Cloud Computing Innovation in India: a Framework and Roadmap White Paper 2.0

Cloud Computing Innovation In India: A Framework and Roadmap White Paper 2.0

A Framework and Roadmap for Cloud Computing Innovation in India

White Paper 2.0

December 2014 Trademarks and Disclaimers IEEE believes the information in this publication is accurate as of its publication date; such information is subject to change without notice. IEEE is not responsible for any inadvertent errors.

The ideas and proposals in the white paper are the respective author's views and do not represent the views of the affiliated organization.

The Institute of Electrical and Electronics Engineers, Inc. 3 Park Avenue, New York, NY 10016-5997, USA

IEEE is a registered trademark in the U. S. Patent & Trademark Office, owned by The Institute of Electrical and Electronics Engineers, Incorporated.

PDF: ISBN 978-0-7381-9188-1 STDVA98702

IEEE prohibits discrimination, harassment, and bullying. For more information, visit http://www.ieee.org/web/aboutus/whatis/policies/p9-26.html.

No part of this publication may be reproduced in any form, in an electronic retrieval system, or otherwise, without the prior written permission of the publisher.

To order IEEE Press Publications, call 1-800-678-IEEE. Find IEEE standards and standards-related product listings at: http://standards.ieee.org Notice and Disclaimer of Liability Concerning the Use of IEEE-SA Industry Connections Documents

This IEEE Standards Association (“IEEE-SA”) Industry Connections publication (“Work”) is not a consensus standard document. Specifically, this document is NOT AN IEEE STANDARD. Information contained in this Work has been created by, or obtained from, sources believed to be reliable, and reviewed by members of the IEEE-SA Industry Connections activity that produced this Work. IEEE and the IEEE-SA Industry Connections activity members expressly disclaim all warranties (express, implied, and statutory) related to this Work, including, but not limited to, the warranties of: merchantability; fitness for a particular purpose; non-infringement; quality, accuracy, effectiveness, currency, or completeness of the Work or content within the Work. In addition, IEEE and the IEEE-SA Industry Connections activity members disclaim any and all conditions relating to: results; and workmanlike effort. This IEEE-SA Industry Connections document is supplied “AS IS” and “WITH ALL FAULTS.”

Although the IEEE-SA Industry Connections activity members who have created this Work believe that the information and guidance given in this Work serve as an enhancement to users, all persons must rely upon their own skill and judgment when making use of it. IN NO EVENT SHALL IEEE OR IEEE-SA INDUSTRY CONNECTIONS ACTIVITY MEMBERS BE LIABLE FOR ANY ERRORS OR OMISSIONS OR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO: PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS WORK, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE AND REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE.

Further, information contained in this Work may be protected by intellectual property rights held by third parties or organizations, and the use of this information may require the user to negotiate with any such rights holders in order to legally acquire the rights to do so, and such rights holders may refuse to grant such rights. Attention is also called to the possibility that implementation of any or all of this Work may require use of subject matter covered by patent rights. By publication of this Work, no position is taken by the IEEE with respect to the existence or validity of any patent rights in connection therewith. The IEEE is not responsible for identifying patent rights for which a license may be required, or for conducting inquiries into the legal validity or scope of patents claims. Users are expressly advised that determination of the validity of any patent rights, and the risk of infringement of such rights, is entirely their own responsibility. No commitment to grant licenses under patent rights on a reasonable or non-discriminatory basis has been sought or received from any rights holder. The policies and procedures under which this document was created can be viewed at http://standards.ieee.org/about/sasb/iccom/.

This Work is published with the understanding that IEEE and the IEEE-SA Industry Connections activity members are supplying information through this Work, not attempting to render engineering or other professional services. If such services are required, the assistance of an appropriate professional should be sought. IEEE is not responsible for the statements and opinions advanced in this Work.

iii Copyright © 2014 IEEE. All rights reserved. Authors Introduction Pamela Kumar (HP), Srinivasan Ramakrishnan ( former C-DAC), Praveen B (Zinnov), Rahul De’ (IIMB), Gopal Pingali (IBM), Prahlada Rao B.B (C-DAC), Geetha Manjunath (Xerox Labs), CSR Prabhu [former NIC (Retd), (KMIT, Hyderabad)], Renu Budhiraja (DeitY), Sri Chandra (IEEE), Sandeep Dhar (CISCO), D Janakiram (IITM), Suhaan Mukerji (NInC), Lalit Mohan (IDRBT) WG 1 Gopal Pingali (IBM) WG 1.1 Gopal Pingali (IBM), CSR Prabhu [former NIC (Retd), (KMIT, Hyderabad)], Surendra Gupta (TCS), Nitin Upadhyay (Goa Institute of Management), Lalit Mohan (IDRBT) WG 1.2 Gopal Pingali WG 1.3 Vibhakar Bhushan (Founding Director-Anytime Healthcare, Ojus), Srinivasan H Sengamedu (Amazon), Srihari Byregowda (Sharp), Mohit Maniar (former Yash Technologies), Sudhakar Jayanty (Sharp) WG 1.4 T S Mohan (Infosys) WG 1.5 Srinivasan H Sengamedu (Amazon), Geetha Manjunath (Xerox Research), Aneesh Chivukula (Flutura Decision Systems), Aditya Mogadala (Karlsruhe Inst of Tech, Germany), Nandakumar K S (Wipro) Raghav Sri Harsha (IIIT- Hyderabad) WG 1.6 Rohan Joshi (Wolken Software), Prashant Gupta (Microsoft), Nitin Upadhyay (Goa Institute of Management), Anitha Prabhu (Wolken Software), Saksham Khandelwal (Wipro) WG 2 Geetha Manjunath (XEROX), Sandeep Dhar (CISCO), and Dharmendra, C-DAC, Vineet Simon A. (C- DAC) WG 2.1 Sandeep Dhar (CISCO), Rajdeep Dua (VMware), Venkat Jagana (IBM), Santosh (NetApp), PRABHAKAR, Amir (VMWare), Shyam, Niranjan, Kailash (VMware) WG 2.2 Sairam Iyer (EMC), Dinkar Sitaram (PESIT), Subhojit Roy (IBM), Sandeep Patil, (IBM), Payal Saluja (C- DAC), Sivakumar (Yahoo) WG 2.3 Geetha Manjunath( Xerox), Praveen Gurram (Oracle), Rajdeep Dua (VMware), Venkata B Nagothi (OPENSCG) WG 2.4 Dinkar Sitaram (PESIT), Manoj Jain (EMC) Vinod ( Novatium), Haridas Pai (former Wipro), Padmakar Jogdankar (Wipro), Ganesh Kotyan (Tarshan Labs) WG 2.5 Shrinath V (former Nokia), Anand Hariharan (Vigyanlabs Inc.), Mahesh Patil (C-DAC), Arun Kumar (IBM), Sandeep Kumar J (Webseer), CV Ramdas (C-DAC), Subramaniam Ananthakrishnan (Vodafone), Devi Sudha (Nokia), Srinivas Varadarajan (Vigyanlabs Inc.), Kota Murali (IBM), Mohit Maniar (former YASH Technologies), Aveek Chatterjee (IBM) WG 3.0 Rahul De (IIMB), Charudath (my CloudPortal) WG 3.1 Nitin Upadhyay (Goa Institute of Management), J. Lakshmi (IISC), Sivakumar Arayandi Thottaka (Yahoo) WG 3.2 Sarat Chandra Babu N(C-DAC), P R Lakshmi Eswari (C-DAC), Vineet Simon Arackal (C-DAC) WG 3.3 Venkat Jagana(IBM), Amir Mukeri (VMware), Payal Saluja (C-DAC), Prahlada Rao B.B. (C-DAC), Pamela Kumar (HP) WG 3.4 Rahul De, Jyoti Bhat, Bhavya Shroff (IIMB) WG 3.5 Prof. Raghunath (IIMB), Jyoti M Bhat (IIMB), Rohan Joshi (Wolken Software), Susan Philipose (IIMB), Ignesius Thambyraj (former IBM), Prashant Gupta (Microsoft), MV Rambabu (Karnataka CeG) Roadmap Gopal Pingali (IBM), Pamela Kumar (HP), Lalit Mohan (IDRBT) Chapter

Reviewers Udayan Banerjee (NIIT) Vijaykant Nadadur (Tationem) Jyoti M Bhat (IIMB) Vinod Ninan (Rolta India) Anil Bidari (CloudEnabled) Dileep Paruchuri (Intel) Sandeep Dhar (CISCO) Srinivasan Ramakrishnan (former C-DAC) Rajdeep Dua (VMWare) Yogesh Simmhan (IISc) Swapnil Kulkarni (Redhat) Mukul Sinha (Expert Systems) Pamela Kumar (HP) Ignesius Thambyraj (former IBM) Himani Manglani (CCC Information Services) Nitin Upadhyay (Goa Institute of Management) Geetha Manjunath (Xerox Research) Srinivas Varadarajan (Vigyan Labs) Lalit Mohan (IDRBT)

Shri Kris Gopalakrishnan, Executive Vice Chairman and Co-Founder, Infosys, President CII Shri Rajiv Gauba, Additional Secretary, Ministry of Home Affairs Prof. Rajat Moona, Director General, Centre for Development of Advanced Computing (C-DAC) Dr. Rathan Kelkar, CEO, Centre for e-Governance, Karnataka Prof. Sadagopan, Director, IIITB Prof. R Venkata Rao, Vice-Chancellor, NLSIU, Bangalore Prof. Raghunath, Dean, IIMB Prof. Jawahar, CEO, PES University Amit Phadnis VP, CISCO Niranjan Maka Managing Site Director, India R&D, VmWare Niranjan Thirumale, CTO, EMC Dr. CS Rao, President, Reliance Communications Manish Gupta, VP, Xerox Research Center India Ananth Krishnan, VP & CTO, TCS Anurag Srivastava, SVP & CTO, WIPRO Harish Mysore, Director, IEEE India

CCICI would like to recognize and thank the following:

David Allen Vijaykant Nadadur Udayan Banerjee Vinod Ninan Vijay Bhargava Dileep Paruchuri Anil Bidari Gopal Pingali Steve Diamond Yogesh Simmhan Swapnil Kulkarni Ignesius Thambyraj Pamela Kumar Nitin Upadhyay Himani Manglani Yatin Lalit Mohan

World over, we are today witnessing a large-scale adoption of Cloud Computing and Mobile technologies. This unprecedented adoption is being witnessed across sectors including the private sector, small-to-medium sized enterprises, large enterprises, and governmental agencies. Cloud Computing ushers in a certain disruption that enables large-scale opportunities for service innovation from execution to delivery. Although the adoption of these technologies is extensive, the core differentiators are innovations in their usage and in the applications that are contextualized to suit local requirements. It is these innovations or Jugaad if one may say so, that is powering the rapid pace of inclusive growth. In the Indian landscape, we are witnessing enhanced outreach in multiple sectors including healthcare, education, transport, agriculture, resources management and utilization, financial services, governance, and entrepreneurship.

Several agencies within India have been involved extensively in developing strategies that enable us to leverage the disruptive power of cloud computing in order to deploy services at a large scale. These agencies include the government departments at the central, state, and local level; governmental agencies such as NIC, DietY, CDAC; industry bodies such as CII, NASSCOM and iSPIRIT; eminent academic institutions including IITs, IISC, IIMs, IIITs etc.; non-governmental organizations; standards bodies such as IEEE, ACM, Cloud Security Alliance, etc.; apart from IT product and service enterprises in India.

It is heartening to see that stakeholders from these diverse organizations, under the auspices of the Cloud Computing Innovation Council of India, have been working together for a common purpose. That purpose is to discuss, debate, and charter the challenges and pitfalls and to share best-practices in the areas of conceiving, architecting, implementing, and deploying innovative cloud-based solutions in the Indian context. This kind of collaboration within the Indian context needs to encouraged, nurtured, and commended. I am glad to know that these invaluable experiences and learnings have been encapsulated in this white paper. This document will be of great use to a variety of stakeholders within India and uniquely complements similar efforts of industry forums such as CII and NASSCOM or by Indian Governmental agencies such as the Innovation Council of India.

I wish everyone involved in this journey the very best. I wish them success in their goal of leveraging the disruptive power of cloud computing for the benefit of all citizens.

—Kris Gopalakrishnan Executive Vice Chairman & Co-Founder Infosys, President CII

vii Copyright © 2014 IEEE. All rights reserved. The gold standard definition of Cloud Computing comes from NIST in the U.S. and is as follows: “Cloud Computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

The business value of cloud computing is growing rapidly—driving down costs and driving up convenience and flexibility. Also the ability to locate compute and storage resources wherever it makes best sense—cheaper power, easier cooling or even lower cost of maintenance manpower makes it a powerful idea for reducing cost. Cloud services need high bandwidth connections at local, national and international levels and will become a powerful stimulus to increase bandwidth at every layer.

Indian IT applications, whether for revenue generation or internal platforms, can reap many benefits from this technology. Moreover our large software services industry will see major revenue opportunities.

IT penetration and realization of benefits of IT in various walks of life in India—be it economic or social—can be accelerated by cloud computing, especially when it is combined with mobile, applications for educations, health, employment, finance and the like, and pervasive networks. In fact, domestic economy can hope to see measurable gains as a result of accelerated efficiencies realizable through rapid scaling, economics, and innovation at multiple levels.

I hope that India becomes a leading innovator in the cloud technology—generating new ideas, building IP, hosting cloud platforms, and starting innovative companies.

I wish CCICI every success in driving all aspects of Cloud Computing in our country. My dream is that India should lead the world in this new frontier!

—Arogyaswami Paulraj Professor (Emeritus) Dept. of Elect. Engg. Stanford University

viii Copyright © 2014 IEEE. All rights reserved. Cloud computing offers great promise to the government since the budgetary allocation for IT infrastructure can be significantly reduced. Cloud computing enables the optimal utilization of the IT infrastructure by harnessing the basic features such as virtualization. The government of Karnataka adopted the virtualization back in 2008 and reaped substantial benefits, but there is still a long way to go.

Cloud computing is in a nascent stage and is evolving all over the world. CCICI, i.e., Cloud Computing Innovation Council of India with experts in its wings has embarked on a journey with a clear vision of making India the champion in the cloud computing arena. On this occasion I, on behalf of Centre for e-Governance, wish CCICI success in their mission.

—Dr. Rathan Kelkar CEO, Centre for e-Governance, Karnataka

Shri Rajiv Gauba Additional Secretary, Ministry of Home Affairs

Cloud Computing for India

Cloud Computing promises to be the “next big thing” in IT infrastructure and is being considered as a next generation computing framework for the emerging markets. India is one such emerging market that is looking to transform the nation through cloud services. Speed of deploying and development, empowerment to the users to focus on applications rather than infrastructure, and economy by shifting from CAPEX to OPEX would make cloud the game changer by completely transforming how IT services are being delivered. CCICI will play a vital role to fuel the technological innovation across the cloud computing ecosystem in India, which will not only accelerate its adoption but also help India to become the market leaders in this technology.

Department of Electronics & Information Technology (DeitY), Government of India, has already initiated the cloud-computing project “Meghraj”. This project will bring paradigm shift in the way government procures infrastructure and applications. CCICI can contribute to this by providing inputs on framing the standards and development of frameworks vital to the entire Cloud initiative.

Dr. CS Rao

President, RCOM Indian Telco outlook to Cloud is to be able to deliver Apps with Scalable Capacity and Agility for aiming at New Revenue streams. Hence, expectations from TSP to adopt Cloud Architectures are trust, security, geographic residence of data, and operational simplicity. TSPs eagerly await for Key Product Cloud Innovative Solutions offerings around Hosted IP PBX, SIP Trunking, MPLS/IP Bandwidth Services, Managed Fire Walls, Managed Routers, and Hosted Security Solutions for eMail/Web/VPN, etc. as Prime Cloud Monetization Services apart from the usual storage and compute and server needs on cloud.

With the advent of computing, communication, and Internet, Cloud Computing is the natural way to move forward. Realizing this, C-DAC has taken a major initiative in development of Cloud Computing technologies for the benefit of society. CCICI is a unique effort happening in the rapidly emerging area of Cloud Computing. It aims to accelerate the innovation and adoption of Cloud Computing in India, thereby catapulting the country to a leadership position in this field. It aims to achieve this objective through a collaborative platform of visionaries from the government, R&D, academics, and industry. CCICI also aims to address the issues of security in the Cloud Computing Environment, along with interoperability of different Cloud solutions. In a developing country like India, the importance of Cloud Computing is obvious, what with the enormous levels of Economies of Scale that Cloud Computing offers. Organizations are serious to migrate from a traditional capital intensive Data Center IT infrastructure to a flexible infrastructure with Cloud Computing technology. Recognizing the advantages in offer, the government of India is taking efforts to ensure that several of the national level initiatives with Cloud Computing are being carried-out. It is heartening to see that CCICI is blossoming into a more vibrant structured initiative in our country to meet the present and future growth of Cloud Computing, which will lead to economic benefits in many of the state and central level programs.

Niranjan Thirumale CTO EMC

The value proposition of Cloud is very clear. It enables organizations to focus on their core business, without worrying about CapEx on IT infrastructure or managing their own data center. It enables delivery of services at large scale, at a cost that’s rapidly decreasing. As a country of 1.2 billion people, India is all about scale; it is also cost- conscious and rewards frugal innovation. Cloud as a service delivery mechanism for both private businesses as well as the government, is bound to be extremely attractive in India.

We expect CCICI to take the lead in clearing the path for rapid cloud adoption in India, and to nurture an ecosystem of cloud innovation that will help India leapfrog other countries in cloud-based IT.

The continuing advances in computing capabilities and the proliferation of data in digital form are leading to a tipping point in our ability to tackle societal problems with the help of information technology. Cloud Computing is a crucial enabler as a convenient delivery model for solutions in areas such as healthcare, education, transportation, and smart governance. CCICI can play an important role in creating the necessary ecosystem for that next phase. I congratulate the team on the release of this white paper and encourage them to help implement some of their recommendations for India.

Niranjan Maka, VMware India It is heartening to see the coming together of diverse experts and organizations, in private and public sector, in technology and vertical domains to drive the revolution that is Cloud Computing.

CCICI's charter is to realize the vision of “digital India” by enabling multiple voices of experts in key domains to help enable and drive, new standards and policies, to tap into the seismic shifts underway due to technologies such as cloud and mobile computing.

It is important to understand and define what platforms and technologies will enable us to unleash the power of this technology in a democratic, secure, and efficient way.

Harish Mysore Director, IEEE India

Cloud Computing is one of the first initiatives of the IEEE Standards Association (IEEE-SA) in India. The Cloud Computing Innovation Council for India (CCICI), which was formed more than a year ago, is a crucial initiative with a focus on development of a road map for cloud computing over the next 3-5 years focused on India. This initiative has been active from the day it started and is very successful in connecting various stakeholders in India. CCICI has provided a collaborative platform and has brought together thought leaders from the industry, government R&D labs, and academia who have volunteered their time to come up with this white paper.

Cloud Computing is re-shaping the IT sector globally—in India Cloud Computing has the potential to transform how the services are delivered to citizens. The development of the roadmap and the white paper from CCICI will enable delivery of e-Governance, e-Health, and e- Education to have a huge societal impact.

I wish the CCICI all the success.

I. Cloud Computing is a new paradigm in Information Technology (IT) and IT-enabled services (ITES) that transforms “computing as a resource” to “computing as a service”. It is a disruptive technology with influence pervading across all aspects of a modern economy. While this has the potential of leapfrogging the economy of emerging markets like India, the adoption and deployment in such countries poses a unique set of technological, business, and regulatory challenges.

II. The next five years are expected to be an exponential growth phase for Cloud Computing in India. Conservative estimates put the 2011 spending on Cloud Computing at $0.9 B (2.3% of total IT spending), with the potential to grow to $4.5 B by 2015. However, with the right focus and innovation, this can become the dominant IT model making it a ten times bigger market opportunity.

III. The current state of IT deployment (refer UN e-Governance survey—India is ranked 124) indicates that India has a near greenfield opportunity of developing cloud-based solutions that can leverage the latest technology and be optimally suited to the unique requirements of emerging markets.

IV. Rapid adoption of cloud in the global market and the prolific innovation “for the cloud” and “on the cloud” represents a disruptive play in the IT/ITES industry. This is a great opportunity as well as threat for India’s IT/ITES industry. A proper strategy and focus on innovation is essential to be able to ride this wave as opposed to being washed away by it. Parallel report of the Indian SMB market for cloud services in 2013 is estimated at approximately 17 billion (U.S. $339 million) and is expected to grow 35% year-on-year for the next three years, reaching approximately 42 billion (U.S. $839 million) by the beginning of 2016 [63].1

V. There is deep expertise available across the R&D Labs, academia and government labs in various technology areas associated with cloud computing. However, they have been primarily operating in isolation.

VI. The Cloud Computing Innovation Council of India is an open platform aimed at bringing together subject matter experts across government, industry, and academia to collaborate and innovate with the objective of accelerating the emergence of the Indian IT ecosystem as a strong “global leader” in Cloud Computing technologies for emerging markets.

VII. The Cloud Computing Innovation Council of India will also drive collaboration to help accelerate adoption and deployment of Cloud Computing in the country. A framework for adoption and development of standards, interoperability testing, certification, and benchmarking would be a primary focus area.

VIII. The Cloud Computing Innovation Council will be driven as an open forum with subject matter experts participating as volunteers in working groups delivering innovation proposals and outcomes such as the following:

 Standards recommendations, interoperability test beds, certifications and benchmarks

1 The numbers in brackets refer to the references listed in Annex A.

xiv Copyright © 2014 IEEE. All rights reserved.  White papers and reference architectures  Pilot projects to develop prototypes, demonstrations, proof of concept etc.  Research projects resulting in “eminent” publications and Intellectual Property  Policy and regulatory recommendations  Incubation of innovation promoting entities – Innovation Sandbox, Innovation Clusters, etc.  Capability building through conferences, workshops, eLearning platforms, design challenges, awards, participation in global forums, etc. This paper represents the consolidated work of a significant body of experts from industry, government, academia, and professional bodies that came together within the CCICI to assess global trends in Cloud Computing, the status of India, India-specific challenges and opportunities, and recommendations to accelerate Cloud Computing adoption and innovation in India.

This paper presents a roadmap for Cloud Computing in India spanning the following three phases:

i) Foundation and adoption ii) Penetration and scale out iii) Maturity and global leadership

A1. Introduction ...... 1 A1.1 Vision, Scope, and Definition ...... 1 A1.2 Global Trends and India Market Trends ...... 4 A1.3 Indian Cloud Initiatives ...... 7 A1.4 Approach and Strategy ...... 20 A1.5 Summary ...... 22 1. Cloud Usage Scenarios and Service Delivery Framework...... 23 1.1 E-Governance ...... 23 1.2 Industry-specific Clouds ...... 26 1.3 Usage Scenario—e-Health ...... 29 1.4 SaaS and Applications Evolution ...... 38 1.5 Big Data and Analytics ...... 42 1.6 Innovation Ecosystem ...... 48 2. Cloud Platforms and Infrastructure Framework ...... 55 2.1 System Architecture, Compute, Networking, Cloud OS, and Virtualization ...... 57 2.2 Cloud Storage ...... 67 2.3 Application and Data Platforms ...... 77 2.4 Cloud Management...... 82 2.5 Sustainability, Mobility, and Accessibility ...... 90 3. Cloud Enablement Framework ...... 104 3.1 Cloud SLAs ...... 106 3.2 Cloud Security ...... 117 3.3 Cloud Standards and Interoperability ...... 126 3.4 Regulations and Policy ...... 144 3.5 Business Models and Strategies in Cloud Computing ...... 150 4. A Roadmap for Cloud Computing in India: An Initial View ...... 159 4.1 Introduction ...... 159 4.2 Vision, Mission, and Outcomes of Cloud Innovation Council of India ...... 159 4.3 Levers for India to Lead in Cloud Computing ...... 160 4.4 An Initial Draft Roadmap for Cloud Computing in India ...... 161 4.5 Planned activities of CCICI ...... 165 4.6 The Role of CCICI in Accelerating and Realizing the Roadmap ...... 166 Annex A (informative) References ...... 167 A.1 References cross referenced in this white paper ...... 167 A.2 Additional sources and websites ...... 172 Appendix A Organization Principles ...... 179 Appendix B List of Members...... 181

A Framework and Roadmap for Cloud Computing Innovation in India

White Paper 2.0

A1. Introduction

A1.1 Vision, Scope, and Definition

A1.1.1 Background

At the successful conclusion of the first IEEE International Conference on Cloud Computing in Emerging Markets (CCEM 2012) (http://ewh.ieee.org/ieee/ccem/) at Bangalore in 2012 a group of professionals from industry, academia, R&D labs, and government came together to develop a vision for enabling Cloud Computing Innovation in India. Realizing how the Cloud Computing paradigm is fast transforming industries and governments around the world and the tremendous opportunity for India to lead in this area, this volunteer group of technologists, forming the Cloud Computing Innovation Council for India (CCICI), have established the following agenda:

. Achieve global leadership for India in Cloud Computing usage, services, offerings, and innovation . Accelerate national adoption of Cloud Computing technologies, driven by local expertise . Develop an innovation framework for Cloud Computing initiatives in India for national and global impact . Development of relevant standards at the national and international level (e.g., interoperability, privacy, and security) . Foster an environment for multi-stakeholder partnership and joint progress

There is significant expertise in India across industry R&D Labs, academia, government labs, and startup companies in technology areas associated with cloud computing. Indeed, a significant part of the global development of cloud computing technologies and solutions is happening from India. However, these efforts have been primarily operating in isolation. Given that Cloud Computing is a fast emerging and potentially disruptive topic that India cannot afford to ignore, the CCICI group has organized itself as a collaborative think-tank of motivated volunteers focused on promoting innovation and technology-driven solutions for and from India.

A1.1.2 Key Drivers

Cloud Computing (CC), a new paradigm in Information Technology (IT) and IT Enabled Services (ITES), is defining the future of computing. While India has the potential to leapfrog into this paradigm, the adoption and deployment of CC poses a unique set of technological, business, and regulatory challenges. Current estimates project an exponential growth in the CC market in India from $0.9 billion in 2011 to $4.5 billion by 2015. Focus on innovation can make Cloud Computing the dominant IT model and enable a 10 times bigger market opportunity.

. There is significant opportunity for stimulating Indian markets for accelerated adoption of Cloud Computing, attraction of investments for infrastructure and innovation driven by Indian needs. For example, adoption of Cloud Computing can change the complexities of the current painful and slow adoption of e-Governance in the country. . Creates opportunities to collaborate and consolidate similar systems. . Helps organizations focus on their core business and use IT more as a commodity. . Opportunities to tap the ‘disruptive’ technology based on innovative products, technologies, Intellectual Properties (IPs), standards, business models, and early markets both in India and around the world. . New boundaries and faster market penetration. . Increased focus on operational efficiency for competitive advantage. This section outlines CCICI’s vision, mission, scope, activities, structure, and initial thoughts on governance and funding.

A1.1.2.1 Vision

The vision is to provide a collaborative platform to accelerate Cloud Computing adoption and innovation in India and enable India’s emergence as a global leader in Cloud Computing (CC).

A1.1.2.2 Mission

The mission of CCICI is to execute on its vision by promoting a number of collaborative initiatives in India with well-defined outcomes as shown in the following table:

INITIATIVE OUTCOMES Provide thought leadership in CC White papers, Reference Architectures Promote early adoption of CC Interoperability and Standards Framework, Pilot Projects (Apps store, promos, etc.) Prototype solutions addressing India’s Innovation Sandbox, Research projects unique challenges—scale, diversity, etc. Creating a globally competitive Incubation of Innovation Clusters, Venture Capital funding, Innovation Ecosystem academia driven research partnership, mentoring startups, etc. Promote multi-stakeholder Innovation proposals leading to sustained and successful PPP partnerships Collaborations Establish world class technical Conferences, workshops, eLearning, challenges, awards, expertise participation in global forums

A1.1.3 Scope, Organization, and Progress Till Date

Beginning as an informal group, the CCICI is now registered as a formal entity under the IEEE Standards Association‘s Industry Connections program. This provides an incubation umbrella and access to collaboration tools and other best practices for governance. CCICI today is operating with an Executive Committee, various working groups (WG), and sub-groups addressing different topics identified from time to time.

CCICI has prepared A Framework and Roadmap for Cloud Computing Innovation in India. CCICI has organized itself into working groups and sub-groups for focused thought process on Cloud Computing. These work groups are as follows:

 WG 1 Cloud Usage Scenarios and Service Delivery Framework  WG 1.1 e-Governance  WG 1.2 Industry Specific Clouds  WG 1.3 ICT for development – e-Education, e-Health, etc.  WG 1.4 SaaS and Applications Evolution  WG 1.5 Big Data and Analytics  WG 1.6 Innovation Ecosystem  WG 2 Cloud Platforms and Infrastructure Framework  WG 2.1 System Architecture:  WG 2.2 Cloud Storage  WG 2.3 Application and Data Platforms  WG 2.4 Cloud Management  WG 2.5 Sustainability, Mobility, and Access Technologies  WG 3 Cloud Enablement Framework  WG 3.1 Cloud SLAs  WG 3.2 Cloud Security, Anonymity, Privacy  WG 3.3 Standards and Interoperability  WG 3.4 Policies and Regulations  WG 3.5 Business Models and Strategies in Cloud Computing

Chairs, Vice Chairs, and members of the above working groups and sub-groups have been firmed up in most cases with new members signing up regularly. Each working group and sub- group is addressing global trends in the relevant area, initiatives and opportunities in India, challenges and barriers, specific recommendations and innovation proposals. Each working group will frequently publish innovation proposals—after due review—and drive related activities under the broader framework of the Council. The following is a preliminary list of innovation proposals:

. Innovation Sandbox for Cloud Computing . World Cloud Council . Cloud Computing Innovation Clusters . Web Services framework and Appstore for e-Governance . Knowledge as a Service . Cloud-based eHealth Reference Architecture, Standards, and Analytics . Cloud Standards Development Framework . Intercloud Interoperability Demonstration

In the medium term, CCICI will also address the following issues:

. Advisory board to establish the primary character of the group and a long-term affiliation to provide stability and growth . Funding methodology and funding sources to support the agenda, activities and principles of CCICI . Institutions that could best help support the Council’s activities . Name, logo, branding, and membership

A1.1.4 Cloud Definition

Cloud is an acronym for a range of service and deployment models that rely on elements such as standardization, automation, and optimization to deliver IT services efficiently and consistently, over the network. For the purpose of CCICI documents and activities, we are adopting the NIST (National Institute for Science and Technology) definition: “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The cloud model is composed of five essential characteristics (resource pooling, broad network access, on-demand self-service, rapid elasticity, and measured service), three service models (IaaS, PaaS, and SaaS), and four deployment models (private, public, hybrid, and community). (Refer to NIST SP 800-145 [58].)

A1.2 Global Trends and India Market Trends

Cloud Computing can be a major enabler in transforming India by accelerating the adoption of IT pervasively across the country. Various indicators are summarized in the following study conducted by and reprinted with permission from Zinnov Management Consulting [211].

Cloud adoption indicators in India

Adoption of IT technology is on an exponential growth curve: In spite of the global slowdown, the performance and growth forecast of Indian companies remains impressive. The next 5 years will see hyper-growth in usage and adoption of IT technologies fuelling the overall economy and an emergence of IT product development in India.

IT priorities of decision makers indicate cloud model preferences: The priorities of IT decision makers clearly indicate an inclination towards cloud models. The rising demand for better agility and flexibility, opex vs capex spending models, and wider reach to customers through newer go-to-market models can be best met by the adoption of cloud-based IT technologies.

Indian cloud market has grown steadily to reach USD 860-912 million in 2011: Cloud is a rapidly growing market in India. While investments in cloud have grown significantly to reach nearly U.S. $ 1 Billion, adoption is still very small representing only 2 to 3 percent of the IT spends in the country.

Rapid growth in the IT Ecosystem will further drive cloud adoption in India: Growth in Large enterprises, maturation of SMBs, huge government investments and the growing consumer base of Internet and mobile phones will drive demand. The skill base in MNC R&D centers and start-ups will feed the product development to support this demand.

A1.2.1 Emerging Global and Local Trends Will Fuel the Growth of Cloud Market

There are six broad trends that will act as drivers and constraints to the adoption of modern technologies:

TREND1: A combination of cloud and social, cloud and big data, cloud Large global companies are looking for new and mobility has created interesting use cases for businesses. business growth opportunities using modern Hence, the adoption of advanced IT technologies is driven by Information technology solutions. business growth and not mere IT cost reduction. TREND 2: . Amazon®: the largest book store in the world today Software is truly eating the world. Marc . iTunes®: the largest music company in the world Anderssen’s prophecy is a reality today. Many of today the recent startups are disrupting traditional . Skype™: the fastest growing telecom company businesses. “Industry with market cap of 31 trillion will get . LinkedIn®: the largest recruitment company in the reinvented through the use of these newer world Are all cloud enabled software companies technologies”- Mary Meeker- Kliener Perkins. TREND 3 : CLOUD is becoming a major evolutionary step in IT services industry in mature markets.

Can the EMERGING MARKETS directly leapfrog to CLOUD?

TREND 4: Cloud-based IT solutions (integrated with social media and Enterprise boundaries are getting redefined. They analytics) and bring higher business value. are getting more and more integrated with their Large companies are automating IT systems operating at the partners, suppliers and other areas of the intersection of the various ecosystem players and developing ecosystem. new business solutions. SMBs need IT systems with low complexity and They need IT innovations in effective integration with the scalability to meet their internal requirements. overall ecosystem. Elasticity and connectivity provided by cloud align very well with these needs. TREND 5: 70% Indian software product startups since 2010 are cloud- Startups will drive innovation relevant to Indian based. Peelworks – solution linking vendor, distributor cloud market. network and sales force. Capillary – customized real-time Many “Made in India” disruptive solutions are likely. deals while customers shop. Initial success in India leading to globalized solutions.

TREND 6: A multi-billion U.S. dollar CLOUD market will unfold in India : Growth would largely be driven by - increased maturity of Indian enterprises towards cloud computing and - CEO/CIO mandate for an enterprise wide cloud strategy. The combined cloud services market (public and private) at the same time would increase to U.S. $ 4.5 billion accounting for more than 3% of the global market from the current 0.3%.

A1.3 India Initiatives

India has taken major initiatives in the 11th and 12th Five Year Plans to strengthen investments in the Broadband and IT Infrastructure. A report by CII titled “The Indian Cloud Revolution” [73] summarizes this well.1 Some key initiatives that exemplify the rapid adoption and deployment of Cloud Computing are mentioned in the paragraphs that follow.

A1.3.1 Meghraj

The Department of Electronics and IT (DeitY) in India has launched Meghraj (GI Cloud – [http://deity.gov.in/content/gi-cloud-initiative-meghraj]), a national cloud initiative to help the government leverage cloud computing for effective delivery of e-services. The project, initiated to support the implementation of the National e-Governance Plan of India (NeGP), aims to create a private/community cloud environment for the use of government departments and agencies at the Centre and State levels that will accelerate the delivery of e-services to citizens and support other objectives such as increasing standardization, interoperability and integration, pooling of scarce and underused resources, and the spread of best practices. The National Cloud will be able to provide services such as computing, storage and network infrastructure, backup and recovery, and application development supported by State Clouds.

GI Cloud Services Directory will be created to help public sector organizations find and subscribe to relevant services. The government’s AppStore will host both cloud and non-cloud enabled applications that can easily be customized to meet the needs of different organizations.

The roadmap declares that cloud computing environments will be established at the national and state levels, starting with one National Cloud, using new and existing data centers.

The first step defined for the implementation of GI Cloud is the establishment of an ‘Empowered Committee’ to provide strategic and regulatory guidance to DeitY and other stakeholders. DeitY publishes guidelines and standards for the security, application development, service delivery, contract management and pricing, and procurement for adoption of GI Cloud.

1 Information on references can be found in Annex A.

The roadmap specifies that detailed studies of the existing infrastructure capacity at the government data centers and the requirement for infrastructure and applications need to be conducted for effective implementation of GI Cloud.

A1.3.2 NIC Cloud Computing

NIC’s cloud computing approach provides government partners with an opportunity to effectively manage technology resources that accelerate speed to market and deliver resources on a scalable as-needed basis. The NIC private cloud offers federal, state, and local government partners a state-of-the-art, high performing, and fully secure hosting operation that support secure transaction processing worth several billion dollars per year. NIC’s private cloud is backed by a team of technicians with more than 200 years of combined IT management experience.

Services Key Features Provide shared computing environments that Hardened Tier-4 facility protected by multiple deliver cost savings to government agencies security measures Offer resources to any approved government Redundant dual OC48 uplinks directly connected to entity on need basis AT&T® Deliver administrative support, data security, Global IP backbone—burstable to 1 Gbps to Global IP and governance controls backbone with extensive burstable capabilities Compliant with all federal, state, local, and Best-in-class fire suppression system—VESDA® industry security requirements Extensive power—supply management and planning 24/7 customer support—Dedicated technical to ensure continuity with redundant geographic support team power grids Specific dedicated servers for secure data Flexibility to accommodate new technologies as they storage are introduced

A1.3.3 National Knowledge Network

The National Knowledge Network (NKN)2 is a state-of-the-art, multi-gigabit pan-India network for providing a unified high speed network backbone for all knowledge-related institutions in the country. The purpose of such a knowledge network goes to the very core of the country’s quest for building quality institutions with the required research facilities and ability to build a pool of highly-trained professionals. The NKN will enable scientists, researchers, and students from different backgrounds and diverse geographies to work closely for advancing human development in critical and emerging areas.

The main design consideration for NKN was to create an infrastructure that can scale and adapt to future requirements. NKN design philosophy is to encourage, enable, enrich, and empower the user community to test and implement innovative ideas without any restriction from network technology and its administration.

NKN network is designed with the aim of providing:

. Highest level of availability.

2 For information on the NKN, visit http://www.nkn.in.

. Robust and reliable connectivity.

. Highest level of Scalability (specifically planned to match the unknown future demands that cannot be envisaged currently).

. Best bandwidth capacity: For NKN, various National Long Distance Carriers (NLDs) have provided 1 Gbps/2.5 Gbps capacity links that can be self-healed. Further, the NLDs are in process of upgrading (using DWDM) to 10 Gbps or more connectivity.

. The main services of NKN can be broadly categorized under the following heads:

 Generic Services: Internet, Intranet, Network Management Views, e-Mail, Messaging Gateways, Caching Gateways, Domain Name System, Web Hosting, Voice over IP, Multipoint Control Unit (MCU) Services, Video Portals, SMS Gateway, Co- Location Services, Video Streaming, etc.  Community Services: Shared Storage, e-Mail List Software Application (LISTSERV), Authentication Service, EVO, Session Initiation Protocol (SIP), Collaboration Service, Content Delivery Service, International Collaborations with EU-India Grid, Global Ring Network for Advanced Applications Development (GLORIAD), etc.  Special Services: Virtual Private Network Stitching Services [VPN@L2 (Virtual Private Wire Service / Virtual Private LAN Service), VPN@L3], etc.

A1.3.4 eBharath 2020—A Vision of Future e-Governance

The National e-Governance Plan (NeGP) is being implemented for several years all over the country. The current NeGP has its own strengths as the first well organized plan of the Govt. of India for both Central and State level e-Governance projects. Twenty-seven mission mode projects (MMPs) of NeGP had seen their partial successes. However, many additions such as stakeholders needs analysis, project planning and management, process reforms and reengineering could be identified, especially in the context of technology developments such as the ubiquitous mobile phone penetration calling for mobile applications, new technologies such as Service-Oriented Architecture (SOA), grid, cloud, big data analytics, and enterprise architecture techniques for deployment in e-Governance.

In this paper, we have proposed the need for further evolution of NeGP, i.e., to eBharath-2020 comprising of the following 12 steps:

Step 1. Perform survey and stakeholder needs analysis for

a) Needs of citizens at rural and urban areas b) Needs of businesses (SMEs and large industries) c) Needs of government employees at state and central levels

Step 2. Based on the above survey and analysis, perform needs-based, large scale e-Governance Project Planning for service delivery through mobile phones, making the mobile phone the

center of service delivery given the great revolution in telecommunications resulting in large scale penetration of the mobile phone in rural as well as urban areas with examples as follows:

. m-biometric identity authentication (along with digital signature and Unique Id integrated into mobile phone) . m-health (mobile-based tele medicine and health consultancy) . m-education (mobile-based virtual education classrooms in local languages at all levels) . m-agriculture (mobile-based agri extension advice and monitoring, management and sale) . m-elections (mobile-based online voting based on authentication) . m–rural development (various rural development projects based on mobile) . m-panchayat (panchayat services delivered on mobiles) . m-gram bazaar (linking rural producers with urban consumers using mobiles) . etc etc (many more such mobile applications can be identified)

The ubiquitous mobile phone will have to be made the center point of delivery of all Services— not just e-Governance certification services but core services that impact daily life as Health, Education, Employment, Agriculture, Commerce, etc., have to be developed.

