Preparing for Pan-European Cloud and Application Services Are you ready? GN4-1 Symposium March 8, 2016 GN4-1, SA7 team
Networks 路 Services 路 People www.geant.org
A new phase for our joint efforts on clouds and application services: NRENs can deliver & community can adopt
AGENDA topics How do we collaborate on cloud service delivery Which services are -available -incoming
Are you ready? How can SA7 support & facilitate?
How can NRENs deliver these services (adoption)?
INTRODUCTION approach and overall status
Networks 路 Services 路 People www.geant.org
3
Community demand for cloud But organisational, technical and financial structures in Research and Education institutions often don't map on the way cloud providers offer their services
GET IN Assure data is handled safely and meets European and national regulations Acquire and use services through the institutions’ structures: • Affordable and predictable cost and purchasing models (prevent bill shock) • Limit network traffic costs and provide network integration • Log in with institutional account GET OUT Be able to move data (to another provider)
Networks · Services · People www.geant.org
4
GÉANT DOES NOT BUILD OR OPERATE A CLOUD INFRASTRUCTURE OTHERS DO, R&E PROJECTS & INSTITUTIONS, NRENs COMMERCIAL PROVIDERS
GÉANT is a service delivery gateway for those providers
5
Support joint NREN efforts, to enable and facilitate the European Research and Education community to use online services on a large scale, with the right conditions; services that are safe and easy to use, accessible, affordable and interoperable.
Cloud strategy guide and skill development for NRENs Foundation Brings a joint organisational approach to transition to the cloud distribution model NREN cloud involvement
PRODUCT
MARKET
Requirements Questionnaires
Not involved with clouds 31% Involved with clouds 69%
GÉANT compendium 2015 data (draft) from NRENs in and outside of Europe
Strategy
Catalogue
Adoption
Standards Delivery>models Communication
Business 7
Service delivery IN-HOUSE CLOUDS
OUTSOURCED CLOUDS
NRENs as trusted advisors, brokers and providers - we have the reach NRENs and GÉANT connect demand and supply Providers with right capabilities Bring choice to the research and education community Hybrid: make & buy, community clouds and public clouds (commercial) 8
Our collaborative approach 1.
NRENs use ‘one voice’, GÉANT, towards providers (both commercial and from community) resulting in agreements and connections to our infrastructure
2.
for NRENs to adopt and deliver locally,
3.
to institutions, for consumption 2
3
INSTITUTE Y
1
GÉANT
PAN-EUROPEAN LEVEL
INSTITUTE Z
NATIONAL LEVEL
9
Our collaborative approach • NRENs deliver to institutions. NRENs are the visible ‘brands’ in their respective countries. • GÉANT supports the NRENs to be successful, with an underlying delivery framework Building blocks for the NRENs to use.
Networks · Services · People www.geant.org
10
USER NEEDS TERMS & CONDITIONS BROKERAGE & PROCUREMENT CLOUD MANAGEMENT & BILLING ADOPTION
FEDERATED IDENTITY MANAGEMENT & SINGLE SIGN-ON
NETWORK PEERINGS Networks 路 Services 路 People www.geant.org
Meeting user needs Cloud collaboration areas
COLLABORATION SUITES
REALTIME COMMUNICATION From May 2016 onwards
FILE STORAGE AND SYNC
INFRASTRUCTURE AS A SERVICE
E-learning and education services
12
NRENs and clouds
GÉANT compendium 2015 data (draft) from NRENs in and outside of Europe
Most popular service types
Number of NRENs working in these areas 50 40 30
39
20
19
10
17
0 Infrastructure as a Service
File storage and backup Software as a Service, collaboration services and video conferencing
Most popular providers as mentioned by NRENs (in alphabetical order) - Amazon Web Services - BOX - Google Apps - Microsoft Azure - Microsoft Office 365 - OwnCloud
Suppliers Several suppliers are explicitly mentioned by NRENs; that they either have an agreement with this provider or are interested in establishing an agreement. The vast majority is the latter, NRENs seeking a 13
GÉANT Cloud Catalogue Foundation
Cloud Suppliers in the Catalogue
C O D E 42
Capable providers, willing to work with us, NRENs and GÉANT 16 providers, 28 services
A growing resource for the research and education community, with a structured listing of service providers and cloud services. It provides a quick and easy guide to clarify the capabilities of providers and helps in the procurement of cloud services. https://catalogue.clouds.geant.net
14
Fed. IdM connections Network connections Link providers and community
Amazon Microsoft
Educational / preferential pricing For use below tender thresholds
OwnCloud Zettabox BOX
Framework agreements Results of a pan-European tender, tender compliant
IaaS tender 15
Data and risk classification for cloud services
Networks 路 Services 路 People www.geant.org
16
Risk classification for sourcing decisions Example
LOW RISK
MEDIUM RISK
HIGH RISK
Data for public use
Personally Identifiable data Data is not generally available to the public
Sensitive (Personally Identifiable) data
Loss of confidentiality, integrity, or availability of the Loss of of the data or system data or system has no could have a mildly adverse significant impact impact
Networks 路 Services 路 People www.geant.org
Loss of the data or system could have a significant adverse impact on our mission, safety, finances or reputation.
