the adoption of cloud services · 1.3 connecting the clouds _____ 8 2 definitions of clouds ......

SEPTEMBER 2012

The Adoption of Cloud Services

ASPIRE

2 | ASPIRE CLOUD STUDY back

to c

onte

nts

page

IntroductionASPIRE - A Study on the Prospects of the Internet for Research and Education

The ASPIRE foresight study has been exploring the implications of potential developments of the Internet up until

2020 and assessing their impact for the Research and Education networking community.

In May 2011, a consultative workshop was held to ascertain what the community considers to be the four topics

that are most likely to have a significant impact on the sector.

The topics chosen as a result of the workshop were:

› Middleware and Managing Data and Knowledge in a Data-rich World

› Cloud Services

› Adoption of Mobile Services

› The Future Roles of NRENs

Four panels of experts were convened during the latter part of 2011, and worked until the spring of 2012,

gathering material and reaching a consensus on the major issues.

This document is the work ASPIRE panel on:

The Adoption of Cloud Services

The conclusions and recommendations from each of the panels will be discussed in a second ASPIRE workshop in

September 2012. The workshop will validate the work of the panels and determine a community strategy for the

future.

The ASPIRE study team at TERENA wish to express their sincere thanks and appreciation for the work undertaken

by the panel members and leaders.

John Dyer Magda Haver

The ASPIRE foresight Study was funded from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 238875, relating to the project ‘Multi-Gigabit European Research and Education Network and Associated Services (GN3)’.TERENA is solely responsible for this publication, which does not represent the opinion of the European Community; nor is the European Community responsible for any use that may be made of this report


to c

onte

nts

page

Contents1 ExECuTIvE SuMMARy ________________________________________________________________________ 6

1.1 Consume – use Commodity Services from the Public Cloud _____________________ 6

1.2 Produce - Be a Community Cloud _____________________________________________________ 7

1.3 Connecting the Clouds __________________________________________________________________ 8

2 DEFINITIoNS oF ClouDS ____________________________________________________________________ 9

2.1 Essential Characteristics _________________________________________________________________ 9

2.1.1 “Cloud computing” actually means something (new) _______________________ 9

2.2 Why Some Things are not “Cloud” ___________________________________________________ 10

2.3. Types of Cloud Services _______________________________________________________________ 11

2.3.1 Software as a Service (SaaS) ___________________________________________________ 11

2.3.2 Platform as a Service (PaaS) ____________________________________________________ 11

2.3.3 Infrastructure as a Service (IaaS) ______________________________________________ 12

2.4 Deployment Models ___________________________________________________________________ 12

2.4.1 Private cloud __________________________________________________________________________ 12

2.4.2 Community cloud _______________________________________________________________ 12

2.4.3 Public cloud ______________________________________________________________________ 12


to c

onte

nts

page

2.4.4 Hybrid cloud _____________________________________________________________________ 13

3 A CHANgINg WoRlD - ClouD AND THE END-uSER PuSH _________________________ 14

3.1 Cloud Drivers and obstacles __________________________________________________________ 15

3.2 Consequences for Higher Education and Research _______________________________ 16

3.3 Working towards a Cloud Strategy __________________________________________________ 16

3.4 Business Case – the Community Cloud ____________________________________________ 18

3.4.1 Service models for community clouds _______________________________________ 19

3.4.2 Community cloud vs. public cloud ___________________________________________ 19

3.4.3 Community cloud vs. private clouds _________________________________________ 19

3.4.4 Why are community clouds more attractive? _______________________________ 19

3.4.5 Do NRENs have what it takes to operate clouds? __________________________ 20

3.4.6 Possible unintended consequences __________________________________________ 21

3.5 Connecting the Cloud - Interoperability via Trusted Middleware

Collaboration ____________________________________________________________________________ 21

3.6 Cloud Brokering: Aggregation of Demand, vendor Management,

Distribution, and Adoption ___________________________________________________________ 23

3.7 Compliance: legal Aspects, Privacy, and Security ________________________________ 23

4 CASE STuDIES ________________________________________________________________________________ 25

4.1 NREN: gRNET ____________________________________________________________________________ 25

4.1.1 Rationale __________________________________________________________________________ 25

4.1.2 The Implementation ____________________________________________________________ 26

4.1.3 Description of the Work ________________________________________________________ 26


to c

onte

nts

page

4.1.4 Impact _____________________________________________________________________________ 26

4.2 NREN: SuRFnet __________________________________________________________________________ 27

4.2.1 Awareness of opportunities in the cloud ____________________________________ 27

4.2.2 Preparing for the cloud _________________________________________________________ 28

4.2.3 Moving to the cloud ____________________________________________________________ 29

5 CoNCluSIoNS AND RECoMMENDATIoNS _____________________________________________ 30

6 gloSSARy _____________________________________________________________________________________ 31

7 CoNTRIBuToRS ______________________________________________________________________________ 36


to c

onte

nts

page

1 ExECuTIvE SuMMARyThis cloud services study focuses on the question of how higher education and research can benefit from the

adoption of cloud services.

The authors believe cloud services offer higher education and research organisations the opportunity to provide

their users with a wider range of relevant IT services at a faster pace and fulfil user demand.

IT departments can use the instant availability and elasticity of cloud services to modify their expenditure profile,

reducing the need for periodic and large capital expenditure (CAPEx) to a smoother, increased, but predictable

operational expenditure (oPEx).

Furthermore, the authors of this report see opportunities for NRENs to enhance the quality of cloud offerings (by

facilitating the procurement and delivery of cloud services at the right conditions, and provide more coherence

between them (by means of a middleware cloud collaboration infrastructure). To be able to do this, NRENs should

embrace and make use of:

› the consumerisation of IT: users are choosers (IT departments facilitate the users);

› the power and scale of the cloud distribution model (the profound changes in the way providers deliver their

services);

› the sense of urgency and interest in clouds (the desire of stakeholders to see the adoption of cloud services).

There are two routes to take: › the consumption of services offered by commercial vendors in the public cloud (commodity services);

› the production of services, together at NREN level, in a community cloud (services for the specific needs and

special requirements of the higher education and research community).

Both routes are valid and relevant, but call for a different organisational approach.

1.1 Consume – Use Commodity Services from the Public Cloud

› Software as a Service (SaaS)

This approach can be used when higher education and research have the same needs as other types of

organisations (regular online communication and collaboration).

› Infrastructure as a Service (IaaS)

NRENs can make use of the large-scale and flexible infrastructures offered by commercial vendors and run

virtual machines in the cloud (instead of in a local data centre).

This is a multi-vendor, outsourcing scenario. Efforts are focused externally on the vendors.

NRENs can add value by providing vendor management and brokering to their members. offering this on an

NREN level makes it possible to effectively and efficiently collaborate and negotiate with vendors of cloud services


to c

onte

nts

page

to obtain the right agreements and the best conditions for services, availability, service levels, security, privacy,

portability of data, and interoperability.

This can be scaled up to a European level under the management of a pan-European organisation, such as

TERENA. In this context, the NRENs can collectively:

› align roadmaps of online services;

› exchange vendor information;

› share documents;

› negotiate and procure together.

Issues

The Research and Education community should establish a trusted forum to provide independent advice and

recommendations on issues of security, privacy, opaque licensing models, interoperability (standards) and

legislation (national legislation, Eu legislation, and ‘international clouds’).

