Empowering Services based Software in the Digital Single Market to
Foster an Ecosystem of Trusted, Interoperable and Legally
Compliant Cloud-Services
Juncal Alonso Ibarra, Leire Orue-Echevarria, Marisa Escalante and Gorka Benguria
Tecnalia Research and Innovation, Parque Científico y Tecnológico de Bizkaia, Edificio 700, 48160 Derio, Bizkaia, Spain
Keywords: SLA, QoS, Cloud Services, Cloud Service Broker, Digital Single Market, Services Aggregation,
Cloud Service Intermediator.
Abstract: The software industry has evolved from software on the shelf based applications deployed in dedicated
servers , to Software as a service based components running on public or private Clouds and now to Cloud
Service Brokers . So, Cloud service brokerages have emerged as digital intermediaries in the information
technology (IT) services market (Shang, 2013), creating value for cloud computing clients and vendors
alike. This paper presents an approach to foster next generation cloud service brokers through an ecosystem
of trusted, interoperable and legally compliant cloud services through an added value Cloud Services
intermediator. This ecosystem will offer, create, consume and assess trusted, interoperable, and standard
Cloud Services, where to (semi-)automatically deploy the next generation service based software
applications.
1 INTRODUCTION
The transformation from product to a service based
economy means that companies need to become
software service providers as well as consumers. In
this context, cloud enables greater business agility
by making IT infrastructure more flexible.
Cloud services have already caused a major
transformation in technologies and a paradigm shift
in business operations focus that has affected
everything from ERP to datacenter planning
(Markets 2014). Next phases in the Cloud Services
evolution include the incorporation of many
supplier/customer relationships, and their correlative
data exchange and transactions.
The software industry has evolved from software
on the shelf based applications deployed in dedicated
servers , to Software as a service based components
running on public or private Clouds and now to Cloud
Service Brokers (CSB). The fundamental CSB
functions are (Markets, 2014) to aggregate, simplify,
secure, and integrate data, communications, and
commerce between vendors. These functions are
often referred to as Cloud Intermediation services and
include both technical and business process mediation
on a cloud-to-cloud basis.
Cloud service brokerages have emerged as
digital intermediaries in the information technology
(IT) services market, creating value for cloud
computing clients and vendors alike (Shang, 2013).
According to Gartner Inc (Gartner, 2016) and
Oracle (Oracle, 2014), a cloud services brokerage
offers three capabilities:
Cloud Service Intermediation: An
intermediation broker provides value added
services on top of existing cloud platforms,
such as identity or access management
capabilities. Aggregation: An aggregation
broker provides the “glue” to bring together
multiple services and ensure the interoperability
and security of data between systems.
Cloud Service Arbitrage: A cloud service
arbitrage provides flexibility and “opportunistic
choices” by offering multiple similar services
to select from.
The next generation of Cloud Services Brokers
need to go one step beyond. Aggregation of Cloud
Services is not enough as Cloud Services users are
experiencing new challenges such as :
Vendor lock-in: once a company uses a service
offered by a cloud provider or deploys an
application on a certain cloud provider, it is
very likely that the company will be greatly
dependent on the platform or services of a
Ibarra, J., Orue-Echevarria, L., Escalante, M. and Benguria, G.
Empowering Services based Software in the Digital Single Market to Foster an Ecosystem of Trusted, Interoperable and Legally Compliant Cloud-Services.
In Proceedings of the 6th International Conference on Cloud Computing and Services Science (CLOSER 2016) - Volume 1, pages 283-288
ISBN: 978-989-758-182-3
Copyright
c
2016 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
283
cloud provider (e.g. while using their
virtualized infrastructure), making it harder to
port the application to another cloud provider or
use another service offered by another provider.
Lack of compliance of legislation: the use of
cross-border services is currently limited
because most of existing cloud services do not
comply fully with EU28 legislation and
regulations. EU harmonization of legislation in,
i.e. data protection, is a recurring barrier.
However, cloud computing will only be
uptaken when cloud services comply with or
aware of EU28 legislation.
