The Adoption of Cloud Services - Terena [PDF]

ASPIRE

The Adoption of Cloud Services SEPTEMBER 2012

Introduction ASPIRE - A Study on the Prospects of the Internet for Research and Education The ASPIRE foresight study has been exploring the implications of potential developments of the Internet up until 2020 and assessing their impact for the Research and Education networking community. In May 2011, a consultative workshop was held to ascertain what the community considers to be the four topics that are most likely to have a significant impact on the sector. The topics chosen as a result of the workshop were: ›› Middleware and Managing Data and Knowledge in a Data-rich World ›› Cloud Services ›› Adoption of Mobile Services ›› The Future Roles of NRENs Four panels of experts were convened during the latter part of 2011, and worked until the spring of 2012, gathering material and reaching a consensus on the major issues. This document is the work ASPIRE panel on:

The Adoption of Cloud Services The conclusions and recommendations from each of the panels will be discussed in a second ASPIRE workshop in September 2012. The workshop will validate the work of the panels and determine a community strategy for the future. The ASPIRE study team at TERENA wish to express their sincere thanks and appreciation for the work undertaken by the panel members and leaders. Magda Haver

The ASPIRE foresight Study was funded from the European Community’s Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 238875, relating to the project ‘Multi-Gigabit European Research and Education Network and Associated Services (GN3)’. TERENA is solely responsible for this publication, which does not represent the opinion of the European Community; nor is the European Community responsible for any use that may be made of this report

2

| ASPIRE CLOUD STUDY

back to contents page

John Dyer

Contents 1 Executive summary_________________________________________________________________________ 6 1.1 Consume – Use Commodity Services from the Public Cloud ______________________ 6 1.2 Produce - Be a Community Cloud______________________________________________________ 7 1.3 Connecting the Clouds___________________________________________________________________ 8 2 Definitions of clouds_____________________________________________________________________ 9 2.1 Essential Characteristics__________________________________________________________________ 9 2.1.1 “Cloud computing” actually means something (new)________________________ 9 2.2 Why Some Things are not “Cloud”____________________________________________________ 10 2.3. Types of Cloud Services________________________________________________________________ 11 2.3.1 Software as a Service (SaaS)____________________________________________________ 11 2.3.2 Platform as a Service (PaaS)_____________________________________________________ 11 2.3.3 Infrastructure as a Service (IaaS)_______________________________________________ 12

2.4.1 Private cloud___________________________________________________________________________ 12 2.4.2 Community cloud________________________________________________________________ 12 2.4.3 Public cloud_______________________________________________________________________ 12

3



2.4 Deployment Models____________________________________________________________________ 12

2.4.4 Hybrid cloud______________________________________________________________________ 13 3A changing world - cloud and the end-user push__________________________ 14 3.1 Cloud Drivers and Obstacles___________________________________________________________ 15 3.2 Consequences for Higher Education and Research________________________________ 16 3.3 Working towards a Cloud Strategy___________________________________________________ 16 3.4 Business Case – the Community Cloud _____________________________________________ 18 3.4.1 Service models for community clouds________________________________________ 19 3.4.2 Community cloud vs. public cloud____________________________________________ 19 3.4.3 Community cloud vs. private clouds__________________________________________ 19 3.4.4 Why are community clouds more attractive?________________________________ 19 3.4.5 Do NRENs have what it takes to operate clouds?___________________________ 20 3.4.6 Possible unintended consequences___________________________________________ 21 3.5 Connecting the Cloud - Interoperability via Trusted Middleware Collaboration_____________________________________________________________________________ 21 3.6 Cloud Brokering: Aggregation of Demand, Vendor Management, Distribution, and Adoption____________________________________________________________ 23 3.7 Compliance: Legal Aspects, Privacy, and Security_________________________________ 23 4 Case studies_________________________________________________________________________________ 25

4.1.1 Rationale___________________________________________________________________________ 25 4.1.2 The Implementation_____________________________________________________________ 26 4.1.3 Description of the Work_________________________________________________________ 26

4



4.1 NREN: GRNET_____________________________________________________________________________ 25

4.1.4 Impact______________________________________________________________________________ 26 4.2 NREN: SURFnet___________________________________________________________________________ 27 4.2.1 Awareness of opportunities in the cloud_____________________________________ 27 4.2.2 Preparing for the cloud__________________________________________________________ 28 4.2.3 Moving to the cloud_____________________________________________________________ 29 5 Conclusions and recommendations______________________________________________ 30 6 Glossary______________________________________________________________________________________ 31

5



7 Contributors_______________________________________________________________________________ 36

1 Executive summary This cloud services study focuses on the question of how higher education and research can benefit from the adoption of cloud services. The authors believe cloud services offer higher education and research organisations the opportunity to provide their users with a wider range of relevant IT services at a faster pace and fulfil user demand. IT departments can use the instant availability and elasticity of cloud services to modify their expenditure profile, reducing the need for periodic and large capital expenditure (CAPEX) to a smoother, increased, but predictable operational expenditure (OPEX). Furthermore, the authors of this report see opportunities for NRENs to enhance the quality of cloud offerings (by facilitating the procurement and delivery of cloud services at the right conditions, and provide more coherence between them (by means of a middleware cloud collaboration infrastructure). To be able to do this, NRENs should embrace and make use of: ›› the consumerisation of IT: users are choosers (IT departments facilitate the users); ›› the power and scale of the cloud distribution model (the profound changes in the way providers deliver their services); ›› the sense of urgency and interest in clouds (the desire of stakeholders to see the adoption of cloud services).

There are two routes to take: ›› the consumption of services offered by commercial vendors in the public cloud (commodity services); ›› the production of services, together at NREN level, in a community cloud (services for the specific needs and special requirements of the higher education and research community). Both routes are valid and relevant, but call for a different organisational approach.

1.1 Consume – Use Commodity Services from the Public Cloud ›› Software as a Service (SaaS) This approach can be used when higher education and research have the same needs as other types of organisations (regular online communication and collaboration). ›› Infrastructure as a Service (IaaS) NRENs can make use of the large-scale and flexible infrastructures offered by commercial vendors and run

This is a multi-vendor, outsourcing scenario. Efforts are focused externally on the vendors. NRENs can add value by providing vendor management and brokering to their members. Offering this on an NREN level makes it possible to effectively and efficiently collaborate and negotiate with vendors of cloud services

6



virtual machines in the cloud (instead of in a local data centre).

to obtain the right agreements and the best conditions for services, availability, service levels, security, privacy, portability of data, and interoperability. This can be scaled up to a European level under the management of a pan-European organisation, such as TERENA. In this context, the NRENs can collectively: ›› align roadmaps of online services; ›› exchange vendor information; ›› share documents; ›› negotiate and procure together. Issues The Research and Education community should establish a trusted forum to provide independent advice and recommendations on issues of security, privacy, opaque licensing models, interoperability (standards) and legislation (national legislation, EU legislation, and ‘international clouds’).