The three main regulatory topics deal with:

1. storing Personally Identifiable Information (PII) and crossing national borders, both inside the Eu, and

outside the Eu;

2. data processing agreements, which must be signed, and comprehensible, without unilateral

change-management by the cloud provider;

3. auditing requirements – the documentation of procedures is mandatory.

1.2 Produce - Be a Community CloudThe other route is to share resources and cooperate to produce specialised services in a community cloud. This

relates to services that fulfil the specific requirements of the community, and prohibits the use of public cloud

services, because of:

› security and privacy considerations or legal requirements regarding the physical location where data is stored;

› special functional needs that commercial vendors cannot provide.

This is a co-creation scenario. Efforts are internally focused towards the participating organisations.

This scenario can benefit from the fact the NRENs also provide the network. This combination - NREN community

cloud services on top of the network - helps to:

› reduce the costs of data transfer, which can be significant with commercial clouds, especially for ‘big data’

applications;

› assure performance for both throughput and latency;

› create private/community network domains that can be treated preferentially on campus.


to c

onte

nts

page

1.3 Connecting the CloudsThe term ‘cloud’ is misleading in the sense that it alludes to a single entity, while there are many organisations

offering cloud services. There are many clouds, but the services they offer are fragmented (vendor- and

product-specific silos). This poses a problem for higher education and research. This is an open community with

inter-organisational collaboration and information exchange and, therefore, it needs interconnected cloud

services.

NRENs have experienced this problem before, with their networks. NRENs were the first to interconnect their

national research and education networks, and to create a global network infrastructure. Now they need to

extend this leadership role for cloud services and work together towards an interconnected cloud infrastructure.

This cloud infrastructure consists of three key elements, all of which are in the middleware space: an area where

NRENs are at the forefront of development:

1. federated authentication and identity management for access to cloud assets (higher education and

research organisations - and not vendors- need to be in control of the user accounts);

2. unified group management and authorisation for the creation of a single point of control where users can

manage their (inter-organisational) teams. These group-related privileges (roles) are automatically used and

updated in all connected cloud services;

3. open data exchange and social networking between online services.

There is an opportunity for the NRENs to lead in the field of cloud brokering and cloud middleware infrastructures.

To be able to connect the clouds and provide added value for their members, NRENs must join forces and

collaborate, as they have done for many years in the area of networks.


to c

onte

nts

page

2 DEFINITIoNS oF ClouDSThe subject of cloud computing is surrounded by hype, so it can be difficult to decide what should be considered

“cloud” and what not, or whether “cloud” is really something new or just a cute new name for old-fashioned

technologies.

Fortunately, there is a good definition of cloud computing which has broad support and is actually useful

for distinguishing clouds from other forms of (distributed) computing. This definition has been elaborated

under the auspices of the uS National Institute of Standards and Technology (NIST). The NIST Definition of

Cloud Computing 1 is a fairly short document that is recommended reading for anyone who wants to understand

cloud services.

The NIST definition is structured as five essential characteristics, three service models, and three deployment

models that can be combined into a “hybrid”. In the following paragraphs, these are put into the context of this

study. The NIST publication contains exhaustive explanations of the definitions and these are not included in this

report.

2.1 Essential Characteristics

NIST defines clouds as combining the characteristics of: › on-demand self-service;

› broad network access;

› resource pooling;

› rapid elasticity;

› measured service.

2.1.1 “Cloud computing” actually means something (new)We often hear arguments (by ‘cloud-sceptics’) that there is really nothing new under the sun and that ‘cloud’ is just

a fashionable name for pre-existing things, e.g., grid computing or well-run highly automated datacentres, such

as those found in HPC or other large-scale web or other hosting services, or that cloud computing is merely one

of many forms of outsourcing. However, a combination of these properties really does define a novel kind of IT

service, which has the potential to bring the benefits - but also the risks - of outsourcing to significant new usage

areas and audiences.

While the vision of “utility computing” was famously formulated more than fifty years ago 2, some fairly recent

advances were necessary to make cloud computing come close to that vision. These include:

› warehouse-scale computing, based on cost-efficient commodity systems, and combined with successful

business models to justify the (continued) investments, notably google’s search engine combined with its

auction-based text advertisement system;

1 P. Mell, T. Grance, The NIST Definition of Cloud Computing, NIST Special Publication 800-145, September 2011 http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

2 by the late John McCarthy in a speech at the MIT centennial in 1961

http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf


to c

onte

nts

page

› virtualisation techniques and their efficient support through hardware assistance, even on commodity

systems;

› decent Internet connectivity becoming widespread enough.

2.2 Why Some Things are not “Cloud”

It is helpful to look at some areas of the research and education ICT environment in relation to the definition of

cloud.

High-Performance Computing (HPC) centres certainly perform pooling of resources, which is an important

justification for their existence. They also allow access over the network (although, in practice, the focus is often

on controlled access, rather than on broad access) and the service is metred, although more frequently for

enforcement of resource limits than for billing. However, there is usually neither seamless self-service nor rapid

elasticity.

The Magellan report 3 explains 4 that while this could be added, there are concerns that doing so would reduce

efficiency, as measured by resource utilisation.

This raises an important issue. Institutions, such as HPC centres, have been set up to manage expensive and scarce

resources and to try to maximise their utilisation, using, for example, elaborate queuing systems and selective

vetting processes, to make sure the resources are not “wasted” by users who do not really need them.

In contrast, usage-based billing or other usage-based revenue generation, in combination with “scale-out”

infrastructures, lead to a sustainable regime of abundance in cloud computing. Increased utilisation is never a

problem, because, in the short term, there is always spare capacity planned in. Clouds avoid full utilisation, and in

the long term, increased use generates increased revenue, which is used to grow the resource.

grid computing comes a bit closer to cloud computing. It explicitly makes use of the network, and provides some

standardised (but hard to use and operate) access protocols that take it a step further to ‘self-service’. However,

resource allocation in today’s grids is based on queuing, (virtual organisation-based) authorisation, and resource

limitations, rather than on charging for usage and dynamic scaling. on the other hand, grids have the important

(defining) aspect of a federation of independently operated resources and this aspect is missing from clouds.

While there are excellent reasons for, and clear benefits of this principle of federation, it also brings significant

complexities in technology, operations, and business relationships, none of which is intrinsic to clouds.

Summary

HPC and Grid computing

allow a selected set of users, controlled access to

a collection of scarce resources

Cloud services

provide as many users as possible, with broad

access to a collection of plentiful resources

3 The Magellan Report on Cloud Computing for Science, U.S. Department of Energy, Office of Advanced Scientific Computing Research (ASCR), December 2011 http://science.energy.gov/~/media/ascr/pdf/program-documents/docs/Magellan_Final_Report.pdf4 page v, finding 9.

http://science.energy.gov/~/media/ascr/pdf/program-documents/docs/Magellan_Final_Report.pdf


to c

onte

nts

page

2.3. Types of Cloud ServicesCloud services can easily be categorised into one of three categories.

(diagram A. Steijaert 2011)

2.3.1 Software as a Service (SaaS)Canonical examples for this are Customer Relations Management software, large-scale webmail, and other ‘office

productivity’ solutions such as gmail/google Apps or Microsoft office 365. Many NRENs have some experience

providing application software over the network, such as video Conferencing or other support systems for

collaboration.