Interoperability: data portability and seamless
use of applications that can interoperate with
each other are key challenges for cloud
consumers. Interoperability among cloud
service providers is also an unsolved challenge,
especially when using cross-border cloud
services.
SLA assessment: when aggregating cloud
services from different cloud providers, SLAs
must also be consequently aggregated.
However, currenly, SLAs, SLOs and SLA
metrics are not standardized making this SLA
composition, assessment and monitoring very
difficult. Several initiatives in this direction of
SLA metrics and SLOs have been launched
and are currently on-going.(SLALOM,2015)
(Timelex, 2015).
This paper presents an approach to foster an
ecosystem of trusted, interoperable and legally
compliant cloud services through an added value
Cloud Services intermediator. This ecosystem will
offer, create, consume and assess trusted,
interoperable, and standard Cloud Services, where to
(semi-)automatically deploy the next generation
service based software applications. The paper is
organized as follows. First, an introduction to the
cloud services ecosystems and their situation is
provided. Next the existing solutions in the area are
presented. Then the proposed solution is explained
in detail, including an overview of the approach as
well as the description of the modules composing
the solution. The paper finishes with a set of
conclusions and next steps to follow.
2 CLOUD SERVICES
ECOSYSTEMS
Working with many cloud service providers means
managing multiple relationships. Most enterprises
are already negotiating on a one-to-one-basis
multiple contracts with multiple cloud service
providers. Multiple contracts mean multiple
communication channels, payments, multiple
passwords, multiple data streams, multiple interfaces
and multiple providers to check up on. That derives
on questions about how to make those services work
together, how to interact with all of them or how to
unify all the efforts so maximum effectiveness and
efficiency can be obtained. This is when a Cloud
Service Broker (CSB) comes into play. As defined
by Plummer (Daryl, 2012) a cloud services
brokerage is a third-party software that adds value to
cloud services on behalf of cloud service consumers.
Their goal is to make the service more specific to a
company, or to integrate or aggregate added value
services, to enhance their non-functional properties
such as security, or to do anything which adds a
significant layer of value (i.e. capabilities) to the
original cloud services being offered. Consumers
can leverage solutions offered by CSBs that allow
organizations to focus on other business needs
instead. A viable CSB provider can make it less
expensive, less complex, less risky (also in legal
terms), interoperable and more effective for
companies to discover, aggregate, consume and
extend cloud services, particularly when they span
multiple, diverse cloud services providers in
different EU Member States.
Some of the key vendors currently occupying the
Cloud service brokerage market are Accenture, HP,
NEC Corporation, Jamcracker, Gravitant,
ComputeNext, Cloud Sherpas, Arrow Electronics,
and Capgemini. However, none of these are
currently compliant with EU28 legislation nor
contain certified services or foster interoperability or
avoid vendor lock-in. According to Markets and
Markets (Markets, 2014), the global Cloud Service
Brokerage Market is expected to grow from $5.24
Billion in 2015 to $19.16 Billion by 2020, at a
Compound Annual Growth Rate (CAGR) of 29.6%
from 2015 to 2020.
2.1 Current Situation and Challenges
With the evolution of cloud computing towards
XAAS (Anything as a service), today’s
organisations have on their hand a plethora of
alternatives to fulfil their information technology’s
needs. For example, while developing or migrating a
web site, an organisation can decide to build it in a
dedicated internal computer, build it as an instance
in a shared internal computer, build it in a dedicated
external computer, or even build it as an instance in
CLOSER 2016 - 6th International Conference on Cloud Computing and Services Science
284
a shared external. The decision on using one,
another, or several approaches simultaneously is
driven by certain evaluation criteria (e.g.
profitability, reliability, performance, and security,
legal or even ecological aspects).
“It is not the strongest of the species that
survives, nor the most intelligent, but the one most
responsive to change.” L.C. Megginson
This quote, often assigned to Charles Darwin,
has been frequently used in other domains,
Economics, Education, of course Information
Technologies (IT). Changes in IT-systems are
initiated starting from user requests, monitoring
activities or modernization initiatives.
