Cloud Computing

Design of a Management Model for Service Migration using ITIL as Knowledge

Manager

Henry F. López G., Oscar G. Paredes C. and Freddy M. Tapia L.

Graduate Investigation Center's, Armed Forces University - ESPE, w/n General Rumiñahui Ave., Sangolquí, Ecuador

Keywords: Internet Applications, Systems Architecture, Cloud Computing, IT Infrastructure, Legal Regulations, System

Integration, ITIL V3, ISO Norms, Cloud Services.

Abstract: Nowadays, the IT departments face numerous problems which considerably affect their performance. Several

factors such as technological obsolescence that shortens the useful life of equipment, amount of data that

demands storage (Anaya, Díaz, y Bárcenas, 2017), the high equipment costs, skilled labour as well as the

timely update of the IT infrastructure, endangers the information. (Vega, 2012). To solve the problems,

mentioned before Cloud Services were developed due to the boom in terms of use and ease of access to the

technology they promote, as well as flexibility in storage capacity, ample deployment of resources and

security in case of recovery in the event of loss of continuity of service. All this based on an optimization or

reduction of costs for companies, thus allowing a great competitive advantage at a technological level. (Ávila,

2011). The present study, through the analysis of security standards with several subprocesses of the ITIL V3

reference framework and an analysis of infrastructure costs "On-Premisses versus IaaS”, allowed the

development of a Methodological Proposal to migrate Services to the Cloud, based on the use of good

practices, optimizing resources according to the needs of each organization.

1 INTRODUCTION

Today, the offered services and applications

published on the web have made the average speed of

Internet connection at the end of 2016 grow to 7 Mbps

worldwide, which represents 26% more than 2015

(Belson, 2016). Given this, Cloud Computing

Services currently appear, which provide a very

complete and customized technological

infrastructure, adjusting to the constant change of

companies, as well as a planned scalability (Ávila,

2011).

The constant development of ICT makes the

technology investment progressively grow, so today

the top management of several organizations expect

to make their investments profitable to achieve a

more efficient position in relation to the competition

(Marulanda, López, y Cuesta, 2009), where the cost-

benefit analysis defines the way to follow (On-

Premises Versus The Cloud) taking into account

factors such as: technological obsolescence,

preventive and corrective maintenance of

infrastructure, support and specialized skilled labor,

constant and uninterrupted continuity of services.

The present study is aimed at developing a

Methodological Proposal to Migrate Services to the

Cloud as a managerial technical level tool that helps

in making decisions efficiently in all affairs raised

within a migration project.

2 REVIEW OF THE RELATED

LITERATURE

2.1 Cloud Computing

According to the National Institute of Standards and

Technology (NIST), is a model for enabling

ubiquitous, convenient, on-demand network access to

a shared pool of configurable computing resources

like networks, servers, storage, applications, and

services (Mell y Grance, 2011).

The providers of Cloud Computing basically

offer three service models: Infrastructure as a Service

648

López G., H., Paredes C., O. and Tapia L., F.

Cloud Computing.

DOI: 10.5220/0006788906480656

In Proceedings of the 20th International Conference on Enterprise Information Systems (ICEIS 2018), pages 648-656

ISBN: 978-989-758-298-1

(IaaS), Platform as a Service (PaaS) and Software as

a Service (SaaS)

2.2 Infrastructure as a Service (IaaS)

The IaaS services provide the client with storage

space, memory, network connectivity, and direct

administration of the operating systems so that the

user can deploy applications. It also allows to modify

the resources according to the client’s needs (Mell y

Grance, 2011).

2.3 Platform as a Service (PaaS)

The PaaS model enables the client use applications in

the Cloud as well as tools, services, and development

environments which are created by the provider and

deployed in his infrastructure. The client cannot

manage these resources including network resources,

servers, operating systems, etc. However, he does

have the possibility to deploy data, manage

applications and settings obtained in the cloud. (Mell

y Grance, 2011).

2.4 Software as a Service (SaaS)

This service is defined as a software that is owned,

delivered and managed remotely by one or more

providers. Software-as-a-Service is typically

accessed through clients as a web browser, or a

smartphone. The infrastructure is administered by the

provider who is completely responsible for

availability and quality assurance. (Hernández y

Florez-Fuentes, 2014).

