- Service Levels: This characteristic is essential as the Public Authorities in most cases have strict needs regarding availability, response time, capacity and support. Cloud Service Level Agreements (CSLA) are an essential element to choose the right provider and establish a clear contractual relationship between a cloud service customer and a cloud service provider of a cloud service.
- Support: The support is a parameter to consider carefully. It could be offered online or through a call centre, and in some cases, it could be necessary to refer to a dedicated resource with precise timing constraints.
- Security: As already mentioned security is paramount. Although normally, the potential supplier should follow recognised security policies in line with industry best practice, Public Authorities have to formulate a number of relevant questions (i.e. what is the security level offered by the providers? which mechanisms are in place to preserve client’s applications and data? Etc.) to evaluate this essential feature for the overall architecture.
- Privacy: Particular attention has to be reserved to legal requirements for the protection of the personal data hosted in the cloud service. Public Authorities should understand the data privacy and retention policies too, as well as where the CSP’s data will be located, including any transborder data transfer, if applicable.
- Open Standards: In order to avoid getting locked-in to cloud infrastructure that has restrictive contracts or proprietorial technologies (technologies that are unique to the particular supplier), Public Authorities should prefer solutions that are implemented with fully open source technologies and open cloud standards. These technologies have an elegant escape hatch built into them by their design. Public Authorities can take the entire stack and host it on another CSP or in their premises without losing productivity or data. This backup plan protects them against legislative changes, company restructuring, and much more.
- Compatibility: The requirement of the cloudified applications have to fit into the CSP’s existing pre-configured templates and may increase the cost of configuration. Moreover, the CSP’s architecture should meet scalability, availability, capacity and performance guarantees and should be sufficient for agency requirements.
- Pricing: Although most cloud providers use the aforementioned “Pay per Use” model, each CSP has a different price system. Understanding how you pay for each service is essential for a meaningful comparison. Moreover, additional costs can still arise, for example through the use of extra features. Terms of the contract, payment methods, and payment dates can be deciding factors as well.
- Redundancy: The provision of duplicate or backup equipment that takes over the function of equipment that fails should be discussed at an early stage. The redundancy process and timeframe have to meet the agency’s requirements and especially its obligations to the citizens Thus, adequate backup procedures and robust disaster recovery plans must be incorporated into the cloud offering.
- Easy to use administration environment. Make sure your potential provider has a user-friendly client portal. It should allow you to conduct admin tasks or add storage space or services quickly. Ask for a demonstration before you choose one CSP over another.
Most of the considerations mentioned above have already be analysed in separate sections of this document. Given this, we will put more emphasis into the evaluation of two essential elements: Cloud Service Level Agreements and pricing.
Regarding the CSLAs, a prescriptive series of steps should be taken by Public Authorities to evaluate them when comparing multiple cloud providers. [[iv]]:
- Understand roles and responsibilities
- Evaluate business level policies
- Understand service and deployment model differences
- Identify critical performance objectives
- Evaluate security and privacy requirements
- Identify service management requirements
- Prepare for service failure management
- Understand the disaster recovery plan
- Develop an effective governance process
- Understand the exit process
Regarding pricing, Public Authorities should validate the cost model against the CSP’s pricing considering the following [[v]]:
- Assure pricing is transparent, e.g. subscription or pay-as-you-go pricing, upgrades, maintenance and exit costs
- Costs for unexpected peaks in demand
- Require service price for upgrade and maintenance fees appropriate to the services being procured, some upgrades may be automatic and included in the service
- Confirm the cost model is suitable and allows for scaling and changes to service
- Look for commitment requirements, such as minimum use
- Confirm setup, training and integration fees
- Request references to clarify ongoing cost of service
The STORM CLOUDS approach
STORM CLOUDS Platform is based on OpenStack. There are OpenStack-powered public clouds all over the world. The OpenStack Foundation maintains a Marketplace to help Public Authorities make an informed decision. The essential OpenStack details of each provider, like which components are included, the versions used, and the APIs exposed, are presented. The Foundation also implemented interoperability testing to validate OpenStack-Powered products, and the results are now available in the Marketplace for public clouds, hosted private clouds, distributions & appliances.
The following map presents the locations of the OpenStack Cloud Providers across Europe. In most cases in each location there are more than one Cloud Providers.
The OpenStack Marketplace is available at: https://www.openstack.org/marketplace/
Hewlett Packard Enterprise (HPE), the STORM CLOUDS partner responsible for the SCP, select Enter SLR (http://www.entercloudsuite.com/) as the project’s Cloud Service Provider. The company offers Public Cloud IaaS built using the OpenStack. Enter’s infrastructure is multi-region: you can deploy resources in Italy (Milan), Germany (Frankfurt) and Netherlands (Amsterdam). The three locations are interconnected with a proprietary optical ring, which guarantees the lowest possible latency.
The company has an easy to understand pricing policy (https://goo.gl/ddfwRt) and offers a monthly calculator (https://goo.gl/lE8fsi) that allows Public Authorities to evaluate different hosting options. Using this calculator, the STORM CLOUDS partners have estimated the cost of operating the SCP alternative architectures.
HPE is also leading the Cloud28+ initiative, which started as the project was underway. Cloud28+ (http://www.cloud28plus.eu/) is an open community of Cloud Service Providers, Cloud Resellers, ISVs, Systems Integrators and government entities dedicated to accelerating enterprise cloud adoption across Europe, the Middle East and Africa. Cloud28+ maintain a catalogue of trusted, business cloud services that matches in-country or cross-border buyer and regulatory workload requirements. The initiative offers the following benefits to the Public Authorities: [[vi]]
- Find the right cloud service for your needs based on location of datacentres, price, SLA, certification level, or other workload criteria
- Enable your business to transform to fast, agile Hybrid IT
- Access the largest cloud services community and software developer network in the EU
- Learn about best practices and implementation success stories
- Maintain data sovereignty and feel secure with trusted certification
- Avoid proprietary technology lock-in, thanks to an open source service provider community
European Public Authorities can use the Cloud28+’ Catalogue [[vii]] to find public and private cloud services providers, software products, and system integrators across Europe.
 The Cloud28+ initiative is not affiliated with the STORM CLOUDS project.
[i] IDG Enterprise, 2014, Best practices for moving workloads to the cloud, viewed June 5, 2016, <https://goo.gl/D21nMS>
[ii] OpenSource.com, 2013, Do cloud right: Four critical steps to selecting the provider for you, viewed June 5, 2016, <https://goo.gl/bwVJdY>
[iii] IT Lab, 2013, Cloud Migration Guide, viewed June 5, 2016, <https://goo.gl/u8YRjW >
[iv] Cloud Standards Customer Council, 2015, Practical Guide to Cloud Service Agreements, Version 2.0, viewed June 5, 2016, <https://goo.gl/82BhCE>
[v] Australian Government, 2012, A Guide to Implementing Cloud Services
[vi] Cloud28+ Europe’s Cloud of Clouds, viewed June 5, 2016, <http://www.cloud28plus.eu/>
[vii] Cloud28+ Catalogue, viewed June 5, 2016, <https://member.cloud28plus.eu/catalogue>