The three main regulatory topics deal with:

1. storing Personally Identifiable Information (PII) and crossing national borders, both inside the EU, and outside the EU;

2. data processing agreements, which must be signed, and comprehensible, without unilateral change-management by the cloud provider;

3. auditing requirements – the documentation of procedures is mandatory. 1.2 Produce - Be a Community Cloud The other route is to share resources and cooperate to produce specialised services in a community cloud. This relates to services that fulfil the specific requirements of the community, and prohibits the use of public cloud services, because of: ›› security and privacy considerations or legal requirements regarding the physical location where data is stored; ›› special functional needs that commercial vendors cannot provide. This is a co-creation scenario. Efforts are internally focused towards the participating organisations. This scenario can benefit from the fact the NRENs also provide the network. This combination - NREN community cloud services on top of the network - helps to: ›› reduce the costs of data transfer, which can be significant with commercial clouds, especially for ‘big data’ applications; ›› assure performance for both throughput and latency;

7



›› create private/community network domains that can be treated preferentially on campus.

1.3 Connecting the Clouds The term ‘cloud’ is misleading in the sense that it alludes to a single entity, while there are many organisations offering cloud services. There are many clouds, but the services they offer are fragmented (vendor- and product-specific silos). This poses a problem for higher education and research. This is an open community with inter-organisational collaboration and information exchange and, therefore, it needs interconnected cloud services. NRENs have experienced this problem before, with their networks. NRENs were the first to interconnect their national research and education networks, and to create a global network infrastructure. Now they need to extend this leadership role for cloud services and work together towards an interconnected cloud infrastructure.

This cloud infrastructure consists of three key elements, all of which are in the middleware space: an area where NRENs are at the forefront of development:

1. federated authentication and identity management for access to cloud assets (higher education and research organisations - and not vendors- need to be in control of the user accounts);

2. unified group management and authorisation for the creation of a single point of control where users can manage their (inter-organisational) teams. These group-related privileges (roles) are automatically used and

3. open data exchange and social networking between online services. There is an opportunity for the NRENs to lead in the field of cloud brokering and cloud middleware infrastructures. To be able to connect the clouds and provide added value for their members, NRENs must join forces and collaborate, as they have done for many years in the area of networks.

8



updated in all connected cloud services;

2 Definitions of clouds The subject of cloud computing is surrounded by hype, so it can be difficult to decide what should be considered “cloud” and what not, or whether “cloud” is really something new or just a cute new name for old-fashioned technologies. Fortunately, there is a good definition of cloud computing which has broad support and is actually useful for distinguishing clouds from other forms of (distributed) computing. This definition has been elaborated under the auspices of the US National Institute of Standards and Technology (NIST). The NIST Definition of Cloud Computing 1 is a fairly short document that is recommended reading for anyone who wants to understand cloud services. The NIST definition is structured as five essential characteristics, three service models, and three deployment models that can be combined into a “hybrid”. In the following paragraphs, these are put into the context of this study. The NIST publication contains exhaustive explanations of the definitions and these are not included in this report.

2.1 Essential Characteristics NIST defines clouds as combining the characteristics of: ›› on-demand self-service; ›› broad network access; ›› resource pooling; ›› rapid elasticity; ›› measured service.

2.1.1 “Cloud computing” actually means something (new) We often hear arguments (by ‘cloud-sceptics’) that there is really nothing new under the sun and that ‘cloud’ is just a fashionable name for pre-existing things, e.g., Grid computing or well-run highly automated datacentres, such as those found in HPC or other large-scale web or other hosting services, or that cloud computing is merely one of many forms of outsourcing. However, a combination of these properties really does define a novel kind of IT service, which has the potential to bring the benefits - but also the risks - of outsourcing to significant new usage areas and audiences. While the vision of “utility computing” was famously formulated more than fifty years ago 2, some fairly recent advances were necessary to make cloud computing come close to that vision. These include:

business models to justify the (continued) investments, notably Google’s search engine combined with its auction-based text advertisement system; 1 P. Mell, T. Grance, The NIST Definition of Cloud Computing, NIST Special Publication 800-145, September 2011 http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 2 by the late John McCarthy in a speech at the MIT centennial in 1961

9



›› warehouse-scale computing, based on cost-efficient commodity systems, and combined with successful

›› virtualisation techniques and their efficient support through hardware assistance, even on commodity systems; ›› decent Internet connectivity becoming widespread enough.

2.2 Why Some Things are not “Cloud” It is helpful to look at some areas of the research and education ICT environment in relation to the definition of cloud. High-Performance Computing (HPC) centres certainly perform pooling of resources, which is an important justification for their existence. They also allow access over the network (although, in practice, the focus is often on controlled access, rather than on broad access) and the service is metred, although more frequently for enforcement of resource limits than for billing. However, there is usually neither seamless self-service nor rapid elasticity. The Magellan report 3 explains 4 that while this could be added, there are concerns that doing so would reduce efficiency, as measured by resource utilisation. This raises an important issue. Institutions, such as HPC centres, have been set up to manage expensive and scarce resources and to try to maximise their utilisation, using, for example, elaborate queuing systems and selective vetting processes, to make sure the resources are not “wasted” by users who do not really need them. In contrast, usage-based billing or other usage-based revenue generation, in combination with “scale-out” infrastructures, lead to a sustainable regime of abundance in cloud computing. Increased utilisation is never a problem, because, in the short term, there is always spare capacity planned in. Clouds avoid full utilisation, and in the long term, increased use generates increased revenue, which is used to grow the resource. Grid computing comes a bit closer to cloud computing. It explicitly makes use of the network, and provides some standardised (but hard to use and operate) access protocols that take it a step further to ‘self-service’. However, resource allocation in today’s Grids is based on queuing, (virtual organisation-based) authorisation, and resource limitations, rather than on charging for usage and dynamic scaling. On the other hand, Grids have the important (defining) aspect of a federation of independently operated resources and this aspect is missing from clouds. While there are excellent reasons for, and clear benefits of this principle of federation, it also brings significant complexities in technology, operations, and business relationships, none of which is intrinsic to clouds.

HPC and Grid computing

Cloud services

allow a selected set of users, controlled access to

provide as many users as possible, with broad

a collection of scarce resources

access to a collection of plentiful resources

3 The Magellan Report on Cloud Computing for Science, U.S. Department of Energy, Office of Advanced Scientific Computing Research (ASCR), December 2011 http://science.energy.gov/~/media/ascr/pdf/program-documents/docs/Magellan_Final_Report.pdf 4 page v, finding 9.

10



Summary

2.3. Types of Cloud Services Cloud services can easily be categorised into one of three categories.

(diagram A. Steijaert 2011)

2.3.1 Software as a Service (SaaS) Canonical examples for this are Customer Relations Management software, large-scale webmail, and other ‘office productivity’ solutions such as Gmail/Google Apps or Microsoft Office 365. Many NRENs have some experience providing application software over the network, such as Video Conferencing or other support systems for collaboration. However, it is difficult to compete on user-friendliness and scalability with commercial mass-market solutions. On the other hand, there are certainly applications which are of broader interest in the academic sector, but which do not (yet) constitute a mass-market business case. Running email systems is perceived as a burden by many academic organisations, and is a prime candidate for outsourcing to external (cloud) providers, but there are obstacles related to regulatory and confidentiality issues.