Step 3. Enact the dedicated e-Governance Act, with compulsory process reform and reengineering with maximum efficiency using Lean Six Sigma (2) processes (most efficient) involving values (Dharma) of principles of Justice, Equality, Transparency, Accountability and Responsiveness to citizen needs. A “think tank” advisory group and R&D center/Institute comprising representatives from government, Comptroller and Auditor General of India (CAG), judiciary, legal experts, academia, civil society, and industry can be formed to give advice to help formulate this Act. The present Electronic Services Delivery Act (which has no compulsory process reform) and reengineering needs to be expanded towards these ends. Process reform and reengineering based on Lean Six Sigma has to be made compulsory to achieve the most efficient process with no wastages and ensuring least cost and least time. A high-power committee comprising the Political Establishment, Comptroller and Auditor General of India (CAG), Law Department, Prime Minister’s Office, and Project Monitoring experts may monitor and ensure the implementation of the reforms as formulated in the e-Governance Act.

Step 4. Perform reengineering of Government Processes on compulsory basis based on the above, using Lean Six Sigma Principles (most efficient) based on the e-Governance Act. A composite team comprising members from NIC, DIT, Six Sigma Consultants (including BPR specialist) along with line Ministry/Department of Government may drive the process reform and reengineering. It is proposed that the reengineering/reform provisions of Electronic Services Delivery Act 2011 be made compulsory. Also enhance the Land Reforms with geospatial mapping of the entire country.

Step 5. Perform reengineering of Judicial Processes based on the above e-Governance Act, using Lean Six Sigma Principles (most efficient). The scope of terms of e-committee of Judiciary may be enhanced to include process reform towards efficiency and integration of Judiciary with Jails, Transport, and Police systems. Judicial pendency has to be aimed to be minimized and, if possible, be eliminated by the appropriate Process Reforms in Judicial processes and procedures.

Step 6. Perform reengineering of Election Process on compulsory basis based on the above e- Governance Act, using Lean Six Sigma Principles (most efficient). The internal reform/reengineering group of Election Commission may be engaged along with Six Sigma and BPR Consultants and legal experts to identify the least time and least cost methodology for conducting elections online and completing the result processing online.

Step 7. Perform reengineering of Legislature Process on compulsory basis as based on the above e-Governance Act, using Lean Six Sigma Principles (most efficient). The internal Secretariat of Parliament and Secretariats of State Legislature bodies may execute Process Reforms with the help of NIC, DIT, and Six Sigma Consultant (including BPR specialist).

Requisite impetus can be given for steps 4, 5, 6, 7 above to be implemented by the concerned government departments several times, iteratively, beginning with the presently existing status of Mission Mode Projects, with the help of NIC through Workshops and Training Programs on Lean Six Sigma methodology to all the stakeholders in various Departments of the Central and State Government, Judiciary, Election Commission, and Legislature bodies. The concerned stakeholders in the government are required to be adequately trained and motivated towards Process Reforms in the interest of efficiency. After such training they may be asked to implement Process Reforms and Reengineering based on Lean Six Sigma. Several such rounds of reengineering and reforms iteratively will result in the evolution of significant modernization comparable to advanced nations. The Comptroller and Auditor General of India (CAG) may be involved in auditing and maintaining effective implementation of the Reforms according to the above e-Governance Act.

Step 8. Identify processes (after completing reengineering and reforms as above) for all the sectors and identify services using Service Oriented Approach (SOA) as for life cycle of Citizens— different services for life such as birth, education, employment, marriage, health, retirement and pension.

Step 9. Develop Web Service Repositories according to the above for Central, State, and District levels of the government and also for Judiciary and Legislature. These web services will be ensuring interoperability of Information Systems of various Mission Mode Projects.

Step 10. (a) Implement the e-Governance Grid/Cloud Architecture on the National Information Infrastructure at Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) levels using Service-Oriented Architecture SOA (SOA), with Web Service Repositories at Central, State, and District levels. (b) Implement EA (Enterprise Architecture) for SaaS (Software as a Service) layer with Single Window for all government services (e-Sarkar). The National Information Infrastructure (NII) and the National Knowledge Network (NKN) can be used as the backbone infrastructure for implementing the grid and cloud for e-Governance utilizing the data centers all over the country. Sectoral databases may be integrated into Data Warehouses and Big Data Analytics be adopted on the data.

Step 11. Plan and implement integrated e-Governance (e-Sarkar), e-Judiciary (e-Nyaya), e- legislature (e-Vidhan), and e-Democracy.

Step 12. Finally, fully integrated single window e-Bharath 2020 covering all areas as above.

A1.3.5 C-DAC Cloud

A1.3.5.1 C-DAC Cloud and Grid Initiatives

C-DAC’s total cloud works are summarized in Figure 1. Various C-DAC Centers are working on various applications, infrastructure, and Cloud Stacks/Middleware.

Hyderabad: Bangalore: Noida: E-learning HPC Applications HMS e-shikshak PS PS

TVM: HPC as a Service: Healthcare MPI/Hadoop Virtual Cluster(VC) Applications Problem Solving Environments

IaaS Saa Staa

Meghdooth: Cloud Stack Sumegha: Scientific Cloud Stack

Figure 1 —Summary of C-DAC Cloud Work

A1.3.5.2 Pan C-DAC Cloud Infrastructure

Pan C-DAC cloud Infrastructure aims to support setting up physical infrastructure to deploy some of the in-house cloud middlewares such as SuMegha Scientific cloud, based on Nimbus®; Eucalyptus-based Meghdoot; and OpenSource-based cloud middleware such as OpenStack®. The deliverables of the project includes the following:

 Pan C-DAC Cloud infrastructure Operating with: Meghdoot/SuMegha Stacks.  24x7 availability of the common cloud infrastructure for applications, storage of employee data/group data, and projects.  Provide repository for Web pages.  Provide tools for software version control, repositories, bug tracking software etc.  Cloud Enable Applications of Pan C-DAC Cloud Project are as follows: . Hospital Information System (HIS) C-DAC, Noida . HIS- Health Care Applications C-DAC, Thiruvananthapuram . Learning Management System (e-Sikshak) C-DAC, Hyderabad . MANTRA (MAchiNe assisted TRAnslation tool) C-DAC Pune . Disaster Recovery as a Service (DRaaS) C-DAC Mumbai . eSanjeevani (a Web-based health care solution) C-DAC Mohali

A1.3.5.3 SuMegha: C-DAC Scientific Cloud

SuMegha allows users to run scientific application through a cloud interface.

High Performance Computing (HPC) allows scientists and engineers to solve complex science, engineering and business problems using applications that require very high compute, massive storage capabilities, high bandwidth and low latency networking. Typically, scientists and engineers either wait in long queues to access shared clusters or acquire expensive hardware systems.

Cloud Computing is a model for on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services, and software) that can be easily provisioned as and when needed. For research groups, cloud computing will provide convenient access to reliable, high performance clusters and storage, without the need to purchase and maintain sophisticated hardware. Bringing HPC facilities to cloud will provision the Indian scientists and researchers a crucial set of resources and enable them to solve large-scale, data-intensive, advanced computation problems on research topics across the disciplinary spectrum. Scientific cloud enables greater systems flexibility and eliminates the need for dedicated hardware resources per applications and would help researchers cope with exploding volumes of data that need to be analyzed to yield meaningful results. It also simplifies usage models and enables dynamic allocation per given task. However there are various challenges like cluster virtualization, performance, scalability, power consumption and collaborative work environments that need to be addressed when HPC applications are running on cloud.

A1.3.5.3.1 Benefits of C-DAC Scientific Cloud to the Scientists and Research Community

 Scientists can have easy access to large distributed infrastructures and completely customize their execution environment, thus providing the perfect setup for their experiments.  Access to on-demand cloud resources enables automatic provisioning of additional resources from the C-DAC HPC service to process peak application workloads, reducing the need to provision data center capacity according to peak demand. Hence, scientists will benefit from the ability to scale up and down the computing infrastructure according to the application requirements and the budget of users.  Virtual ownership of resources: Virtual ownership of cloud resources will reduce uncertainty concerning access to those resources when you need to use them.  Reduction in execution time: Jobs will be scheduled using intelligent data placement algorithms.  Ease of deployment: The use of virtual machine images offers the ability to package the exact OS, libraries, patches, and application codes together for deployment.

A1.3.5.3.2 SuMegha (HPC as a Service): Supported Features

 CloudVault—Storage as a Service.

 On demand Provisioning MPI and Map reduce clusters to support compute intensive and data intensive applications.  Easily store, import, share, and query images.  Secure and quick access to HPC clusters.  Facility to customize and configure the libraries, software workflows, etc. on HPC clusters as per the applications requirement.

A1.3.5.3.3 SuMegha: Applications

On-demand cloud computing can add new dimension to HPC. The two application domains that have been identified as target applications for scientific cloud are Life Sciences and Climate Modeling.

Life sciences are areas like Metagenomics (study of metagenomes, genetic material recovered directly from environmental samples) and cutting-edge sequencing systems produce data at a massive rate; the analysis of these datasets requires significant computing resources. There are many tools available in the public domain for metagenomics studies such as MG-RAST, MEGAN, CAMERA, MetaPhyler, CARMA etc. Some of them are GUI based tools and some are command- line based tools (e.g., MetaPhyler). Cloud Computing provides a possibility for on-demand access to computing resources and such tools. In the past, there were few efforts made to host the database and do metagenomics analysis on cloud. However, there is no cyber infrastructure available where the complete metagenomics data along with all relevant tools and databases are hosted on any of the Cloud Infrastructure.

Climate models, like Seasonal Forecast Model (SFM), provide a global model of the atmosphere. SFM represents the atmosphere in three dimensions of space and time is the fourth dimension. This model is used to simulate the general circulation patterns of the atmosphere from a given initial state. It is used for forecasting the atmospheric state ahead of a season. The computations of the model are performed through spectral computations. The evaluation of spectral coefficients is computationally intensive. They also pose a challenge to parallel scalability as they involve global summation operations.

Life Sciences and Climate Modeling requires High Performance Computing (HPC) power (compute and storage) for its simulations and will be useful if it can be run efficiently on an HPC platform delivered through a Cloud Computing paradigm.

A1.3.5.3.4 Cloud Vault: Storage as a Service for Scientific Cloud

Cloud Vault provides a simple web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the Web or Linux® based desktops.3 It provides unlimited storage space to any kind of user’s data like application-generated data, documents, presentations, videos, audio, etc. It also enables on-demand, easy access to reliable data storage and provides single point access to the user’s data anytime from anywhere. HPC applications process very large amounts of data. A critical research challenge lies in transporting input data

3 Linux is a registered trademark of Linus Torvalds.

to/from the HPC clusters from/to a number of distributed storage sources, e.g., scientific experiments and web repositories, and offloading the resulting data to geographically- distributed, intermittently-available end-users. Cloud Vault also supports data synchronization to/from HPC virtual clusters and virtual machines.

A1.3.5.3.5 Features of Cloud Vault

The features of Cloud Vault include the following:

 Easy access to storage: Supports easy access mechanisms such as Web interface, Command Line, Linux clients, and Desktop GUI application.  Data isolation and security: Data of one user is isolated and secured while at rest or while being transferred.  Container sharing: Enables users to share their data with the other registered users of the Cloud Vault in a controlled way.  Huge file support: Allows users to upload files from range of MBs, GBs, up to Terabyte rages.  Reliability and availability: Provides 98% up-time guarantee and three-way redundancy for data.

A1.3.5.4 Meghdoot—An Open Cloud Initiative of C-DAC

Meghdoot is one-stop solution to implement a state-of-the-art cloud environment completely based on Free and Open source software. This single suite incorporates tools across all layers to establish your own cloud with regard to open standards.

A1.3.5.4.1 Meghdoot: Features and Functionalities

Meghdoot is an indigenous cloud suite developed with research efforts on top of existing open source cloud tools offering the following features, but not limited to: graphical installation and configuration; Web-based management of resources with self-servicing portal; fully-automated functioning; customizable elasticity; high availability to all services and resources; provision to deploy user licensed software; interoperable with other clouds; end-end security framework; backup and disaster recovery.

The research contributions to the open source community through Meghdoot are as follows: customizable elasticity algorithm; provision to host windows instances; high availability to all resources and services; heterogeneous hypervisor in single cluster; interoperable with other cloud service providers with data portability; live VM migration; standardization across various segments of cloud; choreography and orchestration; auto scale in/out; enhanced security of all services; auto-formatting of volumes; inclusion of third party CA.

A1.3.5.4.2 Meghdoot: Implementation

Meghdoot is successfully deployed in various government departments and in academic institutions. C-DAC Chennai offers consultation to various agencies on implementing and managing cloud, and developing cloud-enabled applications. Also, they conduct corporate training and certification programs on implementing cloud and developing applications in cloud.

A1.3.5.4.3 Meghdoot: Deployments

 Indian Banking Community Cloud is established using Meghdoot in Institute for Development and Research in Banking Technology, Hyderabad (established by Reserve Bank of India). The community cloud was inaugurated by Governor, Reserve Bank of India and currently 12 banks with 15 applications is ported into Meghdoot cloud.  Meghdoot Cloud environment is established in Tamilnadu State Data Centre, Chennai, and few of the Tamil nadu State Government applications are hosted onto it.  As a part of PAN C-DAC Cloud activity, Meghdoot cloud environment is established at C- DAC Bangalore, and various applications across all C-DAC centers will be hosted.

Meghdoot is deployed in the following government organizations:

 Government of Kerala (KSITM – C-DAC, Chennai + IIITMK, Trivandrum)  Government of Chhattisgarh (CHiPS, Raipur)  Government of Assam (e-District)  Naval Dockyard, Visakapatnam  Maharashtra State Data Centre, Mumbai

A1.3.5.5 HIMS—C-DAC Noida Providing Following Services on Cloud

A1.3.5.5.1 Hospital Information and Management Services (HIMS) on the Cloud

The aim of HIMS is to use a network of computers to collect, process, and retrieve patient care and administrative information from various departments. It helps as a decision support system for the hospital authorities for developing comprehensive health care policies.

 Guru Gobind Singh Government Hospital (New Delhi) is using HIMS services over the cloud and using all the modules of the HIMS application.  Regional Institute of Medical Sciences (RIMS), Imphal, Manipur is using HIMS application over the cloud and using 15 clinical modules of the HIMS application.  Rajasthan Government is using HIMS application state wide (covering 17 district hospitals, 5 medical colleges and associated hospitals) over the cloud and using 12 clinical modules, 1 non-clinical module, and 3 support and service modules of the HIMS application.

A1.3.5.5.2 e-Aushadhi (Drug Warehouse) Application on the Cloud e-Aushadhi is a complete Supply Chain Management System for Drugs on the cloud and deals with the following:

a) Management of stock of various drugs, sutures, and surgical items b) Ascertaining the needs of various district drug warehouses

1) Cloud services for drug warehouse application is being provided to Rajasthan Government covering Rajasthan Medical Services Corporation’s headquarters along with 34 drug warehouses and 3000+ drug distribution counters. 2) Cloud services for drug warehouse application is being provided to Punjab Government covering Punjab Health System Corporation headquarters along with 3 DWH, 22 DH, 41 SDH, 151 CSC, 446 PHC.

A1.3.5.6 Megh-Sikshak—SaaS-based e-Learning System

Megh-Sikshak is a cloud-based learning management system, which is evolved from the objective of converting the traditional model of e-Learning system (eSikshak) to a SaaS model.

Megh-Sikshak offers multi-lingual e-Learning services leveraged by cloud computing capabilities and demonstrates the new model of a SaaS based e-Learning system. This SaaS-based Learning Management System (LMS) currently conforms to SaaS maturity level 3, which allows the system to support multiple tenants of multiple organizations.

The cloud-based eSikshak delivers e-Learning as a service rather than as a product, which helps the institutions/organizations/individuals in alleviating the burden of installation, maintenance, and management of the e-Learning application on-premise. Megh-Sikshak provides the essential LMS services such as SCORM-based content delivery, QTI based online assessment, query handler service, and some other communication and collaboration services.

Megh-Sikshak is successfully deployed and tested on cloud infrastructure set-up using various software such as Eucalyptus, OpenStack, and VMware.

A1.3.5.7 GARUDA—C-DAC National Grid Computing Initiative

GARUDA is a collaboration of scientific and technology researchers on a nationwide grid comprised of computational nodes, mass storage, and scientific instruments. It provides an abstraction layer above high performance computing system, facilitating coordination and distributed sharing of resources across different geographical locations and under multiple administrative domains. GARUDA stands for Global Access to Resources Using Distributed Architecture. It is funded by Department of Electronics and Information Technology (DeitY). GARUDA is an iconic forerunner in collaborative research that brings together academic, scientific, and research communities for developing their data and compute intensive applications with guaranteed QoS.

GARUDA achieved its objectives and deliverables in its proof of concept (PoC) phase (2008), foundation phase (2009), and in operational phase (2013). Initiated along with Indian Education and Research Network (ERNET), the PoC phase of GARUDA (2005–2008) attained its target of connecting 17 cities across 45 academic and research institutes country wide and the required software for managing grid computing applications. The foundation phase (2008–2009) embraced the technological shift in grid paradigm by migrating GARUDA to support Service- Oriented Architecture framework, along with improved network stability and upgrading grid resources. Following a successful foundation phase, GARUDA stepped into the operational phase (August 2009 onwards) with the primary focus on grid enablement of identified applications of national importance such as computer-aided engineering, climate modelling, collaborative learning, medical and health care, disaster management (DMSAR), and bioinformatics.

A1.3.5.7.1 Infrastructure Overview

Grid resources are the key factors for GARUDA to achieve its main objective of providing a stable and robust grid environment for broadening its uses. However, they are not sufficient to attain other objectives, namely efficient and guaranteed QoS. Progress in these areas relies on the following two additional architectural elements:

 A set of core system components that provide system-wide services.  A set of common interface definitions that resources or services may implement in order to provide users with familiar and consistent interfaces on which they can build applications and infrastructure extensions. The National Knowledge Network (NKN) is a state-of-the-art multi-gigabit pan-India network for providing a unified high-speed backbone network for all knowledge-related institutions in the country. The purpose of such a knowledge network goes to the very core of the country’s quest for building quality institutions with requisite research facilities and creating a pool of highly- trained professionals. The NKN will enable scientists, researchers and students from different scientific fields and diverse geographies to work closely for advancing human development in critical and emerging areas. The NKN has the capability to handle high bandwidth with low latency and provision to overlay grid computing. Some of the grid-based applications are climate change/global warming, and science projects like Large Hadron Collider (LHC) and ITER. The GARUDA grid has enhanced its power and stability by migrating to NKN. The GARUDA Virtual Routing and Forwarding (VRF) mechanism has been enabled in the NKN routers for the GARUDA participating organizations.

The entire GARUDA software architecture is depicted in Figure 2.

Figure 2 — GARUDA Software Architecture

Key tools and services at GARUDA are Indian Grid Certificate Authority (IGCA), GARUDA Access Portal (GAP), reservation service, accounting service, login service, compiler service, virtual organization management service, information repository, resources administration tool, GridFTP, Megha (a cloud interface to GARUDA), storage resources manager, Paryavekshanam (a grid monitoring tool), work flows, automatic grid service generator, and problem solving environments. Many customized open source tools like Ganglia, Nagios, Request Tracker, etc. are deployed to monitor, manage, and provide helpdesk support to all GARUDA users.

Today, the GARUDA grid is helping researchers and scientists across the nation with its critical cyber-infrastructure and a wide range of research tools. Many scientific applications that are currently running on grid are in agriculture, healthcare, education, bio-informatics, weather and monsoon prediction, earthquake and disaster engineering, computer-aided modeling, and engineering domain. With applications of national importance, the GARUDA grid serves as an important milestone in accelerating the scientific research and discovery in India.

A1.3.6 Indian Banking Community Cloud (IBCC)

IBCC is the first Community Cloud initiative for banking industry in the world. The theme has been to “Optimize costs while maintaining desired levels of efficiencies and security”. Institute for Development and Research in Banking Technology (IDRBT) is working with public sector and private sector banks to provide Infrastructure as a Service for non-customer facing and less critical applications. The banks would benefit from the following:

. Reduced timelines . Moving the cost from CapEx to OpEx . Focus on core banking business

IDRBT has also developed a Cloud Security Framework with relevance to banking industry.

Such initiatives should be accelerated and scaled up multi-fold through the innovation council with emphasis on Cloud Computing to cater to India’s expanding requirements in e-Governance, e-Health, e-Education, banking, and thereby gain technology leadership and economic maturity with more than 10% GDP growth target. Further, these cloud implementations are yet to provide the three essential cloud services: on-demand self-service, rapid elasticity, and measured service. Hence, there is an urgent need to innovate and support these initiatives to provide solutions to meet the unique challenges and needs of India.

A1.4 Approach and Strategy

A1.4.1 Open Forum Driven by Outcomes

In the global ecosystem, a lot of the innovation around cloud computing is being driven through open forums (CSCC, OGF, ONF, OSF, ODCA, ODI, etc.). After studying these carefully and taking cues from other success stories such as IETF, IEEE, Open Software forums to name a few, it has been decided that the objectives of CCICI will be best met by creating a similar forum focused on “Driving innovation around Cloud Computing for India and from India.”

Based on principles of Commons Based Peer Production (www.p2pfoundation.net) and Open Innovation (www.openinnovation.net) S.M.A.R.T Innovation Proposals: • Objectives • Scope • Measures of Success • Milestones & deliverables • Governance model • Working model • Resources / Funding • Risks & Barriers 5+ membe r team – Industry + Academia + Govt. Labs

Figure 3 —Organizational Principles

A1.4.2 Organization Structure

The main work of CCICI is carried out by the Technical Working Groups focused on various technology areas related to cloud computing. Approximately 16 technology areas have been identified and partitioned across three sections. The theme of collaboration across industry, academia, and government labs is mandated by the composition of the working groups.

WHAT WHO HOW Advisory Board Set Strategic Direction Key Decision Makers and Semi Annual Review, Mobilize Strategic Influencers Bi-monthly email updates Affiliations 5 members each from Govt., Sponsor Innovation Industry and Proposals Academia + Advisors Review Performance Executive Strategy execution Mandatory— Fortnightly Reviews Committee Manage Strategic Affiliations WG Chairs Bi-Monthly Workshops Oversee Sections and WGs Support Team Chairs Six monthly White Paper Oversee the support teams Optional/backup—two ad hoc release Approve new members members External web page Mobilize resources Advisors Collaboration Platform Vice Chairs Section Nominations—member, Chair, Vice Chair Inputs for execom Committee WGs Strategic Affiliation Program Manager Workshop agenda proposal Advisors White Paper, webpage, Lead and Oversee WGs collaboration portal inputs Support Innovation Proposal Working Group Drive Innovation Proposals 5+ Members Workshop Participation Engage New members, At least one from Govt. Labs, Inputs for execom, white SMEs, Advisors Academia and Industry + paper, web page, Leverage Affiliations Advisors collaboration portal Track Measures of success

All working group chairs are members of the executive committee, which drives the overall direction and executes the strategy of CCICI. The section committees provide inter-working group coordination. These teams are all comprised of volunteer technical experts. The advisory board is a body of key influencers and decision makers who provide strategic direction and sponsorship for the various activities of CCICI. Operational support is provided by additional volunteers in the support teams.

A1.4.3 Phases of Evolution of CCICI

Cloud Computing is at an early stage of adoption and deployment. Hence, it is the right time to bring focus on innovations in the relevant technology areas. Following cues from organizations like IETF, IEEE, CII, and NASSCOM, it is expected that for CCICI to have a tangible impact it should have a 5 to 10 year roadmap. An initial period of 3+ years would be required to evolve this entity to a mature state of high impact contributions. This is reflected in the high-level roadmap.

Phase 1 - INCUBATION (Oct2012- eof 2013) – Proof of Concept OUTCOMES MATURITY 8 Workshops (IEEE, Zinnov, IIMB, CDAC, IIITB) 100 + members Concept Paper, White Paper 16 working groups Collaboration Workspace, External web page executive & section committees IEEE - SA Industry Connections affiliation collaboration platform team Phase 2 - MATURATION (2014 -2016) – Sustainable Working Model OUTCOMES MATURITY 6 Workshops per year sustainability & scalability model 6 monthly White Paper updates, steering committee 5 to 15 Innovation Proposals steady state at WGs, execom & section level 3 to 8 Affiliations collaboration, nominations & branding support Phase 3 – SELF SUSTAINED, HIGH IMPACT (2017+) OUTCOMES MATURITY 15+ Innovation Proposals steady orgn structure & funding model .

Figure 4 —Phases of Evolution of CCICI

A1.5 Summary

Clearly, there are opportunities and challenges in achieving global leadership. The Internet, Computing and Information Technology industries in the U.S. have scored again and again by fostering the right ecosystem, seizing an early mover advantage, and by driving market creation. Europe, Japan, South Korea, and Taiwan have done it in GSM, 3G/4G, consumer electronics, electronics hardware, and broadband penetration. China is making the right moves in many technology areas such as infrastructure for communications and computing. India has registered its own share of success stories in software, services outsourcing, mobile penetration, National e-Governance Plan and investments in high-bandwidth public telecom infrastructure. There is a window of opportunity now for India to think big and act rapidly to achieve leadership in cloud computing. CCICI has been launched with this objective in mind and looks forward to progress through sustained efforts to grow the number of committed members and by forging strong partnerships with stakeholders in the Indian ecosystem.

1. Cloud Usage Scenarios and Service Delivery Framework

1.1 E-Governance

1.1.1 Global Trends

Based on latest information and communication technology, e-Governance is a major thrust for governments around the world in both developed and developing countries. Effectiveness and efficiency of the government and its sustainability are the prominent factors for the maturity of e-Governance. As a result, the United Nations has developed an index called the E-Government Development Index (EGDI) [80]4 to calibrate the relative development of e-Governance in countries around the world.

The e-Government survey conducted by United Nations in 2012 [80] featured the Republic of Korea as the leading country in e-Governance. The others who covered the umbrella of top five were the Netherlands, United Kingdom, Denmark, and the United States.

Cloud-based services are being rapidly adopted by leading nations as they look to integrate increasingly complex public sector services across sectors and agencies. A cloud-based model is enabling service providers to address increased innovation and productivity without costly investments by the government. The cloud model equips governments with greater efficiency by helping them scale up their services utilizing highly shared virtualized computing resources with automation and self-service. In the United States, as part of the new “Cloud First” Initiative [29], government agencies are required to first consider cloud options before making any new IT investments. Most countries face service integrity, data security, and privacy and regulatory environment as the prominent challenges for large-scale adoption.

During the adoption of cloud model, governments around the world are at a different level of maturity [12]. At the basic stage, government initiatives focus on infrastructure virtualization—a cloud delivery organization is formed but service delivery or demand management roles are not formalized. In the more advance/mature adopters of the cloud model, the focus shifts to how business services are sourced and shared across government agencies with external partners and ISVs also enabled to provide services in a community cloud model. Formal security models with measurable security controls are put in place. Billing support systems are put in place for differentiated charges based on quality, capacity, service, and security level. A formal cross- governmental organization drives cloud governance and sets policies and approves shared service offerings by various governmental agencies. The Cloud Delivery Organization is much more structured and runs in a formal business model including structured development and marketing of cloud offerings, demand management for infrastructure and application services, a governance authority that makes decisions on shared business applications and functions opened to third party vendors and “government app stores” and has accountability for service delivery quality and client satisfaction.

4 Information on references can be found Annex A.

1.1.2 India Status

From the viewpoint of the United Nations E-Government Development index, India is behind in the adoption of information and communication technology to transform the governance of the nation, India’s rank in 2012 was 125, down from 119 in 2010. This is also reflected in the adoption of cloud-based government services, which are still in the initial stages. At the same time, there is a tremendous opportunity for India to adopt the cloud model thereby dramatically accelerating its progress in e-Governance. India has been significantly investing in infrastructure including fiber to the village (NOFN), National Knowledge Network, NICNet, and Aadhaar as a biometric unique identification to facilitate citizen access to government services. India has already leapfrogged into the mobile era with widespread mobile phone adoption even at the base of the pyramid. The next logical step is ubiquitous mobile access to cloud-based services.

National Informatics Centre (NIC) of the Department of Information Technology acts as a network backbone and provides a wide range of services including Nationwide Communication Network for decentralized planning-. NIC also provides support to central government, state governments, UT administrations, districts, and other government bodies [28], [78]. As part of NICNET Storage Area Network (SAN) data centers and State Wide Area Networks (SWANs) are being established in all 35 states/UTs.

Current functioning of SAN and SWANs are independent with each other and by connecting all these data centers (SAN) into a cloud, all the computational resources such as the CPUs, disk storage systems, specialized software systems, etc. can be provisioned to all the users connecting to the cloud. This will also help focused users to take advantage of the benefits of advanced capabilities like remote application hosting space, data storage on cloud, persistent transaction states, and distributed data mining.

Also, NIC supports heterogeneous platform based independent applications. This means those applications provide services without any resource sharing functionality. In some critical cases, services are continuously required for any kind of citizen services. Under such situations, breakdown of any machine or operating system or database server or application server results into outreach of the services. Hence, the cloud model is needed to support high availability and disaster recovery.

To have such a paradigm shift, the most critical challenge is to address web services framework for interoperability among the various state government and department networks as this is a precursor to moving to the cloud model.

A tremendous advantage that India possesses relative to other nations is the cloud know-how in the country. India has numerous multi-national companies with big cloud research, design, development, and delivery capabilities catering to the whole globe. A rapidly burgeoning ecosystem of startup companies is further fueling cloud-based innovation. Several prominent academic and research institutions in the country are showing leadership in the cloud arena and bringing premier technical conferences to India. India has the opportunity to rapidly move to cloud-based e-Governance leveraging this human capital already within its shores. With the scale of population and the richness and diversity of various citizen services, India has the opportunity to establish a national scale cloud that is a trailblazer and firmly establishes leadership of India in the era of cloud and Big Data.

1.1.3 Recommended Next Step

a) National Cloud Governance Organization: The Indian Government should quickly form a national level Cloud Authority that brings focus and rigor to the transformation of the Indian Government to the cloud model. The Meghraj initiative [53],[54] from the Department of Electronics and Information Technology (DeitY) provides a starting point for such an Authority. This body should drive structured development and marketing of government cloud offerings, define a web services framework for interoperability among the various departments, plan and frequently review/refine the infrastructure and application services capacity needed for the nation and act as a governance authority that makes decisions on shared business applications and functions opened to third- party vendors and “government app stores”. This organization needs to urgently develop a detailed catalog of existing web services that would be distributed across many departments and would serve as a basis for the definition of a web services framework for interoperability. The CCICI could act as an expert council who can advise the National Cloud Authority and form workgroups to make progress in specific areas such as interoperability standards. b) National Cloud Innovation Challenges: To accelerate the transformation to cloud while tapping on the wealth of know-how and innovative spirit in the country, the Indian government should frequently issue a set of National Cloud Innovation Challenges with associated awards and recognition. These could range from new cloud-based services that are required in the country to fundamental research problems that need to be tackled in Cloud Computing to spur a national scale e-Governance Cloud in India. These challenges could prompt various businesses in the country on the one hand and academic research organizations on the other hand to constantly innovate in areas most relevant to the Indian government. The CCICI could partner with the government to frame these challenges and accelerate innovation in response to the challenges.

1.2 Industry-specific Clouds

1.2.1 Global Trends

The initial adoption of cloud was motivated by cost advantages through decreased capital and operational expenses. Indeed, many businesses have been seeing the cloud as a means to reduce capital and licensing expenses in a “pay-as-you-go” model for Information Technology (IT). Eventually many businesses realized that the greater power of the cloud was in dramatically reducing the operational expenses in IT, rather than just the capital expenses, which initially drove the shift to cloud. Thus, enterprises started demanding and expecting the operational efficiencies born of the higher utilization, automation, and self-service features of the cloud, whether in private, public, or hybrid clouds.

As the adoption of cloud has grown around the world and coincided with the simultaneous explosion of social media, mobile access, and big data analytics, many companies started realizing that these seismic technological shifts also implied completely new ways of conducting their businesses and connecting with their customers and partners. As a result, many businesses started seeing that a shift to a cloud model meant more than just cost optimization in capital and operational expenses. Cloud enabled businesses to find new delivery channels and even address new markets they were not reaching before, leading to new and enhanced revenue streams. Cloud also enabled new ecosystems for collaboration with business partners leading to very different positioning of the business and their role within the industry. Cloud (combined with social, mobile, and analytics) is enabling businesses to segment and understand their customers as never before and provide individually personalized services.

This is leading to fundamental shifts in many industries and the next wave in the cloud journey for businesses is into Industry-specific clouds [39],[40],[77],[35]. As this shift happens, businesses are seeing cloud more as a driver of business innovation and change than a cost cutting measure. Different businesses are changing their roles due to cloud, some becoming optimizers that incrementally enhance customer value, some innovators that significantly extend customer value propositions to develop new revenues and transforming their role within their industry and some becoming disruptors that create radically different value propositions that generate new customer segments and create new ecosystems (IBM [76]). As a result, the solution approach and business architecture is being redefined in many industries due to cloud and also demanding industry vertical reference cloud architectures.

Retail Industry example: While online giants like Amazon.com® have emerged and redefined the landscape of the retail industry over the last decade and triggered the whole cloud revolution, the implications to emerging small and medium businesses is huge.5 New entrants are able to set up entire retail business on the cloud with no brick and mortar operations. They are able to obtain the entire IT infrastructure needed for their operations from the cloud. They are able to collaborate with their suppliers over the cloud and are able to connect with their customers and reach out to niche markets through social media. This helps in analyzing the behavior and preferences of the customers. The same can be materialized by renting infrastructure in the

5 Amazon.com is a registered trademark of Amazon.com, Inc. or its affiliates in the United States and/or other countries.

cloud. Small players are thus able to do sophisticated analytics and utilize compute power of the kind that was available earlier only to the largest retailers.

This is driving the existing big retailers to also fast transform their business to the cloud model, building new supplier and distribution ecosystems and rapidly reaching new markets. These retailers are forced to delicately balance their existing operations with radical transformation and speedily integrate their legacy systems with cloud-based systems. Their hybrid cloud systems need to support existing retail applications in a cloud model while simultaneously enabling new applications “born in the cloud.” This leads to redefining the IT architecture for retail.

Telecommunications Industry example: With many countries going past the stage of exponential mobile adoption to more steady levels and with continued fierce competition, many telecommunication companies are seeing flat or reducing average revenue per user (ARPU). The telecommunication industry is embracing the cloud model to dramatically increase the efficiency of their internal operations and to run large scale analytics to better understand their end users and dynamically customize services to them. In addition, Telcos are rapidly realizing that they are in a great position to become cloud service providers themselves as they already have network infrastructure and large scale business support systems (BSS) and operations support systems (OSS) in place. This is enabling them to reach new large enterprise and small and medium enterprise (SME) markets and create new value-added services to end users through new cloud native applications developed through an ecosystem of partners. This is redefining the industry architecture for the telecommunication companies.

Media Industry example: The cloud model is driving the new class of media players who are involved in the creation and management of content based on social trends and consumer preferences and rapidly delivering this content, which is in the cloud and from the cloud, to multiple hardware platforms such as mobile phones, tablets, wearable devices computers, and set top boxes. These emerging media players are inherently designed to be social networked and user driven, with consumers/subscribers enabled to share content with friends, get alerts on interesting content from their social networks, and easily navigate and search content hosted on the cloud from the device of their choice. This is rapidly redefining the IT architecture of the Media industry.

Similarly almost every industry is being redefined with the proliferation and convergence of Cloud, Analytics, Social Media, and Mobile technologies. Automobile manufacturers are forming new ecosystems with both insurance companies and third-party consumer service providers through cloud-based collaborations centered on data from telematics control units in new vehicles. Healthcare providers, insurance providers, pharmaceutical companies, diagnostic centers, and patients are being interconnected in a new emerging ecosystem of efficient patient-centric healthcare.

1.2.2 India Status

As compared to countries like the U.S., Europe, Japan, Australia, Korea etc., the adoption of the cloud model is in its infant stage in India. Despite the significant growth we are seeing in the interest and uptake in cloud technologies, this is typically in the early phases of cloud adoption where the shift is primarily driven by the need to achieve efficiencies in cost and operations. As

indicated in the earlier Section A1.1.2, while the total spending in Cloud Computing in India is approximately $0.9B, it still represents only a small percentage of adoption and is likely to grow many-fold in the coming three years. Today most of the cloud spending in India is coming from the IT services, Telecom, and Banking/Financial Services sectors, which are also in early adoption phases. These are primarily private clouds and no significant public cloud is being hosted out of India for India or for other countries. However, the same global Cloud Computing trends that are driving businesses to redefine their roles and business architectures also apply to India. In fact, as the Indian industry goes through the transformation of being IT driven, it has the opportunity to adopt cloud model unlike businesses in mature markets that have a significant IT legacy with which to contend.

This situation presents a tremendous opportunity for India to pave the way forward in Industry- specific clouds. Given its scale and numbers and the opportunity to define whole industries in the cloud model, India has the opportunity to set the standards for cloud-driven, industry- specific architectures that are designed up front for the emerging new paradigm of information and communication technology. Nonetheless, India still has a huge opportunity to take on world leadership in this space.

1.2.3 Recommendation

Develop and publish industry-specific reference architectures: India should take the lead in rapidly developing and publishing industry-specific reference architectures for key industries including healthcare, retail, manufacturing, banking, insurance, electronics, education, government, automotive, media and entertainment, chemicals, and energy/utilities. To accomplish this, industry, academia, government, and professional bodies have to work closely and collaborate strongly. This will help in defining the reference architecture for the industry and foster an ecosystem that drives realization of the reference architectures and fosters innovation from academia, startups, and research institutions as outlined in Section 1.6. These reference architectures, implementations, and innovations should be driven by the needs of Indian industry while building upon and significantly extending global interoperability standards and open technologies (see Section 3.3). In this paper we outline the opportunity and potential approach around cloud-based eHealth in Section 1.3. Each industry workgroup needs to outline the emerging new usage scenarios for the industry, emerging new collaborations and ecosystems, typical applications, platform requirements, and define end-to-end architectures for chosen scenarios. CCICI has a crucial role to play here in forming these workgroups and forging partnerships across industry, academia, government, and professional bodies, as well as promoting an innovation sandbox environment that facilitates rapid prototyping and implementations based on the reference architectures.

1.3 Usage Scenario—e-Health

HealthCare is an area where a lot of changes are taking place globally and everyone recognizes that all countries (irrespective of developed or developing) are struggling to provide required HealthCare facilities to their citizens. Judicious use of Cloud Computing can provide the required support to enable government as well as private players to play the leading role globally.

Given the nascent stage of that technology adoption in India, all the benefits that Cloud Computing brings to the table can be applied to e-Health. This is also the ideal opportunity to setup rules and regulations to avoid the pitfalls that can endanger the success of a Cloud Computing initiative. This section attempts to provide a roadmap for a few key areas that need to be undertaken to enable the industry to support delivery of quality healthcare to the masses.

Given the vast landscape that this domain addresses, it will require not only active support from the government and innovative initiatives from private players, but the education, awareness, and empowerment of the consumer will also be critical for success.

1.3.1 Global View

The healthcare industry in general is very fragmented and changes have been taking place in pockets, driven by personal (or an individual organization’s) initiative. However, there is growing recognition that a concerted effort is required to achieve large-scale benefits. It is leading to the use of internationally-accepted standards and coding schemes, which allow sharing of information and collaboration in delivery of service.

1.3.1.1 United States of America

There has been a major push on Healthcare reforms in the U.S. Many of the changes are driven with the objective of reducing cost and increasing coverage, while improving the quality of care. The changes are being enforced by legislation that includes incentives for compliance as well as penalties for non-compliance.

While the reforms are focused on delivery of services to masses, the mandate for judicious use of technology and the right of the consumer on their health information has led the industry to move towards cloud-based deployments. Many barriers have been broken due to regulations and people have started recognizing the potential benefits that can accrue.

The experience of these initiatives in the U.S. provides a good learning ground to adopt the changes in a controlled manner to avoid pitfalls.