However, it is difficult to compete on user-friendliness and scalability with commercial mass-market solutions. on

the other hand, there are certainly applications which are of broader interest in the academic sector, but which

do not (yet) constitute a mass-market business case. Running email systems is perceived as a burden by many

academic organisations, and is a prime candidate for outsourcing to external (cloud) providers, but there are

obstacles related to regulatory and confidentiality issues.

2.3.2 Platform as a Service (PaaS)Systems such as Microsoft Azure or google App Engine provide local software development and testing

environments, and facilities for deploying the developed software in the cloud. While PaaS appears to have great

potential, adoption among potential users seems to lag behind that of IaaS. This probably has to do with:

› their technical requirements - a fixed set of supported program languages and protocols, which lead to a

number of developers feeling limited in their options (running your own virtual machine in the cloud at an

IaaS provider gives more freedom);

› a greater perceived “lock-in” and a lack of data-portability options, compared to the more standardised IaaS

offerings.


to c

onte

nts

page

2.3.3 Infrastructure as a Service (IaaS)Basic virtual machine (vM) services and storage services are exemplified by Amazon Web Service (AWS), their EC2

(Elastic Compute Cloud), and their S3 (Simple Storage Services). other companies offering IaaS include Rackspace,

Microsoft, IBM, and HP, as well as many smaller ones. The services they offer and their pricing schemes are very

similar.

The high level of standardisation, along with vibrant development in both commercial and open-source projects

have significantly lowered the entry barrier. Although the scaling efficiencies of “warehouse-scale computing”

require vast investment, credible, smaller-scale IaaS plants have been built by some NRENs.

2.4 Deployment Models

2.4.1 Private cloudSome people think that private clouds should not be called clouds at all and write ‘cloud’ in quotes. This is about

running private data centres like cloud infrastructures, i.e., with large-scale virtualisation and highly automated

provisioning.

2.4.2 Community cloudWhile not very common in the competitive, commercial world, this category is highly relevant in the context

of National Research and Education Networks. The recently announced ‘Helix Nebula’ cloud is an example of a

community cloud operated by a consortium (CERN, ESA, and EMBl, along with some industry partners) on behalf

of the research community. NREN initiatives such as gRNET’s, okeanos, the university Modernisation Fund (uMF)

Eduserv cloud in the united Kingdom, and several similar initiatives also fall in this category.

2.4.3 Public cloudPublic clouds are offered to members of the general public by organisations, such as Amazon, google and a

multitude of others. Many see these as the ‘gold standard’ for clouds, because the scaling benefits become

obvious. others worry about loss of control, privacy, and geographic location of storage, along with possible legal

and regulation issues.


to c

onte

nts

page

2.4.4 Hybrid cloudHybrid clouds are systems in which some of the infrastructure is operated in-house (private) and some outsourced

(public). All imaginable combinations of the two are possible. Relevant examples are private/public or private/

community combinations that are used in ‘cloud bursting’ scenarios to extend local (private) IT capacity to the

public cloud in order to meet peaks in demand.


to c

onte

nts

page

3 A CHANgINg WoRlD - ClouD AND THE END-uSER PuSH

Why do users push for cloud services?

› It is there - and is usually easily available and integrates with their personal devices.

› It can - and users do not usually need to seek prior approval from institutional IT departments.

› It is good - and SaaS platforms are usually user-friendly and easy to use. PaaS and IaaS services offer extremely

elastic services without the commitment of capital expenditure (CAPEx).

The student push for Bring Your Own Device (BYOD) – the University as a transit hub

universities are turning into network hubs. Mobile devices are carried by students and staff, and these devices

are communicating with the world around them. users are increasingly connecting to the wireless network on

campus. Some universities respond to this by offloading student IT to cloud suppliers (for example google Apps

for Education, or Microsoft office365 for EDu). others respond by enforcing the use of a limited set of services

(lMS/vlE, official email, internal university portal), or with a combinations of solutions.

Because the NREN networks are designed to have sufficient capacity to avoid bottlenecks and hence congestion,

users usually have good access to cloud services, particularly when the connectivity of the service provider of the

cloud has good peering with the NREN.

The e-Science push for clouds

Some e-Science applications are well suited to the use of public clouds, whereas others demand special software/

hardware combinations to run effectively. one of the major challenges for the e-Science community will be

to sort out which applications can take advantage of public or community clouds, and which applications will

require traditional, super-computing facilities. A combination of IaaS and some PaaS is the first step for e-Science,

but there is potential for SaaS, especially for standardised REST APIs where data may flow.

e-Science and Big Data

As “Big Data” is enabled in more and more academic disciplines, the need for cloud computing increases;

consequently, network capacity will have to follow. An example is human genome science, where entire genomes

are sequenced, stored, and consulted for research. Both storage and processing depend on sufficient bandwidth.

The ability to customise large-scale services should fit well with the needs of research projects but the regulation

of this space is not clear. This may prevent cautious scientists from taking advantage of cloud services until the

cloud services industry matures and many of the issues are resolved.


to c

onte

nts

page

3.1 Cloud Drivers and Obstacles

As with any outsourcing activity, organisations are keen to make use of the external expertise and the attendant

cost savings. Moving IT services to a cloud gives organisations access to services without the risks inherent in self-

provisioning. This is especially apparent when the cloud providers are demonstrably experts in their field, and the

services involved are not the key business of the outsourcing organisation.

In contrast to the normal decisions for choosing suppliers for outsourcing, cloud providers present a different set

of drivers and obstacles for their clients, and this is particularly relevant against the backdrop of specialisation in

the higher education and research community.

Summary of the drivers and obstacles to moving services to the cloud

Drivers Obstacles

The drivers that are particularly relevant to education

and research clients and cloud vendors are principally:

› funding;

› innovation;

› elastic supply to match user demand for resources;

› the desire of stakeholders to see cloud models in

action;

› security - a strength and a weakness.

The main issues blocking a widespread use

of cloud computing are:

› charging model versus funding model;

› costs are not clear;

› data protection legislation controls on

where data owners may host data;

› end users, data owners have no appetite

for international legal disputes

See also http://tiny.cc/eqpz2

http://tiny.cc/eqpz2


to c

onte

nts

page

What are your biggest concerns surrounding the Cloud today?

Copyright © The Open Group 2011

See also: http://tiny.cc/eld45

3.2 Consequences for Higher Education and ResearchHow are higher education and research organisations affected by cloud services? What does it mean for the way

they offer and organize IT facilities? The next paragraphs propose a route forward.

3.3 Working towards a Cloud StrategyCloud services are not an isolated phenomenon. They are related to developments in other fields of IT.

Networks and the rise of mobile connectivity

Wi-Fi and mobile networks allow users to be online anytime and anywhere.

Hardware

There has been a transformation from expensive computers confined to a desktop, to affordable mobile devices.

users can take these devices anywhere they want (laptop computers, mobile phones and tablets).

Software and data

Benefiting from the new opportunities in networks and devices, software can now be used online (as online

applications) and data can be stored externally (somewhere on the Internet).

IT used to be scarce and is now available in abundance (‘the consumerisation of IT’). Devices are becoming

personal and users keep them close. on the other hand, software and data are moving away from the user, into

the cloud. A cloud strategy needs to take this radical shift in the availability of IT and the effect this has on users

into account. In the past, users predominantly received their IT supplies from their home organisation (their

employer). Now, they increasingly choose their own hardware and software and they choose where they store

http://tiny.cc/eld45


to c

onte

nts

page

their data. They are tech-savvy, and have excellent IT facilities at home. They expect the same experience in the

workplace. This is most visible in the trend to ‘bring your own device’.