As stated by several Cloud stakeholders, such as
Forbes, Cloud enables greater business agility by
making IT infrastructure more flexible. It provides
software vendors the needed means to enhance their
relationship with their customers.. Whether an
organization runs a company’s applications on data
centre hardware, or on a private or public cloud, it
still needs to align itself with the business’ needs,
rather than forcing the business to align itself with
IT’s. Complex software applications need context
aware computing resources ready to react to a
changeable environment.
Existing cloud services shall be made available
dynamically, broadly and cross border, so that
software providers can re-use and combine cloud
services, assembling a dynamic and re-configurable
network of interoperable, legal compliant, quality
assessed (against SLAs) single and composite cloud
services.
With so much activity implementing front-end
and back-end applications in public and private
clouds, complexity has grown at every level
(business, application, transaction and regulatory)
(Oracle, 2014).
Business transactions span multiple clouds and
therefore it is necessary to integrate clouds at the
transaction level.
To generate meaningful results, Oracle envisions
that enterprises need to address key challenges in the
next years (Oracle, 2014):
1. Governance: Ensuring that services deployed
in the cloud are protected is critical. Sharing can
create leaks that cannot be tolerated. Fostering
strong governance programs in place will protect
enterprises and their data.
2. Risk tolerance. Every enterprise should assess
their tolerance for pitfalls such as lost data and
application outages. As Information as a Service and
Integration as a Service evolve, enterprises will see
risks reduced.
3.Regulations. Lobbying for regulations and
standards are predicted to be a key step to ensure
cloud integration.
4. Cross border interoperability: The resulting
service intermediator shall support intelligent
discovery, context-aware service management and
fluid service integration, assuring data portability in
such a federated ecosystem, while guaranteeing
proper identity propagation with service-specific
granularity level of information.
5. Matching customer requirements with cloud
service specifications: customers in any EU country
should be provided with a guarantee of security,
legislation awareness and other non-functional
requirements when using any cross-border service
within heterogeneous environment. This implies that
the selected service offerings must match with all
functional and non-functional requirements coming
from the customers.
6. Legislation compliance, defining means of
assuring service compliance with legislation of EU
countries: a service is legislation aware when the
services are constrained by legal requirements, such
as data privacy, data protection, data security and
data location. Moreover, a big challenge in this
concern is to develop the methods and interfaces for
securing legislation compliance and easy legislation
change propagation through the cross-bordered and
composite services in a legislation heterogeneous
environment.
7. Cloud service SLA assessment and
monitoring: monitor and control the diverse
properties of utilized services, composite or stand-
alone, at real-time, while also being able to provide
all the critical information for the appropriate
reactions when necessary, especially when SLA
conditions are not fulfilled (e.g. elasticity, data
localisation).
8. Seamless change of provider: enable to
seamlessly change the service provider including all
services, dependencies and associated data to avoid
vendor lock-in and to be able to quickly react in
situations like bankruptcy of the cloud provider or
any other cases which causes outage of the service.
2.2 Existing Solutions
According to MarketsandMarkets (Markets, 2014),
the Cloud Brokerage Enablement market will grow
from $225.42 million in 2013 to $2.03 billion by
2018, at a CAGR of 55.3 percent. Cloud Brokerage
Enablers are software platforms that enable such
services. The overall, global Cloud Brokerage
market will grow from $1.57 billion in 2013 to $10.5
Empowering Services based Software in the Digital Single Market to Foster an Ecosystem of Trusted, Interoperable and Legally Compliant
Cloud-Services
285
billion by 2018. This represents a CAGR of 46.2
percent from 2013 to 2018.
Several private Cloud Service Brokers have been
active known players in this market (Gartner, 2012)
(Jamcracker, Gravitant, Computenext, HP, Dell,
Nephos Technologies, NEC, Cloud Sherpas and
Capgemini). Competition may also intensify with an
influx of new players, like CompatibleOne,
Gravitant or CloudSelect.
All of these are mostly focused on providing
service brokerage of Cloud Service Providers,
mainly VM’s and virtualized resources, but not of
other services offered (e.g. Data Processing as a
Service) or SaaS applications which are certified and
legally compliant.