1.3.1.2 Other Countries

Many countries have been steadily moving towards use of technology in delivery of Healthcare services, but a few countries like UK and Australia have taken the lead.

UK already had NHS as the core organization to support the reach. While the size of the organization makes it difficult to make changes, it also ensures that once a change is accepted it spreads across the population very quickly. A major initiative is on to setup a National Health repository that allows collaboration and sharing of information across the country and beyond.

Similarly, Australia has also started to set up the National Health Repository. These initiatives and the results from UK and Australia will provide useful pointers to other countries on how to move along this direction.

1.3.2 India Status

1.3.2.1 Providers

Private players (hospitals and clinics) in the past have been largely driven by commercial considerations. Use of technology has been focused on increasing productivity of administration, rather than that of medical staff.

Over the last few years, technological awareness has led to hospitals improving systems to support medical staff by implementing solutions to digitize medical records. Most of the time, specific departments were involved to accomplish such vision thus limiting the benefits. A few hospital chains (like Apollo) have consciously setup consolidated records across all hospitals and have also started giving patients access to their records from outside the hospital. Many diagnostic labs have started delivering reports online, thus showcasing the convenience of web- based solutions.

Many public sector programs (aimed at the rural segment) have started using solutions to support the volume of information, but this is limited to those programs and the information is not shared among different programs or demographies.

1.3.2.2 Payers

Health insurance companies have been suffering from the social agenda set in early years by the public sector. This segment of insurance has been a loss-making business covered by other segments. The focus of the insurance companies has been to avoid accepting the claims, rather than reducing their exposure by making the premiums based upon the risk.

A major paradigm shift is needed for the insurance companies to gear-up to making policies and related premium based on objectively quantified risk. This is one area where a major overhaul is required.

1.3.2.3 Consumers

The general population has been on the receiving end of this situation. The affluent segment is generally covered by health insurance. The economically bottom half of the population is either covered by government schemes like ESI, or not covered at all. The insurance coverage is

available only for hospitalization-based treatment, although there is recognition of the need for providing coverage to outpatient treatment as well.

The consumers are largely ignorant of their medical profiles and their rights. There is gross misuse of diagnostics to increase the cost of treatment. There is virtually no recognition or awareness about the consumer right to their health records, which is exploited by unscrupulous hospitals and clinics.

1.3.3 Proposal—National Health Repository

As mentioned earlier, UK and Australia have already embarked upon setting up a consumer health repository. Such a repository can bring substantial benefits such as

 Sharing of information across providers or programs.  Avoiding duplication (and inconsistency) of information in different places/systems.  Using of standardized coding of treatment and reports, improving transparency.  Facilitating easy access to one’s own medical records/history. Judicious use makes a consumer aware of their own health profile and empowers them to exercise their rights.  Benefiting insurance companies by having proper records of full medical history of a person, allowing them to recognize the risk factors and accordingly decide on the policy and the premium.

Apart from short-term benefits such as those listed above, a national repository also opens the doors to analytics that can improve the efficiency and effectiveness of various programs in a major way. Various initiatives (diabetes, pre-natal care, geriatric, etc.) will be able to focus on the right audience. A National Health Information center that can act as a giant “data warehouse,” integrating data from various specialist information systems, can support the National Health Information Repository and Data Warehouse.

Various departments and hospitals have large amount of data related to health but those are scattered and isolated. There is a dire need to integrate information effectively so that the concerned health departments can plan and strengthen the delivery of health services.

This integrated electronic database would be essential for the smooth and efficient functioning of various programs that are being run by the government. Effective deployment of health repository requires strong discipline to be exercised across the industry. A regulatory framework is required from government to enable this along with AADHAR to provide secure identification of the consumer.

1.3.4 Health Information Exchanges (HIEs)

1.3.4.1 What is an HIE?

An electronic health information exchange (HIE) allows stakeholders associated with health data to appropriately access and securely share a patient’s vital medical information electronically.

1.3.4.2 Benefits of HIE

The benefits of an HIE are as follows:

 Engages patients and family members in their own health care  Improves the speed, quality, and safety of patient care  Provides a basic level of interoperability  Helps public health officials meet commitments to community  Improves health and health care while reducing costs  Impetus to improve quality and safety of healthcare  Enables patient-centric information: right information at right place at right time  Builds and strengthens health IT community infrastructure  Facilitates efficient deployment and usage of emerging health care technology and services  Creates a feedback loop between research and actual practice  Tests innovations in care

1.3.4.3 Functions of HIE

HIE is a platform that fosters the following:

 Health records aggregation covering patient diagnostics, discharge summaries, disease control, immunization registry, and patient education.  Analytics to understand current healthcare trends and future healthcare liabilities. Medically, this process is called “epidemiology”.  Research and innovation in pharmaceutical and medical equipment devices.  Interoperability of data and services between different EHR vendors.

1.3.4.4 HIE Proposal for India—Types of HIE

 Directed Exchange: Directed Exchange enables healthcare providers to easily and securely send confidential patient information (such as laboratory orders and results, patient referrals, and discharge summaries) to another health care professional. This

information is sent over the Internet in an encrypted, secure, and reliable way among health care professionals. This information is packaged further in encrypted, secured, and reliable form and sent over the Internet among health care professionals. The format of data exchange is XDR and XDM for messaging. These exchanges deal with transport of data and not clinical data structure. A primary care provider utilizing such technology can provide huge benefits such as getting instant lab results and expert opinions. This further helps in preventing duplication of tests, redundant collection of information from the patient, wasted visits, and medication errors.  Query-Based Exchange: Query-based exchange enables providers to search and discover accessible clinical sources regarding a patient. These exchanges deal with transport and structure of data. The format of data exchange is HL7 CDA and messaging. This HIE model allows for restful web services to query HIE.  Consumer-Mediated Exchange: Consumer-mediated exchange provides benefits to patients such as management and control of health care through online mode. Patients can provide access to their health records on a need basis. This concept is called health recording banking.

1.3.4.5 HIE Architecture

 Content Structure: There are disparate entities such as EHRs, HIEs, and others creating data in Health IT. Each system is architected using different technologies and toolkits. It becomes difficult to communicate patient information stored in these disparate entities. Therefore, HIE should support interoperability of data and services across the healthcare

system. HL7 CDA and CCD provide the framework for communicating clinical data using XML templates to HIE. XML templates are used to specify the packaging for clinical data. The structure of templates is pre-defined and can be re-used for sending data to HIE.  Transport and Security: Clinical data should be transported over SOAP, XDR, and XDM messaging standards. Cryptographic and hashing algorithms should be used to secure the data stored in HIE.  Data Privacy: The following principles should be adhered to protect health data privacy: 1) Any person’s identifiable data should be encrypted while storing and retrieving from HIE. Inclusion of Aaadhar (UDI-AI) has given unique IDs to citizens for India but still a unique patient ID should be created for each Aaadhar ID. Aaadhar ID can be used for identification and authentication but all health transactions should be recorded against the unique patient ID. Also, all EHR vendors need to communicate the unique Patient ID and its Aaadhar ID to the HIE at the time of patient registration. The unique Patient ID can be created using SecureRandom 128-bit UUID algorithm. 2) Encryption and hashing of Health Data in HIE. Recommended encryption algorithms are Triple-DES, AES, and RSA/SHA etc. This ensures that only certified entities with valid private keys will be able to decrypt the health data.

1.3.5 Healthcare Analytics

1.3.5.1 State of the Art

Electronic Medical Records: As discussed in the previous sections, electronic medical records are rapidly changing the healthcare industry and resulting in new analytics for standard and remote diagnostics based on these records.

Health Bands: We are now seeing the wide availability of affordable health sensors that are wearable as “health bands”—electronic health records of individuals that are available digitally. These provide continuous data on an individual’s activity and health and are resulting in new analytics for continuous and personalized diagnostics and recommendations.

IBM® Watson™: The IBM Watson system [83] broke new ground when it became the first computer system to win against human champions in the American quiz show “Jeopardy”.6 It is a natural language understanding based question answering system that analyzed two hundred million pages of structured and unstructured data. Also, IBM turned Watson’s capabilities towards developing a clinical decision support system to aid the diagnosis and treatment of patients.

1.3.5.2 eHealth Analytics eHealth Analytics work at multiple levels depending on the signals available as shown in the following table.

6 IBM Watson is a trademark of IBM in the United States.

eHealth Application Data Knowledge Standard diagnostics Electronics medical records Encyclopedic medical knowledge Personalized diagnostics Continuous health records Encyclopedic medical knowledge Community health Health signals from social Disease spread models network/community Crowd-sourced medicine Electronics medical records Community knowledge

1.3.5.3 Challenges and Recommendations

In the context of India, the use of eHealth analytics is in its infancy and needs to be developed further. Some of the challenges and recommendations are briefly outlined in the following list:

 The health record data available is skewed: The possible states are healthy/diseased/medicated/recovery/etc. Hence, mining techniques should be robust.  Other systems of medicine: Need to develop knowledge bases for other systems of medicines, such as ayurveda and homeopathy in the Indian context.  Indian language support: Indian Language Technologies are needed for interacting with patients.  Proprietary technologies: Open analytic technologies are needed for interacting with patients.  Privacy: Anonymization technologies are needed for open data sharing.

1.3.6 Pilot Project

A pilot project (Figure 5) is proposed to be carried out in collaboration with Rotary International as the lead partner for Outreach. Rotary is one of the largest non-governmental organizations (NGOs) across the globe with a mission for service above self (100+years old). It has an excellent track record on collaboration with funders, governments, international organizations such as WHO, etc. Rotary District 3190 includes most of Bangalore (Urban and Rural) with 90+ clubs, 4000 Rotarians from various vocations such as doctors, pharmacies, legal, IT, government servants, teachers, etc.

Rotary Objectives:

As part of its “future vision,” Rotary international has envisaged disease prevention and treatment as one of the six focus areas. Prevention of Diabetes has been discussed and projected as one of the signature projects to be taken up this year.

Figure 5 — eHealth Pilot Project Plan and Objectives

The scope of the pilot (Figure 6) will initially target the reach-out and screening. Validating mobile apps, EHR, data standards, and care protocols in real deployment scenario can be undertaken. Also, an MOU with Rotary led by a front-ending organization can be executed. Rotary will provide social activation, awareness creation, place, and opportunity at its adopted healthcare centers.

. Several technology partners have been identified to support the project . Devices for retina scan . Solution to analyze retina scans . Capturing demography details along with clinical info

Figure 6 —Scope of eHealth Pilot Project

1.3.7 Conclusion

What will healthcare delivery look like in the next 10 years? Will cloud technology catch on or will it fade away as application service provider models did? Demand for improved infrastructure continues to increase and is not likely to slow down. With the current state of healthcare and the many adoption challenges that it faces, it is logical to conclude that cloud technology will be at the forefront of healthcare innovation. Government incentives for electronic health records adoption, digitization, and lowering costs will require that cloud technology (or some form of what we know as cloud technology today) becomes more main stream. Cloud providers are very aware of the obstacles to adoption and will work to overcome these significant challenges through education and proof of concepts. Eventually, perceptions

that exist today will be changed for the better. And what will that do for patient care? Imagine a system where patient information is accessible from any mobile device in a secure and private manner. The entire patient record, consolidated into a single view from any number of different applications, provides accurate and up-to-date information upon which physicians can make more informed decisions. Clinics, hospitals, insurance payers, and patients will all be able to access the relevant information as needed.

In addition, electronic medical records, digital medical imaging, pharmacy records, and doctor’s notes are all consolidated and accessible. The ability of researchers to run analytics, better treatment options, optimal insurance programs, and the possibilities of truly personalized healthcare have become a reality. Data drives the new healthcare world and access is greater than ever before. Big data becomes better managed due to cloud technology, as storage, compute power, and consolidation reach levels never before achieved. Portability of data delivers information where it is needed, when it is needed.

Coordinated care with patients conducting their own treatment regimens, becomes a possibility with cloud technology. Patients are able to become more deeply engaged as their information is in a single index. This means they can seek preferred treatment that addresses their state of health. The possibility of duplicate tests and medical errors, such as contraindicated medications, can be minimized as access to data becomes a reality.

Also, healthcare provider IT departments can offload the burden of managing infrastructure and focus on supporting more patient-care-related activities. New technologies can be quickly evaluated for their effectiveness and deployed broadly from a cloud model, allowing healthcare providers to stay abreast of the latest and greatest tools.

Ultimately, patient care will improve which, in turn, will drive down costs and improve efficiencies. Cloud technology will be a driving force in the healthcare ecosystem for years to come. The alternative is bankrupt facilities, healthcare costs that skyrocket to unaffordable levels, and patient care delivery that relies on an archaic and inefficient system.

Specifically, the pilot program mentioned here would lay the required groundwork to pave the way for future. Proper deployment of HIEs would require strong support from government to provide needed assurances and related regulatory framework. This will allow National Health Repository to be fully functional by allowing sharing and aggregation of various health information components.

1.4 SaaS and Applications Evolution

This section focuses on understanding the unique challenges and possible migration policy recommendations needed to make the acceptance and usage of cloud-based SaaS oriented applications widespread and trustworthy—both in the local private domain benefiting SMEs as well as governmental agencies in their commitment to deliver service excellence to citizens.

Introduction

The core of innovative possibilities, both in delivery of e-Governances services to citizens as well as in enabling more efficient, effective and productive information/knowledge management services to SMEs within India, is through a concerted drive to implement a well-thought out set of strategic initiatives that will nurture an open and beneficial ecosystem of SaaS driven applications.

Gartner [30] defines SaaS services as: “Software that is owned, delivered and managed remotely by one or more providers. The provider delivers an application based on a single set of common code and data definitions which is consumed in a one-to-many model by all contracted customers anytime on a pay-for-use basis, or as a subscription based on usage metrics.” IDC [23], [86] distinguishes the following interesting perspectives of SaaS: (a) “Network-based access to and management of, commercially available software” (b) “Activities that are managed from central locations rather than at each customer’s site, enabling customers to access applications remotely via Web Application delivery that typically is closer to a one-to-many model (single instance, multi-tenant architecture) than to a one-to-one model, including architecture, pricing, partnering and management characteristics.”

From experiences across the world and given that it is only the apps with which end users interact, it has been repeatedly validated that it is only a robust and thriving SaaS ecosystem that makes the substantial difference in extending the benefits of cloud and mobile-oriented IT to the society at large. For India, it becomes all the more important that cloud-mobile-oriented IT is leveraged to the fullest extent possible using both the private and the public agencies. Invariably a public-private-partnership alone helps.

1.4.1 The Public/Private Partnerships

The Government of India’s DeitY has been in the forefront seeking to chart out the possibilities of Indian industries and SMEs leveraging both the cloud and mobile. While many seem to understand and appreciate the need for an India-oriented and India-based cloud-mobile ecosystem, several challenges need to be overcome to be able to obtain the benefits of IT within India. While the private thrust for a SaaS ecosystem is always there with the market forces driving its growth within India, the focus for support will always stem from successful partnerships involving public and private agencies. From a government viewpoint, e-Governance becomes all the more important. More so, given the current socio-economic scenario, the scale, barriers, and challenges—the promise of effectiveness of governance is only possible through e-Governance. The question is how to nurture proactive creation and usage of e-Governance apps to address the needs and demands of the varied agencies involved in any of the developmental activities in India.

While there is huge potential for public/private partnerships (almost all based on a wealth of opportunities for continuous innovation and delivery of e-Governance services by Indian SMEs) the main challenges have been the lack of open, trusted, robust Indian platforms, frameworks, and ecosystems to support a variety of SaaS driven applications. Do these platforms support the e-Governance diversity? Do their APIs, software, and/or hardware stacks comply with appropriate Indian regulations and standards? Would it allow for an entrepreneurial ecosystem to thrive along as well? Are they secure enough so that they can thrive despite alien governmental agency snooping? These and many other questions need concrete and robust answers.

1.4.2 Indian e-Governance Plans and Rollouts

Manifold efforts have been put into rolling out an e-Governance plan and a National e- Governance Service delivery gateway has been formally established. The National e-Governance Plan (NeGP)7 of the government of India aims to make most of the central, state, and local government services accessible to the citizen near their place of residence, through common service delivery outlets and to ensure efficient, transparent, low cost, and reliable services to realize the delivery of basic needs of the citizen. The National e-Governance Service Delivery Gateway (NSDG)8 seeks to provide a standardized programmatic interfacing as well as messaging support for communications through which various stakeholders such as ministries, departments, and service providers can offer interoperable services, apps, and data out of a network of autonomous and heterogeneous servers and systems located at varied locations. Two initiatives stand out: (a) the e-Gov app store and (b) the Mobile Seva [75]—both based on services provided by Meghraj —the GI Cloud [53],[54]. The GI Cloud seeks to provide services to governmental and non-governmental agencies and citizens through Internet as well as mobile connectivity through e-Gov AppStores or the Mobile Seva. While strategic contours to this approach have been debated, concrete rollout having huge impact is yet to be achieved. Figure 7 shows the key stakeholders in typical e-Gov AppStores hosted on Meghraj. More coherent, concerted, consistent, and timely interactions among these stakeholders and in the resulting outcomes and policies thus formulated would go a long way in nurturing a robust e-Gov AppStore ecosystem.

7 Information of NeGP is available at http://www.negp.gov.in. 8 Information on the NSDG is available at https://nsdg.gov.in

Figure 7 —The Stakeholders in Meghraj—the GI Cloud App Ecosystem (refer to [53],[54])

A typical e-Gov AppStore includes the setting up of a common platform to host and run applications cloud platforms like Meghraj. These are easily customizable and configurable for reuse by various agencies. Technology and management lag in making e-Governance happen has been the bane of many such efforts around the world. The Indian context is no different. There have not been enough concerted efforts to bring out standards that can address the core issues of interoperability, pricing, SLAs and QoS, technology and policy obsolescence, etc.

Mobile Seva [75] seeks to enable the citizens to apply for and receive public services through a variety of heterogeneous devices also supporting the delivery of IVR-based services.

These applications of e-Governance, either through the e-Gov AppStores or the Mobile Seva, cannot thrive without the availability of open data collected by various governmental and non- governmental agencies in India. While the portal (www.data.gov.in) offers a variety of datasets, a lot more needs to be done. The statistics presented therein is revealing, both in terms of the quality of the data available as well as the leveraging of such data in useful apps. There are 4581 datasets available from about 53 ministries and departments. However, it looks like just about one state is participating in these efforts. To overcome the inhibitions in leveraging this data for beneficial innovation, NIC in association with NASSCOM has been presenting the OpenDataApps Challenge to encourage data-driven innovation at a variety of levels—SMEs, Academics, NGOs, etc. This contest seeks to support app development resulting in possibly unique and useful Apps across a variety of platforms and devices using Open Government Data.

Another agency offering interesting data is the UIDAI [79]. The Aadhaar data catalog allows one to view numerous datasets generated from within the UIDAI ecosystem. UIDAI provides support for programmatic access to datasets via REST URLs.

Can all Indian entities start offering data? There are norms that certain international bodies that seek to share follow. There are efforts and initiatives from the Open Data Institute (ODI) [16] detailing a case study cum FAQ on how to improve local governmental transparency using open

data; a set of best practices for publishing open datasets (ODI [17]); and some best practices where open data licensing is involved (ODI [65]).

1.4.3 Some Recommendations

 Support the entrepreneurial efforts around—including framing appropriate general or e- Gov problems as challenges that engineering colleges and business schools should take up and solve.  Accept the reality—while there are so many portals and platforms, the number of PPP developed and used apps are few, we need an encouraging ecosystem to promote.  Despite best efforts, many initiatives exhibit several contradictions and include mandates that seem to work at cross purposes. These need to be fully resolved.  There is a dire need for strong collaboration amongst a variety of stakeholders—industry, academia, governmental agencies, international bodies, and target user groups. This should seek to bring out coherent public-private-academia-industry collaborations and policy making.  We need world class R&D driven Product Innovation Incubators for business and e-Governance among the existing and future SaaS players (private and public) across the country.  We need to address and build effective trust and security mechanisms to ensure that these platforms work well on a sustained basis.  We need to nurture the right entrepreneurial leadership that can help build the enriching and robust SaaS app ecosystem.

1.5 Big Data and Analytics

Introduction

The term “Big Data” is now a popular way to refer to massive digital information available in both structured and unstructured form integrated from multiple, diverse, dynamic sources of information. In fact, Big Data is defined as data that exhibits the 4-V properties—Volume, Velocity, Variety, and Veracity. Big Data is at an inflection point that can fundamentally disrupt the status quo of data analysis, change competitive dynamics, provide transparency, and enable optimization of existing business practices. The applicability of Big Data applications is almost in all spheres (business, government, and consumer) and spans application areas such as Web Mining, Social Media Analytics, Mobile Data Personalization, Customer Care, Healthcare, e-Governance, Data Center Management, etc. In general, Big Data provides humungous opportunity for intelligent algorithms to analyze and generate useful actionable insights from data with previously unachievable levels of sophistication, speed, and accuracy. Hence the combination of Big Data and Analytics is increasingly becoming important. The goal of this section is to describe current state of art in Big Data Analysis and opportunity to innovate in the application and technology space.

1.5.1 Big Data—International Trends

The concept of Big Data started primarily with Internet companies, like Google® and Yahoo!®.9, 10 In order to analyze huge volumes of data on the Internet and make only relevant information available to the consumer, say search results, they needed innovations in the way data was stored and analyzed. A major shift and rethinking in the design of application programs resulted from the introduction of key-value stores to enable efficient storage and retrieval of huge volumes of small data and new paradigms such as MapReduce that enable distributed and parallel computation on these key-value stores.

Big Data based Analytics are in use in many of the campaigns and elections in the USA. Though Big Data Analytics were put to use in a small way in the 2008 elections for Barack Obama’s election Campaign, they were significantly improved in the 2012 elections campaign.

1.5.1.1 How did this make a difference?

The Obama 2012 campaign used data analytics and the experimental method to assemble a winning coalition vote by vote. In doing so, it overturned the long dominance of TV advertising in U.S. politics and created something new in the world: a national campaign run like a local ward election, where the interests of individual voters were known and addressed.

9 Google is a registered trademark of Google Inc. 10 Yahoo! is a registered trademark of Yahoo Inc.

1.5.1.2 Technology

Introduction of open platforms such as Hadoop®11 has started a new wave of researchers who are innovating again in the space of application parallelization to make data crunching much faster and more amenable for real-time insights. The domain of Machine learning has become more and more important in order to analyze these large volumes of data be it to discover new insights through automatic classification and clustering or perform useful predictive analytics using accurate regression techniques. Different technical innovations possible in the Open Data Stack for processing Big Data are detailed in Section 2.4 of this white paper.

It has been recently realized, as expected, that not all problems can be solved using Hadoop and MapReduce. Particularly, since Big Data is also about “velocity”, useful business applications need to cater to fast arrival of incoming data in the form of streams. So, platforms that support stream processing are also becoming popular in recent times. Some examples in that space are Apache™ Storm and Yahoo! S4.

Open Data: While processing, Big Data can add tremendous value; just making big data more easily accessible to relevant stakeholders in a timely manner can itself be a significant benefit— creating transparency in operations and enabling open innovation. There have been several initiatives to make data available openly to foster such innovation. The Open Data Institute (www.theodi.org) is one such example that is trying to build an entire ecosystem. They even provide authenticity to data through “Open Data Certificates,” enable easy access to data “Git for Data,” and also help with data anonymity. The CCICI workgroup has already established a connection with ODI and that organization is very willing to collaborate and provide required support for our India-centric initiative.

1.5.1.3 Standards

While there are no specific standards for data representation or APIs to be used to manipulate Big Data, there has been some work on creating benchmark datasets with large volumes/scale that can be used to test Big Data applications. For example: TPC benchmarks for structured data, Hive benchmarks for large scale data mining, and Hadoop benchmarks for Big Data platforms that support the Map Reduce paradigm.

The Apache project BigTop provides a good test bed to check interoperability across Hadoop platforms. Since many Big Data applications store data in key-value pairs (noSQL, see 2.2), benchmarks such as YCSB (Yahoo! Cloud Serving Benchmark), HiBench, etc. are very useful to test the scalability of such data stores.

Other datasets that can be used to innovate in Big Data applications are made available in the Data Mining community sites such as http://www.kdnuggets.com/datasets/, http://aws.amazon.com/publicdatasets/, http://nssdc.gsfc.nasa.gov, and Kaggle (http://www.kaggle.com).

11 Hadoop is a registered trademark of The Apache Software Foundation.

1.5.1.4 Use Cases

There are already several use cases of Big Data Analytics making a difference to the way businesses operate in in other countries. Social Media analytics have been used to understand consumer reactions to new products, sentiments on specific features of products, and, in general, as a real-time marketing tool. Use of healthcare statistics to enable predictive diagnostics and hospital management has been seen. One interesting use case was in Los Angeles where the police department is using Big Data Analytics to predict crime before it occurs as a result of research done in the University of California.

1.5.2 Big Data—India Trends

Availability of digital information in India too is growing very fast. In addition to data available within enterprises, the volume of data made available by the government is also increasing. There are government funded initiatives such as Data Portal India12 or Aadhar,13 which are promising directions to enable Big Data Applications relevant to India. As of now, greater than 2700 datasets from 41 departments are available. NIC and NASSCOM are conducting Open Data Meets to engage startup and developer communities (data.gov.in/community/developer). NIC is also building a platform for e-Governance that can be an excellent test bed for new innovations in Big Data that directly can reach the citizens.

1.5.3 Challenges

There are many challenges in handling large data such as the following:

 Efficient architecture and infrastructure for data capturing, data analytics, data delivery, data visualization, and data management.  Big Data, by definition, requires variety. This means diverse sources of information across department boundaries have to become available. Breaking down organizational boundaries can be a challenge.  Making data-driven decisions are still an art as domain as well as analytics insights need to be combined. A combination of trust (in Data Scientists) and agility (in implementing and iterating decision) is required at least in the initial phases.  While Big Data technologies are production ready, Analytics is still somewhat experimental. Hence, maturation of Analytics technologies is required.  Data Analysts from specifics of eHealth, eEducation, and e-Governance are either yet to be identified or yet to play their part in identifying those scenarios where they can utilize the full potential of data (to be made)/available  Deriving the most valuable insights from data requires intimate knowledge of the specific business areas of an organization, which is a combination of subject matter knowledge and data handling experience. Knowing what questions to ask and how to interpret the results can be quite challenging.

12 Information on Data Portal India is available at http://www.data.gov.in. 13 Information on Aadhar is available at https://data.uidai.gov.in/uiddatacatalog/dataCatalogHome.do.

 Integrating Big Data Platforms (such as Hadoop) into existing data warehouses or even including data curation, sharing, and transfer into existing systems.  Security and privacy issues of data being shared for analysis or public consumption are also important to address. The open data platform should enable country-specific rules and application dependent selective sharing of data.  While there may be a handful of focus groups working on the technology aspects of Big Data, a full-fledged ecosystem, including but not limited to, trainings to produce “Data Scientists” is very much in its infancy in India.  One of the key implementation challenges would be to collate and make the relevant data set available to varying users in India. This will not only require the relevant infrastructure to store, manage, process, and share such data, but also respective policy regulations framework must be established so that the data and inferences are not abused and citizen privacy is at stake.  Discovering patterns, predictive analytics, and other insights from Big Data is a non-trivial problem and provides lots of opportunities to innovate in the algorithmic innovation.

1.5.4 Requirements/Proposals

India needs a combination of infrastructure, technologies, policies, and mindset to fully exploit the wave of Big Data.

1.5.4.1 Infrastructure

 Data Format/Description Standardization: For purposes of seamless access, schema description, version control, access control, etc. are required. The Open Data Institute is doing pioneering work in this area.  Analytics API: For ease of development and experimentation, black box/uniform access to analytics modules is required. We need to bring in consensus regarding the same.  Technologies for Indian Languages: Support for processing of speech/text/written data is needed- unique to Indian context.  Big Data for Small Players: A variety of Big Data can exist in public domain. Examples are web corpus, stock market data, etc. Even making public data (like web pages) available has challenges. Public Big Data will create an ecosystem around data. It can be even in the form of Data Marketplace where users pay a small fee for data usage.  Aadhar is unique to India: If Aadhar-enabled information can be made available in a privacy-preserving manner, several unique applications can be developed.  Create an ecosystem spanning the several vertical initiatives across governance, healthcare, education, panchayats, etc. to identify the relevant data analysts, scientists, architects, specialists, scenarios, respective data set needs, etc.

1.5.4.2 Policies

One incentive for making data public is that Open Data brings multiple gains. In an e- Governance setting, open data brings in transparency and breaks corruption. In a business setting, open data fosters innovation. Kaggle™ is an example.

Anonymization is the key to open data. Open Data Institute handles this in an informal manner. Privacy Preserving Data Mining technologies guaranteeing data privacy from ground up will help a great deal. Different verticals have different privacy Implications. So identifying grades of privacy will also be beneficial.

Institutional framework should allow incentives for creative solutions that promote public welfare. To make optimal usage of computing resources, data security mechanisms have to rely on good intuition, intellectual property, and citizen’s privacy.

1.5.4.3 Mindset

Perhaps the biggest challenge in the success of Big Data and Analytics are the subtle changes in mindset required across multiple levels in an organization. Big Data initiatives are fundamentally cross-functional: infrastructure, policies, decision makers, domain specialists, data scientists, analysts, etc. The synergy across disciplines has just started happening and requires time to mature. The following are some specific challenges:  Data-driven culture  Data integration across silos in a company  Data sharing culture for pushing the envelope

1.5.5 Initial Focus Areas

Big Data and Analytics have applications across verticals. To keep the scope of this document manageable, we focus on two areas: e-Governance and e-Health. These two areas have a very high promise in the India context.

1.5.5.1 e-Governance

Government of India has an extensive plan for e-Governance. NeGP (National e-Governance Plan) aims to make all government services available to Indian citizens via electronic media. NSDG (National e-Governance Services Delivery Gateway) is one of the 27 MMPs (Mission Mode Projects) under NeGP. NSDG provides a middleware for e-Gov services. e-Gov Knowledge e-Xchange (www.nisg.org/kcindex.php) aims to provide authoritative information about the schemes as well as enable synergy between government and private sector.

In addition, there are other initiatives for a platform for e-Gov. e-GovStack14 provides several services like email, IM, notes, e-Tendering, etc.

14 Information on e-GovStack is available at egovstack.sourceforge.net/.

Cloud computing allows for dynamic provisioning of application, network, storage, and analytics platforms in the space of public computing infrastructure. Correctly integrated with governance processes, Big Data platforms allow citizen service scalability, availability, reliability, and delivery. Thick client interfaces such as mobile phones allow easy access to final information served by big data infrastructure.

1.5.5.2 e-Health

Healthcare is undergoing a revolution in the last few years. As detailed in Section 1.3, there are many opportunities to reap the benefits of cloud computing for healthcare, through health information exchanges and intelligent healthcare analytics. Some of the drivers and benefits for this revolution are the following:

 Electronic health records of individuals that are available digitally. This ensures that complete and even remote diagnostics is possible. Health informatics data can also be sourced from clinical notes, medical imaging, social interactions, and bioinformatics.  Health sensors that are widely available as “health bands”. These are inexpensive as well as non-intrusive. The 24x7 monitoring of individual health state results in personalized health care. Such a personalized healthcare reduces the number of unnecessary hospitalizations, decreases cost of care, and improves availability of medical data for diagnosis and prognosis.  Community/social information: Based on this, it is possible to trace out infection propagation patterns and proactively predict likely future infections.  New healthcare models: With the above developments, people are taking their health into their own hands. There are some pilot projects in flight. National Health Registry is being planned. NIC Hyderabad is working on a pilot in which aggregate data like number of births, number of vaccinations, etc. is available in real time.

HCL and Wellogic are working together to create India’s National Health Information Exchange Environment (INHIEE). Such Health Information Exchanges lead to increased availability of information as well as reduction in costs. (The latter is likely to be less applicable in the Indian context.)

1.5.5.3 Recommendations on e-Gov and e-Health

There are currently a few initiatives like NeGP and National Health Information Exchange in India towards e-Gov and e-Health, respectively. Some of the schemes are in their infancy.

 Wider dissemination of information about these projects will lead to increased awareness as well as increased utilization of the information.  The nature of predictive analytics depends greatly on the nature of data available. Hence making data available in a secure and privacy-preserving manner will lead to applications being built on the data.

1.6 Innovation Ecosystem

1.6.1 Background

There is no precise definition of cloud-based startup companies in India. Essentially any company that was in the shared services space in the 2000s has morphed to a cloud-based company today.

Cloud startups are broadly in three categories—Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). By nature and definition per se, these companies need to be a product software company, having Intellectual Property, but many Services companies are also riding on the bandwagon of a Cloud Company, since they essentially work in the Cloud Services area. Our objective here is not to pass judgment on anyone, but to explain the impreciseness of the definition of cloud. However, that should not stop us from delving further in this domain.

Startups are essentially those enterprises that employ a high level of entrepreneurial skill and expertise with a scalable business model that are receptive to taking risks. Usually established as small enterprises to begin with, startups in the world of Internet-based technology are popular. Such startups require support and encouragement from various perspectives during the beginning phase and subsequently the growth phase until establishment of a firm-footing. Hence guidance, patronage, and regulation are extremely critical to the development of such startups, which have the potential to become larger transnational corporations.

Figure 8 —World Startup Report (India)

A very important task in setting up a business is to conduct research in order to evaluate, assess, and develop the ideas and opportunities to establish deeper understanding of business concepts as well as their commercial viabilities. Several policy measures and mechanisms have evolved

over this year to promote and support the cloud-based startups in various phases. The help of angel investors and venture capitalists has made starting a business quite a viable option. The supporting mechanisms include technology business incubators and innovation centers, aka Accelerators. Microsoft’s Accelerator Program and Google Ventures are two such initiatives that have taken root from enterprises known to promote such intellectual capital.

“Startups are going global because the markets are larger, the customers make decisions faster and they are less price sensitive than the customers in emerging markets,” said Mukund Mohan, CEO-in-residence at Microsoft® Accelerator for Windows® Azure™ and an active angel investor. India has seen a few startups, over the last few years, gain success by means of receiving more- than-expected funding or by establishing presence in foreign countries. One such example is the product named Gecko developed by a Bangalore startup Connovate Technology. They registered on Indiegogo.com, which allows individuals to contribute as little as $20 as a means of raising capital; it was when Apple® Co-Founder Steve Wozniak contributed $100 that the number of funders spurted.

Another such example is Instamojo Inc., started in 2012, Mumbai-based Instamojo enables one to sell his/her digital creations like e-books, reports, photos, music, software, templates, graphics, plugins, etc., directly to his/her fans, friends and customers; these can be sold as downloads by simply sharing a unique checkout link. The company has bagged 4300-plus merchants/sellers, most of who are from India but an increasing percentage of the same is from international markets like the U.S., Canada, and the UK.

Several global venture capital companies like Sequoia, Khosla Labs have also set up incubators to incentivize commercial Cloud Ventures in India. However, a quick survey of literature indicates paucity of data and research studies related to the experiences and difficulties faced by startups.

Cloud-based startups have played and continue to play significant roles in the growth, development, and industrialization of many economies the world over. Going by the market trends, technology-based startups are at the forefront and are venturing into the global markets. Since the rate of innovation in knowledge has become very fast, the rate of obsolescence of technology has also followed suit and consequently, the rate of mortality of startup companies have also gone up. Hence, it is important that appropriate strategies are framed for their long-term survival. Even in the U.S., only about half of new employer firms survive four years or more and bankruptcies occur for nearly 60% of the high-tech startup companies. However, many consumer Internet startups and related ventures of larger firms such as Zomato™, BookMyShow (part of Network18), and Buzzintown™ (now controlled by Yatra) have gained success in India and also ventured into the international market. Investors believe that there is a definite trend that Indian startups have set in shaping markets and are increasingly migrating to global markets.

1.6.2 Objective of the Study

The objective of the present study is to assess performance and status of technology-intensive, cloud-based startup companies in select areas and evolves measures to encourage and support startup businesses. In order to meet the objective of the study, the task was divided into the following two areas:

 Study of the status of the technology-intensive, cloud-based startup companies in select areas.  Determination of constraints faced by starups and suggestions of measures and mechanisms for encouraging startups and improving their survival rate.

Figure 9 — India Innovation Focus Areas

1.6.3 Scope of the Study

The scope of the study was domain agnostic cloud-based startups in India. While Services sector has been India’s strength, the ecosystem for startups is improving.

1.6.4 Venture Capital—Trends and Opportunities

Venture capital (VC) has made a mark in spurring startups. Venture capital investment is one of the most flexible forms of innovative financing. It supports those business ventures that hold a bright future in terms of profit and growth and has now emerged as the best financing alternative in developing countries. The concept of venture capital is new in India as compared to the U.S., UK, etc.

1.6.4.1 Trends

The global annual VC investment saw a downfall in 2012 due to global economic uncertainty. Ernst and Young (EY) 10th annual report on VC [25] mentioned specifically that “Global VC investments declined by 20% year-on-year to U.S. $41.5 billion, while the number of VC investment rounds declined 8% to 4,970. Average round size decreased to U.S. $8.4 million in 2012 from U.S. $9.6 million in 2011.”

Figure 10 — Startups and Talent Pool in India

The 2013 Global Venture Capital Confidence Survey [1] was conducted jointly by Deloitte and Touche LLP and the National Venture Capital Association (NVCA). The purpose of the survey was to administer venture capitalists in the following regions: the Americas, Europe, Middle East, and Asia Pacific. One of the key finding in the survey was that venture capitalists are more confident in investing in domestic markets than globally. The survey also pointed a 7% drop in the sentiment of U.S.-based private equity and venture capital (PE-VC) funds towards India as compared to 2012.

1.6.4.2 Opportunities

The ever-increasing young population of India needs around 10-15 million jobs per year for the next decade. This can be possible by promoting and supporting entrepreneurship and business ecosystem. For the sustainability of Indian socio-economic growth, the ecosystem should also be socio-economic innovation-driven considering dimensions of improvements in sectors such as high-quality education, tourism, publishing, affordable health care, clean energy, and waste management and finance.

Information technology-related sectors (more specifically mobile, cloud, enterprise software, and healthcare IT) are embraced by global VC. As an emerging market for cloud computing India, has a bigger landscape and can flourish in many charters such as cloud-based collaboration for health care data; cloud-based legal records management, digitization, archival, retrieval; cloud-based accounting and flexible pricing solution for large enterprises and telecom vendors; cloud-based knowledge and innovation management and dissemination; etc. Ernst & Young’s Global Venture Capital Insights and Trends Report 2013 [25] identified that India was the only country to see an increase in the number of investment rounds. This has shown a remarkable growth and confidence in VC interest in an Indian context.

India has a huge potential and the government needs to provide proper regulatory policies, less restrictive and time-constraint procedures to support approachable VC capital investments. India VC industry has witnessed a degree of insulation from global economic downfall due to the

increase in the amount of capital being invested in purely domestic opportunities and the VC investment and innovative entrepreneurship and business ecosystem looks promising.

1.6.5 Cloud Spurred Innovation In India Startups

Today, human society is living through an era of hyper-mobility and agility where the long distances are covered in hours and response expectations are in seconds. This is primarily driven by the progress in communication, computing, and transportation technologies that have transformed the world into a global village.

As Internet gains maturity, the new paradigm of connected devices and continuous services has emerged and is now fueling a global wave of technology entrepreneurship. Riding this wave, Indian Startup ecosystem is now at an inflection point and moving steadily into a growth phase that is expected to create 2500 successful startups in the next decade that could contribute up to $250 billion to India’s GDP and also create millions of new jobs.

There are four factors driving this new technology entrepreneurship opportunity in India. They are as follows:

1) Strong domestic market emerging with rising incomes and strong rise in Internet subscriptions—which means massive increase in consumption of devices, content and apps in coming years. 2) Strong technology talent in India—a rising number of professional software developers and approximately 800,000 fresh engineers graduating every year, fueling great pipeline to build new products and services. 3) Renewal of investor sentiment for tech work in India—a large amount of dry capital is sitting on fence waiting for good business ideas in business infrastructure, consumer devices, and services. 4) Increased access to global markets—due to two factors: (1) Internet playing a leveler (2) global Indian Diaspora is opening new doors for Indian entrepreneurs.

Figure 11 — Startup Influencers

As every business is going through a cloud-enablement—be it for infrastructure cost-savings, agile tools or data insights—cloud computing is going to play a pivotal role in shaping the future of technology startups in India. In fact with this intent alone, Microsoft started an Accelerator for Windows Azure in July 2012, one of the first of its kind by any technology company in India. Since then, a number of startups have successfully graduated from the program, getting ready for their next phase of growth.