2.3.2 Platform as a Service (PaaS) Systems such as Microsoft Azure or Google App Engine provide local software development and testing environments, and facilities for deploying the developed software in the cloud. While PaaS appears to have great potential, adoption among potential users seems to lag behind that of IaaS. This probably has to do with: ›› their technical requirements - a fixed set of supported program languages and protocols, which lead to a IaaS provider gives more freedom); ›› a greater perceived “lock-in” and a lack of data-portability options, compared to the more standardised IaaS offerings.

11



number of developers feeling limited in their options (running your own virtual machine in the cloud at an

2.3.3 Infrastructure as a Service (IaaS) Basic virtual machine (VM) services and storage services are exemplified by Amazon Web Service (AWS), their EC2 (Elastic Compute Cloud), and their S3 (Simple Storage Services). Other companies offering IaaS include Rackspace, Microsoft, IBM, and HP, as well as many smaller ones. The services they offer and their pricing schemes are very similar. The high level of standardisation, along with vibrant development in both commercial and open-source projects have significantly lowered the entry barrier. Although the scaling efficiencies of “warehouse-scale computing” require vast investment, credible, smaller-scale IaaS plants have been built by some NRENs.

2.4 Deployment Models

2.4.1 Private cloud Some people think that private clouds should not be called clouds at all and write ‘cloud’ in quotes. This is about running private data centres like cloud infrastructures, i.e., with large-scale virtualisation and highly automated provisioning.

2.4.2 Community cloud While not very common in the competitive, commercial world, this category is highly relevant in the context of National Research and Education Networks. The recently announced ‘Helix Nebula’ cloud is an example of a community cloud operated by a consortium (CERN, ESA, and EMBL, along with some industry partners) on behalf of the research community. NREN initiatives such as GRNET’s, Okeanos, the University Modernisation Fund (UMF)

2.4.3 Public cloud Public clouds are offered to members of the general public by organisations, such as Amazon, Google and a multitude of others. Many see these as the ‘gold standard’ for clouds, because the scaling benefits become obvious. Others worry about loss of control, privacy, and geographic location of storage, along with possible legal and regulation issues.

12



Eduserv cloud in the United Kingdom, and several similar initiatives also fall in this category.

2.4.4 Hybrid cloud Hybrid clouds are systems in which some of the infrastructure is operated in-house (private) and some outsourced (public). All imaginable combinations of the two are possible. Relevant examples are private/public or private/ community combinations that are used in ‘cloud bursting’ scenarios to extend local (private) IT capacity to the

13



public cloud in order to meet peaks in demand.

3 A changing world - cloud and the end-user push

Why do users push for cloud services? ›› It is there - and is usually easily available and integrates with their personal devices. ›› It can - and users do not usually need to seek prior approval from institutional IT departments. ›› It is good - and SaaS platforms are usually user-friendly and easy to use. PaaS and IaaS services offer extremely elastic services without the commitment of capital expenditure (CAPEX).

The student push for Bring Your Own Device (BYOD) – the University as a transit hub Universities are turning into network hubs. Mobile devices are carried by students and staff, and these devices are communicating with the world around them. Users are increasingly connecting to the wireless network on campus. Some Universities respond to this by offloading student IT to cloud suppliers (for example Google Apps for Education, or Microsoft Office365 for EDU). Others respond by enforcing the use of a limited set of services (LMS/VLE, official email, internal university portal), or with a combinations of solutions. Because the NREN networks are designed to have sufficient capacity to avoid bottlenecks and hence congestion, users usually have good access to cloud services, particularly when the connectivity of the service provider of the cloud has good peering with the NREN. The e-Science push for clouds Some e-Science applications are well suited to the use of public clouds, whereas others demand special software/ hardware combinations to run effectively. One of the major challenges for the e-Science community will be to sort out which applications can take advantage of public or community clouds, and which applications will require traditional, super-computing facilities. A combination of IaaS and some PaaS is the first step for e-Science, but there is potential for SaaS, especially for standardised REST APIs where data may flow. e-Science and Big Data As “Big Data” is enabled in more and more academic disciplines, the need for cloud computing increases; consequently, network capacity will have to follow. An example is human genome science, where entire genomes The ability to customise large-scale services should fit well with the needs of research projects but the regulation of this space is not clear. This may prevent cautious scientists from taking advantage of cloud services until the cloud services industry matures and many of the issues are resolved.

14



are sequenced, stored, and consulted for research. Both storage and processing depend on sufficient bandwidth.

3.1 Cloud Drivers and Obstacles As with any outsourcing activity, organisations are keen to make use of the external expertise and the attendant cost savings. Moving IT services to a cloud gives organisations access to services without the risks inherent in selfprovisioning. This is especially apparent when the cloud providers are demonstrably experts in their field, and the services involved are not the key business of the outsourcing organisation. In contrast to the normal decisions for choosing suppliers for outsourcing, cloud providers present a different set of drivers and obstacles for their clients, and this is particularly relevant against the backdrop of specialisation in the higher education and research community.

Summary of the drivers and obstacles to moving services to the cloud Drivers

Obstacles

The drivers that are particularly relevant to education

The main issues blocking a widespread use

and research clients and cloud vendors are principally:

of cloud computing are:

›› funding;

›› charging model versus funding model;

›› innovation;

›› costs are not clear;

›› elastic supply to match user demand for resources;

›› data protection legislation controls on

›› the desire of stakeholders to see cloud models in action; ›› security - a strength and a weakness.

where data owners may host data; ›› end users, data owners have no appetite for international legal disputes

15



See also http://tiny.cc/eqpz2

What are your biggest concerns surrounding the Cloud today?

Copyright © The Open Group 2011

See also: http://tiny.cc/eld45

3.2 Consequences for Higher Education and Research How are higher education and research organisations affected by cloud services? What does it mean for the way they offer and organize IT facilities? The next paragraphs propose a route forward.

3.3 Working towards a Cloud Strategy Cloud services are not an isolated phenomenon. They are related to developments in other fields of IT. Networks and the rise of mobile connectivity Wi-Fi and mobile networks allow users to be online anytime and anywhere. Hardware There has been a transformation from expensive computers confined to a desktop, to affordable mobile devices. Users can take these devices anywhere they want (laptop computers, mobile phones and tablets). Software and data Benefiting from the new opportunities in networks and devices, software can now be used online (as online

IT used to be scarce and is now available in abundance (‘the consumerisation of IT’). Devices are becoming personal and users keep them close. On the other hand, software and data are moving away from the user, into the cloud. A cloud strategy needs to take this radical shift in the availability of IT and the effect this has on users into account. In the past, users predominantly received their IT supplies from their home organisation (their employer). Now, they increasingly choose their own hardware and software and they choose where they store

16



applications) and data can be stored externally (somewhere on the Internet).

