Part I Sciencific achievements
1.1 The overall process taken by enterprises to manage the IaaS cloud services
for the approached task. The disadvantage that belong to the used method consists in the fact that, for large networks the design problem is time demanding. But, in recent years, the increasing computation power of computers makes this disadvantage lesser, so that it is possible to use stochastic algorithms effectively in many applications, such as this type of problems [R 165].
This approach can be continued by investigating other, more complex networks.
5 THE INTEGRATION OF CLOUD SERVICES INTO ORGANIZATIONS
1.1 The overall process taken by enterprises to manage the IaaS cloud services
In an IaaS cloud service, the Cloud Service Provider (CSP) supports the hardware related issues, whilst the software related issues should be identified by enterprises that want to migrate to cloud [R 130].
Cloud management is a subject approached by researchers in the community and this can be observed by the big number of third party cloud management providers (i.e.
RightScale, enStratus, IMOD Kaavo, CloudWatch, Scarl, Tapin, Cloudkick). Our study was motivated by the fact that cloud management is a fundamental support for all users of cloud services from the cloud marketplace [R 130].
Companies can choose from the wide range of cloud delivery services (i.e. SaaS, PaaS and IaaS), which can be deployed in all four deployment models (i.e. private, public, hybrid and community cloud). The selection of the cloud deployment model depends on the size of the organization and its IT (Information Technology) maturity level [R 130].
While Small and Medium Enterprises (SMEs) would rather prefer to outsource their applications within an external cloud provider, the large organizations first take into consideration the solution of having a private cloud and after that, they can decide to migrate their non-critical information (i.e. test and development) to public deployments [R 142] [R 130].
5.1.1 Data analysis step
Represents the initial step of the overall process taken by organizations to manage the migration to IaaS and it includes [R 130]:
1. the analysis of cloud migration opportunities, 2. the study of cloud adoption barriers and
3. the examination of current infrastructure used by the organization.
In this process, businesses need to consider both risk and reward assessment, and involve an analysis of the costs of implementing cloud services [R 130].
220.127.116.11 Cloud rewards analysis
According to National Institute of Standards and Technology (NIST), the Cloud concept is defined by the five main characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service [R 70] (Figure 2), which constitutes the technical benefits [R 130].
Another cloud opportunity that enterprises should identify is the financial benefit [R 117].
The reduction of capability’s expenses is directed by the resource pooling cloud characteristic, in collaboration with the elasticity capability of cloud providers, which optimize the cost usages. [R 115] considers a case study which calculates the system infrastructure costs involved over five year period for a company that maintain and provides IT solutions for the Oil & Gas industry and demonstrates that the costs of utilizing Amazon EC2 cloud service are smaller than the costs of utilizing the traditional IT system and the company has the advantage of rapid elasticity feature of cloud and the enterprise’s in-house hosting costs are minimizing as well (e.g. electricity, cooling, off-site tape archiving) [R 130].
18.104.22.168 Cloud risks analysis
For the migration process, an important step is to identity the cloud adoption risks and to consider how to manage the cloud adoption barriers. Thus, the major concerns of enterprises are the security risks implied by the act of embedding their resources within the cloud computing environment [R 135] [R 130].
Migration and integration phases of existing enterprise application within the IaaS cloud services, should be deployed following a business migration plan, respectively a business disruption plan for the case that the migration process is causing the disruption of the business flow [R 130].
Therefore, the implementing of the business migration involves the cooperation of all business managers, IT managers and IT vendors to implement the business migration, respectively the business disruption plans [R 130].
Disaster recovery solves handling the detection and prevention of possible incidents and provides a Business Continuity Planning (BCP) which enhances the future growth of enterprises [R 35] But the core mechanism to protect resources is considered the encryption and key management usage in cloud computing (i.e. data in transit over networks, data at rest and data on backup media). All these measures are not sufficient for securing the cloud services and Identity and Access Management (IAM) must also be considered, which secures the user identity of cloud computing services [R 180] [R 130].
Also, besides security, data governance plays significant risk awareness for several enterprises sectors: financial services companies, energy and utilities, retail and wholesale industries and manufacturing. Data governance, for the migrating process, should comply with the specific enterprise’s regulatory requirements (e.g. physical location of data, data breach, personal data privacy, data destruction, intellectual property, information ownership, law enforcement access, service availability) [R 39].