17
Public cloud
Community cloud
Own location
+
-
-
High upfront investment
++
+
-
Large variable capacity / use
++
+
-
+ -
+ + -
+ +
Commodity solution
High availability Domain specific Institution specific Location dependent
This aspect determines what kind of data are processed by a cloud service and if data leakage, loss and unauthorized modification has a negative impact. Does the data considered contains ... ... Personal identifiable data (e.g. customer data, employee data like name, mail, accounting data, disciplinary matters, qualifcations, ...) ... Sensitive personal identifiable data (e.g. physical or mental health data, ethnic, racial, political, ...) ... Data related to corporate secret e.g. formulas, procedure descriptions, ... ... Data related to basic research ... Data related to general research, e.g. common projects with external partners e.g. military, health, human sciences, telecommunication sector? ... Finance data (e.g. budget planning, accounting reports, ...) ... Medical data? ... Public data only? ... Historical data?
This aspect determines if the data processed by a cloud service is associated with legal, regulatory or contractual requirements?
The data considered is directly associated with legal requirements in the case of data los or unauthorized data modification? ... Data protection laws are associated with (e.g. personal identifiable data) ... ... The data considered contains information which are associated with export control restrictions? Storage of the data concerned is restricted by national or European legislation, e.g. storage is allowed in the European Union area, ...? If L3 is answered "Yes": In which areas, countries the storage will be allowed?
The data considered contains information which are controlled by contractual agreements, e.g. supplier contract, end user agreements? If L4 answered "Yes": How do you estimate the impact in case of (partly) data loss? If L4 anwered "Yes": How do you estimate the impact in case of (partly) unauthorized dat modification? If L4 answered "Yes": How do you estimate the impact in case of (partly) limited availability?
This aspect determines if the data processed by a cloud service provider is unique, i.e. it can't be collected identically a second time (e.g. results of a survey). The data considered is unique, i.e. primary data. In the case of data loss it can't be recollected identically? Secondary data is collected either by a third party (you can use a copy of this data) or data can be re-collected identically by yourself? 19
This aspect determines if the data processed by a cloud service are associated with a mission-critical business-process Does the data considered support mission-critical business processes of your organization, i.e. data leakage, loss, unauthorized modification have a significant impact? This aspect adresses how the data will be processed by the cloud service. Usually the data will be processed automated / script-based. Data considered is processed in real-time? So the maximum down-time of the service must not exceed x seconds/minutes? Data considered is processed in fixed intervals (e.g. daily, monthly, quarterly) and on fixed dates (e.g. 3:00 am, first Tuesday each month, last working day each quarter) Data considered is processed regularily but not in fixed intervals? Data considered is stored on the cloud service storage components ... ... Permanently ... Lifetime-related ... nn days/weeks/months/years ... Only short term, i.e. will be deleted after successful processing
20
FILE STORAGE
ONLINE COLLABORATION
Networks 路 Services 路 People www.geant.org
21
ownCloud • Open Source file sync and share provider • Popular choice for on-premises online file storage • GÉANT negotiated favoured pricing for members • Numerous NRENs incorporate ownCloud into the services offered to their members and users • OpenCloudMesh: allow file sharing between different ownCloud installations; to-date 14 organisations have signed up to participate • Federated cloud sharing aims at an interconnected mesh of research clouds
http://owncloud.org https://owncloud.com/lp/opencloudmesh/ Networks · Services · People www.geant.org
22
File storage (sync & share) SA7 is discussing educational pricing and conditions with four file storage providers: • • • •
BOX Code42 (CrashPlan) Dropbox Zettabox
C O D E 42
All of these providers are listed in the GÉANT Cloud Catalogue.
Networks · Services · People www.geant.org
23
BOX Use in GÉANT GN4 project Trials for NRENs
Networks · Services · People www.geant.org
24
Zettabox Online file storage In Europe Connected to eduGAIN Educational offer Testdrive?