Higher education and research organisations are right in the middle of these developments. They feel the

pressure from vendors (supply side) and their users (demand side).

› vendors, often with large-scale infrastructures, target their users directly;

› users want to choose the IT services they use, and want to have them available anytime and anywhere.

Furthermore, collaboration in higher education and research increasingly extends beyond the institution.

However, IT departments are traditionally focused internally, and organised around a restricted set of IT services

that are produced and controlled with a limited set of resources (staff, technical infrastructure, and finances). This

leads to a gap between users with high expectations and almost endless possibilities because of a multitude of

online offerings and organisations that are confined and bound by limited resources.

Cloud services can bridge this divide. Higher education and research want to know which IT services to produce

internally and which to consume externally. Further, they want to know what services they should provide and

what the users can arrange for themselves.

Produce vs. consume

The main reason to produce internal IT solutions is to be able to have full control and to create a custom-made

product that fits the specific needs of the organisation. on the other end of the spectrum are IT solutions without

qualitative differentiation: commodity services.

Consume - use the public cloud

The first step in bridging the divide is for higher education and research to work towards a situation where their

users can choose from a wide variety of online services, allowing users to consume commodity services from the

public cloud.

Software as a Service - higher education and research institutions have the same needs as other organisations

(regular online communication and collaboration).

Infrastructure as a Service – the higher education and research sector can make use of the large scale and flexible

infrastructures offered by commercial vendors and run virtual machines in the cloud (instead of in a local data

centre).

By aggregating demand, the higher education and research sector can collectively negotiate deals with vendors

of cloud services and establish the required:

› conditions of use (service specifications and service levels, pricing, security and privacy agreements, data

portability);

› middleware connections and standardisation to achieve interoperability.

http://en.wikipedia.org/wiki/Bring_your_own_device








to c

onte

nts

page

This is a multi-vendor outsourcing scenario. Higher education organisations offer the opportunity for individual

users to choose from numerous public cloud services (a one-to-many approach to consumption).

From a vertical approach (silos) To a horizontal approach (modular)

› organising the production of a limited number

of monolithic (closed) services at individual

institutes

› High capital expenditures (CAPEx)

› Focus on customisation within the system

to adapt to user needs (custom-made/tailor-

made)

› Product-specific (deep)

› long term commitment, because of

investment in customisation of the services

(fixed)

› organising the consumption of a large number of

external modular services together at NREN level -

cross-institutional

› High operating expenditures (oPEx)

› Focus on providing interoperability between off-the-

shelf services, via open standards

› Cross-product (wide)

› Short term commitment on services, long term

commitment on standards to achieve interoperability

(freedom of movement)

Produce - become a community cloud

A second way to bridge the divide is for higher education and research organisations to share resources and

cooperate to produce specialised services together, in a community cloud:

› services in which all higher education and research organisations have the same needs (study tracking,

learning analytics and online grading systems);

› services that have a certain amount of specialisation but can be shared across a number of organisations (for

example, online learning environments, lecture streaming and research tools);

› services (both SaaS and IaaS) that have special requirements that prohibit the use of public cloud services

(because of security and privacy considerations or legal requirements regarding the physical location where

data is stored). This might apply to online assessment and grading tools.

This is a co-producing scenario that allows a number of higher education and research organisations to get

together (at an NREN level), to create and provide a specialised online service (a many-to-one approach to

production).

3.4 Business Case – the Community Cloud There are many possible areas where NRENs can help their constituencies to benefit from the new possibilities

of cloud services. one option that deserves special attention is whether NRENs should build and/or operate

dedicated cloud infrastructures, i.e., produce and provide community clouds for their constituencies.

In contrast to many other fields of activity, building cloud infrastructures requires significant resources in terms of

money and expertise, and if successful, their operation will have to satisfy demands of high stability, and will also

require sustainable models of funding. Note that all of this is also true for operating backbone networks, a field in

which NRENs have demonstrated that they can generate value.

There is a vibrant commercial market of public cloud offerings, as well as a widespread move to “private clouds”

within the IT organisations of universities. Is there a place for such academia-specific community clouds at all?


to c

onte

nts

page

3.4.1 Service models for community cloudsA community cloud could offer all types of cloud services:

› community members could run virtual machines (vMs) and store data in them (IaaS);

› they could use the community cloud to develop and deploy applications (PaaS);

› they could access generic or community-specific applications running on the cloud (SaaS).

In order to focus the discussion, we have focused on IaaS offerings. There are several on-going projects in this area

that are described in the case studies in this document. An IaaS and the infrastructure that supports it can be used

to build community-specific PaaS and SaaS offerings.

3.4.2 Community cloud vs. public cloudThe commercial market is very competitive and full of interesting offers. large vendors have built huge

infrastructures to support these services, so it seems obvious that even if the entire research and education

community united its efforts, it would be impossible to reach similar economies of scale.

on the other hand, there is an abundance of smaller commercial players building IaaS offerings using their

own infrastructures. They usually target local markets and niches, and/or add IaaS to existing portfolios in IT or

telecommunication services. This is an indication that these companies see a market 5 for smaller-scale cloud

services.

3.4.3 Community cloud vs. private cloudsAt the other end of the spectrum, many academic institutions are adopting cloud-inspired technologies, such as

large-scale virtualisation and automated provisioning systems to make their own IT centres more efficient. This is

often called “private cloud”.

Therefore, an organisation that is considering building a community cloud should anticipate a situation where

many of its member organisations - especially the larger ones - will already be running their own highly

streamlined environments. A community cloud should be positioned so that it is still viable in such a world. For

example, it could leverage relative advantages in scale and try to be more (cost) efficient. It could also address the

“long tail” of organisations that are not in a good position to run private clouds. Further, it could focus on drivers

and use-cases that are more critical on a community-wide level than on a per-organisation level, such as national

or European initiatives for open access and data archiving.

3.4.4 Why are community clouds more attractive?The main attraction of community clouds versus commercial public clouds is related to issues of trust and control.

These issues are often regarded as ‘perceived risks’ in areas such as, regulatory environment, dependence on

external providers, data security, service availability, and portability (when one wants to leave a given cloud).

These trust issues would be significantly reduced through the use of community clouds, especially when these are

provided by an organisation that is already well known to the community (“the devil you know”). This provides a

major role for NRENs and similar organisations.

There are some network-related commercial and technical reasons that make NREN-operated community clouds

attractive. The fact that the NREN controls the network can help in many ways:

5 It is unclear whether they expect this market to be profitable in itself. In some cases, suppliers may feel that their customers expect cloud services as part of a “full-service” portfolio. Therefore, cloud activities can be a means to generate revenue in other areas such as telecommunications or IT services/consulting.


to c

onte

nts

page

› by reducing the costs of data transfer, which can be significant with commercial clouds, especially for “big

data” applications;

› by assuring performance concerning both throughput and, perhaps more importantly, latency (delay), to

make both data-intensive and highly interactive uses possible;

› by creating private/community network domains that can be treated preferentially on campus security

devices, in order to mitigate or eliminate the performance-impact of such technologies as firewalls that are

likely to limit performance.

3.4.5 Do NRENs have what it takes to operate clouds?Considering the expertise NRENs have developed in producing and operating backbone networks and the

current market situation, it seems reasonable to further investigate the opportunities for community cloud

services. However, are NRENs really in a position where operating such a cloud is a realistic option?