their data. They are tech-savvy, and have excellent IT facilities at home. They expect the same experience in the workplace. This is most visible in the trend to ‘bring your own device’. Higher education and research organisations are right in the middle of these developments. They feel the pressure from vendors (supply side) and their users (demand side). ›› vendors, often with large-scale infrastructures, target their users directly; ›› users want to choose the IT services they use, and want to have them available anytime and anywhere. Furthermore, collaboration in higher education and research increasingly extends beyond the institution. However, IT departments are traditionally focused internally, and organised around a restricted set of IT services that are produced and controlled with a limited set of resources (staff, technical infrastructure, and finances). This leads to a gap between users with high expectations and almost endless possibilities because of a multitude of online offerings and organisations that are confined and bound by limited resources. Cloud services can bridge this divide. Higher education and research want to know which IT services to produce internally and which to consume externally. Further, they want to know what services they should provide and what the users can arrange for themselves. Produce vs. consume The main reason to produce internal IT solutions is to be able to have full control and to create a custom-made product that fits the specific needs of the organisation. On the other end of the spectrum are IT solutions without qualitative differentiation: commodity services. Consume - use the public cloud The first step in bridging the divide is for higher education and research to work towards a situation where their users can choose from a wide variety of online services, allowing users to consume commodity services from the public cloud. Software as a Service - higher education and research institutions have the same needs as other organisations (regular online communication and collaboration). Infrastructure as a Service – the higher education and research sector can make use of the large scale and flexible infrastructures offered by commercial vendors and run virtual machines in the cloud (instead of in a local data centre). By aggregating demand, the higher education and research sector can collectively negotiate deals with vendors of cloud services and establish the required: ›› conditions of use (service specifications and service levels, pricing, security and privacy agreements, data portability);

17



›› middleware connections and standardisation to achieve interoperability.

This is a multi-vendor outsourcing scenario. Higher education organisations offer the opportunity for individual users to choose from numerous public cloud services (a one-to-many approach to consumption).

From a vertical approach (silos) ›› Organising the production of a limited number

To a horizontal approach (modular) ›› Organising the consumption of a large number of

of monolithic (closed) services at individual

external modular services together at NREN level -

institutes

cross-institutional

›› High capital expenditures (CAPEX)

›› High operating expenditures (OPEX)

›› Focus on customisation within the system

›› Focus on providing interoperability between off-the-

to adapt to user needs (custom-made/tailormade) ›› Product-specific (deep)

shelf services, via open standards ›› Cross-product (wide) ›› Short term commitment on services, long term

›› Long term commitment, because of investment in customisation of the services

commitment on standards to achieve interoperability (freedom of movement)

(fixed)

Produce - become a community cloud A second way to bridge the divide is for higher education and research organisations to share resources and cooperate to produce specialised services together, in a community cloud: ›› services in which all higher education and research organisations have the same needs (study tracking, learning analytics and online grading systems); ›› services that have a certain amount of specialisation but can be shared across a number of organisations (for example, online learning environments, lecture streaming and research tools); ›› services (both SaaS and IaaS) that have special requirements that prohibit the use of public cloud services (because of security and privacy considerations or legal requirements regarding the physical location where data is stored). This might apply to online assessment and grading tools. This is a co-producing scenario that allows a number of higher education and research organisations to get together (at an NREN level), to create and provide a specialised online service (a many-to-one approach to production).

3.4 Business Case – the Community Cloud There are many possible areas where NRENs can help their constituencies to benefit from the new possibilities of cloud services. One option that deserves special attention is whether NRENs should build and/or operate dedicated cloud infrastructures, i.e., produce and provide community clouds for their constituencies. money and expertise, and if successful, their operation will have to satisfy demands of high stability, and will also require sustainable models of funding. Note that all of this is also true for operating backbone networks, a field in which NRENs have demonstrated that they can generate value. There is a vibrant commercial market of public cloud offerings, as well as a widespread move to “private clouds” within the IT organisations of universities. Is there a place for such academia-specific community clouds at all?

18



In contrast to many other fields of activity, building cloud infrastructures requires significant resources in terms of

3.4.1 Service models for community clouds A community cloud could offer all types of cloud services: ›› community members could run virtual machines (VMs) and store data in them (IaaS); ›› they could use the community cloud to develop and deploy applications (PaaS); ›› they could access generic or community-specific applications running on the cloud (SaaS). In order to focus the discussion, we have focused on IaaS offerings. There are several on-going projects in this area that are described in the case studies in this document. An IaaS and the infrastructure that supports it can be used to build community-specific PaaS and SaaS offerings.

3.4.2 Community cloud vs. public cloud The commercial market is very competitive and full of interesting offers. Large vendors have built huge infrastructures to support these services, so it seems obvious that even if the entire research and education community united its efforts, it would be impossible to reach similar economies of scale. On the other hand, there is an abundance of smaller commercial players building IaaS offerings using their own infrastructures. They usually target local markets and niches, and/or add IaaS to existing portfolios in IT or telecommunication services. This is an indication that these companies see a market 5 for smaller-scale cloud services.

3.4.3 Community cloud vs. private clouds At the other end of the spectrum, many academic institutions are adopting cloud-inspired technologies, such as large-scale virtualisation and automated provisioning systems to make their own IT centres more efficient. This is often called “private cloud”. Therefore, an organisation that is considering building a community cloud should anticipate a situation where many of its member organisations - especially the larger ones - will already be running their own highly streamlined environments. A community cloud should be positioned so that it is still viable in such a world. For example, it could leverage relative advantages in scale and try to be more (cost) efficient. It could also address the “long tail” of organisations that are not in a good position to run private clouds. Further, it could focus on drivers and use-cases that are more critical on a community-wide level than on a per-organisation level, such as national or European initiatives for open access and data archiving.

3.4.4 Why are community clouds more attractive? The main attraction of community clouds versus commercial public clouds is related to issues of trust and control. These issues are often regarded as ‘perceived risks’ in areas such as, regulatory environment, dependence on external providers, data security, service availability, and portability (when one wants to leave a given cloud). These trust issues would be significantly reduced through the use of community clouds, especially when these are provided by an organisation that is already well known to the community (“the devil you know”). This provides a

There are some network-related commercial and technical reasons that make NREN-operated community clouds attractive. The fact that the NREN controls the network can help in many ways:

5 It is unclear whether they expect this market to be profitable in itself. In some cases, suppliers may feel that their customers expect cloud services as part of a “full-service” portfolio. Therefore, cloud activities can be a means to generate revenue in other areas such as telecommunications or IT services/consulting.

19



major role for NRENs and similar organisations.

›› by reducing the costs of data transfer, which can be significant with commercial clouds, especially for “big data” applications; ›› by assuring performance concerning both throughput and, perhaps more importantly, latency (delay), to make both data-intensive and highly interactive uses possible; ›› by creating private/community network domains that can be treated preferentially on campus security devices, in order to mitigate or eliminate the performance-impact of such technologies as firewalls that are likely to limit performance.

3.4.5 Do NRENs have what it takes to operate clouds? Considering the expertise NRENs have developed in producing and operating backbone networks and the current market situation, it seems reasonable to further investigate the opportunities for community cloud services. However, are NRENs really in a position where operating such a cloud is a realistic option?

There are several areas in which this is questionable: ›› NRENs may be restricted to specific geographic and “vertical” communities, and cannot hope to reach the scale of the international mega-providers. Therefore, for every cloud offering under consideration (not just community cloud infrastructure), the sustainability that can be attained at realistically achievable levels should be carefully studied; ›› most NRENs do not operate large quantities of general-purpose computers, and have no experience in selling processing and storage as services (although there are some NRENs with strong links to supercomputing centres); ›› most NRENs do not have access to suitable datacentre space. The usual arrangement is that they use small amounts of space in their customers’ (Universities) datacentres, and/or in commercially operated datacentres.