Important to note that, for the health and financial sectors there are many regulatory restriction related with the moving of their data to cloud [R 116] [R 115]. [R 35]
recommends the ISO/IEC 27001/ 27002 [R 97] [R 98] certifications for certifying the information security management systems of providers, respectively the SAS 70 Type II for providing a reference for auditors [R 130].
For a successful migration process, the employees should be prepared to deal with the cloud services. Thus, organizational issues are another challenge that businesses should face [R 86], Organizations will need to settle the type of training activity: internal (i.e. by training their personal to use the cloud services) or external (i.e. by receiving temporarily or permanent external services) [R 39]. Thus, specific training should be realized in this area and in this way the employees will be aware about the changes produced by cloud transition and it will reduce their fake understanding of losing their jobs [R 184]. At the level of IT departments, only hardware and network support employees will be affected by job cuts [R 115] [R 203] Consequently, the technical role of support engineers is turning to reporting issues and the satisfaction of sales and marketing roles; the satisfaction of customer care depends on cloud-based services [R 117] [R 130].
22.214.171.124 Assets examination
This step is required to prepare the migration process to an IaaS service compatible with the current infrastructure of the enterprise [R 24] [R 202]; it supposes an examination of current infrastructure used by the organization, which is useful because enterprises should know what type of bit architecture (i.e. 32 or 64 bit) they have, their hardware infrastructure and their operating systems (OSs), where are deployed their application. The business applications should also be investigated in this step [R 130].
5.1.2 Decision making step
After the choose of the cloud delivery service type and the cloud deployment model, the decision-making step implies the following decisions: what information should be
moved into cloud and who will access the information, what Cloud Service Provider (CSP) the organization will choose and how the organization will manage the cloud services. We assumed that the selection was made for: IaaS and the public cloud [R 130].
126.96.36.199 Choosing information
Based on the cooperation between the IT department and compliance department, enterprises should decide what information should be moved into cloud. They should establish a selection criteria of data and application preferred to migrate to cloud services, in order to assure confidentiality, integrity and availability requirements for the assets, based on the infrastructure examination and the cloud risks analysis [R 35]
[R 39] [R 130].
188.8.131.52 Define service requirements
The enterprise should define service requirements for IaaS, based on the current infrastructure, on the applications used by the company, and on the information that should be moved into cloud [R 202] [R 130].
184.108.40.206 Choosing CSP
For choosing CSP, we proposed to use the first two criteria of selection presented in the report: Enterprise Management Application Report, provided by [R 32]: cost efficiency and product strengths and instead of all vendor strengths elements (vision, strategy, financial strength, research development and market credibility of vendors), only the market credibility feature of the vendor to be evaluated.
Therefore, our suggestion is to apply our above-mentioned factors: cost efficiency, product strengths and market credibility, that will also be used for evaluating the CSP.
(Figure 54) [R 130]:
Figure 54 Choosing CSP [R 130]
1. Cost efficiency is a decisive factor for choosing the CSP. This factor has two elements: the cost advantage and the deployment & administration. In terms of cost advantage, the modelling tool (from www.shopforcloud.com) described by [R 117]
could help the costumers to deploy a cloud model by choosing the deployment elements (i.e. server, storage and databases) from a variety list of cloud providers (i.e. Amazon Web Services, Microsoft Azure, Rackspace). This modelling tool, a free web interface, can be used to deploy the specified requirements (already defined) and it produces a cost report based on selection of its computational resource usage patterns. It is helpful for comparing the pricing schemes around cloud providers. However, it calculates only the costs involved in the deployment of a system based infrastructure, where it can be added additional costs (e.g. 3rd party plugin to monitor costs – Cloudability.com, 3rd party platform to manage cloud resources – RightScale cloud Management). Furthermore, additional costs may also include license costs, training/consulting services costs, expenditure of time consuming for employees who migrate to cloud services etc [R 202]. However,
another decisive factor which proves the cost efficiency is the deployment and administration analysis (i.e. ease of deployment, support and services, ease of administration) [R 130].
2. Product strength analysis provides information about the architecture and integration features, and about the functionality of CSP [R 130].
3. Market credibility, based on the analyse of the CSP reputation on the market, strengthens the enterprise’s decision about choosing the CSP [R 130].
220.127.116.11 Choosing management tools
Cloud management is a hot subject approached by researchers in the cloud community, proved by the big number of third-party cloud management providers (i.e.
