructure
DVTS Digital video Transport System
EAP Extensible Authentication Protocol
EC2 Elastic Compute Cloud (Amazon)
ECDD&S ElIxIR Core Data Collections and Services
eduGAIN Education gÉANT Authorisation Infrastructure
eduroam Education Roaming
EEA European Economic Area
EGI European grid Infrastructure
EIRO European Industrial Relations observatory
ELIXIR A sustainable infrastructure for biological information in Europe
ELSI Ethical, legal and Social Implications
EMBL-EBI European Molecular Biology laboratory - European Bioinformatics Institute
e-MERLIN vlBI National Radio Astronomy Facility
EMI European Middleware Initiative
ESD Event Summary Data
ESFRI BMS RI European Strategy Forum - Biological and Medical Sciences Research Infrastructure
EU European union
EUDAT European Data Infrastructure
FITS Flexible Image Transport System
FTP File Transfer Protocol
FTS File Transfer Service
GA general Assembly
GB gigabyte
Gbps gigabits per second
GÉANT gigabit European Academic Network Technology
GN3 Multi-gigabit European Academic Network
GPRS general Packet Radio Service
GPS global Positioning System
GUI graphical user Interface
HDF5 Hierarchical Data Format
HEP High Energy Physics
HG Human genome Project
HPC High Performance Computing
HPC/Grid High Performance Computing and grid
HTTPS HyperText Transfer Protocol Secure
IaaS Infrastructure as a Service
33 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
ICFA Study group on Data Preservation and long Term Analysis in High Energy Physics
ICRAR a science archive facility in Australia
ICT Information and Communication Technologies
IEEE 802.1X e Institute of Electrical and Electronics Engineers – standard for port-based Network Access Control
IETF Internet Engineering Task Force
IGTF International grid Trust Federation
IN2P3 the National institute of nuclear and particle physics in France
IOS iPhone operating System
IP Internet Protocol
IP Intellectual Property
IPR Intellectual Property Right
IRCAM Institut de Recherche et Coordination Acoustique/Musique
IRG e-Infrastructure Reflection group
IRU Indefeasible Right of use
ISO International organization for Standardization
ISP Internet Service Provider
IVOA International virtual observatory Alliance
JIVE Joint Institute for vlBI in Europe
JSPG Joint Security Policy group
K-12 schools primary and secondary schools
km kilometre
KVM Kernel-based virtual Machine
LAN local Area Network
LHC large Hadron Collider
LHCOPN lHC optical Private Network
LIPA local IP Access
LMS learning Management Systems
LOFAR low Frequency Array
LOLA low lAtency audio visual streaming system
LTE long Term Evolution - a standard for wireless communication of high-speed data
MAN Metropolitan Area Network
mID unique Identification of person per device
MiFi Mobile Broadband Wi-Fi
MMS Multimedia Messaging Service
ms millisecond
NDGF Nordic Datagrid Facility
NFC Near Field Communication
NGAS New generation Archive System
NGI National grid Initiatives
NIST (uS) National Institute of Standards and Technology
NOC Network operations Centre
34 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
NRC National Research Council
NREN National Research and Education Network (can also refer to the operator of such a network)
NREN-PC National Research and Education Network Programme Committee
NSF National Science Foundation
OAI-MPH open Archives Initiative Protocol for Metadata Harvesting
OECD organisation for Economic Co-operation and Development
OMII open Middleware Infrastructure Institute
OPEX operating Expenditure
OSF operations Support Facility
OSG open Science grid
OTP one Time Passwords
OWL ontology Web language
PaaS Platform as a Service
PII Personally Identifiable Information
PKI Public Key Infrastructure
PMH Protocol for Metadata Harvesting
PoP Point of Presence
R&E Research and Education
RADIUS Remote Authentication Dial In user Service
RAM Random Access Memory
RDF Resource Description Framework
REST Representational State Transfer
RF/IF Radio Frequency/Intermediate Frequency
RNA Ribonucleic acid
RTT Round-Trip Time
S3 Simple Storage Services (Amazon)
SaaS Software-as-a-Service
