State of the art analysis: Cloud solutions in the Public sector

(1)

Deliverable D1.1:

State of the art analysis:

Cloud solutions in the Public sector

Date: 23 January 2013

Authors: Timo Mustonen (MFG) Dissemination level: PU

WP: 1 Version: 1.0

Keywords: State of the Art, Cloud Computing, Open-Source,

Virtualization, Public Administration

Description: This deliverable provides an overview of the current types

of Cloud solutions available for public administrations, recognizing also current research results, challenges, gaps and benefits in the Cloud Computing in general.

FP7-ICT-2011-8

Coordination and Support Action

SUCRE (SUpporting Cloud Research Exploitation) Project No.: 318204

(2)

Document Metadata

Quality Assurors and Contributors

Quality assuror(s): B. Palak (PSNC)

Contributor(s): S. Meintel (MFG), M. Pantazoglou (UoA), E. Toli (UoA), G. Calabro (ZPH)

Version History

Version Date Description 0.1 03/12/2012 First draft

0.2 11/12/2012 Second draft, refinement Table of Contents

0.3 18/12/2012 Section 1 Introduction, Section 3 developed outcomes 0.4 21/12/2012 Appendix, Section 2 research initiatives, update

Section 3, Section 4 Concluding remarks 0.5 28/12/2012 First internal review

0.6 08/01/2013 Version with internal review updates

0.7 10/01/2013 Version with second internal review updates 0.8 18/01/2013 Version with quality review updates

(3)

Disclaimer

This document contains description of the SUCRE project findings, work and products. Certain parts of it might be under partner Intellectual Property Right (IPR) rules so, prior to using its content please contact the consortium head for approval.

In case you believe that this document harms in any way IPR held by you as a person or as a representative of an entity, please do notify us immediately. The authors of this document have taken any available measure in order for its content to be accurate, consistent and lawful. However, neither the project consortium as a whole nor the individual partners that implicitly or explicitly participated in the creation and publication of this document hold any sort of responsibility that might occur as a result of using its content.

This publication has been produced with the assistance of the European Union. The content of this publication is the sole responsibility of SUCRE consortium and can in no way be taken to reflect the views of the European Union.

The European Union is established in accordance with the Treaty on European Union (Maastricht). There are currently 27 Member States of the Union. It is based on the European Communities and the member states cooperation in the fields of Common Foreign and Security Policy and Justice and Home Affairs. The five main institutions of the European Union are the European Parliament, the Council of Ministers, the European Commission, the Court of Justice and the Court of Auditors. (http://europa.eu.int/)

(4)

Executive Summary

This deliverable provides a look into the current state-of-the-art in Open-Source Cloud Computing solutions available for public administrations. Due to the nature of the public sector, most Cloud Computing solutions and service models designed for business use can be also adapted to meet its specific needs. Indeed, to date, many projects address several gaps that exist in the current field of Cloud Computing that range from interoperability to scalability, metrics, optimization and full middleware solutions. Some of those projects promote policy and technology initiatives, while others focus on technical aspects; some solutions are amalgamations of both. Nonetheless, most projects are working to improve interoperability and to provide standards, metrics and platforms that would help to implement a Cloud solution.

Given the aforementioned developments, one may identify a number of Open-Source Cloud solutions, which have become available and are suitable for use by public administrations. Beyond that, there are individual companies providing their own, both Open-Source and proprietary, solutions. Still, through Open-Source, the integration options to existing systems, the interoperability and the adjustability of the code to work with other existing solutions, as well as the vendor-independent procurement are more manageable than through proprietary solutions. Also, through Open-Source, true transparency in public administration can be achieved, as all processes of the software and solutions being used are known.

The results of the state-of-the-art study reported in this deliverable indicate that, there is still a need for more confirmatory research. Adoption studies are few, and use cases on the use of Cloud Computing in public administrations are generally not publicly accessible. Much of the data presented in this deliverable amount to many possibilities, but evidence of widespread use of Cloud Computing in public administrations is limited or non-existent. Through interviews, aggregate studies and comparative research, the SUCRE project will increase and improve the knowledge of Open-Source Cloud solutions for public administrations.

(5)

1 Introduction

1.1 Goal of this Deliverable

The goal of the present state-of-the-art analysis is to provide a look into current research projects and Cloud solutions, from the perspective of their applicability to public administrations. Due to the breadth of Cloud Computing, this deliverable does not aim to be a definitive guide in the current field, but serve more as a cross-cut of different approaches, success stories, and solutions that are in development or in use throughout Europe, and beyond. Both Open-Source and proprietary solutions are mentioned; however, the primary focus is on Open-Source, as the SUCRE project targets the promotion of Open-Source solutions for Cloud Computing. Where applicable, or where the relative information is available, the solutions are described from technical, economical, legal and policy viewpoints.

Besides, the deliverable does not aim to assess the successfulness of an individual solution; rather it is intended to point out strengths and opportunities associated with Cloud solutions regardless of their business model. A deeper analysis into the successes will be handled in deliverable D1.3, which will perform a comparative analysis on the current state of Cloud adoption in the public sectors of selected European countries.

Finally, it should be noted that, this deliverable is a sister publication of another state-of-the-art analysis by the SUCRE project, which is reported in deliverable D2.1. While this deliverable addresses solutions for public administrations in general, the other one takes a more specific look into the solutions available for the healthcare sector, and the specific needs and solutions of the potential Cloud users in that field. Hence, much of the general discussion is shared between these two documents, but differs when example projects, solutions and demands are handled, whereby a more case-specific look is given.

1.2 About the SUCRE Project

The SUCRE project is driven by a key objective, which is the consolidation of the European Cloud Computing and Open-Source communities by creating a critical mass of stakeholders who will work together on promoting the use of Open-Source in Cloud Computing. The existing gap in addressing interoperability problems is partially the cause for slow adoption of Open-Source Cloud solutions by businesses and public institutions. This is all despite the quality of several Open-Source-based projects, their overall

(9)

encouraging developments, and their great potential. Furthermore, the lack in interoperability and standards among applications, services and devices, results in fragmentation of technologies, services and markets, and thus leads to reduced competitiveness and growth for the European economy.