Also, as the number of connected devices grows in India, it is going to open up some very interesting local innovations in social interactions such as multi-lingual exchange of thoughts, participation in traditional indigenous games in digital form, as well as location-driven augmented reality. The education and health areas are also going through massive disruption with ease of accessibility to learning curriculum and patient data respectively. Another important area of innovation emerging is pertaining to the national security such as city surveillance and video and image analysis. We are moving in a very exciting phase for Indian Startup Ecosystem and cloud is well positioned to redefine value creation for this market.

The recommendations for government of India in this space would be as follows:

a) Drive a global PR program to improve image of startup ecosystem in India. b) Focus on friendly tax policies for early-stage startups and associated investors.

1.6.6 Academic Ecosystem

Research firm IDC predicts that cloud-related IT jobs will touch 2.3 million in Asia Pacific by the end of 2015. The skill gap is widening and there are no standard solutions to address this.

In order to address this growth, academia needs to scale up the research and training in cloud computing. Addressing this skill gap is challenging as there is a whole gamut of skill sets and hands- on experience that is required to fill these jobs. This also requires active support from the industry because it would be difficult for any university to simulate the scale and the abstractness of the cloud ecosystem we observe today in the market. Microsoft, Google, and Amazon all have a cloud platform for academic research but, given the size of the market, there needs to be a lot more industry needs to do to support academia.

Cloud Computing Innovation Council of India may function as a platform and interface to address some of these needs.

2. Cloud Platforms and Infrastructure Framework

Introduction

As per NIST, cloud computing is defined as a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The following expands on the key characteristics of cloud:

a) On-demand self-service means that a consumer can provision computing capabilities (processor, storage, and network resources), as needed automatically without requiring human interaction by the service providers. b) Shared pool of resources implies providing computing resources to multiple consumers using a multi-tenant model, with physical and virtual resources assigned and reassigned according to consumer demand and efficient utilization of resources (storage, compute, memory, network bandwidth, virtual machines, etc.). c) Rapid provisioning to scale out and rapid release to scale down, requires resource elasticity and transparency to such an extent that resources are perceived to be unlimited by the consumer. d) Configurable resources, specifically applications, mean that the platforms should be flexible enough to enable different types of application services. e) Minimal management effort, a necessity for self-service mode of usage, in turn means those automated management capabilities to automatically control and optimize resource usage by appropriate fine-grained metering capability for different types of resources/services. f) Ubiquitous network access means that cloud infrastructure and services will be available over the network and accessible through standard protocols for accessing from heterogeneous client platforms (mobile phones, laptops, tables, etc.).

All the above characteristics of a Cloud Computing platform pose interesting technical challenges on cloud infrastructure and platform. This section describes the current state of technology to address these challenges, explains the key issues and opportunities in this space, and presents potential innovation gaps and opportunities.

Three service models (defined by NIST) used to describe the capability provided by any Cloud platform: (i) Software as a Service (SaaS)—enables a consumer to use the provider’s applications running on a cloud infrastructure, through a pay-per-use business model. (ii) Platform as a Service (PaaS)—enables the consumer to use cloud applications on the provider's cloud infrastructure and through a pay-per-use business model. (iii) Infrastructure as a Service (IaaS)—enables the consumer to provision processing, storage, networks and other fundamental computing resources, the consumer is able to deploy and run arbitrary software, including operating systems, applications, etc. Figure 12 also depicts the focus of the different working groups in this section. The technical aspects of each of these modules will be described in the rest of this section, highlighting specific areas of innovation that covers one or more of these modules.

Figure 12 — Diagram Showing the Key Focus Areas of the Different Working Groups in Section 1

The focus of Section 2.2 will be in articulating the current platforms that support scalable and elastic compute infrastructures and to describe the challenges as well as techniques used to ensure vendor neutral APIs to enable a cloud infrastructure that consists of multi-vendor resources. Section 2.3 describes the challenges of implementing cloud storage—with particular emphasis on abstract storage reference architecture and new innovation proposals such as hub- and-spoke model that is most suitable for Indian governance. Section 2.4 deals with platform support for application development and deployment that can nurture software talent and entrepreneurship in the country. Section 2.5 deals with management and monitoring of cloud and describes several challenges and opportunities for innovation to provide simplified IT. Section 2.6 has three key aspects that enhance the usage of cloud infrastructure through energy saving and mobility support.

2.1 System Architecture, Compute, Networking, Cloud OS, and Virtualization

Introduction

Cloud infrastructure is the basic backbone for building cloud enabled services. As envisaged in its definition, the compute cloud encompasses the service models (IaaS, PaaS, SaaS, XaaS) and the deployment models (Private, Public, Community, Hybrid). However, it is the usage (applications) and policy that drives the architecture and design of the infrastructure models. Based on the identified usage models, the infrastructure needs to address issues associated with functional requirements of services related to system hardware (compute, memory, network, storage, etc.), runtime software environment like operating systems, application development platforms, applications services, etc., non-functional properties like quality of service associated with performance, security, availability, reliability, etc. and issues associated with cloud interoperability i.e., movement of usage from one provider to another. Apart from these, there are other concerns like infrastructure management and monitoring for usage, QoS provisioning and SLA management, health and failure management, to that of designing basic infrastructure support (uninterrupted power, connectivity, and suitable ambience) for the cloud setup that require innovation to enable adoption in emerging economies like India. The infrastructure innovation framework identifies the key requirements for the cloud infrastructure to enable innovation, foster interaction, and achieve solutions to address challenges associated with the scale of problems in India. The infrastructure innovation model is depicted in Figure 13 and described in the following sections.

Figure 13 — Innovation in Cloud Infrastructure

Compute, Networking, and Storage are the foundations on top of which Cloud Architecture is built. These components could either be implemented directly on top of physical hardware or virtualized converting underlying hardware into a common pool of resources. The sections that follow describe in more detail the overall architectural components, compute and networking implementations both in the virtual and physical world. We look at important components of architecture like compute virtualization, networking virtualization, and software-defined networking (SDN).

In the end, we will spend some time on virtualization trends specific to India and guidelines on choosing the appropriate solution.

2.1.1 System Architecture

This mapping of logical components like Compute, Storage, and Networking defines the high- level system architecture of the cloud (see Figure 14). Compute Storage and Networking could be implemented either in a virtualized world or a physical world depending on the use case and the maturity level of the implementation chosen for each of the component.

Figure 14 —System Architecture of Cloud Components Mapped to Underlying Implementation

2.1.2 Compute

Compute provides the processing power—primarily x86 based to provide resources to run processes and services. This could be implemented either using physical servers with OS support or compute could be virtualized into vCPUs that are created from underlying physical CPUs (see Figure 15).

Physical Compute Virtualized Compute This implementation is used if there is a need for In this implementation underlying CPUs, Memory multiple CPU architecture support and tenants and IO devices are pooled together and distributed need separate dedicated machines and among Virtualization Machines. hardware. Here CPU, Memory and IO are not shared between hardware machines. —Reprinted with permission of Rajdeep Dua NOTE: Refer to Compute Virtualization under Section 2.2.4.1.2 for more details about Compute Virtualization types and implementations.

Figure 15 — Cloud Compute Architecture Model

2.1.3 Networking

Networking has been traditionally a laggard in innovation. We have millions of lines of code written for proprietary stack from hardware to custom OS and Network Management layer. Of late, this industry is opening up thanks to Network Virtualization and SDN.

2.1.3.1 Networking in Physical Components

This is a more traditional approach to networking and uses the underlying hardware and proprietary implementation of RIB and FIB for storing the routing of information of packets.

2.1.3.2 Networking in Virtual Components

This is a newer approach to virtualizing all the networking constructs like Router, Switch, and Firewall into virtual components and uses the underlying hardware as a simple IP forwarding layer. In this approach the brain of networking lies outside the hardware stack. Please refer to Section 2.2.4.1.5 for more details.

2.1.4 Cloud OS and Virtualization

Introduction

Virtualization/hypervisors is the foundation of cloud computing infrastructure forming an essential layer of Infrastructure as a Service (IaaS). As mentioned in 2.2.1, virtualization is one of

the implementations that is very popular and much easier to implement and manage as compared to implementation of a cloud orchestration layer directly on bare metal.

2.1.4.1 Global Trends

Virtualization has been adopted across industries and governments across the globe. It leads to cost-effective optimization of hardware resources. Its benefits continue to grow with innovation in virtualization technology in compute, storage, and networking stacks of a data center.

2.1.4.1.1 Software-Defined Data Center

Virtualization enables the abstraction and pooling of resources into a common pool that can be managed using software programmatically. This concept is referred to as Software-Defined Data Center (SDDC). In SDDC all infrastructure is virtualized and delivered as a service and the control of this data center is entirely driven by software. SDDC removes the dependency on a particular hardware vendor or architecture and brings compute, storage, and networking to the common platform that is controlled and managed using open interfaces/APIs thereby creating tremendous opportunity for the innovation.

SDDC can incorporate heterogeneous environments with multiple hypervisors, hardware from different vendors, and various public cloud services into a single pool. The challenge for any Cloud OS (aka Cloud Management platform) is to provide uniform governance, control, access, and self-service over the entire heterogeneous, hybrid cloud environment.

2.1.4.1.2 Cloud Infrastructure Ecosystem for Compute

Compute Virtualization

In Compute Virtualization all the runtime components in a Physical Machine are replicated in a Virtual Machine. This is achieved by the hypervisor, which is a software component that sits between Hardware and the Guest Operating System.

CPU Virtualization is an important component of Compute Virtualization. There are some inherent challenges in virtualizing the CPU because of the different privilege levels required to run Kernel, device drivers, and user applications. The following are three different approaches for overcoming this:

 Full Virtualization with Binary Translation: Translating binary instruction set from Guest to Host OS, e.g., VMware® ESXi™  Para virtualization: Modifying Guest OS to make it virtualizable, e.g., Xen™ Hypervisor15  Hardware-Assisted Virtualization: Leveraging features in chipsets like Intel VT and AMD-V to make virtualization data structures reside on CPU-VMCB control block, e.g., KVM

15 Xen is a registered trademark of Citrix.

2.1.4.1.3 Cloud Orchestration Layer

Cloud Orchestration Layer (see Figure 16) manages the virtual resources that provide Compute, Networking, and Storage services to the applications. Typically, a Cloud Orchestration layer has a UI and a Client API Layer that is used to access and provision these resources. It also provides a set of common services like Identity Management, Image Management, etc.

—Reprinted with permission of Rajdeep Dua

Figure 16 —Cloud Orchestration Level

OpenSource Implementations of Cloud Orchestration

 OpenStack®: OpenSource Cloud Platform that was built by Rackspace and open sourced. Extensive industry adoption with contributions from Red Hat®, IBM, Rackspace, VMware, and others.16, 17  Apache CloudStack®: Cloud platform acquired by Citrix® (cloud.com) and open sourced under Apache 2.0 License as a Apache Project.18 Limited acceptance in the industry and dominated by Citrix as a major contributor.  Eucalyptus: One of the older open source cloud platform to provide EC2 compatible APIs for private cloud deployments. Backed by Amazon but losing momentum in the market.

Commercial Implementations of Cloud Orchestration

 VMware: vSphere, vCloud Director: Flagship Cloud Infrastructure products from VMware, provides cloud services leveraging ESXi hypervisor for virtualization. Broad industry adoption. Nicira acquisition and integration into vSphere makes it one of the more advanced SDN products in the market  Citrix Cloud Platform

16 OpenStack is a registered trademark of of the OpenStack Foundation. 17 Red Hat is a registered trademark of Red Hat, Inc. in the United States and other countries. 18 CloudStack is a registered trademark of the Apache Software Foundation.

 Microsoft System Center  Red Hat Enterprise Linux OpenStack: Commercial distribution of OpenStack using KVM and Red Hat  HP OpenStack: Commercial distribution of OpenStack with proprietary services bundled  IBM OpenStack: Commercial distribution of OpenStack with KVM hypervisor  Piston Cloud (Based on OpenStack): OpenStack distribution that runs bare metal

2.1.4.1.4 Hypervisors

Hypervisors is the software responsible for system virtualization over which the guest OS and applications execute. Some example hypervisors include open source and free hypervisors such as Citrix Xen Server 6.2, KVM Hyper-V 2012 Server, and commercial products such as VMware ESXi.

Open Source

—Reprinted with permission of Rajdeep Dua NOTE: Kernel Virtualization Module extends the Linux Kernel and converts it into a hypervisor. It leverages a lot of Linux Kernel functionality and Hardware Assistance of processors like Intel AT and AMD.

Figure 17 —Kernal Virtualization Module (KVM)

—Reprinted with permission of Rajdeep Dua NOTE: Xen is an open-source type-1 or baremetal hypervisor that makes it possible to run many instances of an operating system or indeed different operating systems in parallel on a single machine (or host). Xen is the only type-1 hypervisor that is available as open source. Xen is used as the basis for a number of different commercial and open source applications, such as: server virtualization, Infrastructure as a Service (IaaS), desktop virtualization, security applications, embedded and hardware appliances. Xen is powering the largest clouds in production today.

Figure 18 —Xen Commercial Products

 VMware: ESXi19 uses a combination of Direct Execution and Binary Translation to achieve hypervisor functionality. It runs directly on bare metal and provides some pretty advanced features. It is considered very stable, as the memory footprint is low and has the maximum market share in commercial deployments.  Microsoft: Hyper V20: Hyper-V, codenamed Viridian and formerly known as Windows Server Virtualization, is a native hypervisor from Microsoft that enables platform virtualization on x86-64 systems.

2.1.4.1.5 Software-Defined Networking—Technical Overview

SDN Definition: “Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-effective and adaptable, making it ideal for the high-bandwidth, dynamic nature of today’s applications. This architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services. The

19 Information on VMware: ESXi is available at http://www.vmware.com/files/pdf/ESXi_architecture.pdf. 20 Information on Microsoft: Hyper V is available at http://msdn.microsoft.com/en-us/library/cc768520(v=bts.10).aspx.

OpenFlow™ protocol is a foundational element for building SDN solutions.” – Open Networking Foundation.

SDN allows network administrators to decouple the decision making about traffic flow from the actual hardware system that forwards traffic, through a layer of abstraction over lower-level functionality provided by the networking hardware. There are multiple variants of implementing this control layer.

SDN Architecture

—Reprinted with permission of Rajdeep Dua APPENDIX: Players in the SDN space - Nicira/NSX - (from VMware), https://www.vmware.com/products/nsx/ Big Switch Networks: http://www.bigswitch.com/ Cisco : http://www.cisco.com/web/IN/solutions/trends/open_network_environment/index.html

Figure 19 —Network Virtualization Virtualizes Network Components Like Switch, Router, and Firewall

 Directly programmable: Network control decoupled from forwarding functions.  Agile: Control abstracted from forwarding lets administrators dynamically adjust network-wide traffic flow.  Centrally managed: In this case, the network intelligence is logically centralized in software-based SDN controllers. These controllers maintain a global view of the network that is used by application, policy engines as a single logical switch.  Programmatically configured: SDN allows network managers to configure, manage, secure, and optimize network resources quickly via dynamic, automated SDN programs by writing proprietary software-independent programs.  Open standards-based and vendor-neutral: SDN implemented through open standards and simplifies network design and operation. Instructions are provided by SDN controllers not by multiple, vendor-specific devices, and protocols.

2.1.4.1.6 Software-Defined Storage (SDS)

While on one side Software-Defined Networking (SDN) is getting industry and analyst traction, there is not yet consensus on Software-Defined Storage. (See SNIA dictionary [68].) SDS concept promises the same level of vendor unlocking and abstraction from underlying physical storage

hardware as SDN does. Storage and virtualization industry leaders and startups alike have already started rolling out there products branded as SDS. More details of SDS are presented in 2.3.5.7.

2.1.4.2 Current Virtualization Trend in India

As per research conducted by IDC and VMware of the total IT installed base in the country, only 15% have been virtualized so far.

Through secondary research AMI has concluded that the small and medium business segment (SMBs; companies with fewer than 999 employees) comprises about 30% of the India virtualization market and is likely to grow exponentially in the next few years.

2.1.4.3 Challenges

Adoption of virtualization faces many challenges in the context of Indian market. These challenges can be broadly classified as follows:

 Infrastructure-related challenges: The foundation infrastructure required for virtualization in terms of networking and storage technologies requirement poses a major challenge in the adoption of mainstream virtualization technologies. Many key benefits of virtualization such as distributed resource pooling and management, high availability, and disaster recovery solutions require considerable network bandwidth and backbone network that is fast, reliable, and secure. To take advantage of many of the benefits of virtualization features requires networked storage such as Fiber Channel Storage Area Network, which comes at premium cost. This high initial capital investment is a major inhibiting factor in the adoption of virtualization technologies in thepublic and private sector, especially for SMBs.  Skill challenge: Lack of skilled manpower that can design and manage the virtualized data center will hamper any plans to drive IT efficiency through adoption of virtualization.

2.1.4.4 Proposals/Policy Suggestions

 Incentives to upgrade the infrastructure should be encouraged. This could be through the routes ranging from tax/duty exemption/incentives to technology modernization grants.  Training of personnel, incorporation of virtualization, and cloud computing in university and college curriculums.  First training set could be education and training of the decision makers on the Virtualization and Cloud Orchestration selection. Selection could to be based on the guidelines listed in 2.2.4.5.

2.1.4.5 Guidelines

The following criteria should be considered while choosing the Cloud Orchestration Layer for building Virtual Infrastructure at Compute, Storage, and Network sub-systems:

Guidelines for Choosing a Commercial Cloud Guidelines for Choosing an Open Source Orchestration Layer/Hypervisor Cloud Orchestration Layer/Hypervisor . Maturity of offering – Is the product running in . Can the open source piece compete with production environments at large scale data center the commercial offering in terms of features and deployments with proven track record? the product maturity? . Can the offering be backed by trained support . Is there enough industry and data center and professional services? adoption worldwide? . Comfort Level of the System Integrators like . Who is backing the open source effort? TCS, Wipro, Infosys with the orchestration layer . Is there talent available in India to deploy . Presence of the cloud vendor in India both from and manage this infrastructure? the R&D and consulting perspective . What is the Open Source license type? – . After sales support Apache, GNU, others etc. . Product road map for next 5 years . Experience of CDAC and other government . Adoption trends in other government bodies with this open source organizations in emerging and emerged markets . Performance as compared to other Open . Ability to customize underlying product based Source products as well as commercial grade on specific requirements products . Support for Standards . Performance at the Orchestration layer and Hypervisor layer

2.2 Cloud Storage

2.2.1 Charter

The primary charter of our group is to define the reference architecture models—conceptual model drawn from the global technology trends and the requirements of the proposed cloud platform and concrete or pragmatic cloud storage architecture model by mapping the conceptual model onto specific recommendations for realizing a cohesive cloud platform for e- Health and e-Governance.

2.2.2 Scope

Cloud storage is an integral part of the cloud platform architecture and, given its criticality, it deserves special attention. This section of the white paper presents the current state-of-the-art of cloud storage, its global trends, discusses the initiatives supporting the core themes and the challenges in customizing the deployments to realize the projects around the core themes, and proposes potential innovation opportunities.

2.2.3 What is Cloud Storage?

There are many definitions and interpretations for the term Cloud Storage. However, for this initiative we would like to opt for a generalized notion and it is defined as follows:

Networked commercial grade (consumer, enterprise, etc.) storage where the data is stored on virtualized pool of storage hosted by third parties. It can be seamlessly accessed using operating environment-provided semantics or web services API or vendor-provided protocols. The term mostly covers the foundational services like raw block, file, block and blobs; data services like databases, data warehousing, big data databases, and custom repositories; and extended services like protection, compliance, and tiering.

The examples are Cloud Data Management Interface (CDMI), OpenStack Cinder (block storage), OpenStack Swift (file storage), AWS Block Storage, AWS s3 (file storage), Google.

2.2.4 Key Drivers

Following are the key drivers for the cloud storage development and adaptation:

 CapEx reduction: Agile and Mature enterprises  OpEx Reduction: Technology complexity and lack of trained administrators  Exponential growth of data  Compliance, local, and global: Rapid growth of Ubiquitous Computing paradigm; Convenience of Access

2.2.5 Global Trends

The growth of cloud computing technology has led to the offering, by service providers, of cloud storage for enterprises. However, there has also been a proliferation of cloud storage offerings for individuals in the form of file sharing services and media (e.g., photo) sharing services. Some of these services are standalone, while others are embedded into social networking platforms and hence are not described here.

In this subsection, we first provide an overview of cloud storage (deliver and deployment models) and then discuss the common characteristics of these services.

2.2.5.1 Cloud Storage Delivery Models

Following are the STORAGE delivery models corresponding to the delivery models for cloud computing defined by NIST:

Infrastructure as a Service Storage Models: Two types of storage are typically defined in an IaaS service. They are object storage and block storage, which correspond to file and block storage in an OS, respectively. Object storage is used to store images and other persistent data that is intended to be copied to the VM during operation or to be served to a client (e.g., a media server streaming videos). These services are intended to be highly scalable and hence normally do not offer a file system interface, but provide an interface to read and write the entire object. Block storage typically offers a virtual disk model and is used for file systems accessible by the VM or for database storage.

Platform as a Service Storage Models: A typical PaaS-type service provides application level storage services. These include file system interfaces, as well as database services. Database services may be relational, or be NoSQL databases as well. Unlike storage services in an IaaS system, the user does not have to manage the virtual storage associated with the service (e.g., storage for the database or version upgrades).

Software as a Service Storage Models: SaaS providers have the simplest storage model, where the storage is not presented directly to the user. Typically, a user would be charged for the amount of application storage used, with the ability to upgrade by paying additional fees. For example: email services typically provide a minimum of free storage for email with additional storage available for a fee.

Backup: Several service providers have been providing cloud backup services, whereby enterprise data can be backed up to or restored from a cloud service. Typically these consist of backup agents running in the business that back up data to backup software in the Cloud. These services are popular with small and medium enterprises, due to the fact that they provide sophisticated backup capability that the business would not otherwise be able to afford (Harms and Yamartino [34]). Due to security concerns and network bandwidth constraints, these services are used by large enterprises primarily for backup of non-critical data. Shipping of tapes can be used for dealing with the latter problem.

Big Data: Many Big Data systems, such as Hadoop, come with storage systems that are tailored for the applications running on the system. The Hadoop Distributed File System (HDFS), for

example, provides replicated file storage that is targeted towards large-scale, loosely consistent, read-mostly data. HDFS is not a POSIX-compliant file system and has features (e.g., being able to find the physical node on which a file segment is stored) that are tailored towards efficient implementation of MapReduce. Similarly, HBase is a key-value store that is built on top of HDFS and that is also targeted towards MapReduce applications (Forell, Milojicic, and Talwar [31]). Commonly, such systems provide some sort of highly scalable, non-relational database storage in the form of either key-value stores or storage of XML documents or structured objects (e.g., MongoDB that provides storage for JSON objects).

Collaborative and Personal: The ubiquity of cloud computing has motivated providers such as Dropbox21 to provide storage services to individuals for storing documents or other media such as photos. Particularly in conjunction with mobile computing, these services (e.g., Instagram™) are a fertile field for startups

2.2.5.2 Cloud Storage Deployment Models

NIST has defined a number of cloud deployment models. For each of these, there is a corresponding Cloud Storage deployment model as follows:

 Private: A private cloud typically will deploy cloud software (e.g., OpenStack) on the IT infrastructure owned by a business. The types of storage services present depend upon the delivery model as described previously.  Public: Public clouds also offer a number of storage services depending upon the delivery model. They may allow access to storage services that are more sophisticated than those available in the enterprise. However, security and network bandwidth limitation could be concerns in the consumption of such services.  Hybrid: Hybrid cloud storage services allow businesses to leverage the strengths of both public and private clouds, with cloud backup being a good example.

2.2.5.3 Common Characteristics of Cloud Storage

Regardless of delivery and deployment models, cloud storage services have some common characteristics, which are described as follows:

Cohesive presentation of highly distributed storage resources: For large scale, cloud storage resources have to be highly distributed. However, for effective usage, it is important to provide a cohesive interface.

Fault tolerance through replication: It is commonly expected that cloud services will be highly available, as well as accessible globally. This is predominantly achieved through replication.

“Eventually consistent” model: Due to wide-area replication, it is not possible to provide very tight consistency. Cloud storage tends to offer “eventual consistency” and it is important for cloud applications to be able to work with such consistency models.

21 Dropbox is a trademark of Dropbox, Inc.

Durable through versions: To reduce the likelihood of accidental loss, cloud storage systems offer versioning. In some cloud storage systems (e.g., Facebook and HBase) due to their large scale, deletes are sufficiently complex that versioning is simpler to implement.

Inherits the attributes of Cloud Computing: NIST defines Cloud Computing as being agile, elastic, and scalable. To support these characteristics, the storage services should be agile, highly automated, elastic, and scalable. Storage services also need to support efficient energy usage. In common with other cloud services, storage services also need to support multi- tenancy (secure sharing of physical resources). Finally, part of the SLAs between a customer and a cloud provider will depend on the storage service SLAs.

Self-healing: Self-healing file storage with storage nodes clustered in geographically distributed mode (e.g., OpenStack Swift).

2.2.5.4 Conceptual Reference Model

The key components are as follows:

The Foundation layer serves as basic building block for the cloud storage. It offers core storage services around raw block, file, object, and blobs. Depending on the deployment model, the interface exposed could range from standard iSCSI to REST API-based access. The services provided by this layer are an integral part of any core cloud infrastructure offerings.

The middleware layer serves as an integral part of cloud platform services layer. This layer consists of most of the commonly used databases that conform either to ACID (Atomicity, Consistency, Isolation, and Durability) or BASE (Basic Availability, Soft State and Eventually Consistency) properties and could be either SQL or NOSQL type interfaces. There are many proprietary databases as well, which are built to address specific requirements. All these databases services shall be wrapped under a unified cloud database API like ATOM publishing protocol (IETF RFC 4287). The API set includes Google GData and Microsoft SQL interfaces.

The software services layer is architected on top of the infrastructure and platform. Figure 20 illustrates the commonly used data warehousing services and propriety big data services that are custom built. The proprietary services could also use the data warehousing services.

Figure 20 —Reference Architecture Model for the Cloud Storage Initiative

The data services layer spans across all three layers of the cloud services. The services offered by this layer include backup, DR, archiving, security, and vaulting. The data services do not have any direct storage affinity. They could be used as standalone services and applied on the storage hosted independently or offered as an integral service for the infrastructure, platform, and data storage services.

The management layer provides a high level of automation to orchestrate seamless deployment configuration that delivers optimal end-to-end performance.

2.2.5.5 Cloud Storage Architecture Attributes

The following table illustrates the key attributes of the cloud storage infrastructure to realize the proposed cloud platform architecture.

Attributes Description Elastic Scale It shall be able to scale elastically (either through scale out or scale up) Reliability It shall function reliably and offer 59 seconds of reliability Ease of deployment It shall be no-touch/plug-n-play deployment model without much of configuration overhead and allow multivendor cloud storage deployments Green (low power) It shall be green friendly HPC Performance It shall be able to deliver wide range of performance—from backup to HPC compute needs Cost It shall be affordable Database/Data It shall offer aggregate data services like databases, data warehousing warehousing services Protection It shall offer protection services based on the SLA API based It shall integrate all the foundation, protection and data services into a single ecosystem using cohesive API. This shall abstract all implementation and deployment nuances in using multi-vendor services Zero touch It shall offer simplified management, Adaptive, Plug-n-Play

2.2.5.6 Concrete Reference Model

The concrete architecture reference model presents the pragmatic map of the conceptual model to a specific set of concrete infrastructure from different infrastructure and technology vendors. Note that the model presented here is just a recommendation based on the current state of the art and it is likely to evolve as we move forward with the implementation. We have been looking at the following building blocks from a spectrum of storage technology providers:

 AWS  Google  OpenStack  CloudEra™  EMC ViPR/EMC Atmos  NetApp  CINDER  SWIFT

2.2.5.7 Software-Defined Storage (SDS)

SDS is widely being discussed as part of the Software-Defined Data Center. The primary design tenets of SDS are storage platform and data services management unification and higher order automation. EMC, NetApp, IBM and other enterprise-class storage vendors are working on their pragmatic plans for delivering a viable SDS. Unfortunately, there is no unification of the SDS semantic and each vendor has its own API set to program to cloud scale SDS. Similar to SDN, this SDS solution tries to separate the control path that manages and control policies for storage device, while data path provides actual read/write functionality.

SDS vendors and their offerings are as follows:

 EMC ViPR Software-Defined Storage: Similar to SDN, this SDS solution tries to separate Control path that manages and control policies for storage device while Data path provides actual read/write functionality. EMC ViPR abstracts the control path making the underlying storage to be managed as aggregate virtual storage pools. For more details, see Rethink Storage [66].  NetApp Clustered Data ONTAP: NetApp is another leading vendor that has a solution in SDS space.  Some opensource SDS options are ZFS, OpenStack Cinder, etc.

NOTE: EMC ViPR/EMC Atmos abstract the control path making the underlying storage to be managed as aggregate virtual storage pools. According to the EMC ViPR white paper [66], ViPR abstracts the storage control path from the underlying hardware arrays so that access and management of multivendor storage infrastructures can be centrally executed in software. ViPR features block and file control services that provide all the functionality of physical block and file storage arrays as virtual service. Figure 21 —SDS Reference Model from EMC

According to an announcement from NetApp: “At the heart of this is our Storage Virtual Machine technology which enables data access and services to be separated from the underlying hardware. This abstraction allows for storage resources to be assigned and reassigned based on the needs of the application over the course of its lifecycle”. 22 —Reference: product announcement in June, 2013. Figure 22 —NETAPP Clustered Data ONTAP

22 At the time of publication, this product announcement can be found at http://www.netapp.com/us/company/news/press- releases/news-rel-20130611-574523.aspx.

2.2.6 India Initiatives

This section presents an overview of some the key cloud storage initiatives that are to be anchored to develop cohesive end-to-end cloud platform architecture for e-Health and e- Governance themes. The motivation for these initiatives is to cast the reference model with a specific set of storage attributes that are drawn from the core themes to develop a concrete cloud storage reference model.

The key initiatives under consideration are as follows:

 Custom Extensions around big data and data warehousing that meet the needs of the data services for eHealth and e-Governance.  Data quality and compliances to deliver the service levels ranging from latency to security to retention.  Ecosystem that abstracts out the complexity of cohesively integrating heterogeneous components. This shall cover the entire spectrum of deploy, configure, manage, service, and retire phase of the cloud storage management life cycle.

2.2.7 Challenges

Following are the challenges that need to be transformed into opportunities through continual innovation:

 Cost  Efficiency of the delivery infrastructure  Cost of transport  Sustained performance  Reliability  Client side infrastructure  Data location  Trust  Vendor lock-in  Standards (interoperability—local and global)  Data governance, compliance standards, and audits  Service regulation  Legal support  Slow adaptation due to the execution challenges in the ecosystem  Pockets of Infrastructure development: Emerging trends of continuous improved infrastructure pockets around metros. Rural areas are still out of reach.  Trained man power to install/admin and maintain the system and the lack of ecosystem to impart the necessary training  Stretched Infrastructure

 Dissimilar usage patterns: The usage pattern across different states/regions is going to be different due to the cultural changes and this can be a benefit in using the cloud platform for storage, which can give on-demand capacity.

2.2.8 Innovation Opportunities

Considering the elastic scale and the opportunities that we could leverage with the spectrum of cloud storage providers and aggregated service needs, the proposed cloud storage solution architecture layout calls for innovations around a classical HUB-SPOKE deployment model with API driven design for cross-island data exchange whose applicability trickles down to the cloud storage architecture.

In a hub-and-spoke distribution paradigm, the (homogeneous and heterogeneous) systems are interconnected in a fashion similar to a chariot wheel where there is an inherent ability for the spokes to participate in data exchange with others via a centralized hub. Such a model leads to an optimized and efficient data exchange with the HUB serving as the centralized compute and storage unit, complementing classical cloud computing fundamentals.

The model fits well for e-Governance- and e-Health-based cloud solutions in the Indian context where the hub becomes a centralized information depot serving as a common data feeder, as well as data exchange gateway to and between the spokes which execute end-user applications that take regional peculiarities into consideration. This also overlays well with the current hierarchical governance model with power distribution from center, state, district, town, village, and community level. Similarity, we could organize the proposed solution architecture as a hierarchical arrangement of central cloud, state cloud consisting of district level cloud encompassing town, and village/community cloud setup. The hub-spoke storage model will need to be characterized around the following:

 Open Source Software-Defined Storage Architecture to ensure cost effectiveness and prevent vendor lock-in  Scale Out storage architecture to meet the scalability issue ensuring high availability for critical workloads  A minimum support of departmental multi tenancy where the storage can be shared security among departments within governmental boundaries  Ability to adapt commodity hardware and keep storage costs down without compromising over data protection  Ability to support data caching/placement across islands spread across the geography  Standardized storage API for data exchange  Centralized storage management with low skill admin work force requirement

With these considerations, we propose the use and adoption of an open source based OpenStack cloud platform that is enabled with storage components (like SWIFT and CINDER) that complement the above proposed model and meet the required characterizes. A cloud storage architecture illustration of the proposed hub-spoke model is described next.

The proposed API-based model would serve as an innovation platform for cloud storage and notable innovations opportunities are as follows:

 Common API set and the necessary adaptation for a spectrum of popular cloud infrastructure and storage services.  A spectrum of localized tools for deploying, managing and tuning the cloud storage system and service to deliver the necessary end-to-end storage service SLA.  Develop new connectors to bridge the Cloud API based infrastructure with the cloud ecosystem. For example, connect the cloud storage to HyperV, ESX, and Xen-based compute/platform infrastructure.  Data quality, compliance, and life cycle management tools (developed using the vendor provided infrastructure/tools).

2.3 Application and Data Platforms

Introduction

This section details some of the existing tools and techniques for enabling Cloud Application platforms that support development and deployment of cloud applications as well as application interoperability. There are two important aspects of this platform support—namely (a) application development over essentially what is typically called a PaaS and (b) standards interfaces to support application interoperability through what is typically referred to as open data.

The PaaS model provides a platform on which users can directly develop and deploy their applications without worrying about the complexity of setting up the hardware or system software. PaaS systems usually support the complete life cycle of an application—starting from support for application design, APIs for application development, the build environment, and testing support, as well as application deployment infrastructure on the Cloud. Additional support during application execution for persistent data usage, state management, session management, versioning, and application debugging are also provided by certain PaaS solutions. IaaS offerings provide only raw computing power and customers purchase instances of virtual machines, install the requisite software, and host their applications on them. In contrast, PaaS offerings provide completely managed platforms for applications hosted on the Cloud. Customers manage instances of applications, specifying the details of instances of the application required, and the cloud service will guarantee that the instances will be created and maintained without user intervention. For example, a PaaS solution will ensure the availability of the application despite downtime of the underlying virtual machine by automatically creating a new instance of the application on a new virtual machine when the machine goes down. In order to facilitate automated application management, PaaS services provide a more restricted environment than IaaS, with fewer choices for operating systems and programming environments. However, it clearly results in lesser management burden on the customer.

2.3.1 Global Trends

2.3.1.1 Platform As A Service (PaaS)

Platform as a Service (PaaS) is a cloud service model where the vendor provides a platform for development and deployment of cloud application over an abstracted hardware. PaaS solutions enable users to directly develop their applications without worrying about the complexity of setting up the hardware or system software. Like all cloud services, PaaS has to conform to four key tenets of cloud computing—elasticity, pay-by-use, self service, and programmability. Some popular manifestations of the PaaS model of cloud delivery are Microsoft Windows Azure, Google App Engine, Force.com, Heroku, Engine Yard, and Cloud Foundry.

PaaS is a very competitive market with multiple vendors offering diverse programming paradigms, languages, and tools. PaaS evolution has happened in multiple phases. In 2008, Google App Engine and Microsoft Azure were launched to enable Python and .Net-based cloud application development. These enabled public PaaS services with auto scaling provided by the hosted platform. Around 2009, smaller startups such as Iron Foundry, Heroku bubbled up; Sales

Force launched a framework that enabled visual application development (Visual PaaS) over its PaaS platform; Google added Java™ support;23 and Amazon enhanced their IaaS to provide Beanstalk, which did not get much traction. Since 2011, there has been a shift in the focus towards developer productivity and interoperability between PaaS vendors; private PaaS vendors such as Apprenda, Cloud Foundry, and Red Hat OpenShift came about. Some standardization efforts at the framework level have been seen around Java, Ruby on Rails, and Django. While most of the PaaS players are still not profitable, the industry sees a flip happening in next 2–3 years

The global PaaS market is projected to grow from $900M in 2011 to $2.9B in 2016, achieving a 26.6% CAGR. At this projected rate, PaaS will generate an average of $360M a year in revenue between 2011 and 2016. Gartner projects that the largest segments will be Application Platform as a Services (aPaaS), which generated 35% of total PaaS spending in 2011, followed by cloud application lifecycle services (12.5) as per a recent Forbes articles (Cloud Computing and Enterprise Software Forecast Update [13]).

Open Source Commercial Products Specialized PaaS platforms Cloud Foundry: Open source Stackato: Cloud Foundry Private cloud Apache Hadoop Platform as a Service built by distribution Pivotal (a VMware/EMC/GE Yahoo! Orangescape: Visual PaaS built on top of owned startup). Wide industry Pipes/Mashups GAE and deployable on multiple cloud— adoption—IBM, GE, NTT, Baidu. Chennai-based startup Supports multiple frameworks Apache Hive, Mahout (Big Data Stack) and runtimes Google App Engine: One of the first PaaS Red Hat OpenShift: Open offerings in the market from Google. Source PaaS platform from Red Closed source and highly proprietary back Hat. Supports multiple end. Key features: Auto scaling Frameworks and Runtimes Elastic Beanstalk: PaaS from Amazon based on top of EC2. Limited adoption in the market. Microsoft Azure

What follows are some highlights of popular PaaS platforms presented here as examples.

Microsoft Windows Azure

The Azure Services Platform is a popular application platform for the cloud that allows Windows applications and web-services to be hosted and run in Microsoft data centers. A simplistic view of Azure can be as a cloud deployment platform for applications developed for Windows using .Net, Java, and Ruby. While Azure is primarily designed to PaaS capabilities, it also includes certain features for Data as a Service (DaaS) and also IaaS to some extent. For example, the platform offers a relational database (SQL Azure) and a set of services called App Fabric (formerly known as .NET services) that allow on-premises applications to interoperate with applications hosted in the cloud with secure connectivity, messaging, and identity management.

23 Java is a trademark of Sun Microsystems, Inc., and refers to Sun's Java programming language.

On premise, applications are applications executing on a client device in the enterprise that accesses a publicly hosted cloud application. The Windows Azure storage service provides scalable storage for applications running on the Windows Azure in multiple forms. It enables storage for binary and text data, messages, and structured data through support for features called blobs, tables, queues, and drives.

Cloud Foundry

Cloud Foundry was first released as a platform that could be used to deploy Java Spring Applications on Amazon Web Services (AWS) IaaS platform. After the company was acquired by VMware, it has been enhanced to be an open source, multi-language, and multi-framework PaaS offering, supporting Java Spring, Ruby, Scala, and Node.js. It supports data persistence through MySQL, PostgreSQL, MongoDB, and messaging via RabbitMQ. VMware calls this an Open PaaS and can run on premise in private cloud setup or on public cloud. Cloud Foundry can run on IaaS platform provided by VMware vSphere, OpenStack, and Amazon AWS.

Google App Engine (GAE)

Google App Engine is a PaaS solution that enables users to host their own application on the same infrastructure as Google Docs, Google Maps, and other popular Google services. Just like Microsoft Azure provides a platform to build and execute .Net applications, Google App Engine enables users to develop and host applications written using Java, Python, and a new language called Go [GooGo]. The platform also supports other languages that use JVM (Java Virtual Machine) runtime such as JRuby, JavaScript (Rhino), and Scala programming languages. The applications hosted on Google App Engine can scale both in compute and storage just like other Google products. The platform provides distributed storage with replication and load balancing of client requests. The applications can be easily built using the Eclipse Integrated Development environment with which many developers will be familiar. Google App Engine has a completely free version for experimental use and provides CPU/bandwidth/storage capable to serve 5 000 000 page views/month.