There are several areas in which this is questionable: › NRENs may be restricted to specific geographic and “vertical” communities, and cannot hope to reach the

scale of the international mega-providers. Therefore, for every cloud offering under consideration (not just

community cloud infrastructure), the sustainability that can be attained at realistically achievable levels

should be carefully studied;

› most NRENs do not operate large quantities of general-purpose computers, and have no experience in selling

processing and storage as services (although there are some NRENs with strong links to supercomputing

centres);

› most NRENs do not have access to suitable datacentre space. The usual arrangement is that they use small

amounts of space in their customers’ (universities) datacentres, and/or in commercially operated datacentres.

on the other hand, in other aspects, NRENs are quite well positioned: › they have long-term relationships with their communities, who have come to trust them to operate and grow

other (network) infrastructures;

› these long-term relationships, as well as existing sustainable economic models from the networking space,

can provide the groundwork for sustainable economic models for cloud infrastructures;

› by controlling the backbone network, NRENs are well-positioned to provide cloud services with good and

assured performance, and to create trusted network zones for integrating cloud resources with campus

networks;

› as long as cloud computing is seen as a “hot” topic in research, NRENs can draw on expertise from researchers

within their community. Conversely, they can offer something unique to these researchers by giving them

insights into the infrastructure that commercial providers cannot give;

› there is a long history of successful inter-NREN collaboration, which is an excellent basis for learning from each

other.


to c

onte

nts

page

3.4.6 Possible unintended consequencesAssuming that NRENs will successfully operate cloud infrastructures for their communities, there are a few

possible issues that should be kept in mind.

one is the possibility of alienating existing customers, in particular, university IT organisations, by creating the

perception of wanting to grab and centralise what has historically been the universities’ domain. To avoid this, an

NREN should focus on areas where these IT organisations are already considering outsourcing, and/or areas where

there are clear benefits to having a community-wide, rather than a per-campus solution.

Another issue is that when such an infrastructure exists, under the governance of the community, there could be

strong incentives to use it by default (“because it’s there”), even when other providers could provide a better and/

or cheaper service. To limit the negative effects of this, there should be transparent cost/charging models that do

not hide the true costs. Also, NRENs should not attempt to force their communities to use their services by policy,

but rather attract them with useful and economic services that are tailored to the communities’ needs.

3.5 Connecting the Cloud - Interoperability via Trusted Middleware CollaborationThe challenge for higher education and research organisations is to facilitate freedom of choice, while still

providing a safe online work and study environment, bringing together a combination of:

› public cloud consumption by end-users and the availability of co-produced community cloud services;

› the requirements for a secure, controllable ecosystem (auditing accountability and responsibility).

The answer lies in finding the right balance between:

› end user choice/end-user freedom;

› institutional control.

This is possible by creating an infrastructure that interconnects cloud services to each other and to the identity

management systems of the institutions. In doing this, users can access all of these cloud services with their

trusted institutional accounts, which provide ease of use, choice, and single sign-on. Their institutions manage

these accounts and subsequently manage their access to these cloud services.

Such an infrastructure is an extension to the federated authentication systems, which have been put in place

over the past couple of years. These existing federations can be expanded by bringing together the institutes

(the identity providers with their users) and the cloud vendors (the service providers with their services) into a

collaboration infrastructure.

The following are the key elements in a collaboration infrastructure:

1. Identity management for access to cloud assets and trustworthy online collaboration;

› secure, federated user authentication and single sign-on, based on standards, in order to achieve

interoperability. Federations would then connect an entire campus to the cloud service community. SAMl 2

and oAuth are widely used protocols;

› unified group management and authorisation. The infrastructure creates a single point of control where users

can manage their teams, and an online application in which users can set up groups, invite team members,

and define roles and permissions. These group-related privileges are automatically used and updated in all


to c

onte

nts

page

connected cloud services. This makes membership rosters easy to manage and keeps them consistent. It

makes the simultaneous use of multiple cloud services a true possibility. Currently, grouper, developed in the

united States by the NSF and Internet2, is an example of this approach;

2. open data exchange and social networking;

› research and education are inherently social activities. To support the social aspect of online collaboration,

is should be possible to exchange data between online services. In addition, users want to use specific

components of cloud applications and bring these together into a portal (a single screen-view with gadgets

or widgets). openSocial enables this. This open standard is embraced by established players in the enterprise

software market.

This combination of identity management and open data exchange allows users to log in to numerous cloud

services with their own trusted institutional accounts. They can collaborate in all these services in their established

team set-up (unified group management). The institutions are in control of the available services (conditions for

use and distribution) and the identity and access management. The interoperability features (via openSocial)

provide users with useful facilities to mix and match services and their components.

To achieve such a collaboration infrastructure, it is important that NRENs and service providers work together,

discussing the required protocols and agreeing on standards).

SuRFnet, the NREN of the Netherlands, has a collaboration infrastructure in place that includes the above-

mentioned components, called SuRFconext.

http://www.surfnet.nl/en/Thema/coin/Pages/default.aspx





















to c

onte

nts

page

3.6 Cloud Brokering: Aggregation of Demand, Vendor Management, Distribution, and Adoption

NRENs create and operate a network from a centralised location and offer it to their member organisations. They

offer what they create in their organisation to the outside world; they are the provider and the brand.

Facilitating the consumption of cloud services calls for the opposite approach - to take the outside world

in. In order to offer cloud services, NRENs need to aggregate demand from their member organisations and

negotiate with vendors to reach agreements on their behalf, with better conditions than the individual users or

organisations can establish themselves. Finally, they need to organise the distribution and adoption of the cloud

services. This is a brokering role, and a facilitating role. NRENs thinking of undertaking such a role, should carefully

examine the internal organisational structure that would be required.

Key components in vendor management and cloud brokerage include:

Procurement – negotiate with vendors on behalf of the constituency to obtain good terms and conditions, such

as prices and SlA for services accessible to anyone within that constituency;

Infrastructure – achieve interoperability via standards and a collaboration infrastructure to interconnect the

institutions with the vendors and the vendors with the collaboration infrastructure;

Distribution – provide an online shop to show the connected cloud services (shop window), and provide facilities

to users to acquire these services;

Adoption – create and maintain communication and marketing programmes and facilitate the use of the service.

3.7 Compliance: Legal Aspects, Privacy, and SecurityCloud services are limited by the same regulatory framework as other services, and have restrictions for privacy,

compliance, and risk assessment. Many of the issues are similar to traditional outsourcing: obtaining audit

information, conserving documentation trails, preserving privacy, and avoiding lock-in. Since clouds may be

multinational, are often large scale, and may depend on sub-contractors, the outsourcing issues intensify as the

clouds drift across international regulatory borders and security domains.

The Eu/EEA regulations differ substantially from uS regulations, with many of the major cloud providers operating

under uS regulations. This poses challenges, for example, with regard to preservation of privacy and compliance

with the Eu privacy regulations. Since these regulations are stricter for NRENs and universities than for individuals,

there is a tendency to push decisions about the use of cloud services from the organisational level to the

individual level, since this “lets the university off the hook”.

There are three main issues with cloud services and Eu privacy regulations: 1. Storing Personally Identifiable Information (PII) inside the Eu, but crossing national borders is allowed.