Recognizing the above situation, SUCRE will promote collaboration in Open-Source Cloud Computing. Through its five-step approach and various collaboration and support activities, the project will engage stakeholders from both the industry and the public sector to discuss and exchange experiences on using Open Clouds to meet their needs.

1.3 Document Structure

This document is divided into three main parts. Firstly, in Section 2, a look is given to the currently ongoing research and development in Cloud Computing, along with an analysis of the applicability of the related projects to the public sector. A number of solutions that have already become available are discussed in Section 3, where both Open-Source and proprietary Clouds are looked into. The document concludes in Section 4, with a look into general risks and benefits of Cloud Computing. The same section also deals, where applicable, with the specific problems relating to the use of Clouds by the public sector, identifying and describing the main gaps that are still present in the area of Cloud Computing.

Finally, this document comes with an Appendix, which explains the basic terminology and concepts of Cloud Computing. The Appendix is aimed as a background into the general topic of Clouds and Open-Source – it allows for conceptual clarity and expands the theoretical base.

2 Ongoing Research and Development in Open

Clouds

The first European Commission Expert Group Report titled “The Future Of Cloud Computing” [1] stated that, by 2010, only a limited amount of dedicated research had been done on Cloud Computing. Since then, however, several projects have emerged with a research track dedicated to Cloud Computing, mainly investigating the migration possibilities from existing solutions into Cloud-based environments. The report concluded that, both the research and Open-Source development communities tend to focus on individual capabilities, instead of emphasizing on integration and middleware solutions. Virtualization solutions are in the margins. It could even be that complete infrastructure systems are not within the scope or interest of those

(10)

communities. This is seen mainly as due to the tendency of developed projects to drift towards proprietary solutions to fill gaps in specifications and existing tools. Still, there have been developments toward interoperability of Open-Source solutions, as most research outcomes adhere to SOA paradigms and try to maintain standard interfaces. Thus, research results can show a much higher interoperability over proprietary solutions.

However, in the two years after the release of the report, much has happened and much will be happening. Those identified key challenges are being researched on, and solutions are starting to emerge. The current Call 8 of the European Commission (EC) FP7 framework funds several promising projects that aim to address the main challenges.

Some of the projects presented in the following pages are intended to promote Cloud Computing policies. Others focus more on establishing concrete technical solutions. In any case, the presented projects show a great deal of progress in addressing the gaps that will be discussed in Section 4.3, but as most of them are still at an early stage, the gaps can be seen as existing until concrete outcomes have been reached.

All in all, most of these projects work to improve interoperability and to provide standards, metrics and platforms that would help to implement a Cloud solution. Public administrations are the target of some of these projects, while others focus more on general European solutions to bring this added value to a broader spectrum of users. Still, it remains to be seen how wide their successes will be.

2.1 Ongoing (Open-Source) Cloud Computing Projects and

Initiatives

Research into Cloud solutions is starting to gain momentum. As it was previously mentioned, the European Commission funds several research projects that provide great potential developments for the Cloud Computing in Europe. Those projects along with other initiatives either aim at creating new technology, assisting and adding on to existing solutions, or influencing Cloud Computing in policy-related matters. Many of those projects also have an Open-Source agenda included, or implied, while they all present a potential for addressing the needs of the public sector.

In the following paragraphs, we briefly describe a non-exhaustive yet indicative list of ongoing projects in Cloud Computing. Even though some of those projects do not explicitly include a public sector related use case or application, the public administrations can potentially avail of the technologies they develop, as they address issues that are of great importance to the

(11)

domain, such as standardization, scalability, cost efficiency, and security. It should be noted that, several of the projects presented below could be categorized as Internet of Services (IoS) and/or Internet of Things (IoT) projects. Nonetheless, since Cloud Computing is closely linked to these domains, providing a model for the underlying infrastructure, issues related to Open Cloud Computing are also part of the IoS and IoT projects’ research agendas.

2.1.1 CELAR

The CELAR project1 recognizes that, auto-scaling resources are one of the top obstacles and opportunities for Cloud Computing. Indeed, through automatic scaling, Cloud consumers can minimize the execution time of their tasks without exceeding a given budget, whereas Cloud providers can maximize their financial gain while keeping their customers satisfied and minimizing administrative costs. To this end, the CELAR project will address the existing gap of adaptive elasticity through automation of elastic provisioning, in a fully customizable manner. The aim is to deliver a fully automated and highly customizable system for elastic provisioning of resources in Cloud Computing platforms.

This project directly addresses the gap of both upwards and downwards scalability, which is an aspect that defines resourcing in Cloud Computing. Through automatized scalability, savings in Cloud maintenance become feasible, and a more thorough and accurate pricing model can be established, limiting gray areas in billing for Cloud services.

2.1.2 VISION Cloud

The aim of the VISION Cloud project2_{is to establish a media-aware data}

access layer. The project identifies that Cloud Computing offers cost flexibility. In the past, a company or user with high storage needs would have to buy servers or even build its own data center. Today, there are already many options to simply move to Cloud platforms, and pay just for what is really used. On this premise, VISION Cloud aspires to expand on what is available to address the gap of unexploited solution areas. The project suggests innovative platforms, where patients, doctors and hospitals could securely exchange files and data, resulting in better services at lower costs, or ways to work on media projects with large HD video files and big data analysis. All in

1_{http://www.celarCloud.eu/} 2_{http://www.visionCloud.eu/}

(12)

all, their goal is to introduce a powerful ICT infrastructure for reliable and effective delivery of data-intensive storage services, facilitating the convergence of ICT, media and telecommunications.

The primary deliverables of VISION Cloud will be an architecture and a reference implementation of a Cloud-based infrastructure, built on top of open standards and new technologies, in order to provide a scalable, flexible and dependable framework for optimized delivery of data-intensive storage services. This goal will be accomplished through supporting new emerging telecom/media services. The project also aims to achieve significant and quantifiable improvements in service delivery productivity, quality, availability, reliability and cost.

Even though it has a healthcare aspect, VISION Cloud is also noteworthy in the public sector sphere. Managing big data is a growing interest of several entities ranging from businesses to countries and even the EU itself. Public administrations have large amounts of data they need to manage. Ranging from geographical information to imaging and beyond, the bigger the city, the more computing resources it will need. Therefore, it is safe to say that big data management requires resources, and these resources can also be provided as IaaS or Computing-aaS. This makes the VISION Cloud project very interesting in the general area of Cloud Computing for the public sector.