Currently, according to the European
Commission and their report of the Digital Single
Market (European Commission, 2015) only 4% of
the services offered are cross-border, while 42% are
national and 54% are US-based.
The proposed solution aims to increase the
provisioning and consumption of legally compliant,
cross – border services.
3 ADDED VALUE CLOUD
SERVICE INTERMEDIATOR
3.1 Presented Approach
The proposed cloud service metaintermediator is an
intermediate layer that will ease the discovery and
adoption of Cloud services, single services
discovered from a cloud service provider or
composite ones coming from running CSB, in which
to deploy service based software and the creation of
a sustainable ecosystem of certified, accredited and
trustworthy applications. Some modules or
functionalities that will include the service
metaintermediator are: service discovery, service
composition, legislation awareness, interoperability,
identity propagation, monitoring, billing, SLA
assessment, service registry, legislation databases,
among others.
3.2 Proposed Solution
In the following section, an overview of the modules
and functionalities of the proposed solution is
presented:
Figure 1: Cloud service (meta-) intermediator architecture
overview.
Service catalogue: This component will include
the required functional components for
cataloguing the services to be included in the in
the service intermediator:
Service registry: The service registry will
follow a declarative service configuration
template and will include information
about CSLA of the service, service life-
cycle status, service consumers or service
category among others.
Service registry governance & follow up:
These modules are in charge of governing
the service registration process, service
deletion, etc.
Intelligent service discovery: Automatic
identification of service and service
benchmarking based on the needs and
requirements with respect to different criteria
(non-functional properties, legislation
compliance, prize, etc.) stablished by the user.
Service aggregation and operation: The
framework will provide the required modules
to provide composite (aggregated) services
formed of unitary services from the same or
different Cloud Service Providers able to meet
users’ functional and non-functional
requirements.
CSP management: This module is in charge of
controlling the relationships with the Cloud
Service Provider including the management of
SLA of their provided Cloud Services. The
submodules envisioned are:
CLOSER 2016 - 6th International Conference on Cloud Computing and Services Science
286
CSLA assessment of the service in
operation, i.e., the assessment of whether
the non-functional properties are within
both the thresholds specified by the
legislation as well as the thresholds
specified in the contract. Properties such
as performance, availability and
resilience, etc. will be monitored and
assessed.
CSLA monitoring: This module also
includes the monitoring of the CSLA. The
continuous real-time monitoring of the
non-functional properties specified in the
CSLA will be done through a set of
components one for each property. These
modules are in charge of measuring the
values of the metrics of the SLOs in the
contract, be them related to QoS or
QoSec. The modules work in a non-
intrusive way in form of testing the cloud
services as an independent party.
CSLA Definition: this module is in charge
of the transformation of National CSP
offers into standard CSLAs (included
standard metrics).
Security Management module which includes
different sub-modules for assessing the secure
operation of the framework and the different
services provided. The sub-modules to be
included are:
Access and rights management: These
modules will uniquely identify and
authenticate the users ecosystem. The
module will also be in charge of the
internal identification and authentication
of the modules in operation.
Identity Management: This module is in
charge of managing the identity
propagation in the (meta) service
intermediator following a distributed
architecture approach.
Anonymization: This sub-module will be
in charge of anonymizing the data of the
service users when needed.
Regulatory framework awareness: This module
will contain European and Member states
legislations in a structured data format based in
a standardized data model. The relevant
provisions in each legislation will be linked to
non-functional service level metrics and their
acceptable thresholds, so the legislation
compliance of the services can be checked
against these predefined metrics. Once
established the service level metrics and
thresholds related to legislative provisions, this
module will evaluate even before service
operation starts if the service is compliant with
European and National regulations. These
module will include at least the following sub-
modules to perform the described legislation
awareness process:
Standards and EU and MMSS legislation
database
Regulation compliance assessment
Standards and EU and MMSS sources
management
Regulations change history
Regulations compliance monitoring
Interoperability: This module is responsible of
being the data transfer mechanism between
different cloud services. This module will
make it possible for services using non-
standard and proprietary data formats and
protocols to communicate with the bus through
specific connectors for each type of service and
as a result it will execute the migration process
necessary for seamlessly data portability. This
module will also include the connector
management for the different Cloud Service
Providers, so they can offer their services
through the intermediator.