Specialized PaaS Platforms

In order to enable Big Data Applications, new methods for storing unstructured data and new paradigms to enable highly parallel programming have evolved. Among them are noSQL stores and MapReduce paradigm of programming. One of the best known cloud platforms for big data today is Apache Hadoop. Many research papers have been written describing the experiences of porting large data-intensive applications onto this platform. Hadoop solves a specific class of data-crunching problems that frequently comes up in the domain of Internet Computing and high-performance computing. At the time of this writing, Hadoop held the world record for the fastest system to sort (500 GB of data in 59 seconds and 100 terabyte of data in 68 seconds). Along with the ability to analyze large data sets, Hadoop provides a solution for storing these datasets efficiently and in a way that is highly available. Hadoop is optimized for batch- processing applications and scales to the number of CPUs available in the cluster.

Open Data

The key principle of open data is that data should be freely available to everyone to use without copyright restrictions. To support and enable organizations to adhere to citizen’s “right to information,” standard interfaces and access mechanisms should be in place. There are already multiple efforts in India towards this endeavor, such as data.gov.in and international institutes such as Open Data Institute.

The data-stores supported by App Engine are as follows:

 Provide NoSQL schemaless object database  Supports transacts and a query-engine (GQL)  High-replication datastore (HRD)  Master-slave data-store (faster, less-reliable) Cloud SQL is Managed MySQL in App Engine

Blobstore/Cloud Storage  Store files/blobs  Has with ACL and REST API

2.3.2 India-centric Initiatives

India’s efforts are as follows:

 Big SQL (OpenSCG)  TaskLets: Cloud application creation using “programming by browsing”  Spoken Web  Open Data effort from NIC

2.3.3 Challenges and Barriers in India  Application development skills  Platform as a service is mainly meant for developers and architects who need to design and develop applications on the Cloud. Effective use of the platform requires architects who can think about systems that seamlessly scale across hundreds of servers.  Moving to the Cloud will require new skills  New paradigms and APIs, e.g., NoSQL databases and MapReduce  New platforms and technologies  New deployment model  The Cloud still supports your existing skills; known technologies like ASP.NET and WCF; programming languages like C+, Java and PHP; and Relational databases and SQL

2.3.4 Innovation Opportunities

 Heterogeneous PaaS platform (Azure, Google app engine, Hadoop): to nurture a variety of software development skills and to enable the appropriate choice of platform depending on application characteristics.  Choice of language and programming paradigm depends on developer preference and, many times, application requirements. Just like in traditional application development, where multiple programming languages and scripting languages co-exist, the focus of the application platform provided by India Cloud should be multi framework.  Application integration through Open Data API.  Simplified application creation through techniques such as programming by browsing, service composition.  Use case specific platform: 1) Database as a service 2) HPC as a service 3) Localization and local language support 4) Knowledge as a service

2.4 Cloud Management

In any data center, management has been an important functionality that reduces the total cost of ownership. Efficient data center management tools can reduce energy costs, reduce labor cost to manage the data center, and prevent or reduce the cost of downtime. Cloud Management solutions should enable enterprises to simplify the deployment of a highly automated, virtualized infrastructure—the foundation for both private and hybrid cloud- computing paradigm.

The following section looks at the above issues in detail. To provide context, the global trends in Cloud Management are reviewed. Next, the barriers to adoption are reviewed. Finally, the opportunities for innovation are surveyed.

2.4.1 Global Trends in Cloud Management

The following subsection provides the background for the rest of this section by reviewing trends in Cloud Management. It first lists the requirements for Cloud Management, then introduces a management lifecycle model that is useful for providing a global overview of Cloud Management, and then lists global trends in Cloud Management.

2.4.1.1 Cloud Management Requirements

In addition to the traditional requirements for data center management, additional requirements arise in Cloud Management due to the increased complexity of the cloud environment.

Requirements: Characteristics of Cloud Computing

Many of the characteristics of Cloud Computing lead to the following additional management requirements:

 On-demand self-service, resource pooling, rapid elasticity: Requires efficient, optimal resource allocation algorithms.  Network access via WANs and replicated data centers: Requires network and availability management.  Measured Service: Public clouds and many private clouds operate on the principle of “pay-as-you-go”. IT department “owning”—the cloud charges different departments according to usage. This leads to requirements where the cloud customer would like to audit and verify the resource usage and SLAs from the cloud provider.  Virtualization management: Virtualization introduces additional requirements in being able to map the operation of virtual resources to physical resources.

CLOUD MANAGEMENT LIFECYCLE

Service catalog and offering Service catalog contains templates that describe the content and interfaces to services. A provider applies constraints, costs, and policies to a template to create an offering available for request by a consumer. A consumer and provider enter into a contract for services, including agreements on costs, SLAs, SLOs, and specific configuration options. A service catalog typically includes metadata such as VM configuration, storage allocation definition, vendor tenant definition, IdM definition, and SLA definition.

Service adaptation Service orchestration Service orchestration instantiates Cloud monitoring may reveal service templates by defining anomalies in cloud functioning. automation required for Service adaptation manages orchestration that includes distributed workload scheduling programmatic interfaces, using advanced analytics and interaction patterns, control automated policy-based interfaces, and lifecycle optimization of virtualization management. A provider deploys and cloud workloads. The (or modifies) a service instance per objectives include optimizing the contract with the consumer. resource utilization, proactive The service template is used to SLA management, and advanced specify the structure of the service capacity planning. and “orchestration” (or invocation of management behavior) of IT services in accordance with policies to achieve service level objectives.

Service operation and monitoring After service orchestration, it is necessary to monitor the services and the infrastructure that the services run on. Similar to traditional data center monitoring, cloud monitoring is inherently large scale with large number of instances. Aspects monitored include availability (e.g., failure detection, and auto scaling); performance (e.g., provisioning, end-user and business level SLAs, and optimization), security (e.g., anomaly detection and remediation), and billing (e.g., capacity, metering, resource utilization, )

There are three well-established Cloud Service Models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Each of these services is itself layered and introduces requirements for cross-layer management. For example, in a PaaS service that is built on top of an IaaS service, there is a requirement to provide management functions in the PaaS layer as well as the IaaS layer, as well as spanning both layers. The various functions needed for Cloud Management can be classified according the lifecycle phase of the service and as stated earlier, provide a useful framework for obtaining an overview of Cloud Management. The previous model is based upon the DMTF model for Cloud Management. In each phase, the requirements above have to be satisfied.

2.4.1.2 Cloud Management Global Trends To satisfy the requirements and provide the functionality stated earlier, a number of trends are emerging in Cloud Management.

2.4.1.2.1 Distributed Server and Workload Automation In a cloud, it is necessary to efficiently manage the scalable and scope of servers, workloads, and applications across heterogeneous resources, including multiple servers, hypervisors, and operating systems. Distributed server and workload automation tools can be used to track and reclaim unused VMs, thereby increasing resource utilization and reducing capital and power and

cooling costs. Complex provisioning and runtime optimization of cloud and virtualized data centers resources by leveraging existing analytic engines and workload optimization technologies also can be used.

2.4.1.2.2 Cloud Service Level Agreement (SLA) Management Cloud SLAs ensure that the right set of expectations are set between the cloud consumer and cloud provider. A typical SLA describes the levels of service provider using attributes such as availability, serviceability, performance, fine grained billing, operations supported, etc. There are usually strict penalties that are levied if the cloud provider violates these SLAs. In order to guarantee such strict SLAs, the cloud provider should be able to monitor and accurately measure these metrics.

To guarantee an agreed service level, service providers must be capable of measuring and monitoring relevant metrics. Cloud SLAs standards create consistent ways to describe services and associated terms, including price. These standards are intended to enable coordinated end- to-end SLA management for both cloud consumers and cloud providers and provide standardized metrics that allow consumers to effectively track SLA performance.

2.4.1.2.3 Governance and Compliance Management Governance and compliance management is important to implement the clear division of responsibility between cloud providers and their customers. It should provide for monitoring and management of all cloud operations, including resource allocation and data storage, protection and retention with audit logs. It should also provide sector-specific compliance (HIPPA/PCI/SOX/FISMA/SAS etc.), so that sector-specific services can be deployed by the cloud service provider. The framework should provide continuous analysis and violation alerting of compliance policies, rather than periodic reporting. Cloud customers should have a choice to create their own policies or leverage pre-configured policy templates.

As cloud services can cross national boundaries, the framework should be flexible to adopt country-specific policies to protect individual/country-specific data. The e-Government framework should provide the guidelines for assessing the compliance to the various standards, quality of service, frameworks, and guidelines that are applicable to the e-Government projects. This framework is applicable to all vendors and service providers involved in e-Government projects and hence will cover cloud computing providers. For finer details on compliance policies and template, refer to Section 3.4 on regulations and policy.

2.4.1.2.4 Security Management This supports cloud security, which allows enterprises to use clouds knowing that their resources are protected. The general requirements are to secure virtualized data-center resources, uphold user privacy, and preserve data integrity. These requirements may be divided into three classes. First, Identity Management provides for secure identification of users, perhaps via an enterprise IdM solution (n-factored). Multi-tenancy management provides secure sharing of physical resources across tenants and may include network layer separation between tenants, IPSec to secure network traffic, VMs for access to compute resources, and

84 Copyright © 2014 IEEE. All rights reserved. A Framework and Roadmap for Cloud Computing Innovation in India Cloud Computing Innovation Council of India data coloring and encryption for storage protection between tenants. Finally, access control provides users granular access to the resources of tenants. A security management solution should provide flexible policies for control of the above three classes.

2.4.1.3 Barriers to Adoption The following section outlines some of the barriers in the development of Cloud Management. We have picked examples from well-known cloud systems.

a) Lack of Standardized APIs For creating vendor lock-in, to expose advanced proprietary functionality, as well as differences in design philosophy, cloud systems lack standardized APIs for management. The result of this is that management software vendors have to develop a plethora of plug-ins for each cloud system, resulting in high development cost. For example, in Amazon EC2, access control is via encryption keys, while Openstack uses tokens. Clearly developing a standardized security management across both systems will be difficult. b) Weak Vendor Support In many cases, vendors do not provide complete information about the cloud system. In Amazon EC2, the default monitoring capability is inadequate for enterprises. Advanced monitoring has to be purchased and is in a proprietary format. c) Lowest Common Denominator Support Due to weak support for standards, management software that relies on standards will be able to provide only functionality that is common across all software and that does not expose the advanced functionality available through proprietary APIs. SNIA Storage Management standards are an example. d) Clouds Still in Experimental Phase While enterprises are showing great interest in clouds, factors such as security have prevented them from complete migration to cloud technology. As a result, the demand for management software with very sophisticated functionality comparable to that available in non-Cloud Management software has not yet materialized. e) Continued Rapid Technological Evolution Vendors are in a race to introduce new functionality into clouds. Consequently, management technology is sometimes added on as an afterthought. An example of this is that it is only in the Grizzly release of OpenStack (the 7th release) where reasonably complete information for billing systems has been introduced. f) Complexity Cloud systems may contain greater compute and storage than conventional enterprise systems. Furthermore, they may contain more layers (SaaS, PaaS, IaaS). Developing powerful performance analysis and fault detection tools for such systems is a technological challenge. g) Lack of Skilled Manpower Development of powerful management technology as described above requires programmers and architects who are familiar with the challenges involved in developing large-scale distributed systems. This is an advanced skill not easily found.

h) Geographical Challenges The majority of Cloud Service Provider (CSP) data centers are geographically located outside of India. This is the major lagging factor for cloud adaption by Indian entities. A legal factor of scrutinizing data hosted in foreign countries might be another worrying factor at which to look.

2.4.2 Cloud Management—India Initiatives and Opportunities India is the hub of IT management. Most of IT management works are outsourced in India. Cloud Computing provides more agile services with automated provision and self-management and therefore can potentially reduce the revenue of the Indian IT industry. Thus, Indian industry needs to adapt to this change and grow to provide innovation in Cloud Management. In doing so, however, the industry faces some challenges and a number of initiatives may be needed to address these challenges. These initiatives would need close cooperation between academia, government, and industry.

2.4.2.1 Governance and Security Initiative These are among the chief concerns of enterprises. This concern can be addressed by various initiatives. Some of these are listed below.

 Create a policy document of governance in cloud that would be adhered to by all vendors. The policy document should discuss all aspect of cloud services (governance, security, protection, SLA, billing etc.).  Management support of policies for governance, etc., for Indian ecosystem. This would include support for Indian languages and support for disconnected operation (due to unreliable Internet connection).  Build a management framework for policy-driven Cloud Management integrated with the reference platform.  Create an agency for auditing of cloud services. This audit can be industry specific. Alternatively, a specialized agency for handling disputes regarding governance and security.  Create a cyber-forensic lab for cloud security that will react quickly to security incidents and pro-actively monitor both national and international threats.

2.4.2.2 Interoperability Initiative for Avoiding Vendor Lock-in

After governance and security, another major fear of enterprises is being locked into a single vendor. A number of initiatives are possible for addressing this concern.  Create reference architecture for cloud platform. The reference platform can be built based on the feedback of government, academia, and industry. The work done here can be the benchmark for reference architecture.  Build a Unified Cloud Management Platform. The platform should provide functionality for the entire cloud lifecycle, e.g., provisioning and configuration. The platform should function across both private and public cloud environments, as well as different cloud service models, i.e., IaaS, PaaS, SaaS.

2.4.2.3 Initiative for Creation of Critical Mass

Standards and initiatives proposed above (e.g., policy document of governance or reference architectures) by themselves cannot influence the course of the IT industry. It is also necessary to take measures to ensure the adoption of these initiatives. The major measure needed is to ensure critical mass in adoption of these standards. This strategy has been used very successfully by both the USA as well as China.

 Run all e-Governance programs under the platforms proposed above. This would satisfy the requirement to give the standards traction, while also delivering the benefit listed above. This is also timely, since governments the world over have started looking at cloud as an alternative platform for hosting e-Governance services. This provides India an opportunity to exercise leadership. . According to UIDAI, the UID application will be architected for a cloud platform that will be based on open architecture and components. . This platform can also be taken up across different industries/verticals like the Health Care Industry to enable different services (like telemedicine), Education vertical to enable remote and virtual classrooms/trainings, BFSI and Retail vertical to improve their services thru this platform. . IRCTC (Indian Railway): Around 300000 bookings are done on IRCTC everyday . Financial Inclusion: User of the existing 500 million mobile phone connections present in India to extend financial inclusion across rural and remote regions. . Right to Information: Government initiative to digitize its database and make more and more information available to the public domain.  Since India is a major hub for IT management, there is also an opportunity for India to emerge as cloud hub. For example, India as a hosting destination for Amazon AWS (APAC) would create a great deal of traction for India in cloud computing. The government has to promote and facilitate need for setting up enterprise data centers across India.

2.4.2.4 Human Resources Initiative

For carrying out the above plans, a great deal of skilled manpower is needed. This will require investment in creating awareness about cloud computing and massive investment in running training and courses at different levels.

2.4.2.5 Learning Environment and Open Ecosystem for Development

A key part of an HR initiative is to introduce a rigorous curriculum of cloud computing and related technologies in college education. This would help in inducting technology and concepts in young brains thereby setting a platform to produce more manpower. A community driven test bed would foster technology research and development. Open Cirrus is an example of such an initiative taken by HP, Intel, and Yahoo! in early 2008. India being a “thought leader” in global IT transformation has to emerge strongly in building these infrastructures. This would open up community-driven tools development in a big way considering its skilled man power.

2.4.3 Cloud Management Innovation Proposals

Economy of scale is a powerful force in shaping industry transformation. The birth of cloud services fundamentally shifting the economics of IT and allied services. In a similar line, innovations are key drivers for any technology area to blossom. This section briefly reviews highlights of major innovation areas in Cloud Management.

2.4.3.1 Open Software-Based Companies

As stated earlier, avoiding vendor-lock in is one of the major concerns of enterprises. This apprehension does not arise in the case of Open Source software. Thus there is an opportunity for companies that would commercialize Open Source cloud software in the way Red Hat has commercialized Linux.

For cloud computing, one can consider OpenStack to overcome this problem. OpenStack is one of the world’s leading open cloud infrastructure platforms that is backed by leading vendors such as HP, Dell, Cisco, and IBM. Mirantis is a Russian company that is already executing this strategy. OpenStack is a comprehensive solution that includes OpenStack Nova, for provisioning virtual machines to offer on-demand computing resources, Cinder or Swift for scale-out storage, Quantum for managing networks and IP addresses, Keystone for security management and Horizon, a web interface for administrators to control all of the above.

2.4.3.2 Security, Governance, and Compliance

As stated in 2.5.3.1, data storage, ownership of data, security of data transmission, retention, and privacy are major problems when it comes to compliance issues around cloud deployments. Opportunities for innovation in the areas of security management and compliance management are very high.

2.4.3.3 Managing Scale and Complexity

Cloud Computing data centers operate at a scale and complexity that is much greater than that of conventional data centers. Traditional management functions such as monitoring and fault diagnosis become much more challenging in such environments. There are two dimensions along which the challenge grows: the first is handling the increased scale of cloud data centers. The second dimension is that of layering. For example, a PaaS platform may be implemented on IaaS platform that map virtual to physical resources. A performance problem that manifests itself in the PaaS system may have to be traced across multiple layers. New technologies such as big data analytics and artificial intelligence systems (such as Numenta) may be needed.

2.4.3.4 Federated Cloud Management

Stand-alone cloud is fairly simple in overall management compared to hybrid or federated cloud infrastructure. Cloud Federation creates an infrastructure where service offering elements from different providers can be orchestrated and given to users based on scaling demand. It

addresses the economic problems of vendor lock-in and provider integration. Federated clouds should have built-in intelligence for on-demand provisioning and de-provisioning based on customer pricing preference. India has the potential to leap-frog the state of the art by formulating a cloud solution.

2.4.3.5 Verifiable and Flexible Billing Solutions

Rapidly evolving cloud technology is making service accounting a greater challenge. Verifiability in-service accounting is an innovation area to look into. It assures customers of two basic questions:

 Did I consume what I was charged? For example: Service provider has to bill only whatever was used and not whatever was offered.  Should I have consumed what I was charged? For example: An erroneous allocation of resource shouldn’t be charged when there was a potential opportunity to accomplish the same task with a lesser amount of resources.

There is a need for generic schema to capture usage details and Internet Protocol Detail Record (IPDR) can be adopted [9]. When cloud service providers collaborate, accounting and billing must be carried out in a fair and standardized way both (a) between the user and infrastructure owner and (b) among the individual providers making up the federation. These key requirements can be explored and implemented in an open source billing system like jBilling®. Rapid technology evolution along with more and more service providers getting into market opens up opportunity for cloud consumers to negotiate service offerings, which injects a lot of pressure on flexible billing solutions thereby making it a complex and major area for innovation.

2.4.3.6 SLA Management

As stated earlier, SLAs are a crucial functionality for enterprise adoption of cloud technology. Due to the lack of such solutions, support for SLA management is a large opportunity for innovation. There is a scope for local solutions, in the Indian context where the ecosystem differs greatly from global trends.

2.4.3.7 Power Efficient Service Provisioning and Data Center

According to Eric Schmidt, CEO of Google, what matter most to Google is “not speed but power, because data centers can consume as much electricity as a city.” The High Performance Computing (HPC) community concentrated more on performance of processing, which simply increased power density. A significant reduction in energy consumption is required for cloud resources and data centers to save operational cost and to increase system reliability. Power aware provisioning of cloud resources for real time services help in optimal energy usage.

2.5 Sustainability, Mobility, and Accessibility

2.5.1 Mobility and Accessibility to Cloud Services—Introduction

The convergence of multiple technologies like big data, cloud computing, growth of mobility, sensor networks, and augmented reality has altered the digital landscape. Users consume and create vast amounts of content on their mobile devices and tablets. Much of this content is drawn from or stored on the cloud. The number of users accessing the Internet using the mobile is set to grow higher than the traditional broadband in the coming years. Any content delivery system has to be designed mobile-first and not as an afterthought.

Mobile-first will also imply that service providers need to think through various delivery means available including: SMS, MMS, USSD, data, etc. They will also have to factor in aspects that define mobile experiences and user expectations of systems: seamless continuity of experience across devices, differing mobile operating systems and capabilities, various screen sizes and resolutions, design paradigms, unstable connections, latencies in delivery and responses, local language interactions, etc.

Mobile consumers will also generate information-rich feedback, which includes location of user, type of device, connection used, etc. This feedback will prove valuable to optimize delivery systems and as a data collection effort.

Figure 23 illustrates the various layers of interaction for mobile/web applications and cloud- based systems.

Figure 23 —Layers of Interaction for Mobile/Web Applications and Cloud-Based Systems

Some highlights in these layers are as follows:

Cloud Storage and Data Analysis Layer

Mobile phones and devices today come with a variety of sensors and enablers. For instance, most smartphones come with GPS support that allows users to location-tag photos taken on the phone. Huge volumes of metadata are automatically generated based on phone sensors that can be stored, mined and analyzed at the cloud. For example, a popular use case is crowd- sourcing and aggregating multiple phones’ location and motion data to generate traffic heat maps.

Delivery Network Layer

This layer plays the role of the ‘data pipe’ to let devices access cloud storage and compute facilities. Data is primarily routed through IP network based protocols over WiFi® or variants of

GSM/CDMA based technologies.24 Recent advances include multi-path TCP [5] protocols that allow devices to maintain connections over various data channels simultaneously.

Delivery Mechanisms

Mobile devices can create channels to cloud backend of shorter range mesh networks or connections to other devices.

Data access is through mobile channels (GPRS, EDGE, 3G, 4G, etc.) or through WiFi. These are usually IP based accesses, supporting Internet parameters like sessions, authentication, encryption, etc. Services designed over data for mobiles need to factor in issues like network latencies, flaky connections, differing data costs when roaming, intelligent caching, etc.

Feature phones still form a large proportion of mobile phones in use. These mainly use non-data channels like SMS, MMS, Voice, and USSD to access information. These technologies have their own set of issues:

 SMS and MMS based transactions are usually stateless. There is no concept of a session or authentication; they have limited load bearing capacity, supporting only certain types of content.  Voice and USSD-based transactions have state, support authentication and can handle good amount of load. Whereas the sequential, slow nature of interaction limits voice and USSD is limited by constrained textual interface on a small mobile screen. An interesting set of technologies are Bluetooth, NFC, Mesh networks, etc. These are either used to connect between devices, or to connect mobile devices to wired infrastructure. For instance, an NFC-enabled mobile could be used to pass information to an NFC/RFID reader device connected to a gate controller of a facility through a wired network. This could be used to operate the gate through your mobile device. The reader on the other hand could be accessing data in the cloud for making its decision to allow or disallow an entry attempt and the log data from it might also be stored in the cloud for later analysis. There is a growing trend of sensors using these technologies to connect to mobile devices that then provide context info and metadata.

This section tries to provide a blueprint for the various aspects around access to cloud service on two primary fronts:

 Design (and best practices of systems for access and interaction across various device types, languages, and communication mechanisms  Collection and analysis of feedback data from access devices

2.5.1.1 Global Landscape

The following examples demonstrate the innovations being driven by the growing mobile access to cloud-based applications:

24 WiFi is a registered trademark of Wi-Fi Alliance.

a) More than 68% of Facebook accesses come from the mobile [55]. After trying to provide mobile access through a HTML5-based app, Facebook finally built native apps for leading platforms. This saw a huge spike in adoption and usage. Facebook customized its web- based interface in an attempt to unify the experience and is actively exploring ad formats that work across mobiles and the web. Snaptu, a recent acquisition, enables optimized Facebook access for feature phones with minimal data usage [67]. b) Nokia’s Xpress browser, Opera Mini, and the Amazon Silk browser exemplify optimized data usage experience using server side compression of content to be rendered on the phone. Twitter allows users to tweet by sending an SMS to an operator short code: an example of extending usage of SMS and other non-data access mechanisms on the phone [32]. c) Spoken Web, an IBM research project, uses voice channel to allow service and content to be offered over lowest end phones in users’ local language [64]. Beyond simple information access, it enables construction of a (voice) web where hyperlinked sites are created and browsed entirely in voice over an ordinary telephone call. The content and the servers both reside in the cloud rather than on the device. d) Gathering and analyzing data around mobile phone usage is enabling interesting, innovative apps. Waze is a popular navigation application, recently acquired by Google, that crowd-sources traffic data. Users who use the Waze app send back anonymous bits of information around location of their vehicle, that is then analyzed at the cloud layer to estimate traffic information and sent back to all connected apps to help them estimate traffic density and time of arrival at the destination. The service is so popular that in 2012 the number of Waze users was greater than the users of traditional navigation devices in cars [50]. e) In a research project at MIT named “reality mining”, Alex Pentland conducted an experiment to learn more about human behavior and social interactions by sifting data gleaned from mobile devices [71]. Nathan Eagle, who led this project, plans to use cell- phone data to improve existing computational models of how diseases like SARS spread.

Network Caching for Reduced Latency and Increased QoS

‘Mobile Video’ and ‘Mobile Web/Data’ have huge dependencies on network latency and packet- loss. However, guaranteeing SLAs for a good real-time, user experience is a complex problem. As the data that follows shows, this is a factor of the technology and network design—whereas the telecom network has been designed for guaranteed latency, the Internet network is more variable and it is difficult to guarantee performance.

Further, the combination of mobile network latency and Internet (backhaul) latency introduce reasonably huge delay in the service delivery for 2G (EDGE) users, while accessing distant data sources. Number of hops also contributes to latency and packet loss.

While there are commercial solutions available to optimize video streaming experience using compression techniques, there are some efforts being made to arrive at designing an architecture similar to a content delivery network (CDN) like for telecom networks to guarantee SLAs on delay-sensitive applications. There are many challenges demanding (country specific) innovation in this space.

2.5.1.2 Current Indian Scenario

Though only 11% of Indians are estimated to have Internet access, India has shown the second highest YoY growth in Internet usage, next only to China [55]. Going forward, better uptake of 3G connections and the beginnings of 4G rollout are expected to spur growth further. In 2012, almost half of wireless access was via feature phones. With growing use of smartphones and tablets, 2013 was predicted to be the first year when feature phones ceased to be the main mode of Internet access in the country. Feature phones will continue to be an important medium for access of online content in India for the next few years. However, smartphones will take the lead. An industry discussion conducted by KPMG predicts that smartphone-based Internet usage will increase from 46% in 2012 to 62% by 2017 [74]. Smartphones are fast becoming a major entertainment device [74]. As people move on to more sophisticated smart phones, the data comsumption is also likely to incraese significantly as people would like to get more and more quality content in their hand.

By 2017, there will still be 61 million Internet-enabled feature phone users in India and large players will continue to innovate to cater to this audience.

Smartphones and tablets have an installed base of approximately 44 million and 2.5 million units respectively, comprising a third of Internet-enabled devices in India. Driven by several cheaper smartphone options and more low-cost tablets coming into the market, the share of these devices is expected to increase to 67% of all devices, by 2017. Beyond these macro trends, there has been a lot of grounds-up innovation for Indian users, such as attempts to build a Braille- based smartphone [85].

2.5.1.3 Challenges and Barriers

Language and localization are both challenges in India.

Enabling access of information anywhere, anytime through any device and in any “language” (at least the 22 languages in the constitution) would be a key challenge and success factor for cloud services in India. The challenge aggravates when bringing the language interfaces to mobile devices. In July 2013, a leading, Telecom Service Provider in India partnered with Wikipedia Zero, an initiative that enabled mobile access to Wikipedia free of data charges [4]. The main challenge here is to enable access in various Indian languages like Hindi, Tamil, and other 17 Indic languages. Hence in the Indian context, it becomes utmost important to consider language as a primary design requirement for any mobile-cloud-based services. Localization is mainly misunderstood as just text translation, which in fact is incorrect; it involves formulating and adapting content for a targeted region, culture, or pedagogy with potentially varied literacy levels. Furthermore in most applications, it requires persisting and organizing context so that information/content can be judiciously presented to a specific target audience. In its naïve form, the end-user should feel the information/content in native language rather than one translated from English.

There are two perspectives related to access of mobile-cloud services:

 Utilizing the cloud as a grid for language related tools and services (Cross-language information retrieval, Optical Character Recognition, Machine Translation, multi-lingual data analytics, etc.)  Adapting and delivering content from the cloud in local language (Health prescription for the elderly, local language speech output for status query on governance services, etc.) Some of the requirements and enabling techniques that can be leveraged for multi- lingual mobile-cloud services include the following: 1) Speech syntheses for specific languages/talking dictionaries 2) Predictive input for fast text entry, stylus 3) Handling composite messages, string/ video/image reuse (caching), styling (ideal for environments with low bandwidth, smaller screen size) 4) Conversation guides in local languages (e.g., use case of tourist) 5) Retrieving information written in a language different from the language of the user’s query 6) Language translation of various websites, software, technical manuals, advertisements, study materials 7) Live or pre-recorded captioning of media using cloud

2.5.1.4 Innovation Proposals

Localization and voice-based access systems

Understand and outline a system that tries to factor in the challenges around interface language and how the illiterate and differently-abled interact with cloud-based systems.

Telecom network caching for data services

A caching node within the telecom provider ecosystem that performs the following over standardized communication protocol with the Cloud Application Server:

 Service one-time registration for authenticated and encrypted data exchange  Caching data TTL request and response  Encrypted data storage in the cache to maintain the integrity of user data This network caching also enables the telecom provider to offer higher QoS for cache registered cloud services vis-à-vis non-registered services. The one-time registration would follow a similar process for any new SMS-based application or roaming tie-up that exists in the Mobile Service provider’s business process.

Explorations

A platform that combines all the access technologies available on mobile devices marries it with cloud and offers entrepreneurs/developers to create and host apps for local use.

2.5.2 Sustainability and Green Computing

With computing becoming pervasive, the energy, carbon and water footprint of computing infrastructure is growing exponentially. In 2012, the energy consumed by data centers worldwide was estimated to be 322 Terawatt Hours by Data Center Dynamics—more than the annual energy consumption of Russia. At the present rates of growth, it is estimated that by 2020, the carbon footprint of data centers will exceed that of airline industry.

Numerous studies estimate that between 30% and 50% of energy used in data centers is wasted and that a large proportion of computing capacity is consistently underutilized. With today’s best practices, it is estimated that 20% to 50% in energy savings are possible, extending the life and capacity of existing data center infrastructure and avoiding millions of metric tons of carbon emissions.

It is in the above context that one needs to consider sustainability and green computing as a key pillar of innovation for India’s cloud computing infrastructure. The emerging global trends towards enabling greater energy efficiency in computing infrastructure have been discussed in detail, emphasizing their significance in the Indian context. To a large extent, the best practices associated with these trends have been standardized and have been published by EnergyStar and ASHRAE for public reference. The adoption of these standards has also been promoted through various incentive programs and regulatory pressures.

In India, the implementation of these standards has been hampered by inherent challenges in electricity distribution infrastructure, lower levels of awareness and expertise among data center operators, and near absence of any financial incentives or regulatory pressures to adopt such standards to promote sustainability and green computing. In addition, there is also a need to customize a variety of the best practices and standards to Indian conditions. In this section, several innovation proposals have been put forth by the group to address these challenges. It is expected that these innovations could help kick-start a nation-wide program of promoting adoption of a Sustainable and Green Cloud Computing infrastructure in India.

2.5.2.1 Introduction to Sustainability for Cloud Computing (Definitions and Key Drivers)

Within the closing months of 2012, DataCenterDynamics, a leading international magazine specializing in data centers, reported that the worldwide energy consumption of data centers in 2012 was 322 Terawatt Hours. To put this number in perspective, this is equal/equivalent to the following:

 Energy consumed by Russia in a year 25  260.82 Tonnes of CO2 26  CO2 emissions from 29.348 billion gallons of gasoline  Cutting down 12,558,000 trees27

25 As per CO2 emissions standards published Ministry of Power, Govt. of India. 26 http://www.epa.gov/otaq/climate/documents/420f11041.pdf 27 As per U.S. Environment Protection Agency standards.

While the environmental impact of energy consumption by computing infrastructure is one aspect of sustainability, another key driver for sustainability global is the increasing energy shortage. In a recent whitepaper published by Rackspace,28 the following are listed as the key reasons related to energy and sustainability highlighted for the shift towards cloud computing:

 Resource constraints  Ever increasing demand leading to higher unit costs  Concerns over the environmental impacts of electricity generation  The need to invest in electricity infrastructure to continue to supply the increasing demand  Legislation to improve air quality and regulate utilities

One of the key expectations worldwide from cloud computing is the prospect of increasing energy efficiency in data center environments as more and more private data centers are consolidated into cloud and better energy management practices can be implemented in such centralized and consolidated infrastructures. Concurrently there is a move from individuals and organizations to take more of an interest in the environmental sustainability of their business— for both social and profit reasons. The intersection of all of these factors has impacts on the way computing is delivered and these will further drive the move towards Cloud Computing as opposed to a traditional approach with onsite IT infrastructure.

The Brundtland Commission of the United Nations has provided the following definition of sustainable development: “sustainable development is development that meets the needs of the present without compromising the ability of future generations to meet their own needs.” For the purpose of developing the sustainability theme of Cloud Computing in India, we shall adopt a definition for sustainability in Cloud Computing that allows direct quantification in terms of total carbon footprint. The total carbon footprint of Cloud Operations can be accounted for fewer than two heads:

 Fixed Carbon Footprint: This accrues simply on account of deployment of hardware and needs to be accounted for on an end-to-end basis. Data Center equipment often run at low utilization and a significant proportion of carbon footprint is on account of underutilized resources and hardware deployments without data-driven assessment of upgrades required.  Operating Carbon Footprint: The operating carbon footprint primarily revolves around energy usage. This can be assessed in two parts: IT infrastructure and non-IT infrastructure.

Traditionally, focus has been on the operating carbon footprint, specifically non-IT power consumption in HVAC and using renewable energy sources (Solar, Bloom Box, etc.) Future focus for sustainability innovations in Cloud Computing should be on measuring and optimizing the total carbon footprint.

28 http://broadcast.rackspace.com/hosting_knowledge/whitepapers/sustainability-and-the-cloud.pdf.

2.5.2.2 Global Landscape in Sustainability Technologies

There are four major trends globally in enabling sustainable technologies in Cloud Computing infrastructure. They are as follows:

a) Trend 1: Increased Energy efficiency of IT components b) Trend 2: Green/renewable energy sources for computing infrastructure c) Trend 3: Reducing AC-DC conversion losses d) Trend 4: Reducing energy consumption—primarily centered around HVAC and non-IT infrastructure Combinations of one or more of the above trends have been adopted by various service providers. Following is a brief explanation of each of these trends and how it is impacting energy efficiency and consequently, sustainability in cloud data centers. In terms of field implementation of the above trends, Federal Energy Management Agency has compiled the best practices in data center energy efficiency and published a detailed paper entitled Best Practices Guide for Energy-Efficient Data Center Design [8]. Also, EnergyStar has published a detailed methodology on rating of data centers entitled Benchmark Your Data Center’s Energy Efficiency [7].

Trend 1: Increased energy efficiency of IT components

This trend is primarily driven by hardware/component OEMs improving the energy efficiency of the devices they provide to data centers. These include servers, storage and network devices. Primarily, two approaches are seen. In one, the energy consumption per unit output (in compute, storage or network terms) is reduced (e.g., new generation servers have a lower energy footprint per unit of compute). The second approach is to reduce the overall energy consumption of a device—e.g., overall lower energy footprint of servers obtained by trading off some aspects of performance or by customizing for certain usage scenarios. The key concern in data centers is the low utilization of servers. The fixed carbon footprint increases as more (underutilized) servers and associated devices get deployed in the data centers. This is an important factor driving migration towards cloud infrastructure Non-availability of cross- platform tools that can monitor utilization across devices and perform consolidation also contributes to this.

Trend 2: Green/renewable energy sources for computing infrastructure

Globally data centers have been migrating to green/renewable sources of energy. Leading this trend have been large cloud-based solution providers such as Google and Facebook. This trend is however lagging in adoption by smaller data centers, majority of in-house data centers continue to draw energy directly from the grid. This is another driver to move towards cloud infrastructures. Following are some key examples of this trend:

 The Green Grid  Google Green  Facebook Sustainability  Facebook’s Prineville Data Center

Trend 3: Reducing AC-DC conversion losses

This is a unique electrical engineering aspect of data centers not often well understood in the IT community. Studies by Schneider, Google, and others show that the energy losses on account of conversion from alternating current (ac) sourced from the grid and then moving through various electrical devices such as UPS that convert this into direct current (dc) for use by IT equipment results in multiple stages of conversion losses. Such losses can be significant and studies show that 30-50% of energy can get wasted across these stages. Various technologies have been invented by power equipment providers like APC, Emerson, and others to reduce such losses. Table 1 shows an illustration of the UPS efficiency at various loads for a commonly used UPS model.

Table 1 —Sample UPS Efficiency Data at Various % Loads Load % Efficiency 25% 81 % 50% 87 % 75% 88.6 % 100% 89.1 %

As can be seen, any drop in UPS loads below a certain percentage (in Table 1 below 50%) drastically increases energy losses and this can significantly add to the energy wastage overheads of the data center.

In addition, in large data centers such as those of Google, various solutions have been attempted that reduce or eliminate such losses. An example with detailed explanation can be found in a Google Video on Power Optimization found at http://www.youtube.com/watch?feature=player_embedded&v=dk95NV01dAY.

Trend 4: Reducing energy consumption—primarily centered on HVAC and non-IT infrastructure

This is centered on cooling and energy usage in non-IT infrastructure in data centers. This has received much media attention and lots of articles have been written on this topic. The key methods have included the following:

 Usage of natural cooling by developing data centers in cooler climates. As a result countries such as Iceland have become major attractions for location of data centers [36]. The Australian government has laid out national data center guidelines that recommend the use of free-air cooling, suggesting that data centers are best located in regions where the mean annual temperature is below 23 °C and with moderate humidity levels.  Adoption of various thermodynamics principles in management of data center air flows. This has included simple methods such as hot aisle-cold aisle separation to very

sophisticated methods to prevent loss of coolant air. Water cooling is also being implemented in data centers. Some useful videos explaining the basic concepts can be found at http://www.google.com/about/datacenters/efficiency/external/index.html.

The focus has been around improving the Power Utilization Efficiency (PUE) in data centers. The origin of these initiatives could be traced back to a report from the United States EnergyStar program benchmarking PUE across data centers. A summary of findings of the EnergyStar’s initiative to benchmark PUE of Data Centers can be found in pages 14–37 of the report by Alexander Sullivan entitled ENERGY STAR® for Data Centers [21]. This report assessed the average PUE to be 1.9 in majority of the U.S. data centers and suggested various measures for its improvement.

2.5.2.3 Current Indian Scenario for Innovation and Adoption of Sustainability Technologies

India is faced with a unique set of challenges that require it to urgently adopt sustainable IT practices. A quick survey of Sustainability Reports published by majority of the corporations in India reflects little action being taken on Sustainable IT practices.

One of the key points to note is that energy in India comes with a much higher degree of carbon emissions vis-à-vis energy available in developed nations. Refer to the CO2 baseline database for Indian Power Sector [100]. Every Megawatt Hour of electricity in India comes at 810 Kilograms of CO2 versus U.S. standards of approximately 454 Kilograms of CO2. This implies that, from an environmental standpoint, every Watt saved in India gives the same impact of 2 Watts saved in the developing world.

Following are some India-specific challenges that present scope for innovation and adoption of sustainable technologies.

2.5.2.3.1 Challenges Contributing to Higher Fixed Carbon Footprint

The lack of indigenous manufacturing base on its own increases the fixed carbon footprint of IT equipment deployed in our data centers on account of the increased logistics footprint. In addition, limited availability of cross-platform monitoring tools leads to a higher proportion of underutilized resources.

2.5.2.3.2 Challenges Contributing to Operating Carbon Footprint

In addition to the fact that energy in India is relatively more “carbon dense,” there are a variety of factors that contribute to a higher operating carbon footprint in India for data centers. Some of these are as follows:

 Environmental conditions in India correlated with poor power availability: In India, majority of the large data centers are situated in metros that are not environmentally conducive for data center energy efficiency. Data centers are concentrated in cities such as Mumbai and Delhi (with high temperatures and humidity conditions not ideal for energy efficient operations) since they have relatively better power availability,

compared to other regions offering better environmental conditions. This leads to higher HVAC requirements and consequently, a higher energy footprint.  Low-power density and power quality: Two key factors that allow higher density data center configurations are the power density and floor strength. While the latter can be addressed through good civil engineering, power density is highly dependent on the grid from which energy is being drawn.

The following table summarizes the power density available across various countries and as can be seen the average power density numbers of India are much lower than those in developed nations. This leads to under populated racks and larger floor areas per unit of compute or storage. The larger floor space has a cascading effect on HVAC energy requirements.