2.1.3 Contrail

The goal of the Contrail project3_{is to design, implement, evaluate, and}

promote an Open-Source system for Cloud federations. The project is partially funded by the Seventh Framework Programme of the EU, and aims to vertically integrate: (i) an Open-Source distributed operating system for autonomous resource management in Infrastructure-as-a-Service (IaaS) environments; and (ii) high-level services and runtime environments as foundations for Platform-as-a-Service (PaaS). One of the main outcomes will be a tightly integrated Open-Source software stack that includes a comprehensive set of system, runtime, and high-level services providing standardized interfaces to support cooperation and resource sharing over Cloud federations.

Contrail aspires to address key technological challenges in existing commercial and academic Clouds, namely: (i) the lack of standardized rich and stable interfaces; (ii) limited trust from customers; and (iii) relatively poor Quality of Service guarantees. The main contribution of Contrail will be an

(13)

integrated approach to virtualization. The project will aim to equal current commercial Clouds, and even surpass them in a number of key domains. The project has a vision that any organization should be able to be both a Cloud provider and a customer in periods of peak activity. The existing IT infrastructure that is not fully utilized to the greatest potential could be integrated into a single federated Cloud that users could seamlessly access.

2.1.4 BigFoot

The aim of the BigFoot project4 is to design, implement, and evaluate a scalable system for processing and interacting with large volumes of data. The BigFoot software stack allows automatic and self-tuned deployment of data storage and parallel processing services for private Cloud deployments, which go beyond best-effort services currently available in the state-of-the-art. The project addresses performance bottlenecks of current solutions and takes a cross-layer approach to system optimization, which is evaluated with a thorough experimental methodology using realistic workloads and datasets. The ultimate goal of the project is to contribute the BigFoot software stack to the Open-Source community.

Bigfoot aims to merge several research domains under one roof. These include, but are not limited to, scalable algorithms, fault tolerant distributed systems and virtualization. The project’s goal is to provide high quality research, Open-Source software through their software stack, and create experimental platforms to produce reliable comparative analyses on the performance of Cloud-based systems.

2.1.5 PaaSage

PaaSage5_{is looking to deliver an open and integrated platform to support the}

model-based lifecycle management of Cloud applications, and thereby allow for model-based development, configuration, optimization, and deployment of existing and new applications independently of the existing Cloud infrastructures. PaaSage addresses the complexity at the IaaS level in an IDE combining the abstraction power of a modeling language with mechanisms for profiling, reasoning, monitoring, metadata collection, and adaption at runtime. The PaaSage development environment is intended to support the developer in the full project lifecycle. In this light, PaaSage will help stakeholders in: (i) reducing the cost of migration and implementation; (ii) enabling full

4_{http://www.bigfootproject.eu/} 5_{http://www.paasage.eu/}

(14)

exploitation of the Cloud potential; (iii) avoiding lock-ins; (iv) transparently using heterogeneous infrastructures; and (v) increasing the expertise on the basis of Cloud Computing use cases. Furthermore, the project will simplify the management of services and infrastructures through dynamic, automated adaptation, and will enable integrated improvement of service compositions and deployment.

2.1.6 CloudSpaces

The CloudSpaces project6 will be based on the premise that, in the following years, users will access their data from a variety of devices, operating systems and applications. CloudSpaces further anticipates that, there will be a clear shift towards person-centric models, whereby users will retake the control of their information. Therefore, the project aims to create open Personal Clouds for users to do just that. Explicit focus is given on privacy and security from the start, noting that the infrastructure must ensure privacy-aware data sharing from other Personal Clouds. The CloudSpaces results will allow for better interoperability and scalability, while trying to overcome existing vendor lock-in risks at the same time. The project is also taking into consideration the data storage laws of different EU, so that users can decide where their data are stored, and how applications and/or other people can access their information.

2.1.7 HARNESS

The HARNESS project7 aims to seamlessly incorporate innovative hardware and network technologies into data centers that provide Platform as a Service (PaaS) Cloud infrastructures. HARNESS aims to vastly increase performance, reduce energy consumption, and lower cost profiles for important and high-value Cloud applications such as real-time business analytics and the geosciences.

The project states that, today’s Cloud platforms are missing out on the revolution in new hardware and network technologies. Technologies such as Field Programmable Gate Arrays (FPGA), General-Purpose Graphics Processing Units (GPGPU), programmable network routers, and solid-state disks promise increased performance, reduced energy consumption, and lower cost profiles. Still, their heterogeneity and complexity renders integrating

6_{http://Cloudspaces.eu/}

(15)

them into the standard PaaS framework a fundamental challenge. Solving this challenge is among the project’s key objectives.

HARNESS will advance the state-of-the-art in Cloud data center design to achieve two main goals: that Cloud providers can profitably offer and manage the tenancy of specialized hardware and network technologies, and that software engineers can seamlessly, flexibly, and cost-effectively integrate specialized hardware and network technologies into the design and execution of their Cloud-hosted applications.

2.2 Public Sector-specific Cloud Research and Development

Public administrations can greatly benefit from Cloud Computing, while Open-Source solutions can provide them with the transparency that would not be otherwise possible with proprietary software. In the following paragraphs, a number of indicative, ongoing research and public projects in this context are presented.

2.2.1 Open-DAI

Open-DAI (Opening Data Architectures and Infrastructures of European Public Administrations)8_{is a project that started in 2012 and will run for two}

years. It is funded under the ICT Policy Support Programme as part of the Competitiveness and Innovation Framework Programme (CIP) Call 2011. According to the project’s leaflet, the aim of Open-DAI is to make data and platforms available for digital public services on cloud computing infrastructures. This means that open data can be used as a starting point to create new applications and services for public administrations, companies and citizens or to provide a channel for feeding back information to public administrations.

The specific objectives of Open-DAI are:

• to open up a large part of the Public Administrations’ (PAs’) databases to a wide audience of potential users through an open data hub in order to correlate data and to implement new digital public services; • to evolve the PAs’ information systems towards an open model and

Service Oriented Architecture (SOA) in order to overhaul the monolithic and closed models and to facilitate software maintenance of existing silos;

(16)

• to host the PA’s services into a scalable cloud infrastructure in order to meet the evolving needs.