2.5 Gartner Magic Quadrant for Cloud

Service Providers

The Gartner Magic Quadrant is a research method

designed to monitor and evaluate the progress and

positions of companies in a specific, technology-

based market which is analyzed in a certain moment.

That is why Gartner, as a consulting and research

company of Information and Communication

Technologies, is dedicated to the continuous analysis

of aspects that will define or evidence the market

leaders. This information can be used as a reference

source for decisions makings when choosing the best

alternatives, in August 2016, Gartner published the

last analysis about cloud services (Leong, Petri, y

Dorosh, 2016). regarding the market leader providers

as it is shown in Figure 1.

Figure 1: Gartner Magic Quadrant.

3 ITIL V3 FOR CLOUD

ITIL (Information Technology Infrastructure

Library), is a set of concepts and best practices

regarding the management of IT services, and

describes in detail an extensive set of functions and

processes designed to help organizations achieve

quality and efficiency in IT operations (León, 2014).

The latest version of ITIL, is structured in the

following 5 processes with the objective of

consolidating the “service lifecycle” model: i)

Service Strategy, ii) Service Design, iii) Service

Transition, iv) Service Operation and v) Continuous

Service Improvement as shown in Fig 2.

Figure 2: ITIL Service Lifecycle.

Next, the most relevant subprocesses of ITIL are

presented, which allow to guarantee the entire

transition to contract services in the Cloud, beginning

Cloud Computing

649

from its hiring, to then validate an optimal

implementation, ending with an adequate operation.

3.1 Service Portfolio Management

Sub process that belongs to the service strategy

process, which will help the company to know what

services and systems are currently available within

the organization's platform (Ríos, 2017). Once you

have the detail of IT systems and services, you can

verify the migration of one or more of these aspects

to the cloud.

3.2 Availability Management

It is part of the Service Design Process. ITIL

availability management is used to guarantee

application systems stay available. This usually

means making sure everything is up for use under the

conditions of service level agreements (SLAs)

(ITeratum, 2011). The fulfilment of the supplier's

availability management serves as support in the

resolution cycle of incidents associated with the

availability that allows the identification, diagnosis

and resolution of incidents, in addition to supporting

the prevention of future measures (ITeratum, 2011).

3.3 Service Validation and Testing

The IT client and provider should follow the process

of validation and tests performing the verification of

the items to be tested, constructing the test scenario,

performing the tests themselves, validating the data

obtained by conducting the tests and transmitting the

results before the deployment of cloud services to the

production environment (ITeratum, 2011).

3.4 Knowledge Management

It is highly recommended for both, the client and the

provider to do the knowledge management during the

migration process helping you and your team make

decisions throughout the service process by

controlling and managing the flow of information.

Improving the quality of information prepares

employees to make effective decisions, and the end

result is a more efficient team (ITeratum, 2011).

3.5 Service Desk

The management of incidents through the Service

Desk of the service provider, works first in the

generation of a case assigning a priority of attention.

As a first contact with the user, the person who

generates the case tries to solve the incident if

possible, in addition, the individual can escalate the

incidents or requests to other areas within the

provider and once the case is resolved, it is closed.

Finally, he conducts surveys to determine the degree

of user satisfaction (ITeratum, 2011).

3.6 Access Management

Access Management aims to grant authorized users

the right to use a service in the cloud. The

administration roles of the platform should be

delivered to the client, who will appoint a platform

administrator. This person should create roles for the

services that are obtained in the cloud as well as

issuing these credentials to the users of the IT services

(ITeratum, 2011).

4 SECURITY AND CURRENT

LEGAL REGULATIONS

In the context of Cloud Services, Ecuador was

considered to verify security and contracting issues,

which are regulated by state agencies. Therefore, we

have the following rules:

4.1 ISO/IEC 27017

It is used with the ISO 27001 norms and gives the

providers and clients the controls of the cloud

services. As opposed to other related norms, these

allow to clarify functions and responsibilities

between both parts so that the Cloud Services keep

safe as well as the data of a certified information

management system (Fernández y Recio, 2015).

4.2 ISO/IEC 27018

The ISO norms define a practice code which can be

used as a standard for the privacy acting as processors

of personally identifiable information. Additionally,

it establishes commonly accepted control objectives,

controls and guidelines for implementing measures to

protect Personally Identifiable Information where the

client can manage the published data in the cloud,

however, the provider is the one who keeps the data

according to the client’s guideline (Fernández y

Recio, 2015).