RightScale, enStratus, IMOD Kaavo, CloudWatch, Scalr, Tapin, Cloudkick), who offer third-party cloud management tools, which are commercial versions, used in special by organizations that want to manage their cloud infrastructure. Enterprises should select one of these commercial versions [R 130]. For choosing the management tools, we proposed to use the first two criteria of selection presented in the report provided by [R 32]: cost efficiency and product strengths and instead of all vendor strengths elements only the market credibility feature of the vendor to be evaluated:
• The cost efficiency evaluation should include the following objectives: cost advantage and deployment & administration analysis. While the cost advantage is determined by the price, the licensing and maintenance costs of the management tool, the implementation and management analyses are made to demonstrate the ease of implementation (i.e. time to deploy, packaging requirements, staff training, disruption minimization), a high vendor’s customer support and the ease of administration (i.e. ongoing administration, update process, testing/migration) [R 130].
• The investigation of product strengths undertakes an analysis of the categories of architecture and integration, respectively an analysis of their functionality [R 130].
• The vendor’s market credibility feature will review the reputation of the cloud market vendors in order to improve the decision after evaluating the cost effectiveness and product potential [R 130].
5.1.3 Migration step
Migration step is the effective moving stage of enterprise’s assets into cloud services.
This step includes 2 activities: developing the Service Level Agreement (SLA) and the Cloud Implementation [R 130].
18.104.22.168 Developing SLA
The Service Level Agreement (SLA) is a document that should be compulsory done between the cloud provider and the customer, to obtain and to maintain a clear aspect over the rights and the responsibilities of each party. It is relevant for avoiding conflict that could occur during the contract, because it should specify a wide range of issues and the remedies and warranties of them [R 110] [R 130].
Figure 55 presents the content of a typical service level agreement proposed in [R 110].
Figure 55 Typical Service Level Agreement CONTENT [R 130]
Definition of Services
Is the part of the SLA document, where the services are defined and described using detailed information, for creating a good understanding of exactly what is being delivered [R 130].
Should contain aspects of monitoring and measuring the service performance (Including benchmarks, targets and metrics in the requirements of SLA). The both parties of the agreement should be involved in monitoring the performance of the services. A well-done agreement is a guaranty of a reliable management [R 130].
Regards the methods for preventing and combating the incidents [R 110] [R 130].
The Customer Duties and Responsibilities
This part regards the obligations of the cloud’s customers [R 130].
Warranties and Remedies
While the customers have responsibilities also the provider of cloud should have warranties and remedies [R 110]. In the SLA each party plays its role and have its own responsibility [R 130].
SLA should provide security features, creating control access to the information established by the customers and including the client’s security policies and procedures that must be performed by suppliers [R 130].
Disaster Recovery and Business Continuity
Beside the security feature, both parties should include in the agreement document a disaster recovery and business continuity feature. If an unplanned disaster happens, the customer should have the guaranty of safeguarding the data and the cloud provider should thing to keep its clients, by assuring the disaster recovery plan [R 110] [R 39]
Is the final chapter of the SLA, and should have the following topics: termination at end of initial term; termination for convenience; termination for cause and payments on termination [R 110] [R 130].
22.214.171.124 Cloud Implementation
Consists in effectively realizing the effective migration of the enterprise’s information to the cloud service. The system’s deployment will be done using the CSP capabilities
and the system requirements previously defined (i.e. phase 2 of decision making step), by migrating the information (i.e. phase 1 of decision making step) to the cloud service [R 130].
5.1.4 Management step
After migrating to cloud services, enterprises must manage the deployed cloud. It can be done by using two management functions: business and operational. The Business management function, also called administrative group by [R 47] guarantees business supports for: customer management, contract management, inventory management, accounting and billing, pricing and ratings, metering and SLA management [R 46] [R 91].
The operational management function or resource management group (in [R 47]), is handling the provisioning/configuration operations and portability/interoperability operations [R 91] [R 46] [R 130].
Other related works together with a comparative analyze related to our work, are detailed presented in [R 130].
This section may be used as a guide for improving the efficiency, quality and capacity management of enterprises to move their data and applications into cloud. Furthermore, a well-done migration process to cloud services decreases the enterprise’s expenditure for decision making as regards transition into cloud.
The holistic migration process presented is only a qualitative research, which doesn’t provide a case study for evaluating the described process. However, this will be part of our future work.