Storing PII outside the Eu is more complicated;

2. Data processing agreements must be signed, and must be comprehensible. unilateral change

management by the cloud provider is not permitted;

3. Auditing requirements include mandatory documentation of procedures.


to c

onte

nts

page

Many services in the cloud are based on policies that may be changed unilaterally by the service provider. Social

media, such as Facebook, reserve the right to change terms and policies at will, and this is not in compliance with

the Eu regulations on privacy. Service providers address this by requesting users to signify their agreement to

changes by clicking an “oK” box, which many users will do with little thought or care.

A key recommendation to the users is to never put any sensitive data, in unencrypted form, outside of your

organisation. If you put unencrypted data in the cloud, regard them as effectively in the public domain. The onus

is on the data owner to decide the balance of the trade-off between the functionality obtained from the cloud

and the risk of data being exposed.

Additional risks can arise from the data being in “the cloud”, which essentially means at unknown locations

anywhere that is off your organisation’s core network. If critical data are hosted on your own local Area Network,

there is a pretty good chance you can retrieve them, should parts of the network fail. Most people are pretty

confident that the NREN networks and gÉANT can provide them with reliable access to critical data. This may not

be the case when data are stored on remote servers in the cloud.

The world of physical machines with unique addresses is becoming a thing of the past. NAT routers have been

breaking that paradigm for several years. However, virtualisation and customisation of service is creating a

landscape of interconnected APIs, leading to an increasingly complex global tangle that is impossible for

authorities to understand, let alone regulate. How do we address the risk under such circumstances?


to c

onte

nts

page

4 CASE STuDIES4.1 NREN: GRNET

gRNET’s mandate affirms the management’s commitment to provide innovative networking and computational

services to the greek R&E community, as well as supporting the development of Information and Communication

Technologies. Cloud services are among the top priorities on the agenda and consequently, a strategy to develop

these services was developed the last few years.

4.1.1 RationaleA substantial number of reasons led to the decision to invest in cloud services. The most important are described

below:

1. “legacy”

› involvement with computational services was not something new for gRNET. Apart from its well-established

role as the NREN, gRNET also operates the country’s National grid Initiative (NgI), orchestrating grid activities

and providing computational infrastructure to its customers. Cloud initiatives may be considered as a logical

extension to its core business;

› the concept of the “Service Box”, namely a stand-alone linux server hosting a plethora of pre-configured

services installed at the customers’ premises, was initially introduced to assist under-staffed NoCs, by

facilitating the deployment of traditional services, and to strengthen and disseminate the use of new services

by providing the means to adapt complicated setups easily and quickly. The Service Boxes may be considered

as a simplistic, initial SaaS, in which end users can deploy services by configuring only the parameters related

to their institutions;

2. “Community needs”

› the phenomenon of understaffed NoCs in many institutions or departments is not uncommon. This results

in poor performance of the services and/or unmaintained hardware components. Core services hosted in

the cloud can be centrally managed and operated by experienced personnel. This raises the quality of the

services, and simultaneously, minimises the investment in equipment and support;

3. “Potential for the R&E community”

› the importance of cloud services was raised by the greek R&E community and addressed to gRNET during

technical workshops and meetings to determine requirements. valuable input was provided by a diverse

community of users, including advanced users, system administrators and grid users;


to c

onte

nts

page

4. “Pave the way for the public sector”

› a potential beneficiary of this initiative may be the greek public sector. gRNET is developing an open IaaS

platform that can easily be integrated into their existing datacentre and can offer virtualisation capabilities. It

is expected that the transfer of physical machines to virtual ones will save tremendous amounts of investment

in the future, a high priority of the government.

4.1.2 The Implementationokeanos is an IaaS and offers virtual computing resources. It is being developed by gRNET, to be offered to the

whole greek research and academic community. The software powering okeanos is available via an open source

license.

okeanos offers its users access to virtual Machines, virtual Ethernets, virtual Disks, and virtual Firewalls, through a

simple web-based graphical user Interface (guI). okeanos was conceived to offer its users easy and secure access

to gRNET’s datacentres, focusing on user friendliness and simplicity, while being able to scale up to the thousands

of virtual Machines and users, and terabytes of storage.

4.1.3 Description of the WorkThe goal of the okeanos project is to deliver a production quality IaaS. gRNET has operated a working alpha

version since July 2011; the alpha version comprises 350 vMs and 200 users.

In order to provide all of the services, okeanos is built as a jigsaw puzzle of many pieces: the guI, an Application

Programming Interface (API), an image registry, a vM management component, networking facilities, storage,

monitoring, identity management, accounting, problem handling, and a helpdesk. It goes beyond commercial

IaaS providers in several ways. While okeanos is designed to be used by people with little computer experience,

Amazon EC2, and comparable commercial offerings are not end-user services. At the same time, it aims to meet

the needs of advanced users in technical departments by offering persistent, long-term servers with custom

networking capabilities.

The software underlying okeanos, called Synnefo, is customised cloud management software with a google

ganeti backend. ganeti was chosen because, when possible, gRNET tries to use available software. ganeti is a

scalable and proven software infrastructure, and gRNET already has long experience with it, using it to provide

vMs to Network operation Centres. gRNET is also involved in ganeti development, and contributes patches

upstream.

okeanos has been developed, and is designed to operate on commodity hardware. It implements the openStack

Compute API v. 1.1, with custom extensions whenever necessary.

4.1.4 Impactokeanos impacts all aspects of virtualised environments: computing, networking, vM storage, and images.

users have access to vMs powered by Kernel-based virtual Machine (KvM), running linux and MS-Windows

guests on Debian hosts and using google ganeti for vM cluster management. The vMs are accessible by the end-

user over the web or programmatically (openStack Compute v. 1.1). users have full control over their vMs. They

can create new ones, start them, shut them down, reboot them, and destroy them. For the configuration of their

vMs, they can select, from pre-defined images, the number of CPus, the size of the RAM and system disk, and the

operating system, including popular linux distros (Fedora, Debian, ubuntu) and MS-Windows Server 2008 R2.

There is an out-of-band console over vNC – remote access software - for troubleshooting. The REST API for vM

management, is openStack Compute v. 1.1-compatible, and can interoperate with third party tools and client


to c

onte

nts

page

libraries. It is a Python and Django implementation and gRNET has added custom extensions for yet-unsupported

functionality. The web guI is written in Javascript/jQuery, and is just another API client; in fact, all guI operations

happen over the API.

The networking functionality includes dual IPv4/IPv6 connectivity for each vM, and easy, platform-provided

firewalling either through an array of pre-configured firewall profiles, or through a roll-your-own firewall

inside the vM. users may create multiple, private, virtual l2 networks, so that they construct arbitrary network

topologies (e.g., they can deploy vMs in multi-tier configurations). The functionality is exported all the way to the

API and the guI.

At the current stage, IaaS storage is via redundant storage based on vMs to survive node downtime or failure.

gRNET is testing reliable distributed storage over RADoS, combined with custom software for snapshotting and

cloning.

okeanos allows users to use untrusted images. The host cannot touch user-provided data.