SAML Security Assertion Markup language
SIM Subscriber Identification Module
SIP Session Initiation Protocol
SIPTO Selective IP Traffic offload
SKA Square Kilometre Array
SLA Service level Agreement
SLAC Stanford linear Accelerator Center
SMIL Synchronized Multimedia Integration language
SRM Storage Resource Manager
SSID Service Set Identifier
SVG Scalable vector graphics
SWOT Strengths, Weaknesses, opportunities, Threats
TERENA Trans European Research and Education Networking Association
TLS Transport layer Security
35 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
U.S. UCAN united States unified Community Anchor Network
UMF university Modernisation Fund (greece)
UMTS universal Mobile Telecommunications System
VLAN virtual local Area Network
VLBI very long Baseline Interferometry
VLE virtual learning Environment
VM virtual Machine
VO virtual observatory
VoIP voice over Internet Protocol
VOMS vo Membership Services
WAN Wide Area Network
WAP Wireless Application Protocol
WebDAV Web Distributed Authoring and versioning
Wi-Fi Wireless exchange of data
WiMAX Worldwide Interoperability for Microwave Access
WLAN Wireless local Area Network
WLCG Worldwide lHC Computing grid
XML Extensible Markup language
36 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
Brian Boyle, HEAnet, Ireland
BRIAN BoylE is the Network Services Manager with HEAnet, where he works in
the Managed Network Services team developing cost effective and technically
advanced ICT services for national and international networking to benefit
the Irish Education and Research community. Peviously, Brian worked as an IP
Network operations Manager in Eircom.net and IT services developer in Motorola.
Simon Leinen, SWITCH, Switzerland
SIMoN lEINEN heads the Peta Solutions team at SWITCH, the research and
education network for Switzerland. He worked in SWITCH’s (backbone) network
team for fifteen years. His current interests are centered around ways to make
cloud computing useful for research and education.
Andres Steijaert, SuRFnet, the Netherlands
ASPIRE CLOUDS Study Leader
ANDRES STEIJAERT works at SuRFnet, the National Research and Education
Network in the Netherlands. As member of the SuRF- taskforce Cloud, he
contributes to the SuRF cloud first strategy and supports higher education and
research organisations in their joint adoption of the cloud. He directs the cloud
brokering and vendor management activities. Previously, Andres worked on
the development of the SuRFconext collaboration infrastructure, as program
manager. Before SuRFconext, he coordinated the creation of the SuRFnet video
streaming platform and SuRFgroepen, a centrally hosted collaboration service.
As account advisor, Andres has been in close contact with the IT departments
of the Dutch universities, to foster their joint efforts on innovative projects to
improve the quality of higher education and research.
7 CoNTRIBuToRS
37 | ASPIRE CLOUD STUDY back
to c
onte
nts
page
Yannis Mitsos, gRNET, Greece
yANNIS MITSoS is head of the Network operations Centre at gRNET, the greek
National Research & Education Network. His main responsibilities are focused on
the planning, designing, and operating production-grade e-Infrastructures such as
network and cloud services. In parallel, he is actively involved in the development
of regional network structures around the South Eastern Europe.
Ingrid Melve, uNINETT, Norway
INgRID MElvE has been Chief Technology officer with the Norwegian research
network uNINETT since 2006. She leads the eCampus Norway project, an initiative
to create a coherent nation-wide campus infrastructure to support the core process
of the higher-education community: research and education. With the eCampus
programme she has taken on the challenges surrounding lecture recording, large-
scale use of video Conferencing and mobile solutions. Working for uNINETT since
1994, she became Manager of Applications and Middleware in 1998 and has been
involved in the field of Identity Management since 2000. She holds an MSc in
Telecommunications from the Norwegian Institute of Technology.