Networks 路 Services 路 People www.geant.org
25
WEB CONFERENCING RENDEZ-VOUS and WebRTC
Networks 路 Services 路 People www.geant.org
26
Rendez-Vous • Multi-party video conferencing developed by RENATER • Powered by jitsi.org • Simple to use • No plugins or downloads (uses WebRTC) • Open Source • Very resource efficient (thousands of conferences on single server) • Deploy video bridges on the GEANT network • Orchestrate updates • Deploy monitoring and discovery services http://rendez-vous.renater.fr Networks · Services · People www.geant.org
27
IaaS tender & community cloud
Networks 路 Services 路 People www.geant.org
28
~okeanos • Computing and Storage IaaS • Developed by GRNET, 100% Open Source • Compatible with OpenStack • Aim: Simplicity and Getting Things Done • In production for several years • Also adopted outside GRNET in Europe, US, Asia, … • Integrated with eduGAIN • Making ~okeanos available to GN4 project http://okeanos-global.grnet.gr Networks · Services · People www.geant.org
29
OpenStack • Most popular Open Source cloud software and API • Several NRENs are interested in offering cloud services using OpenStack • A group shares knowledge and experiences • OSO: OpenStack Operators • Mailing list and bi-weekly chats
http://www.openstack.org
Networks · Services · People www.geant.org
30
Joint NREN IaaS tender in GÉANT Why, together? • IaaS in high demand by community • NRENs can provide value in providing access to those services: service delivery role Safe and secure use Remove data egress charges Federated IdM support Aggregation of demand for higher discounts, cost predictability and buying process compatible with R&E • Provide choice (not a winner takes all approach) • • • •
31
• Numerous IaaS providers in Cloud Catalogue. Good relationship, providers aware of community needs and willing to deliver suitable solutions. • Strong market interest to date > 30 providers
• Substantial cost savings; one procurement, instead of ….. potentially thousands • Complex - assemble specialists from NRENs in GÉANT SA7 team • Innovative; new EC directives 32
IaaS tender Legal basis for joint NREN procurement activity EC Procurement Directive (2014/24/EU)
New Directive sets out key provisions; key to the success of the planned GEANT IaaS tender and Frameworks: • Framework Agreement use • Cross-border procurements • Centralised Purchasing Bodies
Member State Procurement Legislation To be implemented by Member States no later than 18th April 16
Networks · Services · People www.geant.org
33
Timeline of the GÉANT IaaS tender
September 2015
April 2016
July 2016
Start of market engagement
Tender issued
Contracts awarded
Sep
Oct
Nov
Dec
Jan
Feb
Mar
GN4-1
Networks · Services · People www.geant.org
Apr
May
Jun
Jul
Aug
GN4-2
January 2016
May 2016
Ramp up of NREN engagement
Final bids 34
Tender NRENs: join before April 1st 2016 Publish: April 19th 2016 GÉANT will award multiple 4 year frameworks to all providers which meet requirements No obligation for NRENs or connected institutions to buy
SA7 invites all NRENs to participate
Networks · Services · People www.geant.org
PAN-EUROPEAN LEVEL GÉANT runs the tender and establishes framework agreements with suitable IaaS providers. The tender does not have a ‘winner takes all’ approach, but instead, involves framework agreements with all IaaS providers who qualify as a result of this tender. This will allow NRENs and their connected institutions the flexibility to choose the services that best fit NRENs’ needs and the needs of their users.
NATIONAL LEVEL NRENs adopt the frameworks and act in one of the following roles:
Commission / cost recovery fee for the NRENs
Referrer
Reseller
Underwriter
An NREN will act as intermediary by making the Framework Agreements available in its respective country and facilitating connected institutions to buy from Providers. (Direct delivery model)
Expanding the Referrer role, an NREN is also involved in the contracting and billing of (some of) its Institutions’ service orders.
An NREN makes purchases from Providers (on behalf of its connected institutions) and distributes the acquired resources across its community (institutions and end-users).
Institutions consume the service facilitated by their NREN, without the need to run a tender themselves. Depending on the role of their NREN (referrer, reseller, underwriter) an institution can, at its discretion: Directly procure and use Procure and use the IaaS Use the IaaS services the IaaS services from the services through its NREN. made available through its Providers NREN Run a mini competition amongst all capable providers granted a framework agreement, in accordance with the instructions in the framework agreement.
NRENs, next steps • Discuss and seize the opportunities. • Face-to-face meeting • Cloud workshops
http://services.geant.net/clouds/Activities/Pages/IaaS-delivery-and-adoption.aspx Networks · Services · People www.geant.org
39
NETWORK cloud connections
Networks 路 Services 路 People www.geant.org
40
Network connections with cloud providers By establishing physical network connections with cloud service providers, GÉANT and the NRENs: • deliver a high quality service in terms of performance, security and end-to-end service assurance. • make it possible to minimize or remove the data transport related costs, which cloud providers currently charge our community.