4.2 NREN: SURFnetIn the Netherlands, higher education and research is embracing the cloud. Their collaborative IT organisation,

SuRF, coordinates the joint efforts. These activities can be divided in three distinct phases:

1. Awareness of opportunities in the cloud

2. Preparing for the cloud

3. Moving to the cloud

4.2.1 Awareness of opportunities in the cloudDuring the past few years, higher education and research have become aware of the potential benefits cloud

services can offer. Higher education and research institutions find themselves in a much-changing world. SuRF’s

Strategic Plan for 2011–20141 notes that education is becoming “open”: communication between students and

instructors and is no longer restricted to within the walls of the institution and from nine to five. Both students

and staff have of personal devices, such as mobile phones, smartphones, laptops, and e-readers, and they use

these to access everything that they need for their studies or their work.

online collaboration has become perfectly normal, not just within individual institutions but also between them.

The need for far-reaching open and online collaboration is particularly pressing for research. The research field

is undergoing a real “data explosion”; it is not only the hard sciences that generate enormous quantities of data

but almost all fields of research, including the humanities. Research breakthroughs increasingly take place at the

junction between disciplines, and on the basis of joint efforts. Although institutions are spending a great deal on

ICT facilities to meet all these demands and keep pace with developments, they are now required to economise at

the same time.


to c

onte

nts

page

Cloud computing can become an indispensable tool.

› The user push-consumerisation and commoditisation:

•Utilisingcloudservicesmakesitpossibletoprovidehigh-qualityICTservicesthatmeettherequirements

of students, instructors, researchers, and other staff;

•Theinstitutionscanalsokeeppace–morethaniscurrentlythecase–withthoserequirementsandmake

use of the range available: rapid adoption and availability of new facilities;

•Thecloudmakesitpossibletoprovideservices“atanytime”,

“at any place”, and – of increasing importance – “on any device”.

› Business and financial aspects:

•Cloudservicescanhelptoachievetheneededcostreductions(moreOPEXandlessCAPEX);

•Ifappliedeffectively,cloudservicescanmakeacontributiontoareductioninenergyconsumptionand

therefore help to achieve the sustainability goals that the institutions have set for themselves.

4.2.2 Preparing for the cloudA first set of ‘experiments’ and small-scale deployments were started:

› SaaS: outsourcing student e-mail to google and Microsoft at a handful of institutions;

› IaaS: pilots with ‘virtual machines’ in the cloud, with greenqloud as the supplier;

› In addition, a ‘sourcing toolbox’ was created: a set of guidelines for outsourcing IT services.

The tipping point was a study trip in March 2011. A group of board members from universities, accompanied

by representatives of SuRF, visited suppliers and universities in San Francisco and Seattle. This successful study

trip showed the enormous potential of cloud computing, but it also made clear the attendant risks. Three major

players – google, IBM, and Microsoft – provided a clear picture of their cloud strategy, their strengths, and their

weaknesses. Important initiatives for decision models were also shown. The study trip generated the following

insights:

› the question is not whether we should “enter the cloud” but when and how that should happen;

› working together in the context of SuRF has added value for higher education and research in the

Netherlands in general, and also for the individual institutions.

At the end of March 2011, the SuRF Board of Directors decided on a joint policy for cloud computing and the use

of cloud services. To coordinate these efforts, the ‘SuRF Task Force Cloud’ was created for the purpose of:

› organising discussion meetings with the Board members, IT managers and IT specialists of the SuRF member

organisations;

› consulting a number of external IT specialist with expertise on cloud computing;


to c

onte

nts

page

› organising several ‘vendor cloud demonstration days’.

This resulted in a position paper: a draft version of a cloud strategy for higher education. At the end of 2011, this

position paper was officially accepted. The paper is based upon the following principles:

› ‘Cloud first’ - generic IT services in higher education and research will be provided via the public cloud as

much as possible.

› When the required services are not available in the public cloud, or when they cannot be used due to legal

considerations, community cloud services (specifically tailored to the needs of higher education) will be

implemented.

› For much of higher education, this means a change in their current procurement policies. users should be

able decide which devices and applications they use. They will be able to choose between multiple cloud

vendors and cloud services (a multi-vendor approach).

› SuRF will provide an excellent infrastructure, which interconnects these services.

› organisations of higher education will move to the cloud together, via SuRF.

4.2.3 Moving to the cloudAt the end of 2011 and in the beginning of 2012, SuRF undertook a number of internal organisational changes to

adapt to the new policy.

A new vendor management team was created. This team negotiates with vendors and maintains the relationship

with these parties on behalf of the whole SuRF community.

An adoption team was created to facilitate the use of cloud services. The SuRF member organisations receive

support, if desired, to use the SuRF cloud strategy as a foundation to shape their own cloud strategy and

roadmap. Institutes and SuRF work together to implement and adopt cloud services and benefit from each

other’s knowledge and experience.

The technical basis is the SuRFconext collaboration infrastructure.


to c

onte

nts

page

5 CoNCluSIoNS AND RECoMMENDATIoNS

The development of cloud services is changing rapidly, offering users new ways to obtain the services they really

want in an easy, and often economically attractive manner. users are making these choices now, and there is a

real danger that if NRENs and institutions doing nothing, users will drift into fragmented islands of incompatible

services that may not have a sustainable future.

There is a chance for the NRENs to lead in the field of cloud brokering and cloud middleware infrastructures. To be

able to connect the clouds and provide added value to their members, NRENs must join forces and collaborate, as

they have done for many years in the area of networks. NRENs should work together on:

› consuming the public cloud: aggregating demand, vendor management and cloud brokering;

› producing community clouds: business cases;

› connecting the clouds, by means of collaboration infrastructures and federations;

› legal issues (on Eu level), standardisation, and interoperability.


to c

onte

nts

page

6 gloSSARy

3G 3rd generation (mobile telecommunications technology)

3GPP 3rd generation Partnership Project

AAI Authentication and Authorisation Infrastructure

AKA Authentication and Key Agreement

ALMA Atacama Millimetre Array

API Application Programming Interface

APN Access Point Network

ARC AlMA Regional Centre

ASDM AlMA Science Data Model

ASKAP Australian SKA Precursor

ASPIRE A Study on the Prospects of the Internet for Research and Education

ATLAS A particle physics experiment at the large Hadron Collider at CERN

AUP Acceptable use Policy

AWS Amazon Web Service

BYOD Bring your own Device

CA Certification Authority

CAD Computer Aided Design

CAI Community Anchor Institutions

CAPEX Capital Expenditure

CEF Connecting Europe Facility

CEF/DSI Connecting Europe Facility/Digital Service Infrastructure

CERN European organisation for Nuclear Research

CERT Computer Emergency Response Teams

CIDOC-CRM International Committee for Documentation - Conceptual Reference Model

CP Connection Policy

CPU Central Processing unit

DANTE Delivery of Advanced Network Technology to Europe

DARIAH Digital Research Architecture for the Arts and Humanities

DC Dublin Core

DCH Digital Cultural Heritage

DCH-RP Digital Cultural Heritage Roadmap for Preservation

DC-NET Digital Cultural heritage NETwork


to c

onte

nts

page

DEAS Delegate eduroam® Authentication System

DL Distance learning

DNA Deoxyribonucleic acid

DRDB Distributed Replicated Block Device (software)

DSI Digital Service Infrastructure

DVTS Digital video Transport System

EAP Extensible Authentication Protocol

EC2 Elastic Compute Cloud (Amazon)