The project will implement in total 12 pilots in five countries that will showcase the potential that open clouds offer to Public Administrations for delivering new services but they will also present a new cloud model deployment.

2.2.2 eEnviPer

eEnviPer (Environmental Permits for the 21st_Century)9_{is a project funded by}

the ICT Policy Support Programme, that started in April 2012 and will last for two years.

The motivation for eEnviPer was the identification of the need for a system that integrates processes and services related to environmental permitting procedures and are collected by public authorities and agencies. eEnviPer will enable them to model and deploy services, as a cloud of e-Government services that support environmental licensing procedures to citizens and businesses. For this purpose, basic operational services will be aggregated on the platform and will be offered to citizens as e-services. At the same time, the architecture of the platform will give the public administrations the opportunity to deploy easily new services, and existing procedures will be available as shared services. The eEnviPer project aims to test an existing single multi-purpose cloud platform based on Service Oriented Architecture (SOA) for providing software as a service in five different European countries. The project will demonstrate the benefits of SOA and cloud architecture by integrating complementary existing systems that support environment-related permit procedures and provide digital services for permitting authorities at different levels, enterprises, consulting services and civil society.

2.2.3 Platon

Platon10 is an initiative that is partly funded by the EU and partly by national Polish resources. The project is aimed at the development of the national ICT infrastructure for science (PIONIER network), providing Cloud-based applications and services to support scientific research and development of Polish research teams for the innovative economy. The direct goal of the project is to implement modern ICT services such as videoconference services, eduroam services, campus services, archiving services, and science High-Definition TV services available to the scientific community in Poland.

9_{http://www.eenviper.eu/}

(17)

Education is also an aspect of public administration, and the virtualization and distance learning options, not to mention distance research options this project aims to develop, are in key positions when developing a country’s innovation potential. Collaboration tools in the Cloud can expedite the innovation process and therefore provide benefits to the entire spectrum of public services.

2.2.4 COMPOSE

According to the projects factsheet, COMPOSE aims at enabling new services that can seamlessly integrate real and virtual worlds through the convergence of the Internet of Services (IoS) with the Internet of Things (IoT). COMPOSE will achieve this through the provisioning of an open and scalable marketplace infrastructure, in which smart objects are associated to services that can be combined, managed, and integrated in a standardised way to easily and quickly build innovative applications. It will combine elements from IoS IoT and the Internet of Content (IoC) and create a new business ecosystem. It also includes several use cases, among which one addressing issues related to the public sector. In the Smart City use case ample amount and diversity of sensors will be deployed at a Barcelona district. Along with Barcelona's OpenData, COMPOSE intends to showcase life in a smart city by creating a group of city services for the citizens.

2.2.5 ARTIST

The ARTIST project11 envisages the modernization and transformation of legacy software in order to be delivered according to the Cloud Computing model. Hence, the project has set as its main goal the adaptation of legacy software to run on the Cloud, through the creation of the appropriate methods, tools, and techniques based on Model Driven Engineering. More specifically, ARTIST will create the aforementioned artifacts to allow for such software migration in three phases:

• In the pre-migration phase, an evaluation is performed to assess the feasibility of migration in both technical and business-related terms. • In the migration phase, a list of actions is constructed that will lead to a

successful migration. The legacy software is analyzed, while legacy models are transformed to modernized models. Also, fulfillment of the Cloud-specific requirements by the migrated code is assessed and ensured.

(18)

• In the post-migration (provisioning) phase, a validation is performed to certify that the migrated software fulfills the migration goals.

ARTIST aims to help organizations to evaluate if their applications are able to run on the Cloud, and if such a move is worthwhile. Furthermore, the project’s outcomes will support and drive the entire migration process. Through the course of the project’s lifetime a total of four use cases will be developed, one relating to an e-Government application for the integration of processes and data from different public administrations.

2.2.6 BETaaS

BETaaS proposes a platform for the execution of machine-to-machine (M2M) applications, which is built on top of services deployed in a “local cloud” of gateways, the latter being the devices which provide the smart things with connectivity to the Internet (e.g., smart phones, home routers, road-side units). Adaptation layers will be defined to interconnect BETaaS with the main architectures proposed at a European level for M2M communication, including ETSI M2M and IoT-A. In addition to being highly scalable, security, dependability, and QoS features will be embedded “by design” into the BETaaS platform, which will be released as open source to the community. Platform validation will be done through experiments in two testbed facilities, targeting the Smart City and Home Automation use cases.

2.2.7 Deutsche Wolke

Deutsche Wolke12 is an Open-Source initiative for the development of a federal Cloud-Infrastructure in Germany. It was established by a network of German and international organizations, who are leaders in their respective fields of business and enjoy high reputation among their clients. Although Germany's strict rules with respect to data security are regarded as a competitive advantage, general discussions now tend to argue for a global leveling of data security policies. Nevertheless, unless such a leveling will not be based on data security standards and procedures as currently applicable to Germany, this competitive advantage will eventually diminish.

The Deutsche Wolke initiative works towards realizing the vision of a “Cloud Made in Germany” with open standards, maximum performance, and availability that is based on the strict data security policies currently valid in Germany. Due to the virtualization of server farms, it has become nearly impossible for Cloud producers to find out on which server and in which

(19)

country the Cloud-migrated data is being used. This leads to consumer uncertainty regarding the destination and agreed assignability of saved data, and complicates the recovery of it, should a technical problem arise.

On the other hand, the accessibility of stored data by third parties and the extent to which governments outside Germany (e.g. other countries in the EU) are allowed to use that data also remains uncertain. From the data protection point of view, this situation remains problematic, as the transportation and storage of sensitive company data, its legal protection, as well as its proper use cannot be fully controlled. The concept of the Deutsche Wolke is geared towards meeting the demand of organizations resident in Germany. The initiative’s approach is focused on safety, transparency and reliability. Deutsche Wolke is currently a research project that aims to bring out a working solution, while it already offers a platform for Cloud providers to showcase their product.