On the other hand, in other aspects, NRENs are quite well positioned: ›› they have long-term relationships with their communities, who have come to trust them to operate and grow other (network) infrastructures; ›› these long-term relationships, as well as existing sustainable economic models from the networking space, can provide the groundwork for sustainable economic models for cloud infrastructures; ›› by controlling the backbone network, NRENs are well-positioned to provide cloud services with good and assured performance, and to create trusted network zones for integrating cloud resources with campus networks; ›› as long as cloud computing is seen as a “hot” topic in research, NRENs can draw on expertise from researchers within their community. Conversely, they can offer something unique to these researchers by giving them insights into the infrastructure that commercial providers cannot give;

other.

20



›› there is a long history of successful inter-NREN collaboration, which is an excellent basis for learning from each

3.4.6 Possible unintended consequences Assuming that NRENs will successfully operate cloud infrastructures for their communities, there are a few possible issues that should be kept in mind. One is the possibility of alienating existing customers, in particular, University IT organisations, by creating the perception of wanting to grab and centralise what has historically been the Universities’ domain. To avoid this, an NREN should focus on areas where these IT organisations are already considering outsourcing, and/or areas where there are clear benefits to having a community-wide, rather than a per-campus solution. Another issue is that when such an infrastructure exists, under the governance of the community, there could be strong incentives to use it by default (“because it’s there”), even when other providers could provide a better and/ or cheaper service. To limit the negative effects of this, there should be transparent cost/charging models that do not hide the true costs. Also, NRENs should not attempt to force their communities to use their services by policy, but rather attract them with useful and economic services that are tailored to the communities’ needs.

3.5 Connecting the Cloud - Interoperability via Trusted Middleware Collaboration The challenge for higher education and research organisations is to facilitate freedom of choice, while still providing a safe online work and study environment, bringing together a combination of: ›› public cloud consumption by end-users and the availability of co-produced community cloud services; ›› the requirements for a secure, controllable ecosystem (auditing accountability and responsibility).

The answer lies in finding the right balance between: ›› end user choice/end-user freedom; ›› institutional control. This is possible by creating an infrastructure that interconnects cloud services to each other and to the identity management systems of the institutions. In doing this, users can access all of these cloud services with their trusted institutional accounts, which provide ease of use, choice, and single sign-on. Their institutions manage these accounts and subsequently manage their access to these cloud services. Such an infrastructure is an extension to the federated authentication systems, which have been put in place over the past couple of years. These existing federations can be expanded by bringing together the institutes (the identity providers with their users) and the cloud vendors (the service providers with their services) into a collaboration infrastructure. The following are the key elements in a collaboration infrastructure:

1. Identity management for access to cloud assets and trustworthy online collaboration; ›› secure, federated user authentication and single sign-on, based on standards, in order to achieve and oAuth are widely used protocols; ›› unified group management and authorisation. The infrastructure creates a single point of control where users can manage their teams, and an online application in which users can set up groups, invite team members, and define roles and permissions. These group-related privileges are automatically used and updated in all

21



interoperability. Federations would then connect an entire campus to the cloud service community. SAML 2

connected cloud services. This makes membership rosters easy to manage and keeps them consistent. It makes the simultaneous use of multiple cloud services a true possibility. Currently, Grouper, developed in the United States by the NSF and Internet2, is an example of this approach;

2. Open data exchange and social networking; ›› research and education are inherently social activities. To support the social aspect of online collaboration, is should be possible to exchange data between online services. In addition, users want to use specific components of cloud applications and bring these together into a portal (a single screen-view with gadgets or widgets). OpenSocial enables this. This open standard is embraced by established players in the enterprise software market. This combination of identity management and open data exchange allows users to log in to numerous cloud services with their own trusted institutional accounts. They can collaborate in all these services in their established team set-up (unified group management). The institutions are in control of the available services (conditions for use and distribution) and the identity and access management. The interoperability features (via OpenSocial) provide users with useful facilities to mix and match services and their components. To achieve such a collaboration infrastructure, it is important that NRENs and service providers work together, discussing the required protocols and agreeing on standards). SURFnet, the NREN of the Netherlands, has a collaboration infrastructure in place that includes the abovementioned components, called SURFconext.

22



http://www.surfnet.nl/en/Thema/coin/Pages/default.aspx

3.6 Cloud Brokering: Aggregation of Demand, Vendor Management, Distribution, and Adoption NRENs create and operate a network from a centralised location and offer it to their member organisations. They offer what they create in their organisation to the outside world; they are the provider and the brand. Facilitating the consumption of cloud services calls for the opposite approach - to take the outside world in. In order to offer cloud services, NRENs need to aggregate demand from their member organisations and negotiate with vendors to reach agreements on their behalf, with better conditions than the individual users or organisations can establish themselves. Finally, they need to organise the distribution and adoption of the cloud services. This is a brokering role, and a facilitating role. NRENs thinking of undertaking such a role, should carefully examine the internal organisational structure that would be required.

Key components in vendor management and cloud brokerage include: Procurement – negotiate with vendors on behalf of the constituency to obtain good terms and conditions, such as prices and SLA for services accessible to anyone within that constituency; Infrastructure – achieve interoperability via standards and a collaboration infrastructure to interconnect the institutions with the vendors and the vendors with the collaboration infrastructure; Distribution – provide an online shop to show the connected cloud services (shop window), and provide facilities to users to acquire these services; Adoption – create and maintain communication and marketing programmes and facilitate the use of the service.

3.7 Compliance: Legal Aspects, Privacy, and Security Cloud services are limited by the same regulatory framework as other services, and have restrictions for privacy, compliance, and risk assessment. Many of the issues are similar to traditional outsourcing: obtaining audit information, conserving documentation trails, preserving privacy, and avoiding lock-in. Since clouds may be multinational, are often large scale, and may depend on sub-contractors, the outsourcing issues intensify as the clouds drift across international regulatory borders and security domains. The EU/EEA regulations differ substantially from US regulations, with many of the major cloud providers operating under US regulations. This poses challenges, for example, with regard to preservation of privacy and compliance with the EU privacy regulations. Since these regulations are stricter for NRENs and Universities than for individuals, there is a tendency to push decisions about the use of cloud services from the organisational level to the individual level, since this “lets the University off the hook”.