Financial management: This module includes
the standard functions of a cloud service broker
such as accounting, metering and billing of
service instances in operation.
Service intermediator user interfaces: The
framework will include the user interfaces for
the different users. Here, we distinguish
between users that are using different services
of the intermediator, administration users and
CSPs users of the framework The different user
interfaces envisaged as user console,
administration console and CSP console will
include sub-modules such as, dashboards,
notification and alert managements, as well as
others personalized for each type of user.
4 CONCLUSIONS
As stated by the European Commission, the internet
and digital technologies are transforming our world.
But existing barriers online mean citizens miss out
on goods and services, internet companies and start-
ups have their horizons limited, and businesses and
governments cannot fully benefit from digital tools.
It is time to make the EU's single market fit for
the digital age – tearing down regulatory walls and
Empowering Services based Software in the Digital Single Market to Foster an Ecosystem of Trusted, Interoperable and Legally Compliant
Cloud-Services
287
moving from 28 national markets to a single one.
This could contribute €415 billion per year to our
economy and create hundreds of thousands of new
jobs.
Cloud Service Brokers are much like any other
type of broker in this case, acting on behalf of
customers to aggregate, integrate and customize
cloud offerings by multitudes of providers.
This paper proposes a solution to implement the
next generation of Cloud Service Brokers, providing
an intermediate layer that will ease the federation of
Cloud Service Brokers, as well as the discovery and
adoption of Cloud services on which to deploy
service based software and the creation of a
sustainable ecosystem of certified, accredited and
trustworthy applications.
Next steps include the actual implementation of
the design presented in this paper and the validation
in real life industrial and/or public administration
scenarios.
ACKNOWLEDGEMENTS
This work has been partially funded by the European
project Cloud for Europe (Seventh Framework
Programme for research,
technological development and demonstration under
grant agreement no 610650) and OPERANDO
(Horizon 2020 Programme, under grant agreement
no 653704).
REFERENCES
Slalom, 2015. http://slalom-project.eu/
Timelex, 2015. “Standards terms and performance
criteria in service level agreements for cloud
computing services” https://ec.europa.eu/digital-
agenda/en/news/study-report-standards-terms-and-
performances-criteria-service-level-agreements-cloud-
computing.
Markets, 2014. “Cloud Services Brokerage: Technology
and Market Assessment 2014 – 2019”
https://www.reportbuyer.com/product/2589608/cloud-
services-brokerage-technology-and-market-assessment
-2014-2019.html.
Oracle, 2014. “Making waves, Cloud brokerage and
integration”.
http://www.oracle.com/us/solutions/cloud/managed-cloud-
services/makingwaves-final-2162934.pdf.
Gartner, 2012. “Predicts 2013: Cloud Services
Brokerage”, Gartner Research Report, ID Number:
G00239877.
https://www.gartner.com/doc/2985118?srcId=1-28190065
90&pcp=itg.
European Commission, 2015. “A digital single market for
Europe”. http://ec.europa.eu/priorities/digital-single-
market/docs/dsm-1-year_en.pdf.
Shang, 2013. “Analyzing the impact of brokered services
on the Cloud Computing Market”,
http://docplayer.net/2008961-Analyzing-the-impact-of
-brokered-services-on-the-cloud-computing-market.ht
ml.
Gartner, 2016. http://www.gartner.com/technology/home.j
sp.
Daryl, P., 2012. “Cloud Services Brokerage: A Must-Have
for Most Organizations” http://www.forbes.com/site
s/gartnergroup/2012/03/22/cloud-services-brokerage-
a-must-have-for-most-organizations/#2715e4857a0b1
2e1dd5252aa.
CLOSER 2016 - 6th International Conference on Cloud Computing and Services Science
288