Reprinted with permission from Data Centre Dynamics Global Industry Census 2011, Data Center Dynamics Research (http://www.datacenterdynamics.com)

A detailed study of the extent of field level implementations of these measures in India is yet to be assessed. One key reason for slow adoption is the non-availability of India-specific equivalents of standards such as those published by ASHRAE, EnergyStar, and TIA for the United States. A sample of such a standard can be accessed at http://www.techstreet.com/ashrae/products/1859457?ashrae_auth_token=.

2.5.2.4 Challenges and Barriers to World Class Innovation and Adoption of Sustainability Engineering

The two key challenges to world class innovation and adoption of sustainability engineering in India are as follows:

a) Restriction of research within R&D labs and not adequate orientation to commercialization of solutions: A large portion of research in India on sustainability is done within R&D labs of large IT organizations in India. Many of these solutions are not packaged or standardized for mass deployment by mid-level or junior level IT operations executives. Metrics quantifying clearly the financial impact or sustainability impact of these solutions to justify the required investments are not made available to the decision makers (COOs and CFOs). b) Low levels of regulatory pressures and incentives for field implementation of sustainable solutions: In various countries around the globe there are either regulatory pressures or financial incentives for adoption and implementation of these solutions. A survey of such measures can be found in the white paper no.44—Energy Policy Research and Implications for Data Centers in EMEA—published by the Green Grid [71].

2.5.2.5 Innovation Proposals and Recommendations

Following are the innovation proposals and recommendations to enable sustainable and green computing in India’s cloud computing infrastructure:

a) Development of India specific best practices and standards similar to EnergyStar, ASHRAE and TIA keeping in view the environmental conditions in India. These could cover  Power-Quality standards for data center environments  Environmental standards for cloud data centers  Best practices for hardware deployment  Best practices for ongoing operations of data center b) Conduct of a detailed study on Power Utilization Efficiencies that can be achieved under Indian conditions. c) A detailed assessment of favorable locations for setting up of cloud data centers that can take advantage of environmental conditions prevailing in different parts of India. With better availability of power, such locations could be highly conducive for energy efficiency data center operations. The study could correlate various aspects such as  Geological conditions  Accessibility

 Power availability  Power quality  Weather and climatic conditions through the year d) Data center compliance reporting and incentives/regulatory framework for promoting adoption of sustainability standards e) Benchmarking of data center operations by an independent agency f) Establishment of regulatory framework for sustainable IT operations g) Mandatory sustainability and compliance reporting of ongoing operations

3. Cloud Enablement Framework

Introduction

Cloud Computing covers several technologies (hardware, programming languages, platforms, software applications, and networking) and business models covering B2B and B2C solutions and involving multiple stakeholders. Therefore governance implications are invariably influenced by a technological, business model and a variety of other factors encompassed by cloud computing. The choice of technology design and the basic design principles have a critical role in determining the wider governance implications and policy cannot be framed independent of these factors. On one hand, cloud computing provides capabilities such as location independence, lowered barriers to entry, virtual business environments, and ubiquitous access from any device via a web browser. These same capabilities create issues related to data ownership and privacy, data retention, interoperability, security, surveillance, content regulation, service provider liabilities, and legal jurisdiction. A clear challenge in formulating cloud policy is dealing with these conflicts inherent in the features of cloud computing and achieving a balance between the enabling and constraining functions of governance.

The other set of challenges involve striking balance among conflicting interests of different stakeholders such as cloud service providers, copyright owners, clients, end users, and government. For example, tensions arise in relation to the competing interests such as control and flexibility, trust and verification, commercial gains and social empowerment, competitive pricing and unsatisfactory Service Level Agreements (SLAs), copyright protection, and freedom of receiving and imparting information. Specific challenges can also arise for service providers who can be as vulnerable in the context of an adversary attack [e.g., Distributed Denial of Services (DDoS)] that leads to availability and privacy issues that eventually translate to liability to users and content providers. Therefore there is a need for increased cooperation, transparency, and awareness among different stakeholders and the focus must be shifted to dealing with the functional problems. Cloud enablement framework is aimed at addressing issues related to such conflicts and competing interests.

The cloud enablement framework therefore needs to strike a fair balance in several areas:

 Public versus private sector: In the interest of the public the government may find a need for formulating strict privacy laws defining vendor liabilities and sovereign reach irrespective of server location; however, seeing vendor as a mere carrier of services may dilute the law.  Innovation and growth versus standardization: Cloud Computing is enabling innovation to create new products and services and also enabling new business models in dramatically new and faster ways. Some cloud providers are also known to have enjoyed double digit growth even during the recent downturn. But facilitating interoperability through standardization is also crucial to the overall growth and evolution of the cloud ecosystem.  Experimentation versus stability: A range of new cloud offerings have made their foray and have been subject to change from time to time. The freedom to experiment with technologies is necessary for fostering innovation. But standardized offerings may be helpful in addressing interoperability concerns and stability of applications.

 Formal versus informal: For instance, in terms of adopting a set of standards, there can be a general consensual approach among the cloud players for standards to be set according to a given industry that is being catered to. On the other hand, an independent body may be involved in setting the standards with involvement of multiple stakeholders.  Political inclusion versus technical competence: While including stakeholders, a clear conflict will be in terms of whether technical competence or political inclusion should be the criteria and who gets to influence more. Striking a balance or finding the golden mean in terms of addressing the concerns of multiple stakeholders of cloud ecosystem is going to be a challenge.  Restrictive versus permissive rules: Often regulations related to data security and privacy across nations are inconsistent and therefore cause major concerns to users as well as providers. When effective regulations restrict the movement of data across borders or force the data to remain within national borders due to absence of cross- jurisdictional alignment, the providers lose out on advantages such as improvements through scale offered by collating data in multiple locations. Restrictions and requirements that are industry-specific and issued in the pre-Internet times need to be reframed to deal with new challenges posed by ubiquitous mobile technologies.  Centralized versus decentralized design and governance approaches: The traditional hierarchical governance processes may be bypassed due to direct information exchanges in the network of end users enabled by the design of cloud services and products. A multi-stakeholder approach to governance is needed to deal with such newer forms of privacy and security breaches.

3.1 Cloud SLAs

Introduction The cloud model separates the use of a service from the ownership of it. Hence, what used to be implicit within the design of a service has now got to be made explicit. Due to this separation, quality of service (QoS) has suddenly become the center of attention. QoS refers to the user’s experience with regard to his/her expectation about a functionality carried out by a service. For example, response to a URL query from a web (http) server can have an attribute associated with QoS. This response can be thought of as the total time taken to deliver the results of the query. If the response time is well within the attention span of the user, it is acceptable; otherwise, the user may feel the slowness and choose to ignore or resubmit. Often QoS is a qualifier affecting the behavior of a service, not associated with its functionality and hence is related to the user expectation.

In the cloud model the major players involved in interaction are the cloud provider (CP) and the cloud user (CU). The CP is the entity often representing one or more organizations that owns (in terms of owning the resources and also control policies to use and manage them) the cloud services. CP can be hosting a cloud service using a public, private, or hybrid model. The CP advertises the services that he/she provides by way of service directory or lists typically using a web portal. Access to these services is enabled by mechanisms that the provider supports. However, there is no standard mechanism or method for this. It is possible that each CP can have his/her own proprietary approach. The CU needs to understand and evaluate each of the CPs approaches before he can decide to use one or some of the CP’s services. The QoS framework describes the means to capture the CU’s requirements and CP’s mechanisms to provision for them. It also contains how the CU can measure and monitor what the CP is providing thereby being able to assess how the service is being delivered in terms of his expectation.

In the cloud environment, QoS is typically addressed using what are termed as Service Level Agreements (SLAs). A SLA represents an agreement between a service provider, the CP and a client, the CU, documenting quantitative service-level commitments. Here a service is a collection of functions or capabilities provided to the group of users as per the agreement by a service provider, in order to meet client objectives. Also, SLA is a legal binding contract that states QoS guarantees with which an execution environment (provider) agrees to provide its hosted application. The SLA also explicitly states what the interaction conditions are between the CP and CU and explains how issues will be resolved in case of conflicts, change of plans, disasters, etc. The various features of the SLA are interwoven into the QoS framework enabled by the CP and can vary between different CPs and also between public and private cloud providers. However, standardization of the SLAs will enable cloud interoperability.

3.1.1 QoS in Clouds

In the cloud spectrum, QoS plays a key role in assuring the user on its expectation from cloud services. One of the significant features of the cloud model is that it moves the control of cloud resources, (be it IaaS, PaaS, or SaaS) from the user’s domain to the provider’s domain. As a result, what was earlier implicit to the design of the service, in terms of its behavior (with

regards to its performance, availability, reliability, security, etc.) has to be specified explicitly when moved to the cloud.

Cloud services are often deployed to utilize idle resources and hence, are exposed to the constraints of sharing resources. For example, the virtualization technologies help different users in deploying multiple VMs on one physical host. This kind of scenario leads to the most prominent question—how a user application that is running on user’s VM is impacted due to another VM co-hosted on the physical host? It is to be noted that criteria such as performance interference, availability reduction, bandwidth issues, security vulnerability, and breaches are the determining factor for the impact.

QoS needs to be definitely targeted for cloud platforms, particularly in scenarios like that of India, because of the expected scale of the problems. While a generic solution to address most QoS issues can be to increase the capacity of the data center or dedicated application provisioning, it may not always lead to an optimal or even reasonable solution. Instead, building services and platforms that address the issues of QoS can lead to cost effective and innovative solutions. Factoring in QoS requirements will enable quantification of user expectation. This quantification will enable providers to allow measurement and build autonomous methods for ensuring QoS. Quantification further helps in making this expectation uniformly visible across different layers of the cloud provisioning stack and improves preservation while moving across different providers as in sky computing.

In this section, issues associated with QoS in cloud setups are detailed to provide insight to areas where best effort solutions may not be sufficient and hence pave way for innovation.

3.1.1.1 Performance

Virtualized infrastructure facilitates the property of on-demand use by encapsulating the operating and runtime environment for an application into a VM and being able to deploy it based on its resource requirement. However, current technologies tend to size VMs based on pre-defined static sizes and the user has to choose a close or near match for his/her requirements. This results in under-utilization of resources for the cloud provider and increased cost for the user. Also, lack of association between the variability of the hosted workload to the underlying resource provisioning mechanisms does not allow the user to exploit the cloud’s elasticity property for his benefit. In addition, most resource providers’ deal with resources in a disparate ways—CPU capacity along with fixed sizes of memory or storage blocks. What a user really needs is a composite set of resources, like the complete resource tuple, detailing properties of CPU, memory, network interface, and storage. It is essential that the QoS property holds for this composite set and not an individual resource. All resource managers need to make VM placement decisions based on such a composite resource to guarantee performance.

As one moves from the IaaS to PaaS and SaaS complexity in terms of quantification, measurement and assurance increases. It is essential to tie-up and build these features bottom- up so that end-to-end performance guarantees can be achieved. This requires innovation that would lead to optimized usage of resources at lower costs to the user without compromising on his/her end user experience.

3.1.1.2 Availability

Compute clouds have evolved with a well-noted property to be used, that of resource availability, but how this availability can be specified and provisioned for is still nebulous. Here again the movement to cloud requires explicit specification. How does a provider allow the user to specify his availability requirements and how does he/she ensure that the requirements are met? What mechanisms does a cloud provider offer for assuring that the user’s requirements are met? Many such questions need innovative solutions.

3.1.1.3 Security

Security is one of the key concerns perturbing cloud users. Independent and provider-specific mechanisms only elevate these concerns. One innovation that associates QoS properties to the functionality of security, addresses a means to ensure user’s expectation on security. It is essential to understand security not just in its functional specification, but also how it enhances the user perception of the functionality. How to characterize and associate QoS attributes to security functions is a challenge. Security is closely associated with the architecture implementing a cloud solution. Normalizing security associated QoS from its implementation alleviates this dependency. How to do this is yet another challenge.

3.1.1.4 Jurisprudence

Clouds bring the globalization aspect into computing. In so far as the public clouds are concerned, providers would choose to setup their data centers in competitive geographical locations that can meet their infrastructural support requirements. However, unless legal frameworks dealing with specific issues of localization of data with regard to its geographical relevance are brought in, residence of sensitive data within its legal geographical boundaries may be mandated. Service providers need to address this issue, particularly in cases where e- Governance, health, surveillance, etc., associated applications are concerned. It is an interesting aspect and thus has scope for innovation, to explore how provisioning can be done keeping jurisprudence as the constraint.

3.1.1.5 Reliability

April and May of 2011 showed significant publicized outages, which raised a prominent question for public cloud reliability and availability:

 Amazon Web Services (AWS) was found inaccessible to data as well as service.  Google’s Blogger blogging service was unavailable to the bloggers, which resulted in inconvenience to the users.  Microsoft’s BPOS Exchange service also got hit by serious outage.  Cloud Foundry, a new VMware public platform as a service (PaaS) offering for web developers, suffered sporadic downtime over two days due to a power outage and subsequent remedial activities.

3.1.2 Global Trends

The SLA life cycle formalized by Sun Microsystems Internet data center group provides a detailed characterization of SLA phenomenon. For better understanding, one more component/step is added to the SLA lifecycle that can help service providers and service users to create the knowledge repository, review and rework policy to either restart existing SLA or to initiate new SLAs, see Figure 24.

Figure 24 —Seven Steps SLA Lifecycle

A Reference Architecture for cloud services has been precisely defined by NIST, which comprises of the following five distinct major roles:

a) Cloud Consumer: Consumes services as provided by cloud providers b) Cloud Provider: Provides services to cloud consumers c) Cloud Carrier: Acts as a connectivity and transport channel between cloud consumers and cloud providers d) Cloud Broker: Mediates and manages the consumption and delivery of cloud services considering resource and relationship negotiations e) Cloud Auditor: Responsible for independent assessments of cloud services

It is to be noted that the clear specification of well-defined SLAs between Cloud Consumers and Cloud Providers also supports the activities of Cloud Brokers and Cloud Auditors. The ETSI Technical Committee CLOUD is responsible for extracting requirements for the establishment of cloud specific SLAs.

To capture the quality requirements of a user of communication services, the ITU-T has clearly defined a methodology [43]. The outcome of ITU-T and other recommendation of ETSI ETR 003 [27] and ETSI EG 202 009-1 [26] formalized general criteria for the services, see Figure 25.

NOTE: This figure is based on ITU-T, ETSI ETR 003, and ETSI EG 202 009-1 recommendations.

Figure 25 —Service Criteria

It is to be noted that aforementioned generic aspects are applicable at different stages of the cloud service SLA lifecycle.

SLA needs to be a quantifiable entity so that it can act as a competency benchmark and further be utilized in determining compliance maturity levels. This leads to a critical service metrics requirement encapsulated in a framework.

ETSI EG 202 009-1 [26] provides some specific guidance for measuring quality of service which can be easily adapted or extended to cloud services.

Cloud service measurement consortium project initiated by CMU aims at developing unified globally-accepted measurement framework for measuring the benefits and risks of cloud- computing services.

Cloud brokers need to conform to standards to provide a simplified interface. Cloud service brokers enhance the cloud provider-independence and that has to be driven based on standards. The Distributed Management Task Force (DMTF) provides interoperability standards that help in moving workloads between data centers and the cloud (see Figure 26). The Cloud Infrastructure Management Interface (CIMI) model helps in defining the scenarios and provides the interfaces for the integration of the different types of cloud service providers. CIMI works in collaboration with the Open Virtualization Format (OVF) Specification to bundle multiple machines and their requirements that can be exchanged with the cloud service and cloud service broker. The focus of CIMI is on Infrastructure as a Service (IaaS) so users and brokers can move entire workloads.

Source: dmtf.org Figure 26 —DTMF Framework

One of the largest vendors in cloud broker service is NASDAQ®, which offers its FinQloud as an intermediation layer on top of the Amazon Web Services cloud for the financial sector.29 Cadence’s solution Axon focuses on intermediation enhancements to migration to move the conversation from migrating servers to the cloud to migrating entire solutions to the cloud. CompatibleOne an open source project is working on a standards-based, cross-cloud provisioning engine.

Various projects were initiated for providing frameworks for negotiating SLAs—OPELIX is a European project that supports fully automated bilateral negotiations involving a customer and provider. The OPELIX system covers critical phases of a business operation such as product catalogue, product discovery, negotiation process, payment activities, and the delivery of the product to the customer as per the set objective. Inspire project manages bilateral negotiations by organizing offers and counter-offers. Aspire project as an improvement on Inspire deals with intelligent agents in order to provide negotiation guidance to the negotiator Kasbah based on customer and provider agent-based approach. It generates specific agents capable of driving strategic decisions in marketplace. CAAT supports a valid series of message-based interactions and can be used to design multi-agent systems for bilateral negotiations. VieSLAF facilitates service mediation and negotiation bootstrapping in clouds. Rubinstein’s Alternating Offers Protocol is also utilized to propose a framework that can facilitate automated negotiation between cloud service providers and cloud service consumers in cloud environments.

In Yahoo! SLAs differ based on individual services and it is discussed and agreed upon during the customer on boarding process. For self-provisioned services, the SLAs are published in the

29 NASDAQ is a registered trademark owned by NASDAQ OMX in the United States and certain other countries throughout the world.

sign-up forms. Since the SLAs for each service is clear, it is easy for the application designers to design their product around these SLAs to make sure the end user experience is taken care. The SLAs have multiple dimensions in each service, for example, for storage service the SLAs within the same data center is defined as follows: For an average object of size XX KB, the latency will be YY msec and availability will be 99.95%. For XX MB size, the latency is ZZ msec and availability 99.95%. There are centralized tools to monitor SLAs for all the services provided in the cloud across the globe. Each layer of the application has the capability for measuring the SLAs they provide to others. In case of any missed SLAs, it will be investigated by the respected teams and also will be reflected in the management reports. The SLA misses are taken seriously and managed through usual incident management process. The cloud capacity planning is also modeled around the SLAs promised to the users of that service. This is even more important in BCP scenarios where the service SLAs are supposed to be met even during when the service is failed out to a different data center for various reasons. Therefore, the capacity that needs to be provisioned should also prepare for such situations so that the SLAs are within the promised limits. The SLAs numbers are usually arrived at after doing benchmark testing on a newly built farm for a particular service. This provides the max capacity for which the farm can serve within a certain SLA. These capacity numbers are revised for new features and new major releases. The SLAs are kept almost the same for a service and less frequently the SLAs are also revised to reflect the supportable numbers.

3.1.3 India Initiatives and Opportunities

Cloud SLAs inherently covers the QoS perspective and is a critical issue to govern the cloud initiative and its sustainability. India has a great opportunity to leverage its resources optimally in the adoption of cloud services and infrastructure. In order to ensure performance, first it is essential to be able to quantify user expectation, be able to measure it and thus provide a transparent means to demonstrate the guarantee. Current technologies definitely fall short in this space and therefore immense scope for innovation exists in the whole cloud stack. Compute clouds have evolved with a well noted property to be used, that of resource availability and reliability. The barriers to achieve optimal resources reliably rely on the right composition of the physical and virtual infrastructure.

Current SLAs are heavily in favor to service providers as those are contractually developed by service providers’ outlook. In the Indian Cloud Revolution CII Report, it has been clearly mentioned that “provider dominated SLAs often contain provisions that weaken or outright eliminate users’ exclusive control over their sensitive information in certain circumstances.” [73]

Development of standards to represent SLA concerns and objectives of CU and CP, negotiations of SLAs with CPs, evaluation and assessment of SLAs, monitoring execution of SLAs, and formation of domain specific and generic QoS parameters offer a chance to mitigate lots of criticalities and dependencies associated with SLAs.

In the current context of cloud technologies, SLAs do not cover most of the requirements and favor provider’s prerogatives and concerns. Also, while SLAs are more of management layer concerns, the infrastructure and resources below must have the basic stubs to provision what is promised in the SLAs. In this context, provisioning for SLAs in the IaaS will have a common subset that is generic. However, when exploring specific application domains, the SLA

requirements will change but the management layers will need to appropriately map to the required stubs. These are particularly important in the Indian context because fine-grained provisioning will lead to fair and competitive pricing models and thus encourage adoption particularly for SMBs. Current pricing levels are questioned for being high. Secondly, SLAs for off-shoring and in-house normally ignore the provisioning on shared models since the basic assumption is that deployment addresses those issues. Cloud models will require explicit specification of these. It would need to actually characterize and come up with these included as part of the existing SLAs when moving to clouds.

3.1.4 QoS in Clouds: Challenges and Barriers to Innovation, Adoption, and Deployment

A predominant factor for the success of cloud computing is ensuring quality of service (QoS) for cloud applications. Lack of QoS frameworks and parameters is currently a barrier for increased adoption of cloud computing services in domains such as scientific and high performance computing applications. The cloud application requirements can be characterized by QoS requirements such as availability, security, reliability etc., as mentioned and covered in the Service Level Agreement (SLA).

QoS provides a level of trust and assurance that the expectations of behavior with regard to an application are strictly supported. QoS models are majorly associated with service consumers and service providers (and often brokers). It involves SLA and plan resource capacity by utilizing schedulers and load balancers. SLAs provide a facility to agree upon QoS between service consumers and service providers. It also defines service consumer’s requirements and service provider’s guarantees, thereby ensuring service consumers that they are receiving the services for which they have paid.

In the context of clouds, QoS needs to cover almost all aspects of expectation like, performance, availability, security, provenance, interoperability, etc. In its current implementation, QoS is mostly implemented on as-is-where-is or best-effort basis. Some of the key challenges that act as barriers for adoption and deployment are as follows:

 Performance variability during the deployment of critical business applications  Lack of tools and test beds for performance evaluation of virtualization technology and the tools necessary to monitor virtualized hardware  Transparent management of resources  Security mechanisms and assurance of data visibility, accessibility, integrity, consistency, and availability  Noisy neighbours due to shared resources and multi-tenancy models cause unpredictable and non-deterministic performance lapses, increased latencies, and security threats  Lack of awareness of residency of the data as well as compute resources, particularly in the public clouds, leading to issues associated with jurisdiction laws  Assurance on service availability, longevity and continuity to support enterprise business goals in terms of long term economic value and sustainability  Identification and autonomic alleviation of service bottlenecks

 Autonomous elasticity provisioning based on service demands  Loss of service in face of infrastructure failures; failover, redundancy, and interoperability frameworks can ensure smooth transition to tide over failures

Scope for innovation is immense and the need is immediate. As cloud is evolving, innovation addressing the key challenges listed above ensures in building the much needed assurance for adopting it. For example, well-tested robust SLA frameworks that support performance guarantees enable visibility of assurance with regard to service performance. This will lead to improving confidence in moving critical services to clouds. Since the cloud model eliminates the need to own and manage computing infrastructure, autonomous service composition frameworks for targeted QoS will ease adoption of cloud-based services. It is also important to include the aspect of QoS in the design of cloud-based applications so to include them as requirements in the deployment strategies.

3.1.5 Innovation Proposals Addressing the Need for QoS in Clouds

Priority issues for innovation proposals will depend on the thrust that is given to specific areas. Perhaps e-Health, e-Governance, and e-learning are expected to be some of the key areas, at least to begin with. Templates for these can be the first milestones of the project since they are domain specific and need the help of domain experts to derive.

3.1.5.1 Performance and Reliability of Enterprise Grade Cloud Services

Enterprise grade clouds can be thought of to be of two types, namely

 Infrastructure clouds: Wherein basic computing, communication, and storage resources are exposed as cloud service for use as basic computing resource.  Service clouds: Specific applications services like email, web, and data repository servers are exposed as application clouds. Enterprise clouds are expected to cater to a varying kind of workloads, when compared to scientific workload. These workloads are expected to demand different compute resources like CPU, memory, memory bandwidth, network bandwidth, storage space, and bandwidth. These workloads can have varying characteristics in terms of their residency on the infrastructure as well as in usage of the resources itself. Also, enterprises may have to cater to varying input loads during different times of the day/week/months. It may also be necessary to support a large number of small, independent workloads. For service clouds, it may also be necessary to consider the dimension of service availability at time scales that run into years. It is also necessary to consider issues of dynamic resource provisioning with respect to advance resource reservations in the scientific computing community. Essentially, any service provider would have to support the following basic features to help ensure performance and reliability:

 Performability of the application is defined based on the performance metrics like throughput, response time, number of transactions per second, etc.. Mechanisms, to measure the relevant application performance metrics, in the cloud setup are needed. Apart from this, tools to characterize the application workloads, in terms of their

resource requirements and how the performance metric varies with change in the resources is foreseen. Also, it is essential to have intelligent engines that can tie-up the variation in workload to elastic resources.  Provision for specifying and negotiating compute resource requirements that get characterized into specific resource items in the SLAs. The SLAs are defined based on the cloud that caters to the user requirement. This is tightly coupled with a resource admission control program that can monitor existing SLAs across the cloud.  Resource SLA realization constructs and usage monitors and regulators on the computing resources that participate in the cloud service.  Reliability engines in the cloud ecosystem on the provider site ensure that the life-term and business goals of the service are guaranteed in situations of failures of services, infrastructure supporting the services, or lack of resources to support the agreed services.

3.1.5.2 Framework for Autonomous User Centric Evaluation and Selection of Services Based on QoS Requirements

With the proliferation of cloud services, the selection process, especially the one based on the non-functional properties [e.g., quality of service (QoS) attributes] has become a more and more important step to help users locate a desired service. The QoS specificities, with regard to the aspect they address, require QoS description languages and selection models. The end user is not generally the focal point of such designs and the user support is either missing or lacking in these systems. The QoS language sometimes is not flexible enough to accommodate users’ various requirements and is too complex so that it puts extra burden on users. In the cloud context it is important to address these concerns and provision for them. Starting from building mechanisms to capture user’s QoS requirements to enabling SLAs that can autonomously translate the requirements to appropriate functionalities in the scheduling, resource provisioning, monitoring, elasticity, and pricing schemes of the provider setup, it is necessary to establish transparent and comparable methods for the user.

3.1.5.3 Predicting Best SLAs: A Stakeholders Perspective

While frameworks for enabling selection of services based on specific QoS attributes is necessary in general, it is also important to have evaluation mechanisms and methods to search and come up with recommendations on better SLAs. Normally a cloud user is expected to make an extensive survey of available providers and the services they offer. Lack of common nomenclature and standard ways of comparing make things difficult in terms of choosing the right service and also correct attributes. Service recommenders and selectors might be one way to resolve this. This proposal plans an exploration on these aspects and hopes to come up with a recommended service that can help alleviate this problem.

3.1.5.4 Development of QoS Attributes and Classification Framework for Cloud SLAs: An Indian Perspective

Cloud Computing paradigm has the potential to change the way IT infrastructure and applications are used to deliver services, particularly in the space of e-Governance, e-Health, and e-learning domains. Governments in emerging economies, like India, can effectively use such applications to promote and implement key programs affecting the lives of large populations with very competitive and cost effective strategies. It is interesting since these application domains are typically under the purview of governments and hence might not be associated with a running price model. However, they all belong to that class of applications that need real-time interaction. The strategies utilized to create such applications have a long-range effect on the delivery and cost effectiveness of the applications.

The complexity of such environment in determining resource provisioning policies for applications induces significant inefficiencies in the cloud. QoS frameworks need to be developed to address concerns associated with these and enable autonomous selection, scaling, and bursting to effectively use the resources on hand.

3.1.6 Recommendations

 Standards to be developed to represent SLA concerns and objectives of CU and CP, negotiations of SLAs with CPs, evaluation and assessment of SLAs, monitoring execution of SLAs, and formation of domain specific and generic QoS parameters.  SLA parameters and SLA characteristics should be defined precisely in a single document. The metrics for SLA should be linked with SLA parameters and should be understandable by CP and CU.  SLA technology managers and decision makers should collate on the finalizing of the SLA.  Standard SLA template should be created and followed throughout the SLA lifecycle.  SLA evaluation, execution, and violation should be automated.  SLA soft and hard parameters to be identified as per domains.  KPIs to be mapped with SLAs and other measures.

3.2 Cloud Security

Introduction

Cloud Computing is an amalgamation of technologies, proven and promising for providing business and IT services over the Internet. Cloud Computing is a proven delivery platform for providing business and IT services over the Internet. Cloud Computing enables organizations to move their data, storage and computation including the users complete desktop environments off-premises. It can be accessed using multiple device platforms like laptops, tablets, mobile phones, etc. Though cloud computing has tremendous potential, there are some critical difficulties to be handled. Since vital services are outsourced to a third party, cloud computing presents an added level of risk that makes it difficult to maintain data security and privacy and also provide assurance to user. This is becoming a primary concern and it is hindering to adopt and deploy. Also since cloud computing uses various technologies like SOA, virtualization and web 2.0, it inherits the security issues due to the vulnerabilities in these technologies. Since Cloud Computing is a relatively new computing model, there is a doubt on security and privacy implications at all layers like network, host, virtualization, application and data for different deployment scenarios (public, private, community, and hybrid). Privacy issues in cloud are lack of user control (user do not own) on infrastructure, data life cycle, changing cloud provider, notification of privacy breaches, and compensation), unauthorized secondary usage, regulatory compliance complexity, transborder data flow restrictions, and legal uncertainty. All the traditional network security issues continue to be there, as well as security issues related to vendor lock-in and multi-tenancy, which are specific to cloud.

Design of security requires combined effort, where providers and users work together to offer security and privacy and this is specific to the needs of the business application. Many of the recent security initiatives have been relatively open and can be leveraged to help the global cloud computing industry. Cloud Computing has clearly emerged with both a technological and business case, but from a security perspective, it is still a bit in a state of flux. A key challenge with which many information security professionals are struggling, is how to classify the cloud and define the appropriate type of controls to secure data entering the cloud. Lack of standardization also affects cloud security. Depending on the security requirements of application, cloud deployment model (public, private, community, and hybrid), and the type of service (SaaS, PaaS, IaaS, etc.), security issues must be systematically reviewed and a threat-risk model has to evolve. Security design should be made in line with this threat-risk model. Following a systematic approach in designing cloud security would definitely give confidence to offer critical services through cloud and it is definitely an economic enabler.

3.2.1 Global Trends

Cloud Security Alliance (CSA) is an organization that encourages the use of technical methods for providing security assurance. The CSA also educates those who are working/using cloud services on cloud security.

The International Standardization Council (ISC) is part of CSA and has been looking into the standardization part. CSA is one of the most active members in providing cloud security innovations and solutions. CSA is also part of Standard Developing Organizations (SDOs) and

related working groups. Working groups are playing key role in standardizations. CSA has been circulating strategies for securing cloud. These strategies are considerably needed to secure clouds. CSA sponsors research in key areas that relate to the cloud, including top threats, trusted clouds, governance, mobile computing, big data, and security as a service.

ISO/IEC 27001 [42] is an international security standard that is accepted by many organizations and provides knowledge of the risks involved to secure critical data.

Organization for the Advancement of Structured Information Standards (OASIS) also developed standards on security in the area of identity management, authorization, interoperability, etc. Open Data Centre Alliance (ODCA) is an independent IT consortium comprised of global IT leaders who work on a unified customer vision for long-term data center requirements, including critical cloud infrastructure needs. In 2011, ODCA released a roadmap of IT requirements, with updates in 2012. These include security-related usage models for secure federation in areas of identity management, security provider assurance, governance, and monitoring. ODCA and CSA have formed an alliance to work on cloud security strategies.

DMTF is a global organization that is in the process of developing standards that enable interoperable IT management. DMTF’s Cloud Management Working Group is working on cloud infrastructure management interface specifications to improve management interoperability.

Intel also focuses on security. Intel IT continues to move workloads into the cloud. Intel is continuously increasing the security level of their environment by focusing efforts on the following:  Providing the foundation for cloud controls that secure data and infrastructure.  Adding new levels of visibility to better understand and trust that the infrastructure is reliable and can support compliance.

Intel is also an active member of cloud SDOs.  National Institute of Standards and Technology (NIST) and CSA defined their own security reference architectures to avoid threats and vulnerabilities.  European Network and Information Security Agency’s (ENISA’s) security assessment document highlights different security issues related to cloud computing that require further studies for being appropriately handled and, consequently, for enhancing technology acceptance and adoption [22].  MicroStrategy® Enterprise Cloud is also developing a security framework.30  Porticor® embedded trust into cloud with data encryption and key management solutions. Portico supports many companies to secure their data and with regulatory standards. A security framework focuses on security and privacy and targets vulnerabilities, risks, attacks, and strategies to avoid them. CSA, NIST, ENISA, CPNI, and ISACA are publishing strategies on cloud security.

30 MicroStrategy and MicroStrategy Enterprise are registered trademarks or trademarks of MicroStrategy Incorporated.

ENISA (European Network and Information Security Agency) is responsible to improve network and information security with in Europe. NIST has recently published taxonomy for security in cloud computing that is comparable to the taxonomy introduced in section “Cloud Computing security taxonomy” (NIST SP 500-292 [57]). CSA is also led by industry global IT leaders and working groups etc.

3.2.2 India Initiatives and Opportunities

Cloud security is major concern and is delaying adoption all over the world. Major security issues should clear before adoption. Indian companies are lagging in adoption of cloud because cloud service providers (CSPs) are located outside India, which makes companies feel insecure, which makes companies feel insecure. Control of IT infrastructure and sensitive data by someone else is a major hurdle.

According to Gartner‘s report [30], Indian public cloud market would grow 36% by 2013 compared to 2012. IT professionals also feel that cloud computing is going to be top of all current technologies. However, security is a big hurdle that is dragging many out of cloud. The founder of CSA Mumbai chapter said that Indian IT is majorly worrying about security so their adoption rate is less due to the fact that data center locations are outside India. Indian government is going to be one of the biggest users of cloud to be catalyst in using it. There are many issues to be solved before adopting cloud. Issues such as data location, security, and jurisdiction should be addressable. The government formed a working group in Department of Electronics and Information. Data storage is one of the major problems when it comes to compliance; data transmission and privacy are other issues. India needs to make policies to attract various IT users. Details of Indian organizations and their initiatives in cloud security are given in Table 2.

Table 2 —Cloud Security Initiative Per Organization Organization Initiatives Advanced network and cloud security solutions to protect against today’s advanced cyber security threats. Features of these solutions include protection HP India of physical, virtual, and cloud-based networks; application traffic and operations with in-line, real-time threat prevention; and security intelligence. Also combine policy-based network access. Defencely.com, a state of the art cloud penetration security services provider, was recognized by PayPal at the Wall of Fame web page. Defencely.com is the Defencely.com FIRST Indian online company to receive such an honor from PayPal, among many other organizations on the Internet. Amrita Vishwa Vidyapeetham University has been working on Development of Amrita Vishwa Trust Models for Cloud Computing. They have developed Security Enabled Data Vidyapeetham University Objects (SEDOs) which are primarily targeted at preventing security breaches from the administrator’s end. Indian Institute of Science (IISc) Bangalore proposed a resource monitoring tool in cloud for tracing the resource usage by a customer. This framework also provides the transparency to the customer in knowing his/her actual usage. The Indian Institute of proposed architecture provides a generic framework that can be personalized Science (IISc) Bangalore as per the needs of the cloud users. It enables both provider and customer to monitor their application at a much finer granularity. Accenture technology labs, Bangalore India proposed few high-level steps towards a security assessment framework.

Organization Initiatives All India Shri Shivaji All India Shri Shivaji Memorial Society’s Institute of Information Technology Memorial Society’s (AISSMSIOIT) Pune Maharashtra, India proposed three layer data storage Institute of Information security in cloud using face fuzzy vault. Only authorized users can access the Technology (AISSMSIOIT) data in three layers; therefore, data is safe and it is difficult to modify the data Pune Maharashtra by an unauthorized user. Centre for Development of Advanced Computing (C-DAC) is working in cloud security research to minimize the security risk associated with usage of cloud- Centre for Development based computing and storage services through the development of of Advanced Computing comprehensive advanced tools and mechanisms to enhance security for (C-DAC) achieving CIA with elastic load balancing. They expect to develop data and network isolation mechanisms, isolation failure-detection mechanisms, DDOS attack detector, Cloud Aware encryption tool, and elastic cloud load balancer.

3.2.3 Challenges and Barriers to Innovation, Adoption, and Deployment

The outsourcing data and applications, extensibility and shared responsibility, service level agreements (SLAs), virtualization, multi-tenancy, and heterogeneity features of cloud have serious security implications. Outlined in the list that follow are some cloud security related hindrances in the Indian context:

 Indian companies are lagging behind cloud adoption because Cloud Service Provider (CSP) data centers are located outside India and we view it as insecure. Since none of the major CSPs have their data centers in India, it is difficult to host their data, which may come under the scrutiny of U.S. and EU laws.  Cloud may be used to maintain personal, private, and confidential details (such as healthcare information related to patients) that requires proper controls to prevent disclosure, compromise, or misuse.  It is difficult to track the flow sensitive information, difficult to ensure secure access control, and difficult to deal with data destruction.  Foreign cloud solutions used by Indian companies today are non-compliant towards the IT Act 2000, specifically where concerned with the data handling part of IT Rules of 2011.  There is no provision for the user of cloud to get an assurance on cloud governance by CSPs.  There is always a possibility for CSPs to compromise on security while focusing on cost cutting.  External data storage, usage of Internet (public network), lack of control, multi-tenancy, heterogeneous, and virtualization bring additional security threats that cannot be addressed with traditional security alone.  Cloud security design cannot be generalized.  Since mobile devices have widely penetrated in our country, giving a provision to access cloud using BYOD would help to adopt cloud computing in enterprise networks, provided ecosystem with cloud and mobile devices have been secured. Security policies and solutions should be in place to detect malicious breaches targeted on enterprise.

 Cryptographic mechanisms used for traditional networks may not be appropriate for cloud.

3.2.4 Threat-Risk Model

In view of the security-related hindrances in adopting cloud, it is very important to review the security issues systematically and evolve a threat-risk model depending on the criticality of application offered through cloud, deployment model (public, private, community, and hybrid), and the type of service (SaaS, PaaS, IaaS, etc). This is because, there are low security players like social networking and social media, which are essential for efficient flow of information (translating possibly to flow of goods and services) at the micro-levels of our economy, while there are high security players like banking, governance, and strategic services of a country. There is also a range of organizations in-between these two extremes. So, there is a need to carry out cost-benefit analysis for governments to set up their own cloud computing facility and securing the same. Banks can explore on how they can leverage public clouds to provide lower cost banking services to the lower class of economic section (economic inclusion) while they maintain confidentiality, integrity, availability, and privacy of data. Security design should be made based on the threat-risk model. It is important to focus on private clouds, hybrid (private and public) clouds, or virtual private clouds (enhanced security) for government and other critical services. Since the primary motive of cloud computing is to lower the cost of computing, we need to see how such a motive can be met in diverse threat-risk use-cases.

3.2.4.1 Focus of Cloud Security Design

Cloud security has to be designed considering governance and operational domains. The following aspects of each of these domains have to be considered:

Governance Domain

 Cloud Computing architectural framework: Cloud Computing architectural framework should include components to address security and privacy concerns in addition to service planning and service deployment. Framework should also include components to create an atmosphere of acceptance in the cloud’s ability to provide a reliable and trustworthy system.  Governance and enterprise risk management: In order to check the proper functioning of cloud, governance, risk management, and compliance play vital role. They will assess both private and public clouds against industry-established standards, best practices, and critical compliance requirements.  Legal and electronic discovery (within and across countries): Shared data centers hosting electronically stored information (ESI) are central to findings in cloud computing. Though the Federal Rules of Discovery (Rules) were designed with flexibility and applicability in personal computing, they cannot be effectively adapted to cloud computing. Challenges of e-Discovery in cloud, its legal implications, and e-Discovery in Indian context have to focused.

 Compliance and Audit: In order to meet the cloud security and data security requirements, cloud service providers (CSPs) must comply appropriately with all the regulations within a country. Also auditing has to be carried out to ensure whether it meets regulations of compliance.  Information Life Cycle Management: Information Life Cycle Management is another important requirement in cloud. Policies have to be clearly defined for storage, data backup and recovery, data storage security, and data center capacities and limitations.  Portability and Interoperability: The cloud computing portability and interoperability categories into data portability, application portability, platform portability, platform source portability, machine image portability, application interoperability, platform interoperability, management interoperability, and publication and acquisition interoperability.