There are three main issues with cloud services and EU privacy regulations:

1. Storing Personally Identifiable Information (PII) inside the EU, but crossing national borders is allowed. 2. Data processing agreements must be signed, and must be comprehensible. Unilateral change management by the cloud provider is not permitted;

3. Auditing requirements include mandatory documentation of procedures.

23



Storing PII outside the EU is more complicated;

Many services in the cloud are based on policies that may be changed unilaterally by the service provider. Social media, such as Facebook, reserve the right to change terms and policies at will, and this is not in compliance with the EU regulations on privacy. Service providers address this by requesting users to signify their agreement to changes by clicking an “OK” box, which many users will do with little thought or care. A key recommendation to the users is to never put any sensitive data, in unencrypted form, outside of your organisation. If you put unencrypted data in the cloud, regard them as effectively in the public domain. The onus is on the data owner to decide the balance of the trade-off between the functionality obtained from the cloud and the risk of data being exposed. Additional risks can arise from the data being in “the cloud”, which essentially means at unknown locations anywhere that is off your organisation’s core network. If critical data are hosted on your own Local Area Network, there is a pretty good chance you can retrieve them, should parts of the network fail. Most people are pretty confident that the NREN networks and GÉANT can provide them with reliable access to critical data. This may not be the case when data are stored on remote servers in the cloud. The world of physical machines with unique addresses is becoming a thing of the past. NAT routers have been breaking that paradigm for several years. However, virtualisation and customisation of service is creating a landscape of interconnected APIs, leading to an increasingly complex global tangle that is impossible for

24



authorities to understand, let alone regulate. How do we address the risk under such circumstances?

4 Case studies 4.1 NREN: GRNET GRNET’s mandate affirms the management’s commitment to provide innovative networking and computational services to the Greek R&E community, as well as supporting the development of Information and Communication Technologies. Cloud services are among the top priorities on the agenda and consequently, a strategy to develop these services was developed the last few years.

4.1.1 Rationale A substantial number of reasons led to the decision to invest in cloud services. The most important are described below:

1. “Legacy” ›› involvement with computational services was not something new for GRNET. Apart from its well-established role as the NREN, GRNET also operates the country’s National Grid Initiative (NGI), orchestrating Grid activities and providing computational infrastructure to its customers. Cloud initiatives may be considered as a logical extension to its core business; ›› the concept of the “Service Box”, namely a stand-alone Linux server hosting a plethora of pre-configured services installed at the customers’ premises, was initially introduced to assist under-staffed NOCs, by facilitating the deployment of traditional services, and to strengthen and disseminate the use of new services by providing the means to adapt complicated setups easily and quickly. The Service Boxes may be considered as a simplistic, initial SaaS, in which end users can deploy services by configuring only the parameters related to their institutions;

2. “Community needs” ›› the phenomenon of understaffed NOCs in many institutions or departments is not uncommon. This results in poor performance of the services and/or unmaintained hardware components. Core services hosted in the cloud can be centrally managed and operated by experienced personnel. This raises the quality of the services, and simultaneously, minimises the investment in equipment and support;

3. “Potential for the R&E community” ›› the importance of cloud services was raised by the Greek R&E community and addressed to GRNET during community of users, including advanced users, system administrators and Grid users;

25



technical workshops and meetings to determine requirements. Valuable input was provided by a diverse

4. “Pave the way for the public sector” ›› a potential beneficiary of this initiative may be the Greek public sector. GRNET is developing an open IaaS platform that can easily be integrated into their existing datacentre and can offer virtualisation capabilities. It is expected that the transfer of physical machines to virtual ones will save tremendous amounts of investment in the future, a high priority of the government.

4.1.2 The Implementation Okeanos is an IaaS and offers virtual computing resources. It is being developed by GRNET, to be offered to the whole Greek research and academic community. The software powering Okeanos is available via an open source license. Okeanos offers its users access to Virtual Machines, Virtual Ethernets, Virtual Disks, and Virtual Firewalls, through a simple web-based Graphical User Interface (GUI). Okeanos was conceived to offer its users easy and secure access to GRNET’s datacentres, focusing on user friendliness and simplicity, while being able to scale up to the thousands of Virtual Machines and users, and terabytes of storage.

4.1.3 Description of the Work The goal of the Okeanos project is to deliver a production quality IaaS. GRNET has operated a working alpha version since July 2011; the alpha version comprises 350 VMs and 200 users. In order to provide all of the services, Okeanos is built as a jigsaw puzzle of many pieces: the GUI, an Application Programming Interface (API), an image registry, a VM management component, networking facilities, storage, monitoring, identity management, accounting, problem handling, and a helpdesk. It goes beyond commercial IaaS providers in several ways. While Okeanos is designed to be used by people with little computer experience, Amazon EC2, and comparable commercial offerings are not end-user services. At the same time, it aims to meet the needs of advanced users in technical departments by offering persistent, long-term servers with custom networking capabilities. The software underlying Okeanos, called Synnefo, is customised cloud management software with a Google Ganeti backend. Ganeti was chosen because, when possible, GRNET tries to use available software. Ganeti is a scalable and proven software infrastructure, and GRNET already has long experience with it, using it to provide VMs to Network Operation Centres. GRNET is also involved in Ganeti development, and contributes patches upstream. Okeanos has been developed, and is designed to operate on commodity hardware. It implements the OpenStack Compute API v. 1.1, with custom extensions whenever necessary.

4.1.4 Impact Okeanos impacts all aspects of virtualised environments: computing, networking, VM storage, and images. Users have access to VMs powered by Kernel-based Virtual Machine (KVM), running Linux and MS-Windows guests on Debian hosts and using Google Ganeti for VM cluster management. The VMs are accessible by the endcan create new ones, start them, shut them down, reboot them, and destroy them. For the configuration of their VMs, they can select, from pre-defined images, the number of CPUs, the size of the RAM and system disk, and the operating system, including popular Linux distros (Fedora, Debian, Ubuntu) and MS-Windows Server 2008 R2. There is an out-of-band console over VNC – remote access software - for troubleshooting. The REST API for VM management, is OpenStack Compute v. 1.1-compatible, and can interoperate with third party tools and client

26



user over the web or programmatically (OpenStack Compute v. 1.1). Users have full control over their VMs. They

libraries. It is a Python and Django implementation and GRNET has added custom extensions for yet-unsupported functionality. The web GUI is written in Javascript/jQuery, and is just another API client; in fact, all GUI operations happen over the API. The networking functionality includes dual IPv4/IPv6 connectivity for each VM, and easy, platform-provided firewalling either through an array of pre-configured firewall profiles, or through a roll-your-own firewall inside the VM. Users may create multiple, private, virtual L2 networks, so that they construct arbitrary network topologies (e.g., they can deploy VMs in multi-tier configurations). The functionality is exported all the way to the API and the GUI. At the current stage, IaaS storage is via redundant storage based on VMs to survive node downtime or failure. GRNET is testing reliable distributed storage over RADOS, combined with custom software for snapshotting and cloning. Okeanos allows users to use untrusted images. The host cannot touch user-provided data.

4.2 NREN: SURFnet In the Netherlands, higher education and research is embracing the cloud. Their collaborative IT organisation, SURF, coordinates the joint efforts. These activities can be divided in three distinct phases:

1. Awareness of opportunities in the cloud 2. Preparing for the cloud 3. Moving to the cloud 4.2.1 Awareness of opportunities in the cloud During the past few years, higher education and research have become aware of the potential benefits cloud services can offer. Higher education and research institutions find themselves in a much-changing world. SURF’s Strategic Plan for 2011–20141 notes that education is becoming “open”: communication between students and instructors and is no longer restricted to within the walls of the institution and from nine to five. Both students and staff have of personal devices, such as mobile phones, smartphones, laptops, and e-readers, and they use these to access everything that they need for their studies or their work. Online collaboration has become perfectly normal, not just within individual institutions but also between them. The need for far-reaching open and online collaboration is particularly pressing for research. The research field is undergoing a real “data explosion”; it is not only the hard sciences that generate enormous quantities of data but almost all fields of research, including the humanities. Research breakthroughs increasingly take place at the junction between disciplines, and on the basis of joint efforts. Although institutions are spending a great deal on ICT facilities to meet all these demands and keep pace with developments, they are now required to economise at

27



the same time.