These data ingress and egress charges are a barrier to the adoption of cloud services by institutions. By directly peering, no commercial network routes need to be used, removing the need for providers to charge transport costs. The GÉANT Board approved the launch of the GÉANT cloud service peering ‘opt in’ trial. Networks · Services · People www.geant.org
41
On March 1st Amazon Web Services made an important announcement Amazon is waiving data egress charges on cloud services for research and education users. This is the result of extensive discussions between Amazon, SA7 and Jisc.
“Microsoft Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a dedicated private connection facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and CRM Online” Significant interest in these connections from the community. Currently implemented through commercial third parties …. Expensive Outside of NREN domain SA7 is working with Microsoft to have GÉANT become such a connectivity provider thus removing the third party cost component and allowing NRENs who want to, to offer this service to their institutions
Physical network connection Implementation and operation
Redundant connection 1 At Telecity, Amsterdam
Redundant connection 2 At Harbour Exchange, London
CLOUD MANAGEMENT portals
Networks 路 Services 路 People www.geant.org
45
Cloud management (portals) • Many NRENs have adopted a hybrid cloud strategy, offering a mix of community cloud (built and operated within R&E) and commercial (public cloud) offerings. • These services have different interfaces, pricing models, reporting and billing mechanisms. A new layer is required to abstract the underlying complexity and to manage these different systems and resources. • SA7 facilitates joint efforts by the NRENs in this area
Networks · Services · People www.geant.org
46
CLOUD ADOPTION
opportunities for the NRENs
Networks 路 Services 路 People www.geant.org
47
DELIVERY GATEWAY
EMPOWER The R&E community to share, deliver and adopt cloud services, with the right conditions of use FACILITATE The shift from traditional software distribution model to cloud delivery model
Networks 路 Services 路 People www.geant.org
Highlights • Cloud Questionnaire – R&E Community • Inter-NREN Service Delivery Business Model – Requirements & Capabilities • Cloud Showcases • Cloud Adoption Pilots
Networks · Services · People www.geant.org
Cloud Questionnaire – Goals
• How institutions perceive cloud services • Which cloud components institutions currently have in place • What cloud services or components are being planned • Gauge user needs and “wish lists” • The roles NRENs play in the minds of NREN customers/ institutions
https://intranet.geant.org/gn4/1/Activities/SA7/Shared%20Documents/SA7T3-InternalMilestone_R-and-E-Community-Cloud-Survey-December%202015.pdf
Networks · Services · People www.geant.org
Cloud Questionnaire – Outcome • Both the NRENs and institutions responded the relevance of cloud services for them as high. • The appeal of cloud services are their flexibility, scalability and ease of use. • Primary obstacles to deployment: Lack of funding and personnel shortages • On the demand side, users and decision makers are in fact looking toward NRENs for cloud solutions, especially in the area of network and storage services • Institutions and/or NRENs are willing to share components • Expect rise in the percentage of cloud software services used, though several “heavy” users expect it to remain steady. • Attractive services for the R&E community (in addition to those identified earlier): • • • • •
IaaS E-learning Tools for file sharing, Storage backup disaster recovery - new Web hosting - new
• Concern still exists in the realm of security and privacy, reliability and location. • Preference for NREN-centric cloud collaboration
Inter-NREN Service Delivery Business Model – Requirements & Capabilities • Research focused on the NRENs: • Most active in offering the cloud services to the local users • Available for interview within given timeframe. • Included Jisc, HEAnet, UNINETT, CESNET and SURFnet.
• Analysed requirements and capabilities of NRENs to understand opportunities and challenges of inter-NREN service delivery business model.
Networks · Services · People www.geant.org
Inter-NREN Service Delivery Business Model – Requirements & Capabilities
• Readiness and willingness for collaboration • Services provided to other NRENs • Obstacles • Awareness and communication • Execution and strategy • Organisational issues • Legal issues • Data privacy • International contracting • Procurement and tax related issues • Contractual and political issues Networks · Services · People www.geant.org
https://intranet.geant.org/gn4/1/Activities/SA7/Shared%20Documents /SA7T3-Internal-Milestone_Inter-NREN-services-delivery.pdf
Cloud Showcases • Following showcases are organised in collaboration with NA1 T7: • • • • •
Cloud Opportunities Cloud Operation Cloud Implementation and Adoption – Okeanos Rendez-vous - Cloud based webRTC pilot Nokia's approach to clouds
• Further planned showcases are: • • • •
Cisco: IaaS architectures and policies – 22nd Mar 2016 Cisco: The technology behind the services – 30th Mar 2016 Box – 7th April 2016 Zettabox – 14th April http://services.geant.net/clouds/Activities/Pages/Clouds_Showcases.aspx
Networks · Services · People www.geant.org
Cloud Adoption Pilots • Rendez-Vous adoption pilots, interest is shown by: • • • •
ACOnet IUCC redIRIS CYNET
• Facilitated Box service adoption for GÉANT Association. • NREN Workshops (in collaboration with NA4) • To understand their requirements and • How they can best benefit from the SA7 efforts - including the GÉANT brokered cloud services.