The Deutsche Wolke approach also takes into account the strict data security laws of Germany that do not allow public administrations to store personal data of German citizens outside the physical boundaries of Germany.

2.2.8 Helix Nebula

In March 2012, three of Europe's most prominent research centers, namely CERN, the European Space Agency (ESA), and the European Molecular Biology Laboratory (EMBL), launched a massive Cloud Computing project, called Helix Nebula13_{. The project is exploring whether virtualization and}

Cloud technologies will provide a better return on investment over current grid resources. The supply side comprises both public and private Cloud providers, including vendors such as Atos, CloudSigma and T-Systems. In July 2012, the partners announced that they were transitioning from the initial proof of concept phase to a start of the two-year pilot phase, which involves expanding the proofs of concept and refining the commercial terms. One of the major challenges of this multi-vendor, multi-Cloud endeavor is operability. Where federation is an essential characteristic of Grid computing, Cloud federation still has a way to go.

2.2.9 Okeanos

Okeanos 14 aims to deliver production-quality Infrastructure-as-a-Service (IaaS) to the Greek Academic and Research Community. The developed IaaS

13_{http://helix-nebula.eu/} 14_{https://okeanos.grnet.gr/}

(20)

is currently on alpha testing phase, thus, participation is still possible only by invitation. Students, professors, and researchers can get for free the full power of virtual infrastructures such as computing, network, and storage. The Okeanos IaaS is particular offered by the Greek Research and Technology Network (GRNET).

2.2.10 PPBW

The Polish Platform for Homeland Security (PPBW) 15 is a two-year development project in the area of homeland security. PPBW addresses the need for more secure Cloud Computing in a very concrete way. The results of the project will be used by a Polish Law Enforcement Authority [11]. The goal is to develop the architecture of a network and application IT environment for secure, reliable, efficient and scalable processing and storing data by current and future applications and services. Additionally, the project aims to provide a clear migration path from the current infrastructure.

2.2.11 Cloud Software Program

The Cloud Software Program16_{is a public sector-driven, Finnish initiative}

aiming to significantly improve the competitive position of Finnish software intensive industry in global markets, and will run from 2010 to 2013 in Finland [12]. According to a survey conducted in 2009, the most significant factors of competitiveness are: operational efficiency, user experience, web software, open systems, security engineering, and sustainable development. According to the Cloud Software Program, Cloud software ties these factors together as software increasingly moves to the Web. The program aims to pioneer in building new Cloud business models, lean software enterprise model and open Cloud software infrastructure.

The project has developed a Strategic Research Agenda that provides focal points on future Cloud research. It suggests that, from the business viewpoint, the focus of research in the coming years should be in supporting a change towards smaller, leaner and more competitive ecosystems, as well as growing the emerging ecosystems around mid-size enterprises. Also, the report indicates a continuing need in ecosystem assessment and similar activities. The project recommends focusing on shortening the idea-to-business cycle in the Cloud domain, developing ecosystems, and focusing on superior user experience to provide edge in the future Cloud markets. The project has also

15_{http://www.ppbw.pl/}

(21)

produced several papers on revenue models in Cloud Computing. This is a very important and often neglected area that will directly benefit startup creation with readily available business model suggestions.

This approach does promote open systems, but does not qualify that as a driving force. It focuses more on Cloud business promotion and creating opportunities for Cloud providers to enter the market or rethink or develop their business idea further. This help lowers the barriers of entry to Cloud service providers, as they receive information that helps them succeed in the market. And since it is openly available through open principles, the benefits can be exploited over and over again.

3 Developed Clouds and Applied Solutions to the

Public Sector

This section is provides an outlook of results in Cloud Computing that are already available and put into practice in the public sectors of various European countries. Completed research projects with Open-Source solutions are looked into, along with a selected set of commercial solutions. The section finishes with a cross section of some commercially available products, Open-Source or proprietary, and their use in achieving various Cloud Computing policy goals.

3.1 Project and Initiative Outcomes

Public administrations throughout Europe differ in their composition, tasks and size. Still, a stack for Open-Source Cloud solutions can be greatly helpful in finding best options for each public administration, or give examples for creation of own similar solutions that adhere to possible legal restrictions as well. In all cases presented below, an initial project in Cloud Computing or Open-Source Cloud Computing gave out results that have been exploited in various ways.

3.1.1 DigitPA

Italy has been awarded with a very good rank classified as the third country in Europe and the sixth in the world regarding Cloud applications and services adopted according to the Global Cloud Computing Scorecard17_{released by}

Business Software Alliance (BSA)18_{. BSA has released an international}

17_{http://portal.bsa.org/cloudscorecard2012/countries.html} 18_{http://www.bsa.org/}

(22)

survey listing the top countries with regards Cloud IT adoption taking into account several elements such as security in data transfer, infrastructures quality, intellectual property laws, cybercrime legislation, and copyright law that also provides adequate protection for Cloud Computing services, although some uncertainty remains in relation to the enforcement of copyright breaches in practice.

Regarding the use of Cloud Computing in public administration, Italy has taken further steps ahead Thanks to a modern electronic signature law, and despite the difficulties with implementation, services for citizens are faster and more secure. Italy also has modern electronic commerce laws, while the country is committed to international standards and interoperability. However, one risk in Italy is that limited Internet censorship is in place, including mandatory ISP level filtering for certain content. Finally, Italy has a moderate level of broadband penetration, and the “Italia Digitale” Plan aims to further bridge the digital divide.

In October 2010, DigitPA19_{organised a workshop devoted to “eGovernment}

in Cloud Computing”, Further to this event, several Italian Public Administration Departments showed a great deal of interest towards Cloud application to improve services and security, not to mention the economic benefits of such applications in daily citizens life. The DigitPA Committee launched the scheme related to “Recommendations and proposals related to Cloud Computing adoption in the Public Administration". This document was drafted thanks to the joint work of a multidisciplinary team of experts from the public administration, public and private SMEs and other actors of the private sector.

The aforementioned Committee proposed to submit this document to public revision that was successfully closed on June 30th_{2012, which will lead to the}

finalization of policy and contracts to increase the use of ICT and Clouds in the Italian public sector.