Cloud computing can become an indispensable tool. ›› The user push-consumerisation and commoditisation:

• Utilising cloud services makes it possible to provide high-quality ICT services that meet the requirements of students, instructors, researchers, and other staff;

• The institutions can also keep pace – more than is currently the case – with those requirements and make use of the range available: rapid adoption and availability of new facilities;

• The cloud makes it possible to provide services “at any time”, “at any place”, and – of increasing importance – “on any device”. ›› Business and financial aspects:

• Cloud services can help to achieve the needed cost reductions (more OPEX and less CAPEX);

• If applied effectively, cloud services can make a contribution to a reduction in energy consumption and therefore help to achieve the sustainability goals that the institutions have set for themselves.

4.2.2 Preparing for the cloud A first set of ‘experiments’ and small-scale deployments were started: ›› SaaS: outsourcing student e-mail to Google and Microsoft at a handful of institutions; ›› IaaS: pilots with ‘virtual machines’ in the cloud, with Greenqloud as the supplier; ›› In addition, a ‘sourcing toolbox’ was created: a set of guidelines for outsourcing IT services. The tipping point was a study trip in March 2011. A group of board members from Universities, accompanied by representatives of SURF, visited suppliers and Universities in San Francisco and Seattle. This successful study trip showed the enormous potential of cloud computing, but it also made clear the attendant risks. Three major players – Google, IBM, and Microsoft – provided a clear picture of their cloud strategy, their strengths, and their weaknesses. Important initiatives for decision models were also shown. The study trip generated the following insights: ›› the question is not whether we should “enter the cloud” but when and how that should happen; ›› working together in the context of SURF has added value for higher education and research in the Netherlands in general, and also for the individual institutions. At the end of March 2011, the SURF Board of Directors decided on a joint policy for cloud computing and the use of cloud services. To coordinate these efforts, the ‘SURF Task Force Cloud’ was created for the purpose of:

organisations; ›› consulting a number of external IT specialist with expertise on cloud computing;

28



›› organising discussion meetings with the Board members, IT managers and IT specialists of the SURF member

›› organising several ‘vendor cloud demonstration days’. This resulted in a position paper: a draft version of a cloud strategy for higher education. At the end of 2011, this position paper was officially accepted. The paper is based upon the following principles: ›› ‘Cloud first’ - Generic IT services in higher education and research will be provided via the public cloud as much as possible. ›› When the required services are not available in the public cloud, or when they cannot be used due to legal considerations, community cloud services (specifically tailored to the needs of higher education) will be implemented. ›› For much of higher education, this means a change in their current procurement policies. Users should be able decide which devices and applications they use. They will be able to choose between multiple cloud vendors and cloud services (a multi-vendor approach). ›› SURF will provide an excellent infrastructure, which interconnects these services. ›› Organisations of higher education will move to the cloud together, via SURF.

4.2.3 Moving to the cloud At the end of 2011 and in the beginning of 2012, SURF undertook a number of internal organisational changes to adapt to the new policy. A new vendor management team was created. This team negotiates with vendors and maintains the relationship with these parties on behalf of the whole SURF community. An adoption team was created to facilitate the use of cloud services. The SURF member organisations receive support, if desired, to use the SURF cloud strategy as a foundation to shape their own cloud strategy and roadmap. Institutes and SURF work together to implement and adopt cloud services and benefit from each other’s knowledge and experience.

29



The technical basis is the SURFconext collaboration infrastructure.

5 Conclusions and recommendations

The development of cloud services is changing rapidly, offering users new ways to obtain the services they really want in an easy, and often economically attractive manner. Users are making these choices now, and there is a real danger that if NRENs and institutions doing nothing, users will drift into fragmented islands of incompatible services that may not have a sustainable future. There is a chance for the NRENs to lead in the field of cloud brokering and cloud middleware infrastructures. To be able to connect the clouds and provide added value to their members, NRENs must join forces and collaborate, as they have done for many years in the area of networks. NRENs should work together on: ›› consuming the public cloud: aggregating demand, vendor management and cloud brokering; ›› producing community clouds: business cases; ›› connecting the clouds, by means of collaboration infrastructures and federations;

30



›› legal issues (on EU level), standardisation, and interoperability.

3G

3rd Generation (mobile telecommunications technology)

3GPP

3rd Generation Partnership Project

AAI

Authentication and Authorisation Infrastructure

AKA

Authentication and Key Agreement

ALMA

Atacama Millimetre Array

API

Application Programming Interface

APN

Access Point Network

ARC

ALMA Regional Centre

ASDM

ALMA Science Data Model

ASKAP

Australian SKA Precursor

ASPIRE

A Study on the Prospects of the Internet for Research and Education

ATLAS

A particle physics experiment at the Large Hadron Collider at CERN

AUP

Acceptable Use Policy

AWS

Amazon Web Service

BYOD

Bring Your Own Device

CA

Certification Authority

CAD

Computer Aided Design

CAI

Community Anchor Institutions

CAPEX

Capital Expenditure

CEF

Connecting Europe Facility

CEF/DSI

Connecting Europe Facility/Digital Service Infrastructure

CERN

European Organisation for Nuclear Research

CERT

Computer Emergency Response Teams

CIDOC-CRM

International Committee for Documentation - Conceptual Reference Model

CP

Connection Policy

CPU

Central Processing Unit

DANTE

Delivery of Advanced Network Technology to Europe

DARIAH

Digital Research Architecture for the Arts and Humanities

DC

Dublin Core

DCH

Digital Cultural Heritage

DCH-RP

Digital Cultural Heritage Roadmap for Preservation

DC-NET

Digital Cultural heritage NETwork

31



6 Glossary

Delegate eduroam® Authentication System

DL

Distance Learning

DNA

Deoxyribonucleic acid

DRDB

Distributed Replicated Block Device (software)

DSI

Digital Service Infrastructure

DVTS

Digital Video Transport System

EAP

Extensible Authentication Protocol

EC2

Elastic Compute Cloud (Amazon)

ECDD&S

ELIXIR Core Data Collections and Services

eduGAIN

Education GÉANT Authorisation Infrastructure

eduroam

Education Roaming

EEA

European Economic Area

EGI

European Grid Infrastructure

EIRO

European Industrial Relations Observatory

ELIXIR

A sustainable infrastructure for biological information in Europe

ELSI

Ethical, Legal and Social Implications

EMBL-EBI

European Molecular Biology Laboratory - European Bioinformatics Institute

e-MERLIN

VLBI National Radio Astronomy Facility

EMI

European Middleware Initiative

ESD

Event Summary Data

ESFRI BMS RI

European Strategy Forum - Biological and Medical Sciences Research Infrastructure