Operational Domain

 Traditional Security, business continuity and disaster recovery: Traditional security flows from a well-developed series of risk assessments, vulnerability analysis, SCP/DR policies, processes, and procedures. Few security risks associated with cloud computing are unique, considering this business continuity, disaster recovery, and traditional security environments of a CSP need to be properly assessed.  Data Center Operations: Data centers and their operations have to be remodeled as per the requirements of security standards and regulations to offer cloud services.  Monitoring and Measuring: Cloud Computing is driving us towards a service mode of accessing IT services. In this scenario it becomes important to monitor and measure security enabled by a cloud service provider.  Incident Response, Notification, and Remediation: Incident response is one of the basis of Information Security Management. Even the minute level planning, implementation, and execution of preventive security mechanisms cannot eliminate the possibility of an attack completely; therefore, CSPs should use processes and tools towards incident response, notification, and remediation.  Application Security: Application Security is an important aspect in a cloud environment and they are as extremely vulnerable as applications are accessed by connecting through Internet. Application security should focus on secure SDLC, authentication, authorization and compliance, application penetration testing for the cloud, monitoring applications in cloud, and vulnerabilities in applications.  Encryption and Key Management: In the cloud, since multiple administrators and tenants are working for someone else, it is clear that data should be properly secured. It is very important to identify proper encryption usage and scalable key management for protecting access to data and internal data migrations.  Identity and Access Management: Identity and Access Management requires fundamental changes when designed and implemented in a cloud environment. In a cloud environment, cloud service or application will be accessed from a variety of external entities together along with the associated attributes, which enables the cloud

system to make better holistic risk-based decisions about granular access to the system, processes, and data within the cloud.  Virtualization: Virtualization is one of the key technologies used and is also the foundation for cloud computing. It plays a vital role in providing multi-tenancy, better server utilization, and data center consolidation. Though virtualization is vital for cloud computing, it brings with it security concerns of the operating system running as a guest, new security concerns associated with the hypervisor layer, and also the virtualization specific threats like inter-VM attacks.

3.2.5 Standards for Cloud Security

The following is a list of Security and Data Privacy Standards that can be used across IaaS, PaaS, and SaaS:

Identity and Access Management (IAM)

 IdM federation . SAML (Security Assertion Markup Language) . WS-Federation (Web Services Federation) . Liberty ID-FF (Liberty Identity Federation)  Strong authentication standards . HOTP (HMAC based One Time Password Algorithm) . OCRA (OATH Challenge Response Algorithm) . TOTP (Time-Based One Time Password Algorithm)  Entitlement management (XACML—Extensible Access Control Markup Language)

Data Encryption (at-rest, in-flight), Key Management

 PKI (Public Key Infrastructure)  PKCS (Public Key Cryptographic Standards)  KEYPROV (Provisioning of Symmetric Keys) . CT-KIP (Cryptographic Token Key Initialization Protocol) . DSKPP (Dynamic Symmetric Key Provisioning Protocol)  EKMI (Enterprise Key Management Infrastructure)

Records and Information Management (ISO 15489)

E-discovery (EDRM—Electronic Discovery Reference Model)

3.2.6 Comprehensive Cloud Security Requirements for Deployment and Adoption

In a typical cloud deployment scenario, the following are the general requirements towards comprehensive cloud security:

 Whitelisting of applications in cloud environment  Virtual Security Gateway—Across virtualization layer, user has to be enabled to apply critical policies, logins, and access privileges  Effective Logging and Monitoring  Third-party Governance  Configurable Security Mechanisms  Security Visualization  SLAs  Open Standards  Identity Federation  Autonomic Properties  Handling compliance . FedRAMP (Federal Risk and Authorization Management Program) . FISMA (Federal Information Security Management Act) . HIPAA (Health Insurance Portability and Accountability Act) . SOX (Sarbanes-Oxley Act) . PCI (Payment Card Industry) . SAS (Data center and third party hosting auditing standard)

3.2.7 Innovation Proposals

3.2.7.1 Analytics and Visualization Framework for Threat Detection, Security Governance, and User Assurance in Cloud

Cybercriminals keep trying all possibilities to bypass deployed security defenses. Therefore, it is very important to continuously monitor the system events and logs to detect the evolving threat. User assurance and security government is another important requirement in cloud. Therefore, there is a need for threat detection, security governance, and user assurance framework for cloud based on analytics and visualization.

3.2.7.2 Cryptography Mechanisms for Cloud Security

In cloud environment, administrators have access to manipulate client data and services without necessarily being fully trusted. In this scenario, cryptographic mechanisms and protocols suiting

124 Copyright © 2014 IEEE. All rights reserved. A Framework and Roadmap for Cloud Computing Innovation in India Cloud Computing Innovation Council of India cloud computing have to be evolved maintaining a balance between security, client privacy, efficiency, and functionality. Research efforts using homomorphic encryption, predicate encryption, etc., need to be initiated for cloud environment. Also, appropriate solutions have to be evolved for proofs of storage, data destruction, and secure cloud storage system.

3.2.7.3 Integrating Trusted Platform Module (TPM) and Open Standards for Authentication in Cloud Security

TPM provides hardware-based root of trust for computing and other systems. Most of the international governments are already adopting TPM as a standard for authentication. Since cloud provides various types of services, in order to maintain confidentiality, integrity and strong authentication to the data stored in the cloud TPM can be explored. Software security identification (ID) standards for federated ID management such as OpenID, WS (Web Services) Federation, and Security Assertion Markup Language (SAML) can be used with TPM.

3.2.7.4 Virtualization Security

Virtualization offers flexibility to cloud infrastructure and is the foundation for all cloud-based services. Since each host machine acts as multiple virtual hosts, end-point security solutions alone would not suffice, but filtering and anti-malware features have to be incorporated at the virtualization layer with dynamic policy enforcement.

3.2.8 Recommendations

 Setting up sophisticated data centers with latest technology and infrastructure to offer special sector services over cloud.  Speed up making policy decisions and initiate efforts to offer some less critical services in order to provide motivation towards using cloud. Start with setting up proof of demonstration for one critical service over cloud. Practice FedRAMP (getting popular globally for cloud), which provides standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. Lessons learned through Proof of Demonstration would help for live deployment of critical services over cloud.  Initiate efforts to carry-out cost-benefit analysis for offering different government services over cloud with required security.  Initiate R&D innovation projects to address security challenges of cloud in order to make it as economic enabler.

3.3 Cloud Standards and Interoperability

Overview As stated in “The Indian Cloud Revolution” report by CII [73], “Indian e-Governance solution will span multiple government agencies and utilize data maintained by different agencies.” It is important that cloud services for government are built on open standards, so that the services can interoperate at multiple levels and “pave the way for new public utility platforms to be built on top of it.” When multiple cloud vendors work together to provide a national-level cloud platform and cloud-based services, interoperability becomes a necessity. Cloud Computing adoption is at a nascent stage globally and there is a hectic focus on development of standards complemented by interoperability initiatives. In the spirit of “thinking global and acting local,” it is important to promote appropriate participation and contributions from India.

This section provides a blueprint for adoption, recommendations and development of cloud standards, Interoperability testing, certification, and benchmarking in India. Various global standardization and interoperability efforts around cloud computing have been surveyed. Current initiatives in India have also been studied. A comparison has been done with similar efforts in telecom (landline and mobile) and Internet in India.

Challenges and barriers unique to the Indian ecosystem have been extracted from the insights obtained during the team discussions. Solutions to these will be formulated as “innovation proposals” requiring sustained collaboration among the industry R&D, research labs, government, enterprises, and academic ecosystem. Such proposals will encompass the following:

a) Framework for adoption, development, and adaptation of new protocols and standards at different layers of the Cloud Computing Stack to meet the unique requirements of IT infrastructure in India. b) Framework for vendor certification, benchmarking and interoperability testing [leveraging global (NIST, DMTF, SNIA, OGF, IEEE, etc.) and local (TSDSI, BIS, NIC etc.) standardization efforts], with the following objectives:  Ensuring efficient and optimum utilization of resources  Enabling interoperability between different service providers  Enabling choices and smooth migration opportunities to users  Enhancing pace of adoption of cloud computing in Indian and global context

3.3.1 Global Standards Development Landscape31

As cloud-based environments are emerging and getting deployed, serious efforts are underway at many of the international standards organizations to develop standards addressing different aspects of cloud computing.

31 Global Cloud Computing Standards Landscape courtesy of the GI Cloud Adoption and Implementation Roadmap.

—Source: Standardisation activities for cloud computing, NTT, Japan. Reprinted with permission.

Figure 27 — Study Areas for Cloud Computing Standardisation and Major Cloud Computing Standards Bodies

In addition to standards, open source also plays a critical role in achieving the level of compatibility and interoperability between various components of a cloud implementation that leverages the standard APIs published by the respective open source projects such as OpenStack.

Additionally the following standards are also significant for the development of cloud-based solutions:

a) PCI DSS: Virtualization Guidelines b) Open Data Center Alliance (ODCA) c) FedRamp (U.S. Government) d) Open Networking Foundation (SDN-OpenFlow)

Based on the deliberations, the standards categorized in Figure 28 have been identified as mature and significant for immediate focus:

Management/Interoperability OASIS (TOSCA), IEEE (P2301, P2302), Architecture/Definition DMTF-CMI

NIST (definition, Standards road map, etc) CSCC, Open Group – CCRA Security Infrastructure: DMTF – CIMI, SNIA – CDMI, DMTF – Cloud Audit, OASIS – ID Cloud, W3C – Linked data, OSLC, CSCC – Security for Cloud Computing, Open Stack: IaaS v2, OGF, ONF IETF – Oauth, OpenID.net

Figure 28 — Prioritized Standards Based on Deliberations within CCICI

The following sections briefly summarize these standardization efforts highlighting goals, maturity, and organizational constructs.

3.3.1.1 Cloud Standards Customer Council (CSCC)32

CSCC represents the customer’s voice in influencing the cloud standards through the formation of an end-users advocacy group driving for successful adoption of cloud. It provides customer- led guidance by sharing its requirements and use-cases to multiple standards defining organizations, making an impact in the evolution of the global standards. CSCC is now represented by 430+ member organizations, driving activities (through working groups) to build open industry best practises in the areas of creating use-cases, guidelines for successful adoption of cloud computing, reference guides to help IT shops to analyse SLAs and security implications of the cloud among others.

CSCC is actively working on building the artefacts in leveraging of cloud by various workload types including Big Data, social and mobile. In its press release dated July 11, 2013 on social, mobile and cloud, the CSCC stated “The convergence of Social, Mobile and Cloud is not just a technological change, but rather a change that is having a profound impact on all aspects of business from collaboration, to marketing, to customer service and many other business processes,” and also “The CSCC whitepaper provides a clear guide to assist companies in dealing with this transformational change and is a dependable reference for decision makers as they partake in this journey.” [15]

It is really important for multiple government organizations of a country to consolidate its input on the cloud use cases and share that input to the CSCC since these use-cases will be unique from the other industry sectors of the use cases of cloud and will become crucial in further evolution of the standards.

32 Information on the CSCC can be found at http://www.cloud-council.org/.

3.3.1.2 OASIS TOSCA33, 34

OASIS (Organization for the Advancement of Structured Information Standards) is a non-profit, global standards development organization with focus on development, convergence, and adoption of open standards. It has a technical committee on Topology Orchestration and Orchestration Specification for Cloud Applications (TOSCA) to develop a global standard for cloud applications and services operating in a vendor-independent environment. The objective of this standard is to enhance the portability of the applications and services through a theme of “compose once and run anywhere.”

This technical committee has outlined in its charter that “The goal of the Topology and Orchestration Specification for Cloud Applications (TOSCA) TC is to substantially enhance the portability of cloud applications and the IT services that comprise them running on complex software and hardware infrastructure. The IT application and service level of abstraction in TOSCA will also provide essential support to the continued evolution of cloud computing. For example, TOSCA would enable essential application and service lifecycle management support, e.g., deployment, scaling, patching, etc., in Software-Defined Environments (SDE) such as Software-Defined Data Centers (SDDC), and Software-Defined Networks (SDN).” [59]

TOSCA accomplishes these objectives/goals by providing a structural model for cloud services through the enablement of interoperable description of application and infrastructure cloud services, establishing relationships between cloud components and the associated operational behaviors of the services. Version 1.0 of an approved specification can be obtained at http://docs.oasis-open.org/tosca/TOSCA/v1.0/cs01/TOSCA-v1.0-cs01.pdf.

TOSCA also plans to publish a set of cloud service templates that validate the conformance to the specification and that can also be leveraged as test cases by the vendors implementing the specification for testing and validating their products. This will also help the end users to validate the products for conformance and interoperability.

3.3.1.3 OASIS IDCloud35

Identity management is a serious security challenge within cloud computing. In fact, there existed some serious gaps within the current identity management standards and so, the technical committee (TC) on IDCloud will investigate and capture the right standard based profiles to achieve required interoperability.

As stated in its charter, the technical committee clearly outlines its objectives in the following paragraph:

“The purpose of the OASIS Identity in the Cloud TC is to collect and harmonize definitions, terminologies and vocabulary of Cloud Computing and develop profiles of open standards for identity deployment, provisioning and management. Where possible, the TC will seek to re-use existing work. The TC will collect use cases to help identify gaps in existing Identity Management standards. The use cases will be used to identify gaps in current standards and investigate the

33 Information on OASIS can be found at https://www.oasis-open.org/. 34 Information on TOSCA can be found at http://oasis-open.org/committees/tosca. 35 Information on IDCloud can be found at https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=id-cloud.

need for profiles for achieving interoperability within current standards, with a preference for widely interoperable and modular methods.” [60]

OASIS IDCloud TC published IDCloud Use Cases specification [37]. This document captures the set of use cases referencing the requirements of identity management in the cloud and will further drive to identify and address the associated functional gaps in the existing ID management specifications or through additional standards specification(s).

From an Indian cloud providers and users context, it is absolutely critical to identify first the various use case scenarios that are relevant within Indian context and then try to establish the mapping of those identified use cases with the documented use cases in IDCloud specification; however, if there are no associated use cases found, then CCICI should form a charter to work with the IDCloud committee to drive the required use cases.

3.3.1.4 W3C Linked Data36

The World Wide Web Consortium (W3C) is a global consortium developing standards to promote growth and interoperability of the Web. W3C’s vision is to create a “Semantic Web” or a broader “Web of data” by building a technology stack to support it, with the ultimate goal of achieving trusted interactions over the network. Semantic Web technologies enable people to create data stores on the Web, build vocabularies, and write rules for handling data. Linked data are empowered by technologies such as RDF, SPARQL, OWL, and SKOS allowing one to embed data in documents or expose data from SQL databases or make the data available as RDF files.

RDF provides the foundation for publishing and linking data. Linked Data is a standardized data platform built upon the following four principles:

 URIs as names for things (http://docs.oasis-open.org/id-cloud/IDCloud- usecases/v1.0/cn01/IDCloud-usecases-v1.0-cn01.pdf)  Use standards, provide useful information  Standard URI format (HTTP)  Link to more URIs to make data discovery easier As linked data access becomes available within the Web, it is critical to get enabled within cloud.

3.3.1.5 OpenGroup Common Cloud Reference Architecture (CCRA)37

The OpenGroup leads the development of open, vendor-neutral IT standards and certifications. Based upon the real world input gathered from the aggregate experience gained through hundreds of client engagements and hosted cloud implementations, IBM developed this reference architecture [14] (shown in Figure 29) for adoption by OpenGroup. This could potentially serve as a blue print in architecting cloud implementations satisfying the underlying functional and non-functional requirements.

36 Information on W3C is available at http://www.w3.org/. 37 Information on OpenGroup CCRA is available at http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc.

Figure 29 defines the following three major roles:

1) Cloud Service Consumer 2) Cloud Service Provider 3) Cloud Service Creator

The reference architecture was built with few cloud specifics in mind, such as the following:

 Radical cost reduction  Achievement of high degrees of security, reliability, scalability, and control

The Cloud Service Consumer is an entity (e.g., a system or an organization or an end-user) that consumes services delivered by specific cloud service provider(s). The Cloud Service Provider has the responsibility of providing cloud services to cloud service consumers. A cloud service provider is defined by the ownership of a common Cloud Management platform (CCMP) and this ownership can either be realized by truly running a CCMP by himself or consuming one as a service. The Cloud Service Creator is responsible for creating a cloud service that can be run by a cloud service provider and used by cloud service consumers. A cloud service creator designs, implements, and maintains runtime and management artifacts specific to a cloud service, typically leveraging functionality made available by a cloud service provider. Management functionality is defined by the CCMP architecture.

3.3.1.6 NIST38

National Institute of Standards and Technology (NIST), as part of its statutory responsibilities under the U.S. government, is responsible for developing standards and guidelines for providing adequate information security for all U.S. government agencies, operations, and assets. It has developed a series of publications with focus on accelerating cloud adoption and deployment by various government agencies. More specifically, NIST is mandated to provide a technology roadmap for the U.S. government and a set of special publications addressing cloud definitions, security related aspects, and a cloud reference architecture.

Since managing security and privacy issues are so critical in cloud computing when dealing with customer data, applications and infrastructure, NIST published guidelines (NIST SP 500-292 [57]) for customers to consider in such scenarios. The purpose of NIST SP 500-292 is to define a NIST Cloud Computing Security Reference Architecture (NCC-SRA)—a framework that

 Identifies a core set of Security Components that can be implemented in a cloud ecosystem to secure the environment, the operations and the data migrated to the cloud;  Provides, for each Cloud Actor, the core set of Security Components that fall under their responsibilities depending on the deployment and service models;  Defines a security-centric formal architectural model that adds a security layer to the current NIST SP 500-292 [57]; and  Provides several approaches for analyzing the collected and aggregated data.

3.3.1.7 OpenSource (OpenStack)39

OpenStack (Figure 30) is an open source implementation of cloud Infrastructure as a Service (IaaS), contributed through a global collaboration of developers and cloud computing technologists and working to produce an open source cloud computing platform for public and private clouds. OpenStack offers a cloud operating system controlling large pools of compute, storage, and network resources within a data center and offers self-service portal for end-users to provision the resources. In its mission statement, it stated “To produce the ubiquitous Open Source Cloud Computing platform that will meet the needs of public and private cloud providers regardless of size, being simple to implement and massively scalable.”

OpenStack brings many advantages to the customers; the most notable ones include the following:  No vendor lock-in: APIs are portable across OpenStack-based public, private, and managed clouds.  Supports hybrid cloud architecture: Applications across private and public cloud support compliance, security, public access, cost optimization, time-to-market, etc.  Ease of integration: Open, web-based REST APIs simplify deployment and management of workload.

38 Information on NIST can be found at http://www.nist.gov/itl/cloud/. 39 Information on OpenStack can be found at http://www.openstack.org/.

 Accelerated time-to-market and innovation: Community of hundreds of companies contributing to the platform enables a wider breadth of innovative capabilities than a smaller cloud community or proprietary cloud vendor.

As cloud standards evolve, it becomes easy to develop a reference implementation of new standards and/or add new features to the existing standards within OpenStack since most of the industry has embraced OpenStack.

—Reprinted with permission from OpenStack (www.openstack.org)

Figure 30 — A Logical View of OpenStack Implementation

3.3.1.8 DMTF Standards Overview40

Of these, DMTF published OVF 1.0.041 in February 2009, attempting to standardize virtual infrastructure components. Later DMTF expanded the scope to cover other aspects such as Virtualization Management, Cloud Management, etc.

40 Information on DMTF is available at http://www.dmtf.org/. 41 Information on OVF 1.0.0 is available at http://www.dmtf.org/standards/ovf.

Figure 31 — Spread and Reach of DMTF Standards and Initiatives

 Web-Based Enterprise Management (WBEM): A set of management and Internet standard technologies developed to unify the management of distributed computing environments, WBEM provides the ability for the industry to deliver a well-integrated set of standard-based management tools, facilitating the exchange of data across otherwise disparate technologies and platforms. The entire management stack is built upon the schema defined by CIM, i.e., Common Information Model.  Profiles: Provide a template to address specific management domains. By delivering a unified way to describe a given management domain in CIM, profiles help with ease of use and offer a simplified means to achieve interoperable distributed management.  Management Initiatives: Major focus areas within the DMTF, as well as other industry organizations, that are built upon DMTF technologies. These initiatives, which deliver functionality to specific vertical applications and industries, include important implementations such as the DMTF’s Virtualization Management Initiative (VMAN), Systems Management Architecture for Server Hardware (SMASH), and Common Diagnostic Model (CDM), as well as the Storage Networking Industry Association’s (SNIA’s) Storage Management Initiative Specification (SMI-S). Out of the initiatives notable is Cloud Management Initiative.  Cloud Management Initiative: Focused on developing interoperable cloud infrastructure management standards and promoting adoption of those standards in the industry. There are several working groups addressing various aspects of cloud infrastructure: . Cloud Management Working Group (CMWG) . Cloud Auditing Data Federation Working Group (CADF) . Software Entitlement Working Group (SEWG) . System Virtualization, Partitioning and Clustering Working Group (SVPC)

In May, 2013 DMTF also announced incubation of Open Software-Defined Data Center Standards (OSDDC) stating “While various management standards exist for physical, virtual and cloud-based systems, the industry is currently lacking standard architectures and definitions to describe the abstract, pooled resources of the Software-Defined Data Center. Led by Broadcom, Cisco Systems, EMC, Fujitsu, Huawei, NetApp, Oracle and VMware, Inc., DMTF’s OSDDC Incubator will develop a set of whitepapers to outline a clear definition and scope of the SDDC concept, including Use Cases, Taxonomy and Terminology, High-level Architecture and Standards Gap Analysis.” [20] Software-Defined Networking (SDN) standards by Open Network Foundation (ONF) are closely related to SDDC.

3.3.1.9 Open Networking Foundation (ONF)42

SDN is defined as “The physical separation of the network control plane from the forwarding plane and where a control plane controls several devices.” ONF has defined OpenFlow protocol standards, which defines OpenFlow Switch Specification [61]. This specification covers the components and the basic functions of the switch and the OpenFlow protocol to manage an OpenFlow switch from a remote controller.

ONF WORKING GROUPS :

Architecture and Framework Configuration and Management Extensibility Forwarding Abstraction Market Education Migration Optical Transport Testing and Interoperability SDN ARCHITECTURE Discussion Groups Figure reprinted with permission from ONF

The Working and Discussion Groups are comprised of individuals from member companies. All Working or Discussion Group participants must apply to join any ONF mailing list with a valid ONF member email address. The initial membership fee is USD 30,000.00. While SDN provides an opportunity for innovation especially for emerging markets such as India, this initial membership fee could be a barrier for smaller startup companies and academic institutions based out of India.

3.3.2 Global Interoperability/Benchmarking Initiatives

Given the heterogeneity associated with the cloud service models (IaaS, PaaS, SaaS), the complexities associated with distributed infrastructure, and the large number of standards and standards making entities involved, cloud interoperability is a complex problem.

42 Information on ONF can be found at https://www.opennetworking.org/.

To address the interoperability in cloud computing, several initiatives have been started such as Global Intercloud technology forum (GICTF), Ocean project, Cloud4SOA, Reservoir Framework, SLA@SOI framework, Storage management Initiative(SMI), IEEE intercloud test bed, Cloud Plugfest, Open Cirrus (cloud computing test bed for federating distributed data centers). This section gives an overview of the various interoperability efforts.

3.3.2.1 OCEAN43 (Open Cloud for Europe, Japan, and beyond)

OCEAN project aims to provide an Open Cloud Interoperability Framework in adherence with the cloud reference architecture and open cloud standards. It is driven by ETSI (European Telecommunication Standards Institute). The project considers various standards for building the interoperability framework like Open Cloud Computing Interface (OCCI) from Open Grid forum (OGF); Cloud Data Management Interface (CDMI) from SNIA; Common Information Model (CIM) from DMTF; IEEE P2301™ and IEEE P2302™ for portability and intercloud interoperability; TOSCA from OASIS; portability of cloud applications; and the IT services that comprise them. The project also aims to provide facilities like Open cloud innovation directory (one-stop-shop directory for various European cloud computing projects) and Open cloud Plugfests (open source oriented events aiming at stimulating cooperation and integration between open cloud collaborative projects).

3.3.2.2 Cloud4SOA

Cloud4SOA is a cloud interoperability framework and platform for service-oriented applications. It provides an open semantic interoperable framework for PaaS developers and providers. The Cloud4SOA Reference Architecture will be designed to resolve the problematic semantic interoperability issues, introducing an open, generic architecture for a semantically interoperable cloud, capitalizing on Service-Oriented Architecture, lightweight semantics, and user-centric design and development principles. To validate this architecture, Cloud4SOA will implement, deploy, and evaluate its usability, applicability, and adaptability by developing a proof‐of‐concept platform that will be applied in different scenarios and setups across three European industrial and business showcases.

Cloud4SOA provides the following four core capabilities implemented by the reference architecture:

 Matchmaking between a cloud application and a ranking of platforms to best fit its needs.  Management of applications deployed in several PaaS providers, as well as independent SLA interaction.  Monitoring of applications deployed on multiple platforms, using universal metrics.  Migration of an already-deployed application from a PaaS offering to a competing one.

43 Information on OCEAN is available at http://www.ocean-project.eu/.

3.3.2.3 Global Intercloud Technology Forum (GICTF)44

Global Intercloud Technology Forum promotes the global open intercloud technologies and standardization through collaboration among academia, government, and industry. The Intercloud is an interconnected global “cloud of clouds” and an extension of the “network of networks” on which it is based. The intercloud scenario is based on the key concept that each single cloud does not have infinite physical resources or a ubiquitous geographic footprint. If a cloud saturates the computational and storage resources of its infrastructure, or is requested to use resources in a geography where it has no footprint, it would still be able to satisfy such requests for service allocations sent from its clients. GICTF aims to promote standardization of network protocols and the interfaces through which cloud systems interwork with each other and to enable the provision of more reliable cloud services than those available today.

3.3.2.4 IEEE Intercloud Test Bed45

IEEE Intercloud Test Bed is a project under the IEEE Standards Association Industry Connections Program and jointly sponsored by the IEEE Cloud Computing Initiative, the IEEE Cloud Computing Standards Committee, and the IEEE Standards Association. The IEEE Cloud Computing Standards Committee is sponsoring the development of technical standards (including IEEE P2302™) for cloud-to-cloud interoperability. The objective of the IEEE Intercloud Test Bed project is to create a global lab to prove and improve the Intercloud technology and provide a springboard for the Intercloud to become a commercial reality. The key deliverables of the testbed are as follows:

 Intercloud root  Intercloud exchange  Intercloud testbed registration authority  Initial operational intercloud testbed with three clouds

IEEE has two working groups (WGs), P2301 and P2302, who are looking at a wide variety of areas of cloud computing interoperability and standards. The IEEE P2301 WG aims to work on standardizing cloud portability and management, using a number of file formats and interfaces. While the IEEE P2302 WG focuses on cloud-to-cloud interoperability and federation. This WG is working on standardizing gateways that can handle data exchange between clouds.

IEEE P2302 WG aims to develop the standard for Intercloud Interoperability and Federation (SIIF). This standard will define topology, functions, and governance for cloud-to-cloud interoperability and federation. Topological elements will include clouds, roots, exchanges (which mediate governance between clouds), and gateways (which mediate data exchange between clouds). Functional elements will include name spaces, presence, messaging, resource ontologies (including standardized units of measurement), and trust infrastructure. Governance elements will include registration, geo-independence, trust anchor, and potentially, compliance and audit. The standard will not address intracloud (within cloud) operation, as this is cloud implementation-specific, nor will it address proprietary hybrid-cloud implementations.

44 Information on GICTF is available at http://www.gictf.jp/index_e.html. 45 Information on the IEEE Intercloud Test Bed is available at http://cloudcomputing.ieee.org/intercloud.

3.3.2.5 RESERVOIR Framework46

The RESERVOIR framework shows a more layered approach in which the focus is on the management of virtual workloads. These workloads can be of different types like virtual machines or even Java services. Also, RESERVOIR tries to break the barriers between cloud sites, which include geographical, security, and management issues. Cloud services can be moved between sites to gain interclouds. While doing so the services have attached SLAs that, for example, can state that Cloud Service A should stay on the private cloud so a Service B must be moved to a public cloud to free resources for Service A. They have contributed the management APIs for service providers called T-Cloud APIs that have the following features:

 Based on VMware v-Cloud  REST-based API  Core Functionalities  Self-Provisioning (resources provision: services, VMs, etc.)  Self-Management (power on/off, take snapshot, etc.)  Extension Functionalities  Self-Monitoring (pull/push)  Self-Administration (manage Org/VDCs)  Highly oriented to services  Uses OVF as service representation mechanism

3.3.2.6 Standards Gap

While SDN standards are getting mature and there is industry acceptance, there is a lack of standards around another very important piece of SDDC and that is Software-Defined Storage (SDS). While many vendors have started branding their products “SDS solution” there is no commonly agreed-upon standard for SDS.

This is also an opportunity for Indian industry and the academic research fraternity to lead the incubation and formation of SDS-specific standards, may be in collaboration with other standardization bodies such as SNIA, DMTF, etc. to address this gap.

3.3.3 Standards Development and Interoperability Initiatives in India

3.3.3.1 E-Governance (Not Specific to Cloud)

Standards for Interoperability Framework for e-Governance (IFEG) aims to enable e-Governance infrastructure and applications to inter-operate for which it has identified technical standards for interoperability within various domains of e-Governance. It addresses three aspects of interoperability: organizational, semantic, and technical interoperability.

46 Information on the RESERVOIR framework is available at http://www.reservoir-fp7.eu/.

These standards have been categorized broadly into the following domains of e-Governance applications:

 Presentation and Archival: Presentation provides interface to the user for access information. Various standards considered are: Simple Hypertext Web content (HTML) Style Sheets (CSS), Graphics—raster image (JPEG), Document type for open documents (ODF), Indian Languages presentation, storage, key board, (UNICODE) etc.  Data Integration: It covers standards that allow data exchange between homogeneous and heterogeneous systems. Some of the standards considered here are data description language (XML), content search and navigation (Xpath2.0), Metadata (ISO15836:2009), Data transformation (XSLT), etc.  Data Interchange: It covers standards that allow data interchange services to support the exchange of data between homogeneous and heterogeneous systems. Various standards listed are web service description language (WSDL), web service request delivery (SOAP), and web service security (SOAP, X509). All these standards also comply with W3C or OASIS standard bodies.  Network Access and Application: It specifies how information-processing resources are interconnected and documents the standards for protocols (for network access and communication), topology (design of how devices are connected together), and wiring physical medium or wireless assignments). The Information Access layer covers the technical specifications required for achieving interoperability between different access medium and application. The communication domain deals with the intra process communication within application systems as well as the intercommunication between systems. Some of the standards with regards to communications are Internet protocol (IPv4, IPv6), Wireless LAN (IEEE Std 802.1™, Authentication (SAML), Hypertext transfer (HTTP), E-Mail (SMTP), Mailbox access (IMAP4), Directory access (LDAPv3), and Domain name (DNS).  Security: Security standards for e-Governance deals with the defined security services that are required at each domain of an e-Government Architecture model and wherever the components communicate with each other. Various security standards are needed for different interoperability areas like hypertext transfer (HTTPS), secure socket layer (SSL), transport layer (TLS), digital signature algorithms (DSA), and Wireless LAN (IEEE Std 802.11n™-2009).

The previously mentioned areas and standards have been prioritized and approved by DeitY, in view of the interoperability requirements in e-Governance systems. In each of the Interoperability Areas, technical standards have been identified on the basis of the policy on “Open Standards,” their maturity, and industry preparedness for their adoption. The listed standards need to be followed by project teams of e-Governance applications in all departments at central/state government level, contractual policy framing agencies for development of e- Governance applications, and all integrators/service providers for Indian e-Governance applications.

Relevance of e-Governance standards to cloud computing:

Cloud Computing provides a delivery model inspired by Consumer Internet Services. Cloud Computing drives down costs and accelerates cost reduction benefit. E-Governance with cloud computing should offer an integrated management solution with automated problem resolution, end-to-end security mechanisms, and costing/accounting based on actual usage of data (depending on public or private/community cloud). At a global level, cloud architecture can benefit government by reducing duplicate efforts and increase effective utilization of resources. This, in turn, helps the government going green, reducing pollution, and effective waste management. In order to complement advantages offered by cloud computing to e-Governance, cloud computing solutions for e-Governance should adhere to the standards specified for e-Governance applications as mentioned in Technical Standards for Interoperability Framework for E-Governance in India [70].

3.3.4 Challenges and Barriers to Participation in Global Forums and Adoption of Standards

In general, the participation and the contributions from India in global forums are quite limited due to several challenges that have led to the current scenario, which are as follows:

 Participation and contributions in global forums are very weak.  Pool of sustained expertise and experts for participation in global standards forums is almost non-existent. There are some most important challenges but the most notable ones are the slowness in cloud enablement and the rate of growth of the cloud adoption overall within India. In order to have a global footprint of India’s strength in cloud enablement and services delivery, India needs to step up its efforts quickly through active participation and contribution, but this can be achieved only if enough focus is given by jump starting and promoting the activities through active funding of joint government, research, and industry labs initiatives.

Standards and Inter-operability can be at different levels and are captured in a reference model. (See NCC reference in NIST SP 500-291 [56].)

It is important that India understands the nuances of standards and interoperability issues in this emerging and complex topic like Cloud Computing. For this, India should take stock of scope, status of current work, and scheduled work-plan of various standards bodies and interoperability forums; it should also build a resource base with expertise in adequate numbers to follow, adopt intelligently, begin to participate in global forums, and become intelligent early adopters—thus enabling innovation to grow in India and Indian industry. If the country does this, it will propel India to emerge as one of the global leaders.

Again, decisions on which global standards to adopt in India will have to be differentiated from Indian efforts at preparation of standards based on original work as was done in respect of Indian languages. Only now, telecom product testing and certification—particularly with respect to security—have been mandated, especially in respect of imported equipment.

In respect to Internet, the process is not country specific and it is a deregulated industry. Internet ecosystem driven by ISOC, IETF, IAB, ICANN, and W3 consortium take care of standards

and inter-operability issues. Right from the beginning, they have built it as an interoperable, multi-vendor infrastructure that provides stable and scalable infrastructure and still supports innovation on the top of it. These forums are dynamic and open—all standards are in public domain (as RFCs), participation is open to all, decisions on standards are not based on majority voting but on merits and consensus, selection on chairmen of WGs is based on demonstrated expertise and participation in WGs, standards are decided only after codes are written to demonstrate merits of proposals/choices, and reference platforms are made available in open source.

Other issues noted by the WG were as follows:

a) Workload movement—the ability of an active workload running in cloud resources to automatically move data, applications, and server configurations from one cloud provider to another cloud provider—has to be provided for when needed. b) Support for live migration while achieving interoperability will be another requirement. c) Adoption of cloud standards: Presence of a large number of emerging SMEs in the domain of cloud computing, while indicative of innovation and vitality of the ecosystem, it also leads to challenges for adhering to the developed standards, lest one lands up with islands of multiple solutions, which leaves behind silos and legacy systems making integration and interoperability difficult and expensive later (as in the area of health in many countries). d) Absence of Indian initiatives/Indian standard bodies for service-oriented architectures. e) Poor Indian participation in global cloud interoperability efforts due to high participation costs. f) Very few collaborative platforms/forums/projects, wherein industry, government, and academia come together and work for a common goal of building standards. g) Absence of nationwide or global interoperability testbeds in India to enhance the participation of universities and government organizations. h) Absence of open data culture in India, so even if data migration issues are technically resolved by achieving interoperability, public acceptance will be very low.

3.3.5 Recommendations

3.3.5.1 Standards Development and Adoption

3.3.5.1.1 Proposal

Global Leadership through active participation in global SDOs.

3.3.5.1.2 Objectives

Developing expertise in global standards by

 Active participation and contributions from India in targeted global SDOs  India reflectors of global SDOs to create a sustained pool of subject matter experts  Strategy for Leadership roles being played in global SDOs from India

3.3.5.1.3 Identification of Target SDOs

Whereas the scope here is large we have deliberated over this and decided on the following approach to identify target SDOs:

Phase 1—2014 (early experimentation)

Establish working model with at least three SDOs primarily based on familiarity and ease of engagement. The first three that have been identified for further exploration are as follows:

1) SNIA –CSI/ CDMI/Cloud Plugfest 2) DMTF–CDMA etc. 3) IEEE P2302 Other complementary initiatives to be driven in this phase are as follows:

. Intercloud interoperability test bed

. Initiate one PAR from India (application development framework for Meghraj, localization/language adaptation standards, etc.)

. Establish and drive a cloud computing cell within TSDSI (if possible) targeting at least one white paper on India specific recommendations

Phase 2—2015 to 2016 (incubate and establish working model)

Seek priorities from the other working groups.

Formalize the affiliations, working model with various global SDOs and various entities across India.

Create a sustainable funding model to provide high quality, high impact participation in 5 to 10 relevant SDOs.

Phase 3—Sustained model to evaluate, establish and monitor participation in global SDOs.

Measures of Success

. Sustained pool of experts on various standards—producing recommendations, white papers, and recognized as SMEs within the ecosystem

. Proposals/Amendments to various SDOs (e.g., 1 - IEEE-SA PAR in 2014)

. Number of active participants from India in global SDOs

. Leadership roles of CCICI members in Working Groups of global SDOs

2014 Deliverables:

. Establishment of three reflectors of at least five people (at least one each from academia, industry, and government).

. At least one standards proposal/amendment.

Working model

There are three possible working models:

. SDOs where there is no membership fees involved—reflector of five members established within CCICI, incentivized by obtaining partial support for travel expenses. . CCICI signs up as an entity through MOU Membership fees. Five member reflector within CCICI. Travel supported by member affiliations (partial funding can be an option). . CCICI driven reflector under a specific entity (N.I.C., CDAC, TSDSI, etc). Entity signs up as a member and funds the initiative. CCICI creates and drives the reflectors and reports progress to the entity.

3.3.5.2 Other Proposals

Other proposals that have been discussed and shall be developed further in the future are as follows:

 India-Specific SDO: Discussions are afoot to formalize this under the TSDSI umbrella. This would be developed based on the learnings from the participation in global SDOs.  India-Specific Interoperability Test Bed: This is a top priority and the intention is to bring together stakeholders across industry, academia, and government to jointly contribute in developing and operationalising this. The initial focus would be on developing India specific test cases and then establishing the test bed (leveraging and eventually linking into global test beds). Eventually this should also evolve into a Compliance/Certification agency with a strong link to BIS.

3.4 Regulations and Policy

3.4.1 Global Trends

Many countries and regions around the world have formulated policies with regard to promotion and use of cloud services. Global policy initiatives reveal the priorities of governments to protect citizen interests encourage cloud use and provide cloud computing services. Policy formulations underscore the fact that cloud technology and services are global/transnational in nature; whereas, national laws are locally specific. The policy objectives balance global trends against local priorities.

Key policy and regulation areas include defining data security and privacy priorities, setting data and process standards, setting policies for access to data, setting guidelines for infrastructure norms and amending laws relating to cybercrime and espionage. Nations have also enacted laws and directives to mandate or incentivize cloud use. Cost reduction and efficiency in IT-based services is the motivation for most of the policies.

3.4.1.1 Asia-Pacific

Singapore has enacted polices to support adoption of cloud services by government agencies. One of its key laws is the Personal Data Protection Act that defines what constitutes personal data and provides for an agency that will ensure this protection. Personal data can be defined as “Data whether true or not, about an individual who can be identified a) from that data or b) from that data and other information to which the organization is likely to have access.” With this definition, the law then enables data to be hosted anywhere, including outside Singapore, as long as compliance is retained. Singapore has also enacted sector-specific legislation, such as for banking, which also specifies how data is processed and stored. The Chinese government’s “cloud factory” project aims to providing computing resources to startups that do not have the financial resources to acquire the required IT.

The Australian government, too, actively promotes cloud usage. Australia has a Privacy Act (of 1988) and has eleven Information Privacy Principles that regulate how data about individuals is collected, processed and stored. These principles ensure that businesses and agencies can act freely, with regard to data, as long as they are in compliance. Other acts, such as the Archives Act, of 1983, provide guidelines on data retention practices. Australia also has laws that provide government reach for surveillance and security.

3.4.1.2 Europe

The European Union is concerned more about free flow of information between its member states and so has enabled cloud policies that emphasize interoperability and standards. The EU has recommended a “Cloud Computing Information Assurance” framework that ensures users are adequately informed about how their data is used. EU currently follows a data protection directive that mandates processing of data within member states; however, it is likely to amend this to include other countries also. The EU is also amending and extending laws pertaining to copyright and security to apply to cloud services.

3.4.1.3 North America

The United State government has a “cloud first” policy that encourages cloud adoption within agencies where cloud services, when suitable, are considered over other technologies. The U.S. has strong privacy laws that protect citizens from intrusion by the state; however, there are also countervailing laws, such as the Patriot Act that have over-riding powers and enable the state to carry out surveillance. Individual states in the U.S. have enacted legislation regarding protection of citizen data. The U.S. also has laws such as the Payment Card Industry Data Security Standard (PCIDSS), the Health Insurance Portability and Accessibility Act (HIPAA), and the Sarbanes-Oxley Law that place the responsibility of protecting data on the various parties who provide services.