3.1.2 Greek Linked Open Data Cloud

The Greek Linked Open Data (LOD)20 is an initiative of the Open Knowledge Foundation Greece (OKFN-Greece), in collaboration with the Aristotle University of Thessaloniki. The effort aims at exploiting the existing, available Greek public Open Data21_{, in order to create the first Greek Linked Open Data}

19_{http://www.digitpa.gov.it/} 20_{http://gr.okfn.org/en/greek-lod/} 21_{http://geodata.gov.gr}

(23)

Cloud. At the beginning, the Cloud will include datasets from the following Public institutions and services:

• Greek Police • Greek Fire Brigade

• Kallikratis, a dataset with information about all Greek municipalities The efforts related to the Greek LOD are part of the Open Government Partnership, and their ultimate goal is to make public administrations friendlier to the citizens, through the use of the Cloud technology.

3.1.3 G-Cloud

The G-Cloud Programme22 in United Kingdom is a cross-government initiative led by the Ministry of Justice, and supported by the Home Office, under the direction of the Chief Information Officer Delivery Board as part of the UK Government ICT Strategy. The initial focus is on introducing Cloud ICT services into government departments, local authorities and the wider public sector. In order to do so, the project has undertaken a G-Cloud procurement framework for services under the OJEU process. These services can be reviewed and purchased through the CloudStore platform provided by the project. At present, there are four categories of services: Infrastructure, Software, Platform and Specialist Services.

3.1.4 SLA@SOI

SLA@SOI23 was a consortium of leading Industrial, Academic and Research Institutes from around Europe committed to research, engineer and demonstrate technologies that can embed SLA-aware Cloud infrastructures into the service economy. It was an EU-funded research project committed to deliver and showcase an innovative open Service Level Agreement (SLA) Management Framework that provides holistic support for service level objectives - enabling an open, dynamic, SLA-aware market for European service providers. SLA@SOI project lasted for three years starting from 2008. With a €15 Million budget and seven European partners from Austria, Ireland, Italy, Germany, Slovenia, Spain, and United Kingdom, the project managed to create a solution that is now available at SourceForge for download.

SLA@SOI aimed to define a holistic view for the management of service level agreements (SLAs), implementing an SLA management framework that can

22_{http://gCloud.civilservice.gov.uk/} 23_{http://sla-at-soi.eu/}

(24)

be easily integrated into a service-oriented infrastructure (SOI). SLA@SOI managed to release a comprehensive Open-Source SLA management framework, publish new and enhanced algorithms and models, and provide a comprehensive example scenario with domain specific templates, plug-ins and adoption guidelines.

The research conducted by SLA@SOI was grounded by four use-cases of ERP Hosting, Enterprise IT on SLA-aware provisioning of computer platforms, Service Aggregation of SLA-aware telecommunication and third party web-based services, and e-Government, validating the integration of human-web-based services with those that are technology-based. More specifically, the e-Government use case of SLA@SOI centres on the implementation of a system for the reservation of medical treatment services, and three scenarios in the healthcare delivery domain are being developed. The emphasis is on showcasing the automated, dynamic SLA-driven selection, monitoring and adjustment of third party provisioned services. The main objective of the use case is to evaluate the usefulness of SLAs where e-Government services are offered to citizens and enterprises. The perspectives of all parties are considered: the Citizen to whom the service must be supplied, the Government requiring the most efficient use resources, and the Service Supplier that may need the flexibility to engage third parties when appropriate.

3.1.5 OpenNebula

OpenNebula24 was first established as a research project back in 2005. Since its first public release of software in March 2008, it has evolved through Open-Source releases and now operates as an Open-Open-Source project. OpenNebula is the result of many years of research and development in efficient and scalable management of virtual machines on large-scale distributed infrastructures, in close collaboration with an active user community and the main players in Cloud Computing. Many of its features have been developed to address the requirements of business use cases from leading companies across multiple industries in the context of flagship international projects in Cloud Computing, such as RESERVOIR, StratusLab, BonFIRE, or 4CaaSt. Additionally, it is being used as reference open stack for Cloud Computing in several large research and infrastructure projects.

The OpenNebula technology has matured thanks to an active and engaged community of users and developers. Indeed, the OpenNebula software is downloaded several thousand times per month. Besides an exponential

(25)

growth in its number of users, different projects, research groups and companies have built new virtualization and Cloud components to complement and to enhance the functionality provided by this widely used Open-Source toolkit for Cloud Computing. These components build the OpenNebula ecosystem, in which related tools, extensions and plug-ins are available from and for the community. OpenNebula.org is a project now managed by C12G Labs.

3.1.6 RESERVOIR

The RESERVOIR project25 aimed to harness the power of virtualization and Grid technologies across administrative domains, and to provide a foundation for a cost-competitive service-based on-line economy, where resources and services are transparently and flexibly provisioned, managed like utilities. The project started in early 2008 and finished in the beginning of 2011.

The RESERVOIR project was intended to increase the competitiveness of the EU economy by introducing a powerful ICT infrastructure for the reliable and effective delivery of services as utilities. It aimed to support the emergence of Service-Oriented Computing as a new computing paradigm, where services are software components exposed through network-accessible, platform and language independent interfaces, which enable the composition of complex distributed applications out of loosely coupled components. This infrastructure was aimed to support the set-up and deployment of services on demand, and competitive costs, across disparate administrative domains, while assuring quality of service [5].

The results of RESERVOIR were utilized by one e-Government application that was particularly designed for the French public sector. This use case demonstrated how the RESERVOIR adaptive and flexible architecture is able to accommodate millions of users, while satisfying security requirements at the same time. Finally, the e-Government application showcased the benefits of the RESERVOIR Cloud federation approach, with respect to maintenance and flexible deployment tasks, which are critical and time-consuming for the public administration.

3.2 Commercial Solutions

This section outlines the current commercial solutions in Cloud Computing. For the benefit of this deliverable, commercial means the proprietary solutions available for European public administrations. It should also be noted that,

(26)

Open-Source is a viable commercial form of conducting business, and therefore Open-Source products have been included among proprietary solutions.