ECDD&S ElIxIR Core Data Collections and Services

eduGAIN Education gÉANT Authorisation Infrastructure

eduroam Education Roaming

EEA European Economic Area

EGI European grid Infrastructure

EIRO European Industrial Relations observatory

ELIXIR A sustainable infrastructure for biological information in Europe

ELSI Ethical, legal and Social Implications

EMBL-EBI European Molecular Biology laboratory - European Bioinformatics Institute

e-MERLIN vlBI National Radio Astronomy Facility

EMI European Middleware Initiative

ESD Event Summary Data

ESFRI BMS RI European Strategy Forum - Biological and Medical Sciences Research Infrastructure

EU European union

EUDAT European Data Infrastructure

FITS Flexible Image Transport System

FTP File Transfer Protocol

FTS File Transfer Service

GA general Assembly

GB gigabyte

Gbps gigabits per second

GÉANT gigabit European Academic Network Technology

GN3 Multi-gigabit European Academic Network

GPRS general Packet Radio Service

GPS global Positioning System

GUI graphical user Interface

HDF5 Hierarchical Data Format

HEP High Energy Physics

HG Human genome Project

HPC High Performance Computing

HPC/Grid High Performance Computing and grid

HTTPS HyperText Transfer Protocol Secure

IaaS Infrastructure as a Service


to c

onte

nts

page

ICFA Study group on Data Preservation and long Term Analysis in High Energy Physics

ICRAR a science archive facility in Australia

ICT Information and Communication Technologies

IEEE 802.1X e Institute of Electrical and Electronics Engineers – standard for port-based Network Access Control

IETF Internet Engineering Task Force

IGTF International grid Trust Federation

IN2P3 the National institute of nuclear and particle physics in France

IOS iPhone operating System

IP Internet Protocol

IP Intellectual Property

IPR Intellectual Property Right

IRCAM Institut de Recherche et Coordination Acoustique/Musique

IRG e-Infrastructure Reflection group

IRU Indefeasible Right of use

ISO International organization for Standardization

ISP Internet Service Provider

IVOA International virtual observatory Alliance

JIVE Joint Institute for vlBI in Europe

JSPG Joint Security Policy group

K-12 schools primary and secondary schools

km kilometre

KVM Kernel-based virtual Machine

LAN local Area Network

LHC large Hadron Collider

LHCOPN lHC optical Private Network

LIPA local IP Access

LMS learning Management Systems

LOFAR low Frequency Array

LOLA low lAtency audio visual streaming system

LTE long Term Evolution - a standard for wireless communication of high-speed data

MAN Metropolitan Area Network

mID unique Identification of person per device

MiFi Mobile Broadband Wi-Fi

MMS Multimedia Messaging Service

ms millisecond

NDGF Nordic Datagrid Facility

NFC Near Field Communication

NGAS New generation Archive System

NGI National grid Initiatives

NIST (uS) National Institute of Standards and Technology

NOC Network operations Centre


to c

onte

nts

page

NRC National Research Council

NREN National Research and Education Network (can also refer to the operator of such a network)

NREN-PC National Research and Education Network Programme Committee

NSF National Science Foundation

OAI-MPH open Archives Initiative Protocol for Metadata Harvesting

OECD organisation for Economic Co-operation and Development

OMII open Middleware Infrastructure Institute

OPEX operating Expenditure

OSF operations Support Facility

OSG open Science grid

OTP one Time Passwords

OWL ontology Web language

PaaS Platform as a Service

PII Personally Identifiable Information

PKI Public Key Infrastructure

PMH Protocol for Metadata Harvesting

PoP Point of Presence

R&E Research and Education

RADIUS Remote Authentication Dial In user Service

RAM Random Access Memory

RDF Resource Description Framework

REST Representational State Transfer

RF/IF Radio Frequency/Intermediate Frequency

RNA Ribonucleic acid

RTT Round-Trip Time

S3 Simple Storage Services (Amazon)

SaaS Software-as-a-Service

SAML Security Assertion Markup language

SIM Subscriber Identification Module

SIP Session Initiation Protocol

SIPTO Selective IP Traffic offload

SKA Square Kilometre Array

SLA Service level Agreement

SLAC Stanford linear Accelerator Center

SMIL Synchronized Multimedia Integration language

SRM Storage Resource Manager

SSID Service Set Identifier

SVG Scalable vector graphics

SWOT Strengths, Weaknesses, opportunities, Threats

TERENA Trans European Research and Education Networking Association

TLS Transport layer Security


to c

onte

nts

page

U.S. UCAN united States unified Community Anchor Network

UMF university Modernisation Fund (greece)

UMTS universal Mobile Telecommunications System

VLAN virtual local Area Network

VLBI very long Baseline Interferometry

VLE virtual learning Environment

VM virtual Machine

VO virtual observatory

VoIP voice over Internet Protocol

VOMS vo Membership Services

WAN Wide Area Network

WAP Wireless Application Protocol

WebDAV Web Distributed Authoring and versioning

Wi-Fi Wireless exchange of data

WiMAX Worldwide Interoperability for Microwave Access

WLAN Wireless local Area Network

WLCG Worldwide lHC Computing grid

XML Extensible Markup language


to c

onte

nts

page

Brian Boyle, HEAnet, Ireland

BRIAN BoylE is the Network Services Manager with HEAnet, where he works in

the Managed Network Services team developing cost effective and technically

advanced ICT services for national and international networking to benefit

the Irish Education and Research community. Peviously, Brian worked as an IP

Network operations Manager in Eircom.net and IT services developer in Motorola.

Simon Leinen, SWITCH, Switzerland

SIMoN lEINEN heads the Peta Solutions team at SWITCH, the research and

education network for Switzerland. He worked in SWITCH’s (backbone) network

team for fifteen years. His current interests are centered around ways to make

cloud computing useful for research and education.

Andres Steijaert, SuRFnet, the Netherlands

ASPIRE CLOUDS Study Leader

ANDRES STEIJAERT works at SuRFnet, the National Research and Education

Network in the Netherlands. As member of the SuRF- taskforce Cloud, he

contributes to the SuRF cloud first strategy and supports higher education and

research organisations in their joint adoption of the cloud. He directs the cloud

brokering and vendor management activities. Previously, Andres worked on

the development of the SuRFconext collaboration infrastructure, as program

manager. Before SuRFconext, he coordinated the creation of the SuRFnet video

streaming platform and SuRFgroepen, a centrally hosted collaboration service.

As account advisor, Andres has been in close contact with the IT departments

of the Dutch universities, to foster their joint efforts on innovative projects to

improve the quality of higher education and research.

7 CoNTRIBuToRS


to c

onte

nts

page

Yannis Mitsos, gRNET, Greece

yANNIS MITSoS is head of the Network operations Centre at gRNET, the greek

National Research & Education Network. His main responsibilities are focused on

the planning, designing, and operating production-grade e-Infrastructures such as

network and cloud services. In parallel, he is actively involved in the development

of regional network structures around the South Eastern Europe.

Ingrid Melve, uNINETT, Norway

INgRID MElvE has been Chief Technology officer with the Norwegian research

network uNINETT since 2006. She leads the eCampus Norway project, an initiative

to create a coherent nation-wide campus infrastructure to support the core process

of the higher-education community: research and education. With the eCampus

programme she has taken on the challenges surrounding lecture recording, large-

scale use of video Conferencing and mobile solutions. Working for uNINETT since

1994, she became Manager of Applications and Middleware in 1998 and has been

involved in the field of Identity Management since 2000. She holds an MSc in

Telecommunications from the Norwegian Institute of Technology.

the adoption of cloud services · 1.3 connecting the clouds _____ 8 2 definitions of clouds ......

Documents