Networks · Services · People www.geant.org
Join Us • Join adoption pilots for services listed at: https://catalogue.clouds.geant.net/ • Join GÉANT clouds showcases:
http://services.geant.net/clouds/Activities/Pages/Clouds_Showcases.aspx
• Email us: clouds-adoption@lists.geant.org • Bi-weekly online meetings Next meeting: When Friday, Feb 11, at 10:00 CET Where https://rendez-vous.renater.fr/clouds Networks · Services · People www.geant.org
CLOUD ADOPTION
NREN perspective: UNINETT
Networks 路 Services 路 People www.geant.org
57
200 institutions Networks 路 Services 路 People www.geant.org
(300.000 end users)
58
UNINETT – a service broker and provider
Networks · Services · People www.geant.org
59
Networks 路 Services 路 People www.geant.org
60
Foundation: four main areas
Networks 路 Services 路 People www.geant.org
STRATEGY
STANDARDS
REQUIREMENTS
CATALOGUE
61
SERVICE DELIVERY HYBRID APPROACH
IN-HOUSE CLOUDS
OUTSOURCED CLOUDS
MAKE AND BUY ADDED VALUE FROM NRENS TRUSTED ADVISORS, BROKERS, PROVIDERS = RIGHT CONDITIONS FOR COMMUNITY Networks 路 Services 路 People www.geant.org
62
Private Community Public Hybrid Networks 路 Services 路 People www.geant.org
"
A Cloud Broker is an entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. National Institute of Standards and Technology
Networks 路 Services 路 People www.geant.org
Networks 路 Services 路 People www.geant.org
CLOUD ADOPTION
NREN perspective: SUNET
Networks 路 Services 路 People www.geant.org
66
CLOUD COMMUNICATION opportunities for the NRENs
Networks 路 Services 路 People www.geant.org
67
Our mission
Meeting user needs through a community effort, adding value in the process
Networks 路 Services 路 People www.geant.org
68
Communication and support • Website and catalogue • Newsletter • Showcases • GÉANT workshops, meetings & conferences - TNC, Symposium, TFs, SIGs • Presentations at NREN meetings & user conferences • Workshops/meetings with NRENs • Adaptable materials • Coach / Key Account Manager
Networks · Services · People www.geant.org
69
Web page • Cloud Academy - Showcases - Presentations - Videos - White papers - Use cases (coming soon) • Blog/news section - Frequent updates - Broad scope • Supporting NRENs - Strategy framework - Adaptable materials (coming soon) - How-to’s & best practices (coming)
Networks · Services · People www.geant.org
70
Catalogue • 16 providers • 28 services • Scoring on 29 requirements • Coming: - redesign (new CMS) - filter & sort - links to use cases, product sheets, etc.
Networks · Services · People www.geant.org
71
Newsletter • Bi-monthly (we think) • SA7, and later JRA4 • Deadlines, events, news, user stories, etc. • Activity members, NREN cloud contacts, anyone interested (sign up)
You can sign up for the newsletter by sending an e-mail to clouds@geant.net
Networks · Services · People www.geant.org
72
Timeline 1 March
Newsletter launched
7 – 10 March
GN4 Symposium
16 – 18 March
TF-CPR
22 March
Cisco showcase 1
30 March
Cisco showcase 2
1 April
Deadline for NRENs to sign up for IaaS tender
19 April
Tender published
21 May
Tender deadline
14 June
TNC16 Cloud session & Cloud Café
Networks · Services · People www.geant.org
73
What has changed? We are delivering cloud and application services
collective foundation hybrid approach knowledge sharing https://www.yammer.com/geantcloud/#/home provider engagement catalogue together ! procurements adoption clouds@geant.net https://www.yammer.com/geantcloud
Thank you
Networks · Services · People www.geant.org
© GEANT Limited on behalf of the GN4 Phase 1 project (GN4-1). The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1).
Networks · Services · People www.geant.org
76