3.2.1 ownCloud

ownCloud26_{is a flexible, Open-Source solution for file synchronization and}

sharing. Whether using a mobile device, a workstation, or a web client, it provides the ability to put the right files at the user’s fingertips on any device in one simple-to-use, secure, private and controlled solution. ownCloud has been adopted by several businesses worldwide, while there is also a version for the needs of educational institutions that provides schools and universities access to an unstructured data proxy, on any device, wherever the data is stored. It can also serve as a file access proxy by connecting multiple storage locations into one common interface of the Cloud server. This provides one central, controllable, and auditable location for client access to any file on the server, with appropriate backup and redundancy.

3.2.2 Microsoft Windows Azure and other Cloud Offerings

Windows Azure27_{is provided by Microsoft, and enables quick solution}

building, deployment and managing of applications across a global network of Microsoft-managed datacenters. Users can build applications on any operating system, language or tool. Azure is a full enterprise solution that has already been used worldwide in public administrations. In point of fact, entities such as the Government of Catalonia with their IT infrastructure solution, and Rail Net Denmark, which has decided to develop a Cloud based information system, which shows how trains are running, are based on the Windows Azure solution.

Microsoft also offers Cloud-based office SaaS environment with their Office365 product. It is the Cloud version of Microsoft’s well-known office solution for enterprises and private users. All in all, Microsoft now offers both standard and Cloud based solutions for their customer to choose from.

3.2.3 Google

Besides the familiar GoogleDrive, Docs and Mail applications, Google28

provides a service called Google Cloud Platform that constitutes a scalable

26_{https://ownCloud.com}

27_{http://www.windowsazure.com} 28_{http://www.google.com/}

(27)

solution to the needs of businesses. The platform offers a mobile development environment, infrastructure and computing power through a Computing Engine, Cloud data storage services, big data analysis tools, database hosting, and many other services.

Currently, the Google Cloud services are used more by SMEs and bigger enterprises, but their solution is also valid for European-based projects and public administrations that have the possibility within their legislation to store or handle their data outside their borders. Arguably, one solution that provides promise is Google’s mapping tools that can be used in various ways ranging from finding the nearest bus stop to maintaining the workflow of repairs in the city. There are several solutions that use open data from cities and map that onto Google map service. This provides added value to both the maps and the public administration.

3.2.4 GovCloud

GovCloud29_{is a US service dedicated to providing a source of information,}

support and focused consultancy services for the Federal, State and Local Government, as well as for national agencies. Understanding where the Cloud can be leveraged to deliver services that address business needs is paramount. Organizations must understand ROI, security issues, architecture and integration with existing systems. With so many options from vendors and hosts, making the correct decisions early in the process is the key to avoiding costly mistakes and avoiding pitfalls.

GovCloud provides its customers with a source of information, support and services to help navigate through the many Cloud services options, and develop a Cloud strategy perfect for their organization’s needs. Furthermore, it offers help in assessing value of existing IT services and resources and in comparison with Cloud integration, RFP development for Cloud services/application procurement, migration planning and support, and security and architecture assistance. GovCloud also provides enterprise architecture, data center design, business process engineering, capacity planning, and hosting services to companies.

All in all, the European countries, and the European Union, could leverage GovCloud as a best-practice of how Cloud Computing can be promoted and fostered e.g. through a dedicated consultancy service provided by the governments.

(28)

3.3 Commercial vs. Research Project Cloud Solutions

Commercial solutions, proprietary or Open-Source, differ from the EU-funded projects or publicly run initiatives in the sense that these projects are maintained, run, directed and developed by a corporate entity. They can provide a great straight-out-of-the-box, one-size-fits-all solution, but herein lies also a threat. Can a public administration choose only the solutions it needs, or will the packaged solution of a business be suitable?

Most public administrations require similar software as businesses do: Customer Relations Manager, Document Management, Mailing, virtual meeting spaces, etc. Therefore, near all the aforementioned solutions can be applied also both to businesses and public administrations.

One thing worth iterating is also the transparency. The current day user is starting to be very aware of his/her electronic rights. We have witnessed accounts where proprietary software sends metadata about how it is used to a centralized location. In a public administration this black box method should ring alarm bells. A public administration, should it wish to conduct its business in a transparent manner, cannot be fully transparent in the sense of IT processes, if Open-Source solutions are not used. With Open-Source, the availability of source code to the user guarantees that no process is hidden and no unwanted information is sent to third parties without explicit approval by the end user.

4 Concluding Remarks

This section focuses on giving an overview of the general risks, challenges and benefits of Cloud Computing in both Open-Source and proprietary cases. The section finishes with a look into the existing gaps in the field. It should be noted that, as it was mentioned in Section 2, solutions to most of these gaps, mainly in interoperability, scalability and security are being worked on.

4.1 Risks and Challenges

While discussing the risks and challenges of Cloud technologies, we will adopt and expand categories defined by an aggregate study from the Goethe University Frankfurt [9], which lists and analyzes the findings of nearly 200 articles on Cloud service adoption. In the context of that study, the academics look at the current research and analyze the literature as such, so as to identify key enablers and inhibitors to Cloud service adoption that are divided to technological, economic, managerial, social and ecological categories. They discuss them as barriers, and do not go into too much detail in their

(29)

analysis. This division is also suitable for the purpose of this section, and it is so adopted as the overarching structure. The main categories are elaborated and discussed in the following paragraphs with current remarks, while they are further expanded to give a more accurate picture of the field.

4.1.1 Technological Risks

One of the most imperative technological barriers in Cloud adoption is the worry of data security. This refers to the protection of Cloud-stored data from unauthorized access, modification, disclosure or destruction. It has been noted many times that, Cloud solutions still suffer from an image of secure lapses. If an intruder penetrates a Cloud infrastructure, the security implications can be substantial. While conducting the background research for the purposes of this deliverable, the responses given by public administrations and healthcare stakeholders were short, with limited information on what solutions are in use. It can be deduced that, even the acknowledgement of a specific technological solution can in some cases lead to an increased risk of unauthorized access, as technological data to a particular solution can be obtained with relative ease. It should be noted that, data security is also a legal barrier, as policy requirements limit adoption. However, the problem’s nature remains to a large extent technological, as secure access must meet regulations and these solutions must be solved through the development of technology.

One key point is also data format flexibility, i.e. the ability to accept data ‘as-is’, handle any data format and map information without compatibility issues. The more efficiently one can send and receive data, the more likely one will be able to create a robust, secure method of exchanging, analyzing and presenting data. There is still a lack of standardization, also on interoperability, that aggravates this barrier.