4.3 Executive Order 1515

In 2013, the president of Ecuador decrees to issue

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

650

contracting provisions for the acquisition and lease of

goods and the rendering of services, that meets the

principle of technological validity.

The Executive Order 1515 in its Art 1,

establishes the scope of action for compliance with

the Technological Validity for the entities dependent

on the Central Government of Ecuador and the

agencies dependent on the Executive Function, as

well as the goods that will benefit from this validity:

computer equipment, printing equipment, vehicles

and medical equipment. For the acquisition of these

equipment in the field of public procurement in

Ecuador, preventive maintenance, corrective,

technical guarantees and replacement of purchased

goods must be ensured (Sercop, 2013).

4.4 Código Ingenios (Ingenios Code)

The Article 146, Data Localization, norm to the

entities of the public sector when contracting services

that involve the location of data, where it is specified

that it must be done with suppliers that guarantee that

“The data must be found in computing centers that

meet international standards in protection and

security” (ASLE, 2016).

5 TOTAL COST OWNERSHIP

Total Cost Owner, is a financial estimate intended to

help buyers and owners determine the direct and

indirect costs of a product or system (Ellram, 1995).

The use of this method in the present analysis allows

the clients to compare the Cloud Services and On-

Premises, identifying the costs that can be optimized

in phases of implementation operation, support,

maintenance and training of the staff required,

focused for any type of IT service. Nevertheless,

other factors may be considered as necessary for each

type of business or company.

Next, the calculation of TCO is presented,

focused on two providers that lead the Cloud Services

according to Gartner: Amazon and Microsoft (Leong,

Petri, y Dorosh, 2016). (See Fig.1). Furthermore, they

have TCO calculators, taking as a reference a period

of 3 years, two servers to host an Application and a

Database with the following characteristics shown in

Table 1:

When entering the data in the Amazon

calculator, according to the requirements, the

following results are obtained (See Fig. 3).

Table 1: Server Specifications.

APPLICATION O

erative system LINUX

RAM Memor

32 GB

CPU 8 CORES

Hard disk s

ace 400 GB

DATA BASE O

erative system LINUX

RAM Memor

140GB

CPU 20 CORES

Hard disk s

ace 1000 GB

Figure 3: TCO Amazon.

Now, entering the same specifications of the two

servers to the Microsoft calculator we get the values

detailed in Fig. 4 below:

Cloud Computing

651

Figure 4: TCO Microsoft.

In the two scenarios, the On-Premises is analyzed by

comparing IaaS with a 3-years projection based on

the following parameters: i) Server Cost; ii)

Accommodation in the Data Center; iii) Connectivity;

iv) Storage; v) Technical Staff. Comparing the costs,

the values detailed in Table 2 are obtained:

Table 2: Server Specifications.

Production Environment - 3

Amazon Microsoft

On-Premises IaaS On-Premises IaaS

$211,729.00 $35,921.00 $132,843.00 $25,824.00

Difference $175,808.00 Difference $107,019.00

Savin

83.03% Savin

80.56%

Therefore, it can be observed that more than 80% is

saved by migrating the Services to the Cloud, when

compared with buying and managing On-Premises.

Additionally, support costs, preventive or corrective

maintenance and updates must be considered as well

as having trained staff during the technological period

that is proposed for 3 years.

By graphically representing the costs provided by

Amazon and Microsoft with the On-Premises

Scenario and the Cloud Service, we can see what is

shown in Fig. 5 below:

Figure 5: On-Premises versus IaaS.

6 RELEVANT EVALUATION OF

PROVIDERS

Based on the analysis of the Total Cost of Ownership

- TCO, the Current Legal Regulation, Security

Certifications by providers and other benefits that the

Cloud can present to improve processes in a

company, it is important to have minimum points to

make the decision about a provider which can add

value, in the improvement of the business (ITeratum,

2011).

The factors analyzed are synthesized in detail in

Table 3 that describes the aspects to be evaluated

when selecting a provider.

7 MANAGEMENT MODEL FOR

MIGRATION

Considering the main aspects of ITIL, we can

determine models that allow to improve the

Management of Cloud Services, as well as improving

the hiring phase, execution and administration to

guarantee high-quality services. Next, the phases that

have been proposed for the present study are

presented (ITeratum, 2011).

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

652

Table 3: Aspects to Evaluate in a Provider.