EU

European Union

EUDAT

European Data Infrastructure

FITS

Flexible Image Transport System

FTP

File Transfer Protocol

FTS

File Transfer Service

GA

General Assembly

GB

Gigabyte

Gbps

Gigabits per second

GÉANT

Gigabit European Academic Network Technology

GN3

Multi-Gigabit European Academic Network

GPRS

General Packet Radio Service

GPS

Global Positioning System

GUI

Graphical User Interface

HDF5

Hierarchical Data Format

HEP

High Energy Physics

HG

Human Genome Project

HPC

High Performance Computing

HPC/Grid

High Performance Computing and Grid

HTTPS

HyperText Transfer Protocol Secure

IaaS

Infrastructure as a Service

32



DEAS

Study Group on Data Preservation and Long Term Analysis in High Energy Physics

ICRAR

a science archive facility in Australia

ICT

Information and Communication Technologies

IEEE 802.1X

e Institute of Electrical and Electronics Engineers – standard for port-based Network Access Control

IETF

Internet Engineering Task Force

IGTF

International Grid Trust Federation

IN2P3

the National institute of nuclear and particle physics in France

IOS

iPhone Operating System

IP

Internet Protocol

IP

Intellectual Property

IPR

Intellectual Property Right

IRCAM

Institut de Recherche et Coordination Acoustique/Musique

IRG

e-Infrastructure Reflection Group

IRU

Indefeasible Right of Use

ISO

International Organization for Standardization

ISP

Internet Service Provider

IVOA

International Virtual Observatory Alliance

JIVE

Joint Institute for VLBI in Europe

JSPG

Joint Security Policy Group

K-12 schools

primary and secondary schools

km

kilometre

KVM

Kernel-based Virtual Machine

LAN

Local Area Network

LHC

Large Hadron Collider

LHCOPN

LHC Optical Private Network

LIPA

Local IP Access

LMS

Learning Management Systems

LOFAR

Low Frequency Array

LOLA

LOw LAtency audio visual streaming system

LTE

Long Term Evolution - a standard for wireless communication of high-speed data

MAN

Metropolitan Area Network

mID

Unique Identification of person per device

MiFi

Mobile Broadband Wi-Fi

MMS

Multimedia Messaging Service

ms

millisecond

NDGF

Nordic DataGrid Facility

NFC

Near Field Communication

NGAS

New Generation Archive System

NGI

National Grid Initiatives

NIST

(US) National Institute of Standards and Technology

NOC

Network Operations Centre

33



ICFA

National Research Council

NREN

National Research and Education Network (can also refer to the operator of such a network)

NREN-PC

National Research and Education Network Programme Committee

NSF

National Science Foundation

OAI-MPH

Open Archives Initiative Protocol for Metadata Harvesting

OECD

Organisation for Economic Co-operation and Development

OMII

Open Middleware Infrastructure Institute

OPEX

Operating Expenditure

OSF

Operations Support Facility

OSG

Open Science Grid

OTP

One Time Passwords

OWL

Ontology Web Language

PaaS

Platform as a Service

PII

Personally Identifiable Information

PKI

Public Key Infrastructure

PMH

Protocol for Metadata Harvesting

PoP

Point of Presence

R&E

Research and Education

RADIUS

Remote Authentication Dial In User Service

RAM

Random Access Memory

RDF

Resource Description Framework

REST

Representational State Transfer

RF/IF

Radio Frequency/Intermediate Frequency

RNA

Ribonucleic acid

RTT

Round-Trip Time

S3

Simple Storage Services (Amazon)

SaaS

Software-as-a-Service

SAML

Security Assertion Markup Language

SIM

Subscriber Identification Module

SIP

Session Initiation Protocol

SIPTO

Selective IP Traffic Offload

SKA

Square Kilometre Array

SLA

Service Level Agreement

SLAC

Stanford Linear Accelerator Center

SMIL

Synchronized Multimedia Integration Language

SRM

Storage Resource Manager

SSID

Service Set Identifier

SVG

Scalable Vector Graphics

SWOT

Strengths, Weaknesses, Opportunities, Threats

TERENA

Trans European Research and Education Networking Association

TLS

Transport Layer Security

34



NRC

United States Unified Community Anchor Network

UMF

University Modernisation Fund (Greece)

UMTS

Universal Mobile Telecommunications System

VLAN

Virtual Local Area Network

VLBI

Very Long Baseline Interferometry

VLE

Virtual Learning Environment

VM

Virtual Machine

VO

Virtual Observatory

VoIP

Voice over Internet Protocol

VOMS

VO Membership Services

WAN

Wide Area Network

WAP

Wireless Application Protocol

WebDAV

Web Distributed Authoring and Versioning

Wi-Fi

Wireless exchange of data

WiMAX

Worldwide Interoperability for Microwave Access

WLAN

Wireless Local Area Network

WLCG

Worldwide LHC Computing Grid

XML

Extensible Markup Language

35



U.S. UCAN

7 Contributors Andres Steijaert, SURFnet, the Netherlands ASPIRE CLOUDS Study Leader

ANDRES STEIJAERT works at SURFnet, the National Research and Education Network in the Netherlands. As member of the SURF- taskforce Cloud, he contributes to the SURF cloud first strategy and supports higher education and research organisations in their joint adoption of the cloud. He directs the cloud brokering and vendor management activities. Previously, Andres worked on the development of the SURFconext collaboration infrastructure, as program manager. Before SURFconext, he coordinated the creation of the SURFnet video streaming platform and SURFgroepen, a centrally hosted collaboration service. As account advisor, Andres has been in close contact with the IT departments of the Dutch Universities, to foster their joint efforts on innovative projects to improve the quality of higher education and research.

Brian Boyle, HEAnet, Ireland Brian Boyle is the Network Services Manager with HEAnet, where he works in the Managed Network Services team developing cost effective and technically advanced ICT services for national and international networking to benefit the Irish Education and Research community. Peviously, Brian worked as an IP Network Operations Manager in Eircom.net and IT services developer in Motorola.

Simon Leinen, SWITCH, Switzerland Simon Leinen heads the Peta Solutions team at SWITCH, the research and education network for Switzerland. He worked in SWITCH’s (backbone) network team for fifteen years. His current interests are centered around ways to make

36



cloud computing useful for research and education.

Ingrid Melve, UNINETT, Norway Ingrid Melve has been Chief Technology Officer with the Norwegian research network UNINETT since 2006. She leads the eCampus Norway project, an initiative to create a coherent nation-wide campus infrastructure to support the core process of the higher-education community: research and education. With the eCampus programme she has taken on the challenges surrounding lecture recording, largescale use of Video Conferencing and mobile solutions. Working for UNINETT since 1994, she became Manager of Applications and Middleware in 1998 and has been involved in the field of Identity Management since 2000. She holds an MSc in Telecommunications from the Norwegian Institute of Technology.

Yannis Mitsos, GRNET, Greece Yannis Mitsos is head of the Network Operations Centre at GRNET, the Greek National Research & Education Network. His main responsibilities are focused on the planning, designing, and operating production-grade e-Infrastructures such as network and cloud services. In parallel, he is actively involved in the development

37



of regional network structures around the South Eastern Europe.