Vendor lock-in is also a severe technical risk, as currently different Cloud service providers, much like in proprietary software in general, suffer from the lack of interoperability. The availability of alternative solutions is therefore limited, and in worst cases blocked, without significant initial investments in implementing, or switching, the solution. In many cases, changing SaaS provider might also require a change in IaaS and vice versa. This proves to be a large problem especially to smaller entities that may not have as many resources to spend.

4.1.2 Legal and Policy Risks

With respect to managerial barriers in Cloud adoption, three important aspects of privacy constitute the main challenge:

(30)

• Security holes and vulnerabilities of the service may compromise the

data stored. Data needs to be protected. In a Cloud infrastructure, if the

security measures of the service are penetrated, the possible implications for all data stored or handled in the solution are enormous. Therefore, in order for any Cloud solution to be adopted by public administrations, it must have a good track record as a secure product that benefits from regular and timely security updates. The reputation of the Cloud solution provider helps in this matter. Also with Open-Source solutions, the response from the Open-Open-Source community, if it is active, can expedite improvements and add on another layer of security as the community itself rigorously tests the solutions.

• The personal information and usage behavior of the user might be

monitored without user’s awareness. In several occasions, a software

product has gathered or sent data of its user, his/her habits in using the software and other data to the software provider. It is all done usually in the name of improving the software, but it does leave unanswered the question of what else can be sent, or is already deducted from the data. The answer to this concern is in our view the use of Open-Source solutions. As far as its users have access to the source code of the solution, there are no hidden processes, or black boxes that collect and send data forward without the user knowing.

• Worries of compliance with privacy law and especially cross border

data localization. In several European countries, the laws in place

prevent public administrations to store their data outside the physical borders of the country. This introduces limitations to the solutions available to public administrations: they must either use private Clouds, geographically localized Clouds, or hybrid Clouds, where the necessary parts are privately or regionally held and the rest of the services purchased from other vendors.

Other social barriers found in Cloud adoption include the possible poor reputation of the provider that leads to lack of trust in the vendor, the equality of fare sharing within the users of the same Cloud, and the fear of potential malicious users within the Cloud. Public administrations are often under more scrutiny than other potential Cloud users, mainly because of their public nature.

4.1.3 Financial Risks

Depending on the initial solution of Cloud chosen by the public administration, migration costs can be high. A private Cloud requires infrastructure. That

(31)

infrastructure can be leased, but at times, especially with possible sensitive data, the current preferred method is hosting the service on premise. To upgrade the current server solution so as to become capable of hosting the Cloud solution chosen can be costly.

The fear of potential hidden costs that force users to pay more than initially anticipated is another obstacle in wide Clouds adoption. In cases where there is need for further migration, old data structure is not compatible with the new system, or the service provider gets into financial trouble, potential additional costs are introduced that public administrations consider. The latter one is also a worry that creates large barriers of entry to new smaller Cloud service providers. The financial viability of the vendor is both a strong barrier to Cloud adoption, but also to entry of new service providers.

Also among the identified financial risks is the possibility of future rises in cost of service. What is there to guarantee that costs will remain the same? Will there be downward scalability should there be no more need for as much infrastructure or use, e.g. after an end of a large-scale project. Elasticity issues also affect financial decisions.

Such issues are addressed by projects like PaaSage, CELAR and Bigfoot, which aim to create metrics, auto-scaling processes and lower costs of infrastructure. Cloud Computing in general can reduce end-user costs, but entry to the field of IaaS providers has still a high barrier.

4.2 Benefits

Migrating to a Cloud solution can bring about several benefits to a public administration. In the following, the three topics of technological, financial and legal & policy benefits are discussed.

4.2.1 Technological Benefits

The most often stated technological benefits in Cloud Computing accrue from the inherent scalability of the Cloud model. Elasticity, scalability, infinite and on-demand provisioning of IT resources that is enabled through virtualization, standardization of data forms, and facilitation of interoperability ease migration and integration are among the key technological enablers. At the same time, customization and modularity have the potential to drive Cloud service adoption.

Like any other IT infrastructure administrators, Cloud service providers also invest on maintenance and upgrades of their Cloud infrastructure. In this way, the IT department of public administrations will be less burdened and more available to troubleshoot problems that may occur. Centralized maintenance

(32)

of the Cloud allows those freed resources to be put to better use than running software and firmware updates on each individual hardware.

4.2.2 Legal and Policy Benefits

From a social point of view, public administrations primarily focus on the reputation of the Cloud provider. Consuming the services of a trusted, renowned and credible Cloud provider definitely accelerates the adoption of its solution. Continuity and sustainability of the provider’s service is also a criterion for Cloud adoption. Furthermore, the ease of data sharing over Cloud can foster collaboration within and across the various users.

From a managerial point of view, the specific cost structure and the elasticity of Clouds are considered as primary benefits. From the consumer side, the financial management of a Cloud service can be as simple as a monthly payment that is easy to budget and quick to expand if needed. This increases also responsiveness in changing business requirements and a quicker time-to-market. Clouds allow the users to focus on their core competencies. The economic and managerial enablers are especially beneficial to SMEs and developing economies, but also to public administrations seeking to reduce their operational and management costs.

Additional policy benefits, which are also related to the environmental profile and consciousness of a state or country, come from energy efficiency. Cloud services are seen to provide a more environmentally sustainable model of computing as they reduce energy costs and optimize consumption. Many public administrations are looking for greener solutions to appeal to the worry from the public, and to reduce carbon footprint. By adopting Cloud Computing, public administrations can achieve carbon neutrality, and thereby better respond to the EU environmental policies that require cutting carbon emissions by 20% by the year 2020.

4.2.3 Financial Benefits

The potential for cost savings through diminished IT infrastructure constitutes the main financial benefit from using Cloud solutions. For instance, if a public administration chooses to go for an IaaS solution, they can save costs on space, hardware, and cooling needed to run a server room. Reduction in energy costs also mean benefits to green IT [15].

Also the aforementioned lessening of technological burden brings about savings in the IT department. Centralized maintenance of a Cloud solution diminishes the workload of the IT department and can help reduce costs that way.