Business and Experience

Organization

and

Administratio

It is important to request the

administrative structure, clear

guidelines in case of risk, and the road

map with a general overview of what

processes are carried out to provide

the requested products or services

(

Fleitman, 2008

)

Reliability It is important to get a provider with

experience in similar projects, as it

will give confidence to the company

that hires the services. This is

achieved by verifying the supplier's

background with other customers

(Fleitman, 2008).

Knowledge The provider must have the necessary

technical staff and aligned with the

requirements of the company in order

to obtain clear objectives and goals to

e met.

(

Fleitman, 2008

)

Administrative Support

Current Legal

Regulations

It is necessary for the company to

identify its scope of action, public or

private and apply the current legal

regulations to which they must

comply in order to know if they can

hire foreign, local suppliers, or if any

restricts them (ASLE, 2016),

(

Ministerio de Justicia, 2004

)

SLA –

Service Level

Agreement

The provider must be able to

guarantee a minimum level of service

according to the requirements

(

ITeratum, 2011

)

Configuration

Management

There must be the necessary controls

so that the provider and the hiring

company can supervise, or monitor

the services it offers, by means of

early alerts, in order to make timely

decisions (ITeratum, 2011).

Technical Processes

Implementati

on Processes

It is important to know if the provider

has mechanisms that ensure the

implementation, administration and

update in Software or Applications

that are required (ITeratum, 2011).

Change

Management

It is recommendable to have

documentation, formal processes,

registration, approval and tests to

accept changes if required (Leong,

Petri,

Dorosh, 2016

)

Service Desk The provider must have a channel to

report incidents or requirements that

may arise during the render of the

service in order to have a timely

response, and a record of the events

(

ITeratum, 2011

)

Security

Infrastructure

The provider must have integral

security for the services offered in the

cloud, as well as all levels to

guarantee the information (Leong,

Petri, y Dorosh, 2016)., (Ministerio de

Justicia, 2004).

Role

Administratio

The changes that are made in any

service or configuration must have the

respective authorization through the

management of roles in the accounts,

prior to an authentication (ITeratum,

2011).

Backups and

Data

Retention

The provider must implement policies

and procedures that ensure integrity in

the data of each client, as well as

options for backing up and

downloading.

Table 4: Management Model for Migration.

Activity Description Responsible To Be Hand In

STRATEGY To define

operational and

management

rocesses

It is important to get to know both

the processes and the company in

order to have a clear idea of what is

going to be migrated.

Customer Process Diagram

Cloud Computing

653

Table 4: Management Model for Migration (cont.).

Activity Description Responsible To Be Hand In

STRATEGY Service portfolio

management

Identify the systems or services to be

migrated, according to their

criticality.

Customer List of systems

and services

Get the data of the current

infrastructure in which the system or

service reside.

Customer On-Premises

Resources Chart

Review of

current legal

regulations

It is important to analyze the

competences and the action scenario

to use the right regulations.

Customer Report of

compliance with

applicable

ulations

Demand

management

Validation of the capacity required

and calculate a future projection.

Customer Current capacity

study required

and future

estimation.

DESIGN Management of

availability,

continuity and

level of IT

service.

SLA review for the services to be

contracted.

Customer and

provider

Service Level

Agreement

(

SLA

)

Guarantee in the fulfillment of the

level of availability for the contracted

services

Provider Service Levels

Table

Capacity

Management

Verification of the required capacity

or on demand that the provider can

rovide in the future.

Provider Documents that

prove the

acit

Information

security

management

Revision of certifications that a

provider must have.

Customer and

provider

International

Norms

Certifications.

Budget Estimate

A cost calculation is made based on

the requirements analyzed, it is

recommended to make the Total Cost

of Ownership (TCO)

Customer Total Cost of

Ownership and

price analysis

Provider

selection

Make a comparative study about the

potential providers to render the

uired service

Customer Providers’

Comparative

Chart

MIGRATION Change

Management

Make a chronogram and planning in

a documented manner of the changes

to be executed, including

confi

uration files.

Customer and

provider

Change Control

Validation of

service tests

The new management model in the

cloud will involve new procedures

and operational processes in the IT

staff, it is recommended to carry out

tests of the entire process

Customer and

provider

Quality Control

and Testing

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

654

Table 4: Management Model for Migration (cont.).

Activity Description Responsible To Be Hand In

OPERATION Management of

incidents or

requirements

The provider must educate about how

to manage the Service Desk. It is also

important to know what requirements

are a self-service t

Provider Manuals and

Management

Training on the

latform.

