High-Level Functional Architecture for CSB

The cloud service broker architecture must enable and facilitate provision of opti- mal scheduling strategies and deployment of virtual services across multiple clouds. These services may be based on different optimization criteria like cost optimization or performance optimization and fulfi ll different user constrains like budget, performance, instance types, load balancing, instance prices, and service workload.

The high-level conceptual architecture presented in Fig. 5.1 is a depiction of the functionality that a cloud service broker may provide. All the cloud service brokers may not provide all the functionality, and additional functionality may be added if the need arises.

The cloud service broker provides varied capabilities to the cloud consumer. In order to fulfi ll its task, the following components are needed:

• Service management: This is the most critical component of the cloud service broker and performs the tasks related to service discovery, service selection (in conjunction with other functions like semantic engine and SLA and QoS man- agement), service provisioning, and service de-provisioning. The allocation of services is done in a manner to preserve on-demand and elastic nature of cloud services provisioning.

• Metering/billing: This functionality keeps track of the services consumed along with any aggregations and discounts and other pricing-related information (in conjunction with rules management and monitoring engine). This module may have integration with external third-party payment gateways and will meter data from various resources and aggregate them so that they can be rated and billed. • Data management: Also an important functionality dealing with data and its stor- age and security (in conjunction with integration, transformation, security man- agement, and SLA and QoS management modules).

• Orchestration: Business transactions are often executed by coordinating or arranging existing applications and infrastructure in the cloud to implement busi- ness processes. This involves usage of technologies and tools like ESBs, process engines, middleware, legacy, and packaged applications. Event processing may be a useful functionality to have as it provides asynchronous resource coordina- tion and automated policy-based orchestration.

• Transformation: Involves changing an entity in one form to another at run-time, for example, transformation of an entity from one data model to another or trans- formation of message from one protocol to another.

• Logging/audit trails: Performs creation of logs and audit trails. The module is essential for fulfi lling regulatory compliance and also for interfacing to incident management and essential for security management, SLA and QoS management, and support and incident management modules.

• Mediation: This module helps to resolve the differences between two or more systems in order to integrate them seamlessly. Mediation can happen at different levels such as security, transport, message, API, and protocol.

• Integration: Is used to facilitate the combination or aggregation of separately produced components or services to perform a larger task, ensuring that the prob- lems in their interactions are addressed by using some intermediary tool, say mediation. This module is necessary for interfacing to the multiple service pro- viders who do not follow the same standards in terms of protocols, technology, APIs, etc.

• Monitoring: Monitors the business activities, SLAs, holistic service status, outstanding alerts, and policy violations. This module interfaces with most other modules and provides them with relevant information.

• Semantic engine: A specialized entity (could be optional) that will support the creation of a common understanding of and relationships among entities in a domain by means of creation and usage of ontologies. This module thus helps in easier mapping and understanding of services provided by different cloud ven- dors and helps in creating ease of interoperability and common understanding among cloud services provided by different vendors.

• Rules management: Is a support functionality that is utilized by many other mod- ules to perform complex decision-making and evaluation functionality and also to map the business requirements in a declarative, easy-to-use manner that allows easy update and changes.

• Security management: May include identity and access management functionality for handling user roles and access issues and security services like authentication, authorization, auditing, encryption, wire-level security, and other conventional security measures required in a distributed environment. Privacy- related issues are also handled by this module.

• SLA and QoS management: Makes use of metrics in the relevant areas, some of them being legal metrics, SLA and QoS requirements pertaining to regulatory, privacy, data security, and penalties management; interfaces with the security man- agement, policy management, rules management, logging/audit trails, monitoring, and performance management modules; defi nes metrics for usage and assessment of charge-backs, promotions, and discount-related information management. • Performance management: Handles the performance-related aspects of business

processes and services and also of the underlying resources. It interfaces with certain other modules like monitoring and support and incident management. • Policy management: Policy handling including policy creation and assessment,

mapping, attachment, and deployment is performed as part of this module. Policy enforcement and escalations must also be applied as appropriate as part of func- tionality of this module.

• Self-service: Provides the customer with the ability to self-register and perform self-service functions including provisioning and management tasks and also administration. This module ties in with the security management module and may tie in with other modules like rules management, SLA and QoS manage- ment, and policy management.

• Support and incident management: Performance and utilization of diagnostic information at multiple levels to troubleshoot and resolve issues. Cloud manage- ment infrastructure must provide diagnostics capabilities for the full stack. Incident management aims to restore normal cloud operation as quickly as pos- sible and minimize the adverse effect on business operations. This may include resolution of the root causes of incidents and thus minimizes the adverse impact of incidents and problems on business and prevents recurrence of incidents related to these errors. If resolution is not possible, then alternative service deployment may be needed in conjunction with service management module.

• Analytics: This module collects and makes use of historical data and provides analytical information for both internal usages of the cloud service broker but also for the cloud consumers. It provides insight into business trends and user preferences, transaction visibility, business key performance indicator (KPI) monitoring, reporting functionality, and dashboards.