Access

Management

Define the processes for the creation

of accesses and new role.

Customer Make a

Checklist.

8 CONCLUSIONS AND FUTURE

WORK

The revision of the Current Legal Regulation in

Ecuador made it possible to identify that there are

more restrictions for contracting Services in the

Cloud for the public sector, because they want to

protect public goods and economic resources and in

most cases, they require the use of services that are

kept locally to protect the information, giving priority

to the state's telecommunications company,

while for the private sector it is optional, and as future

work, regulations of other countries must be

analyzed.

Among the main data that correspond to the

demand and administration of On-Premises, it can be

concluded that everything acquired is never used at

its maximum capacity or performance. Most of the

time there are oversized resources, obtaining high

initial costs. Therefore, by using Cloud Services, you

optimize costs because you only pay for what is

consumed and, what is more, is aimed at big or small

companies, including all types of final customers.

The use of the ITIL V3 reference framework

contributed significantly to the development of the

present methodological proposal, seeking an orderly

migration, improving the analysis, design and

implementation of the entire process to be executed,

thus efficiently evaluating global or local providers

that support effectively with the requirements of the

company.

The use of Cloud Services allows a business

reorganization by automating processes, optimizing

staff time to focused on new projects, thus improving

their productivity.

When hiring service in the Cloud, the data is

outside the corporate network, even outside the

country, which can be contravened by laws and local

regulations for data protection, creating mistrust in

several potential customers.

REFERENCES

Anaya, H., Díaz, C., y Bárcenas, J. (13 de noviembre de

2017). Soluciones para el tratamiento de datos a gran

escala. Retrieved from http://www.academia.edu

/download/36626452/Soluciones_para_el_tratamiento

_de_datos_a_gran_escala_Final.docx

ASLE. (14 de 12 de 2016). Código Ingenios publicado en

registro oficial. Retrieved from Asociación de Software

Libre del Ecuador: https://www.asle.ec/codigo-

ingenios-publicado-en-registro-oficial/

Ávila, Ó. (2011). Computación en la nube. ContactoS, 80,

45-52.

Belson, D. (2016). Akamai state of the internet report, Q4

2009. Akamai Technologies, 12.

Ellram, L. M. (1995). Total cost of ownership: an analysis

approach for purchasing. International Journal of

Physical Distribution and Logistics Management,

25(8), 4-23.

Fernández, C., y Recio, M. (2015). Privacidad elevada a la

nube. AENOR, 20-23.

Fleitman, J. (2008). Adquisiciones. En J. Fleitman,

Evaluación integral para implantar modelos de calidad

(pág. 63). México: Editorial Pax.

Hernández, N., y Florez-Fuentes, A. (2014). Computación

en la nube. MundoFesc, 2(8), 46-51.

ITeratum. (2011). CURSO DE FUNDAMENTOS DE

ITIL. Madrid: ITeratum, S.L.

León, B. (2014). Metodología y recomendaciones para la

contratación de servicios en la nube para empresas

estatales en Colombia. (Doctoral dissertation,

Universidad Nacional de Colombia).

Leong, L., Petri, G., y Dorosh, M. (2016). Magic Quadrant

for Cloud Infrastructure as a Service, Worldwide.

Gartner.

Marulanda, C., López, M., y Cuesta, C. (2009). Modelos de

desarrollo para gobierno TI. Scientia et technica.

Mell, P., y Grance, T. (2011). The NIST definition of cloud

computing. National Institute of Standards and

Technology.

Ministerio de Justicia. (2004). Ley Orgánica De

Transparencia y Acceso a la Información Pública.

Retrieved from http://www.justicia.gob.ec/wp-

content/uploads/2015/05/LEY-ORGANICA-DE-

Cloud Computing

655

TRANSPARENCIA-Y-ACCESO-A-LA-

INFORMACION-PUBLICA.pdf

Ríos, S. (2017). Manual de ITIL v3. Biable.

Sercop. (15 de 05 de 2013). Portal Compras Públicas.

Retrieved from Decreto Ejecutivo No. 1515:

http://portal.compraspublicas.gob.ec/compraspublicas/

node/4391

Vega, O. (2012). Efectos colaterales de la obsolescencia

tecnológica. Revista Facultad de Ingeniería, vol. 21,

núm. 32, 55-62.

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

656