Canada plans to position itself as the prime location for cloud computing based on its existing regulatory framework, IT expertise, and geographic location. Hence, the Canadian government’s cloud strategy focuses on positioning Canada as the leader in cloud computing along with the cloud first policy similar to that in the U.S.

Many industry associations and researchers advocate against cloud-specific policies as the complexity and variety of technologies and business models in cloud computing makes it difficult to formulate a one-size fits-all policy. To ensure the growth and innovation in cloud computing, it is recommended to balance regulations with the generative aspects of the technology, similar to what happened in the case of the Internet (Zittrain 2006). Most of the countries use their existing regulatory framework and laws for privacy, security, and data standards to address the needs of cloud computing. Countries like U.S., Australia, and Singapore have provided cloud computing guidelines to create awareness on the security, privacy, and interoperability issues that may arise in cloud usage. The main concerns, which are apparent across countries, are the cross-border data flows, localization rules, and the jurisdiction that applies. Hence, the interconnected and interoperable systems in a cloud environment force the need to adopt a global perspective.

3.4.2 India Initiatives and Opportunities

In India, government departments, industry associations, and affiliated bodies have taken a positive approach to cloud computing. There is a clear understanding that cloud services represent both an opportunity for massive rollout of computing services and also a potential for business development. Cloud services and technologies also present challenges for privacy and security of data, an area that is receiving considerable public attention and also policy scrutiny. The other concerns are related to support, capacity, lock-in, compliance, government surveillance, reliability, and liability.

3.4.2.1 Privacy and Security

India does not have a specific privacy law, one that regulates access and use of citizen data. Privacy protection is derived from fundamental rights in the Indian constitution and from the provisions of the IT Act. Under Section 43A of IT Act, 2000 it is required to comply with “reasonable security practices and procedures.” The IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 details the definition of sensitive data/information and the practices for collection, storage, disclosure, and transfer of

the information. The privacy and security rules that apply to data that is stored and processed in-house are applicable even if the data is stored and processed by an external service provider, irrespective of the geographical location of the external service provider. Clause 3 of the IT Rules addresses the requirements of data from a cloud perspective.

There is a need to reconsider this set of rules from a cloud computing point of view and clearly demarcate mandatory obligations by the entities. For example, for items like deletion of data beyond the contract period and transfer of data to another entity need to be made explicit. While the rule states that the data can be transferred to another entity based on the contractual obligations of the service provider and data owner, it does not mandate the need to transfer nor does it cover the requirements for data portability and data protection.

The rule does not differentiate between personal data and sensitive personal data (unlike the UK). Hence, the same rules would apply to both. Rule 6 allows for the government to obtain sensitive personal information of individuals from corporations without a warrant or the concerned person’s consent. Hence, this raises issues of personal privacy and government surveillance.

Data protection issues will need to be governed by the contractual relationship between the parties in cloud computing. The contracts will have to define the personal and sensitive data and the mode for handling the storage and transfer of data out of or to India.

The National Cyber Security Policy (July 2013) aims to create a secure cyberspace ecosystem and strengthen the regulatory framework. The policy addresses mechanisms to monitor and collect information related to cyber threats, capability building through training, and research. But risks arising due to usage of cloud computing and social networking sites have not been addressed. Hence, there is a need to review the policy to “future proof” it for technological advances without making it unique to cloud computing. e-Governance Security Assurance Framework (eSAFE 2010) is based on ISO/IEC 27001:2013 [42] and in line with the Federal Information Security Management Act (FISMA 2002) of the U.S., which assigns risk levels to various e-Government systems to provide for appropriate levels of information security. eSAFE guidelines are applicable to e-Government projects.

3.4.2.2 Interoperability and Data Standards

The Department of Electronics and Information Technology has published the framework, standards and policies to address the interoperability and data standards for e-Government projects in India. The policy on open standards for e-Governance covers the interoperability requirements for the interface and data archival level of all systems used for e-Governance. The government of India plans to adopt Single and Royalty-Free Open Standard. The standard will be maintained by a not-for-profit organization. The mandatory requirements for the open standard will be technology neutrality with capability of localization support for all Indian languages

Interoperability Framework for E-Governance (IFEG) in India addresses three aspects of Interoperability such as Organizational Interoperability, Semantic Interoperability, and Technical Interoperability. Each aspect of interoperability has detailed standards for each applicable area. For example, the technical interoperability areas are classified into seven broad domains—

Presentation and Archival, Process, Data Integration, Meta-data, Data Interchange, Network Access, Application, and Security. The E-Government Quality Assurance framework provides guidelines for assessing the compliance to the various standards, quality of service, frameworks, and guidelines that are applicable to the e-Government projects. This framework is applicable to all vendors and service providers involved in e-Government projects and hence will cover cloud computing providers.

3.4.2.3 Intermediary Liability

Information technology (intermediaries’ guidelines) rules 2011 puts down the due diligence to be carried out by the intermediary while discharging its duties. The rules are applicable to ISPs. It covers the requirements for security, privacy, unauthorized use and abuse of personal data, and computer resources provided by the Internet intermediary.

There is no maximum cap in relation to the compensation that would be required to be paid and essentially represents “unlimited liability” for companies in the case of a security event. Another issue that arises is the case of multiple intermediaries especially in the cloud environment such as the SaaS provider, IaaS provider, PaaS provider, etc. Hence, ascertaining the responsibility and apportioning the liability becomes a challenge.

3.4.3 Challenges and Barriers to Adoption

 A need to convert some of the desirable characteristics of the IT rules to mandatory obligations by the cloud provider. For example, transfer of data, deletion of data. Data portability and interoperability would need to be enforced through some regulatory framework on cloud operators.  Jurisdiction for the IT rules is not very clear. The government had to issue a clarification as the rules created confusion for companies outsourcing to India. The government clarified that the rules apply to “body corporate” located in India. Does this mean that companies located outside India processing India origin data are exempted? This would need a closer review from a cloud point of view.  Under Section 43A of IT act related to data security and privacy, there is no upper limit specified for the compensation that can be claimed by the affected party.  Contract formulation and enforcement is another challenge for organizations. Cloud contract would need to cover support, capacity, reliability, and compliance by the cloud provider as there are no specific laws to handle these.  Telecom providers play a key role in cloud computing infrastructure and hence there is a need to synch the policy framework for Cloud Computing and telecom providers. As the multiple regulatory bodies are involved such as Deity and TRAI, this can be a challenge.

3.4.4 Recommendations

The policy framework for Cloud Computing should adopt a holistic perspective and not attempt to formulate cloud-specific regulations. The existing set of policies and regulations need to be

re-looked at to future-proof them for the technological and business model developments of cloud-computing. We propose a multi-layered regulatory framework (see Figure 32) for cloud enablement to ensure cloud usage and innovation in India.

Figure 32 — Multi-layered Regulatory Framework

The bottom two layers provide the foundation rules and regulations that are applicable to any entity (individual or organization) involved in IT-enabled activities in the country. These policies are extended or detailed out by the subsequent layers based on specific industries, sectors, trade associations, and contractual relations. An examination of the regulatory framework from the privacy and security dimension is provided in the paragraphs that follow. The IT Act and Rules provide the overarching policies for organizations storing and processing data and the National Cyber security policy provide the regulations related to national security. Data security requirements may need to be sector specific (for example, e-Government or banking) and applicable to all IT services without being unique to cloud computing service providers. Some industries will have agreements and guidelines (for example, on security, interoperability, and open standards) to support the growth of industry (like the converging standards in the payments industry). Several other aspects of privacy and security will have to be addressed by the contractual agreements between the cloud computing provider and the organization or user.

While specific aspects of the regulatory framework need to be reviewed to enable cloud computing in India, broad recommendations for the policy are as follows:

 Constitute a non-legal, non-partisan multinational body that will enable organizations and nations to negotiate cloud policies and contracts.  Re-constitute various clauses and items from different laws and acts that impact cloud business, under a single Cloud Regulatory framework for India.  Clarify the issue of jurisdiction, sovereign borders, and sovereign reach for matters related to taxation, government surveillance, and data-related laws.  Adopt a wait and watch strategy to formulate new laws based on the development of cloud computing market. For example, development of natural monopolies in cloud service.

3.4.4.1 Innovation Proposal 1: Establishment of World Cloud Council

Multiple differing laws, practices and customs across geographies and the lack of shared understanding of cloud technology and practices has the potential for mistrust, massive lawsuits, business, and work disruption across countries. Hence there is a need to create an impartial, non-legal nodal worldwide agency for cloud computing. World Cloud council WCC would act as a nodal worldwide agency to negotiate cloud agreements, treaties, contracts and arrangements between nations and between organizations. WCC would help draw up agreements related to cloud use and business. This concept is similar to the World Trade Organization. A high-level conceptual model for WCC is given in Figure 33.

Figure 33 —World Cloud Council Model

3.5 Business Models and Strategies in Cloud Computing

Introduction

Framing the right business strategies is key for the success of any business. Companies make sure that Information Technology strategies are aligned properly with their core business strategies to have a sustainable competitive advantage for their businesses. The advent of cloud computing technologies change the way companies run their businesses and hence the need to come up with new business strategies. Finding the correct business model (i.e., how a certain strategy or goal can be accomplished) is now the most important goal to help usher in the new technology while remaining efficient.

Business models and strategies are ways, methods, and approaches by which an organization or a business entity can generate revenue by creating and delivering value (Wikipedia [84], Investopedia [41]).

Business models (Giessmann and Stanoevska-Slabeva [33]) consist of the following nine building blocks:

a) Target customers b) Value proposition the business offers c) Managing customer relationships, distribution channels d) Earning and managing revenue streams e) Identifying key partners f) Key resources g) Key activities h) Assessing costs

The first five components describe how the business model appears on the market and is experienced by customers. The remaining four items target how it is implemented by a specific business. There are several business models identified for running various businesses. The challenge today is to identify the changes in business models that have emerged due to the impact of cloud adoption in India.

Diving into the cloud business, business models on the demand side as well as supply side can be identified. On the demand side (end users), there are the cloud adopters and IT service providers. On the supply side, there are the Software as a Service (SaaS) providers, Platform as a Service (PaaS) providers, and Infrastructure as a Service (IaaS) providers.

3.5.1 Impact to Business Environment

The different service models of cloud, namely SaaS, IaaS, and PaaS, provide the ability for flexibility in pricing model and provision of services at different levels. This has impacted the traditional linear value chain for IT services (Jaekel and Luhn [44]). The traditional value chain, which flows from consultancy (identify IT needs of the business enterprise), to system design and then to implementation, operations, maintenance of the application and finally the support

for the service provided. Cloud can provide service at IaaS, PaaS, or SaaS without necessarily following the value chain.47

Emergence of cloud as the central platform for infrastructure, software and services pose a serious challenge and opportunity to traditional model of India IT service companies and channel vendors (Dhar [19]). This is evident from the following trends.

With the migration of IT products and services to cloud under IaaS, PaaS, and SaaS, the vendors has direct visibility of their customers and have gaining better understanding about their needs. This trend is making the traditional channel partners redundant. For example, Office 365™ from Microsoft is now available and as a cloud product and they are reducing the fee for its channel partners (Vizard [81]).

An increasing number of companies are using cloud as the development and test platform and reducing the need to have their own data center and are also shying away from having long- term IT service contracts (Owenby [62]). Using the cloud model, large applications are designed using a composable model that uses APIs provided by partner application service through SaaS or PaaS. Clients are also re-negotiating the service contracts for shorter terms and lower value (Mckendrick [52]).

3.5.2 Global Trends

Cloud technology seems to be helping SMEs globally and locally. Worldwide (Europe, USA, Australia, and Asia) people and organizations are opening up to cloud computing and developing new business models that are helping the firms and each country as a whole.

A recent study of SaaS providers in Finland found the following business model archetypes: (Luoma, Rönkkö, and Tyrväinen [48]).

 Pure-Play SaaS: A business model that provides standardized web-based application with earnings from a one-time fee and a periodic fee. This model also requires domain- specific experience and target the under-served segment such as CRM and Supply Chain Management.  Enterprise SaaS: Companies looking to extend their existing enterprise capabilities and wanting to serve large customers adopt the Enterprise SaaS model where they create customized complex applications and provide through their channels and partners. This model often requires a longer sales cycle and earnings are expected through a one-time fee, a subscription, and a service fee.  Self-Service SaaS: A business model that uses a pull model to attract customers, such as Dropbox. Earnings are through freemium and through advertisements. This model depends on attracting a large number of end-users before moving on to SMEs. PaaS model is currently used by ISVs and SMEs and target mostly application developers. PaaS companies can expand their offerings with integration capabilities that integrate channels,

47 http://cloudcomputingbenefitsforbusinesses.blogspot.in/2012/04/current-business-model-of-cloud.html

partners, and providers. Such a model would lead to PaaS becoming an n-sided business model (Giessmann and Stanoevska-Slabeva [33]).

3.5.2.1 Indian Scenario and Initiatives

The center of gravity for computing in the government sector is shifting from a department- centric model to a federated g-cloud approach in order to serve citizens better. The Indian government will leverage g-cloud to create a more robust, cost-effective delivery platform to save costs, improve collaboration and efficiency, and bring transparency to the entire governmental system. Over the next decade, the Indian government’s g-cloud approach will drive major changes in the types of services it delivers—not just to citizens but also to employees and businesses.

3.5.2.2 Challenges and Barriers towards Cloud Adoption

As with anything new, there are challenges and barriers towards cloud adoption. In terms of cloud readiness, India (that was at 9th position during 2013) has moved down to 13th position this year as per the Asia Cloud Computing Association (Kaushik [46]). While the benefits and the potential of cloud computing are evident for a country like India, adoption and penetration of cloud services remains low. India policy makers and think tanks like CCICI need to break the challenges into solvable issues one at a time. If India adopts a restrictive approach to limit Indian data to Indian data centers, then other countries will also not use India as a global cloud hub— which will be a wasted potential given India’s large pool of IT/cloud resources.

Policy issues notwithstanding, in the Indian context, the challenges and barriers can be classified into the following categories:

 Infrastructure  Standards and processes  Law and regulations  Technology  Culture and risks

3.5.2.3 Infrastructure

Data connectivity and bandwidth: A global business that wants to establish hybrid cloud will need high-speed data connectivity between their public and private cloud located at world locations. Applications are getting architected to leverage movement of compute jobs between these clouds and customer expects lowest latency. At the domestic level too, the customer would want to upload and download terabytes of data into the cloud and our public data connectivity is ready to handle such a load at this time. When applications are moved onto cloud, the network availability and reliability become far more important and any disruption can severely affect ROI from those applications (Kumar [47]).

People resources: India as a market has promoted service economy for last three decades resulting in skills pool that has challenges to conceive and create world-class products and solutions. Indian education system also failed to nurture explorative thinking and risk taking. Rather, it promotes control, compliance and memory power that are required to promote service economy.

Power and space: Cloud data-centers consume large amount of electricity and there is need to grow as demand grow. Given the cost of electricity and real estate in India, they act as the impediment for word players to setup cloud in India. Further, elasticity is key aspect of the cloud. Data centers once established in India cannot grow due to space limitation and availability of power. The country infrastructure is simply not planned for dynamic growth.

3.5.2.4 Standards and Processes

Cloud computing brings not just a technology, but a new process into world of doing business on the cloud (Taft [69]). For example, insurance providers adopting cloud need to find new ways of storing and retrieving data and created new processes to adhere to data security and privacy requirements. Currently, these processes are pushed by IT application vendors, which make it challenging for businesses to adhere in a standardized way and switching from one vendor to another may be complex due to lack of standards on how applications communicate and control (Dhar [19]).

Businesses are unclear about the following aspects related to data governance and security (McCarthy [51],Bean [6]).

 Classifying data for cloud based on criticality and sensitivity. What to store in the cloud?  How do we define inappropriate use for data in the cloud?  Are there role-based access control to access data stored in a cloud?  Is the company data policy and process cloud ready?  Is the data security policies are complete enough for cloud?  Is there a data security policy administration  How do we retire and archive cloud data?  What are the risks associated with company audit when the IT move on to cloud?  How and who certify encryption standards for the cloud?  How do we enable trust on the cloud? In this context several global accreditations are available: 1) ISO 27001 2) FISMA (Federal Information Security Management Act of 2002) 3) Federal Risk and Authorization Management Program (FedRAMP) 4) Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (SSAE16)

5) Health Insurance Portability and Accountability Act (HIPAA) 6) European Union Model Contract clauses 7) Payment Card Industry Data Security Standard (PCI – DSS) 8) Cloud Security Alliance Cloud Controls Matrix (CCM)

3.5.2.5 Laws and Regulations

The challenges related to laws and regulations fall under the categories listed in 4.3.5.1 through 4.3.5.4.

3.5.2.5.1 Data Security

Cloud providers with data centers in India need strong data protection and security laws. There is obvious conflict of interest in this space between government regulation and customer interests. The law in India requires operators to provide access to data that is resides in servers located in India to authorities when demanded (Indian Lawyer 250 [38]). The IT Act 2000 simply prevents serious cloud operation from India (Indian Lawyer 250 [38]). For example, 256-bit encryption is not permitted in India (Waris [82]).

Many organizations loathe parting with their data or test environment to the Cloud. Cloud product vendors are then forced to work in a Private Cloud or On Premise mode. So as not to appear contrarian, these companies typically hide under the statement such as “our investment in our internal data center is so recent and so high that our Finance Department will not allow for scaling down until the costs are recovered.” A typical statement one might hear from such companies is “Cloud is great, but it’s not for us.”

Most European countries in a post-Snowden world are very sensitive to data being hosted on an Amazon or Azure cloud anywhere outside their geography. The onus is on the Cloud Infra providers to prove to the European enterprises that their data is safe with them and is both accessible to the enterprise and is not subject to external entity jurisdiction.

A variation on this theme is the European Data Protection Act, which forbids/prohibits sensitive information about European nationals going outside the boundary of their nation state. This places immense burden on Cloud PaaS, SaaS, and service providers to offer encryption/decryption services continually. Sometimes this hidden cost takes away the cost advantage that most Cloud Product providers purport to offer.

3.5.2.5.2 Intellectual Property Rights

Lack of strong regulations and practice around software piracy and IP rights are seriously limiting India’s ability to create software products companies. As per an IDC report, 64% of software used in India is pirated. International investment into Indian-based SaaS and PaaS companies can be challenging due to these limitations (Chowdhary, [11]).

3.5.2.5.3 IT Market Enablement Policies

Unless India takes cloud computing seriously, it will face the risk of losing market share in all industries in addition to IT, because cloud technologies are pushing the hardware and software providers to only a few such as Amazon and Google (Taft [69]). Given that IT is the key enabler for all industries, this means all the industries will eventually move to non-local cloud, hence losing the advantage to be present in India.

3.5.2.5.4 Tax Laws

Tax laws in India are seriously limited for cloud technology to flourish. For example, an international cloud business will not be able to bring hardware into the country for evaluation/experimentation and return back (loaning) as it leads to Permanent Establishment (PE) issue [87]. Limiting export-oriented activities to special economic zones (SEZs) alone and restricting movement of resources between SEZs are seriously affecting business comfort in India. An international survey by Ernst & Young [24] on tax consideration for cloud computing has rated India in RED.

3.5.2.6 Technology

3.5.2.6.1 Enterprise Readiness

Though the cloud technology is taking market share at a rapid phase, the concern on moving enterprise workload into the cloud still exists. The concern falls in the following categories:

 Performance, SLA, and Availability: Enterprise workloads are often tuned for a given system and application architecture to deliver a target turnaround time. For example, a banking transaction must be completed in a given timeframe. Such applications are designed for tightly coupled architectures i.e., the compute, network, and storage are programed assuming system-imposed latencies and applications tuned accordingly. When this type of application is migrated to cloud, which fundamentally has a loosely coupled architecture, it is highly challenging to meet those performance criteria. Compared to a traditional enterprise computing vendor, the cloud provider for enterprise may not be able to provide 24/7 support and further outage in parts of its data center will create down time to its customer unless it is supported through string high availability architecture (Dhar [19]).  Data: Enterprise applications often work with large data. Significant data resides within the company intranet and moving that data to cloud and back, though it has become acceptable due to increased cloud security, is expensive. When data is moving between customer premises and across cloud, it is open to increased probability of sniffing and spoofing (Dahbur, Mohammad, and Tarakji [18]).  Scale: A major barrier to entry in India is size/scale or lack of it. Any enterprise or government contract agency expects vendors to be in existence for more than 5 years, have at least 100 Crores in revenue, and must have made profits in the last 2 years to

qualify for any tender. This straightaway negates opportunities for Indian Product startups especially in the B2B segment to test market their offer in India before they take their product overseas.

3.5.2.6.2 Cloud Components Specific Challenges (Kumar [47])

The cloud components such as virtualization layer, cryptography implementations, zoning algorithms or non-availability zoning, implementation levels of mobile and web technologies, authentication methods and operating systems used can pose their own contents of vulnerability unless they are constantly upgraded and kept at highest level of robustness.

3.5.2.6.3 Vendor Lock-in/Portability/Interoperability (John and Njihia [45])

Traditional IT vendors often deliver cloud architecture and solutions that have lock-in components as interoperability standards are in its nascent stage.

3.5.2.7 Culture and Risks

Adopting cloud-oriented processes in an organization can fully change the scope of its IT departments as well as change the way the dependent departments functions. Such a move would need organizational transformation in terms of learning and adopting newer ways of conducting the business (John and Njihia [45]). A cloud provider may reach a point to sell the cloud business and divest it. In that circumstance, the cloud customer may find challenging the continuity of contacts and delivery of committed SLA disrupting its own business. The cloud customer could also face uncertainty about the safety and jurisdiction of its data with the cloud provider. As cloud is a shared service fundamentally, any kind of disruptive or malicious action against one cloud customer may affect other customers as well (Kumar [47]).

3.5.2.7.1 Cloud Business—Future Outlook

We are moving in a very exciting phase for Indian Startup Ecosystem and cloud is well positioned to redefine value creation for and from this market.

3.5.2.7.2 Business Considerations in Innovating on the Cloud from India

In tomorrow’s world of connected devices and continuous services, Indian startup ecosystem has an opportunity to build at least 2500 successful tech startups in the next decade, which could create millions of jobs and contribute up to $250 billion to India’s GDP.

There are two sweet spots for driving cloud innovation opportunity from India:

a) More than 400 million people are going to emerge with rising incomes and internet subscriptions in next 5 years—which implies a massive increase in the consumption of connected devices/appliances, content and SaaS apps on cloud in coming years. This

wave will also drive the spending on large government projects in citizen services and connected cities and many local innovations will set examples for the world. b) India today has one of the largest base of professional software developers (only second to the U.S.) and the country’s Global SI workforce influences more than $60 billion of global enterprise spending. This makes the country prime to produce many global innovations in hybrid enterprise IT, DevOps, and BigData. Cloud has moved the IT market towards producing smaller, nimbler, and specific value-driven solutions (Managed Virtualization [49]). India should consider this as an opportunity to build value-driven cloud service capabilities and to grow in the IT Service market.

Given the diversity and heritage, India could see some very interesting local innovations in social interactions such as multi-lingual exchange of thoughts, participation in traditional indigenous games in digital form, as well as location-driven augmented reality. The population demand on education and health areas are also going to force disruptions by bringing ease of accessibility to learning curriculum and patient experience. Another important area of innovation that is emerging pertains to the national security such as city surveillance and video and image analysis.

As every business is going through a cloud-enablement—be it for infrastructure cost-savings, agile tools, or data insights—cloud computing is going to play a pivotal role in shaping the future of technology startups in India. In fact with this intent alone, Microsoft started an Accelerator for Windows Azure in July 2012—one of the first of its kind by any technology company in this part of the world and since then, several startups have successfully graduated from the program and are preparing for their next phase of their growth.

From a business model perspective, the majority of Indian startups will adopt a recurring SaaS model (usage-driven) as a primary model of income generation. Also, there will be an opportunity for increase in globally competitive innovations from India in enterprise IT space. This will further increase the perceived value of India’s tech startup ecosystem and bring great rewards to Indian entrepreneurs and innovators. To further help the startup ecosystem in this regard, the recommendation for the new government in India would be to

 Drive a global PR program to improve the image of the tech startup ecosystem in India.  Focus on friendly tax policies for early-stage startups and associated investors.

3.5.2.7.3 Innovation Proposals

Innovation proposals are as follows:

a) Study successful cloud service providers’ business models and create a business model taxonomy that can help cloud-based start-up firms. Entrepreneurs need assistance in evaluating their value proposition, revenue models, and creation of network partners. The cloud business model taxonomy will provide a useful guideline to help the start-up firms. b) Examine the impact of cloud computing on a specific industry vertical in India and identify how cloud can benefit the industry.

c) Industry verticals like healthcare or education can be taken up for the study. The objective will be to identify the impact of cloud on industry structure, business models innovations of incumbent firms, and opportunities for new players like intermediaries, aggregators, service providers, platform available for cloud based start-ups, etc.

3.5.2.7.4 Recommendations (21 Point Checklist [2], Kumar [47])

To fast track India into cloud leadership, India should focus on the following:

 Create techno-legal based India Cloud Computing standards.  Form policy and regulatory framework that can have global acceptance and spur innovation and growth in this area.  Consider cross border data protection policies and standards and establish inter-country data protection treaties or publish globally-acceptable regulations.  Create globally-acceptable cloud certification and audit guidelines that can create global confidence.  Strengthen data privacy, protection, security, and IP laws and bring them to international standards.  Understand best practices on cloud-related data privacy, protection, and security and IP laws and establish short-haul court system to handle litigations and claims.  Fully revamp taxation laws and re-create them from client point of view, i.e., create the laws to enable nourishing business environment and tax collection must be an outcome and not the goal. For example, eliminate tax incentive concepts such as Special Economic Zone (SEZ) and Software Technology Park of India (STPI). Tax incentives can be based on what is produced and need not be based on location. Taxation can be purely on revenue generation and profits. Zoning laws can be introduced to separate residential, commercial, and industrial activities.  Checks and verification-based policies must be replaced with trust and self-declaration based ones. For example, there is no need to verify whether a specific asset is brought into the country for an export purpose or a domestic commercial purpose. Rather, there is only a need to consider the outcome.  Create an environment for free flow of technology and innovation from global companies/locations into India to cloud and related business. For example, climate the cumbersome customs procedure for software and hardware movement. There is no need to ask for the need and intention unless for military use. Enhance the re- certification process for cloud and related products by accepting internationally acceptable certifications.  Create cloud infrastructure hubs across India with ground infrastructure such as space, approachability, power, and high-speed high-quality networks. Also, extend such a network to potential cloud customer locations such as STPI/SEZ.  Extend policies, promotions, and incentives from IT service industries to cloud and software products industries.  Enhance the Indian education system to produce more people with explorative competence and entrepreneurial thinking.

4. A Roadmap for Cloud Computing in India: An Initial View

4.1 Introduction

The Cloud Computing Innovation Council for India (CCICI) started in October 2012 at the IEEE International Conference on Cloud Computing in Emerging Markets (CCEM 2012) with the vision of accelerating Cloud Computing adoption and innovation in India and enabling India’s emergence as a global leader in Cloud Computing. One of the objectives that the CCICI established early on was to come up with a roadmap for Cloud Computing in India. As a starting point, the CCICI worked on a white paper that represents the consolidated work of a significant body of experts from industry, government, academia, and professional bodies that came together to assess global trends in Cloud Computing, the status of India, India-specific challenges and opportunities, and recommendations to accelerate Cloud Computing adoption and innovation in India. This sizeable paper serves as a good survey and reference of the key technologies, trends, and standards in Cloud Computing. The work on the white paper provides an initial viewpoint on a roadmap for India to accelerate adoption of Cloud Computing and progress towards global leadership.

4.2 Vision, Mission, and Outcomes of Cloud Innovation Council of India

Be a Global Leader promoting National Adoption with innovation leveraging local expertise

Vision

Mission Outcomes  Think Tank viewpoint . Provide Thought Leadership  Global Collaborations . Globally Competitive Ecosystem  . Early Adoption of Innovation Globally Competitive Ecosystem . Prototype Solutions  Standards and Interoperability . World-class Local Leadership  Pilot Projects . Multi stakeholder partnerships  Entity Incubation  Multi stakeholder partnerships  Skill Building – Academia professionals

4.3 Levers for India to Lead in Cloud Computing

While India is in the early stages of cloud adoption in comparison to many other countries today, it still has a very significant opportunity to utilize Cloud Computing to transform the nation and to play a global leadership role in the Cloud Computing arena. India has to quickly take advantage of several levers if it wants to attain such global leadership status. Some of the important levers are as follows:

 India’s scale, especially for e-Government services: There is no other country in the world other than perhaps China that can match the scale and complexity of India. By speedily developing a cloud that stands up to the needs and price points of the nation, India can become a leader and role model for the world.  Technically skilled population and availability of talent: India is unique in its number of technically qualified people, in numbers of engineering and technical training institutions, as the global delivery center for the world, and as the development hub for many multi-national and national companies that are already doing a lot of work on Cloud Computing in India. If combined with the right human resource development initiatives, and industry-academia-government partnership initiatives, India has the opportunity to be the country with the largest population of highly skilled cloud resources in the world, particularly in the space of emerging open cloud technologies and standards.  Open source/open standards movement: Over the last year, the open source/open standards movement for cloud has attained critical mass and momentum and is gaining rapid adoption with exponentially increasing contributions. India, while currently being a very small player in this area, has the opportunity to rapidly become a major contributor, driver, and adopter of these emerging standards. By developing its national clouds based on these open standards and creating a vibrant community in this space, India can start becoming a leader.  Open Data movement: With the open data movement catching on globally, India has the opportunity to open its large sets of public data to the cloud community, fueling innovation from academia, startups, open source communities, and large companies. By moving fast in this area, India has the opportunity to play a global leadership role, and set standards for the new emerging computing paradigm around big data, analytics, mobile, social, and cloud.  Opportunity to lead in industry-specific clouds: Today’s cloud standards and offerings have largely been horizontal in nature and not tuned to the needs of specific industry verticals. As industry verticals are being transformed and redefined due to cloud, there is a window of opportunity to define reference architectures and standards around industry-specific clouds. India can seize the opportunity to lead in this area, particularly by defining these standards around the needs of its own industries, which are often free of the legacy infrastructures burdening their counterparts in mature markets and are in a better position to directly move to the cloud model.

 Ability to invest in a community development/innovation platform, and pose innovation challenges: The Indian government and private-public partnerships have the opportunity to invest in an open standards based community development platform to serve as a research and innovation platform for development of new capabilities, applications, and standards. India can also accelerate innovation most relevant to the nation’s needs by frequently announcing/posing challenges to the community and presenting awards to developers of winning solutions.  Definition of regulations and policies: Most importantly, the Indian government can put the right regulatory policies in place to foster the development and adoption of high quality, interoperable cloud solutions. The right regulatory policies will also enable India to be a major international public cloud provider, and start leading in inter-country agreements to foster cross-boundary clouds.

4.4 An Initial Draft Roadmap for Cloud Computing in India

Here we attempt to outline an initial draft of a Roadmap for Cloud Computing in India (see Figure 34 based on the extensive survey and analysis done in the white paper, and the levers for leadership identified previously.

We define the roadmap in terms of three phases and progress in three focus areas along these phases. The three focus areas of progress are as follows:

Figure 34 —High-level View of an Initial Draft Roadmap for Cloud Computing in India

 E-Government, eHealth, and Industry-specific clouds: We outline how national level clouds are established and interoperate, and scale out and mature to a level of being a global role model, driven by well-established policies defined by a National Cloud Authority. We also envision India piloting several industry-specific clouds such as in eHealth, and growing these to national scale clouds, and setting global standards for industry-specific clouds along the way.  Open Standards and Open Data Based Large-scale Clouds: Here we envision the introduction of an open standards community innovation platform that serves as an innovation and proving ground for Indian cloud capabilities catering to the needs of India, while propelling leadership from India in open global standards, and fostering the emergence of India-based global public clouds. We also envision how the opening up of national level data sets and the issuance of Open Data application “challenges” to the community spurs innovation and partnerships across academia, industry, and government, eventually leading to thriving startups and world-class innovation.  Skills Development and Research Excellence: Here we outline how the right national level human resource initiatives, coupled with public-private partnerships will drive the development of a globally enviable pool of skilled cloud professionals in India, while also spurring world leading research in the newly emerging paradigm of computing emanating from the convergence of cloud, big data analytics, social media, and mobile sensors and devices.

• Several national, state • Interconnected national • National scale clouds with basic laaS and and state clouds based on e-Governance cloud fully applications interoperability standards operational • Pilots of several industry • National scale industry • Major government Usage Scenarios clouds clouds emerge in several applications such as Aadhar (e-Government, • Publication of industry- industries services, financial inclusion, e-Health, specific cloud reference • eHealth: National Health IRCTC on National cloud architectures Information Exchange • Indian e-Governance Industry-specific • eHealth: Pilots of established with centralized Cloud is a model for the Clouds) electronic health records; health records world in scale and richness regulatory framework • National level Aadhar • Cloud-first is norm in • Unified catalog, inventory based cloud applications many industries of available web services emerge • eHealth: Flourishing innovation, analytics for personalized patient care • Open standards based • Growth in adoption and • India makes leading community innovation contributions to open cloud contributions in global platform introduced with • interoperability standards Cloud Standards including virtualization, Big Data become the default in industry-specific clouds analytics for Indian needs e-Government initiatives • India based public clouds • API's at laaS, PaaS, SaaS • Significant contributions are dominant providers for Open Standards and levels from India to open national services and have Interoperability • Initial interoperability standards and open source global reach standards emerge for • India based global clouds • Thriving innovation, (for laaS, PaaS, SaaS, government clouds emerge startups, and SaaS Data) • Several sets of data at • Large scale data sharing applications around open national level are opened to using Open Data standards data public and policies • National scale begins to • Open Data application • Several national scale be a global model; challenges start to be issued deployed applications based continued data application spurring academic research, on open data; Continued challenges spur world class startups, and academic- data application challenges research and innovation industry partnerships fuel innovation • Cloud training programs • Trained cloud engineers, • India emerges as largest with focus on open architects, specialists, data pool of cloud professionals technologies and emerging scientists emerge in the globe Innovation new roles • Open innovation • Indian researchers play a • HR initiative on Cloud platforms spur community lead role in Cloud driven Ecosystem skilling of active contributors new era capabilities—based (Skills & Research, • Innovation clusters • Top notch publications on internet of things, big established across emerge from research on data, ultra-scale social Startups, academia, industry, National scale clouds systems, analytics Regulations and government spurring • India becomes hotbed of • India is a recognized Policies) Research and new Cloud Cloud startups and VC global leader in Cloud startups investment startups • National Cloud Authority • Published standards and • A World Cloud Council is established to define policies for security, QoS, in place with India playing a standards and policies for SLA's, sustainability, security central role clouds in India auditing, procurement

Phase 1: Phase 2: Phase 3: Foundation & Penetration Maturity & Global Adaption & Scale Out Leadership

Figure 35 —Three Phases of the Roadmap

As indicated in Figure 35, the three phases of the roadmap are defined as:

 Phase 1: Foundation and Adoption. This is a crucial phase where the foundation for Cloud Computing in India is laid and adoption begins. National level policies are put in place, a National Cloud Authority is instituted, and foundational initiatives are established to drive progress in the three focus areas identified previously. These result in visible progress and adoption of clouds in government and industry in India, while establishing an open standards and open data based cloud community, along with national level cloud skilling and research programs.  Phase 2: Penetration and Scale Out. The fruits of the well thought and targeted initiatives from the first phase bear fruit in this phase as national level government clouds get established based on interoperability standards, strong contributions emerge from the open source/standards community within the country, national scale industry clouds emerge, and a sizeable population of skilled cloud resources and researchers make noticeable contributions at national and global levels.  Phase 3: Maturity and Global Leadership. This phase results from extensive leverage of the unique strengths of India outlined in the earlier subsection and the scale out achieved from the initiatives and progress in the first two phases. Here India has mature large-scale operational cloud systems, a world leading community of practitioners especially in Open Cloud systems, India-led and proven standards in several areas such as Industry-specific clouds, world leading startup companies emanating from the scale and sophistication of India based clouds, and a leading research community that defines the next era of computing and services for the globe. This roadmap represents an ambitious and yet realizable vision for Cloud Computing in India. The roadmap intentionally does not give a specific timeframe as this is heavily dependent on the level of focus brought to this roadmap, and each of the first two phases can launch anywhere from 1 year to 4 years. We hope to see foundational initiatives being launched speedily to establish the Phase 1 of this roadmap, and accelerate the move to Phase 2 in less than 2 years, as speed is of the essence to play a national and global leadership role.

4.5 Planned activities of CCICI

Category Phase 1 Phase 2 Phase 3 Think Tank Advisor to National Cloud Open SW Companies /2.4 National Cloud Innovation Authority/1.1 Sustainability Regulations, Challenge /1.1 viewpoint Collaboration Framework/1.4 Compliance, Incentives Threat Risk Model/3.2 (multi-stake holder Aadhaar MoU/1.5 Framework/2.5 Tax Policy/1.6 Open Data Policy/1.5 Multi Layered Regulatory Benchmarking & Certification partnerships + Financial Incentives for Cloud Framework/3.4 Framework/3.1 governance model) Adoption/2.1 Patent Strategy & Technical Cloud Security Requirements and support structure /3.4 Design Framework /3.2 Govt Strategy to leverage & promote “OPEN FORUMS & INNOVATION”/3.4 Globally competitive Global PR Program / 1.6 Innovation Clusters / 2.1 Mobile services for India: open Open Stack /2.4 Participation in Global source libraries/community eco system Global Leadership through active Interoperability Initiatives / 3.3 discussions / 2.5 (collaborations and Participation in Global SDO's / 3.3 Affiliation - Uptime Institute/2.5 World Cloud Council / 3.4 branding) Standards and Web Services Framework/1.1 Open SW Companies /2.4 National Cloud Innovation eHealth reference Architecture, Health Sustainability Regulations, Challenge /1.1 Interoperability Data record Standards / 1.3 Compliance, Incen tives Threat Risk Model/3.2 Technologies for Indian Lang/ 1.5 Framework/2.5 Tax Policy/1.6 Simplified Application creation Multi Layered Regulatory Benchmarking & Certification techniques/2.3 Framework/3.4 Framework/3.1 Open Stack/2.4 Federated Cloud mgmt/2.4 Patent Strategy & Technical Localization & multi-lingual-Mobile SLA Mgmt/2.4 support structure /3.4 access/2.5 Identify and publish best practices Sustainability Sustainability of best practices/2.5 around providing access to Regulations/Compliance Power Quality & Environmental Stds voice/vision impaired/2.5 /Incentives Framework/2.5 for Cloud Data Centers/2.5 Power Utilization Efficiencies for Classification Framework for Favourable Locations for Cloud Data Indian Conditions/2.5 Cloud SLAs ( domain specific)/3.1 Centers/2.5 Framework for SLA based Benchmarking & Certification Standards for Enterprise Grade Cloud autonomous evaluation & Framework/3.1 Service SLAs /3.1 selection of Services/3.1 India Specific SDO/3.3 Standards for Cloud Security /3.2 India specific Interoperability Test bed/3.3 Pilot projects Innovation Sandbox/1.2 National Healthcare repository/1.3 Disease Prevention & eEducation : Maths teaching in 6th Framework for SLA-based Management System/1.3 Std/1.3 autonomous evaluation & Automation of SLA management & OPEN Heterogeneous test & selection of Services/3.1 monitoring/3.1 development PaaS/2.3 Trusted Platform Module and Cloud Security Requirements / 3.2 Open Standards for authentication Integration/3.2 Entity Incubation R&D driven Innovation Incubators/1.4, Analytics and Visualisation National Open Data Institute/1.5 1.6 Framework for Threat Detection Big Data for Small Players/1.5 Governance and User assurance for Cloud/3.2 Skill Building - Awareness/training of Decision Cloud Application Engineering/1.4 Nurture Entrepreneurial Makers /2.1 Open Data Training Leadership/1.4 Academia Sustainability best practices/2.5 Framework/1.5 Education Curriculum/2.1 Professionals Converged Conferences Training Programs for Professionals/2.1 Research Web Services Framework/1.1 Cloud Application Engineering/ 1.4 App Dev eco - System / 1.4 Reference Architectures /1.2 Scale & Complexity Mgmt/ 2.4 Application Integration with Open Research Program /2.1 Power Aware Provisioning/2.4 Data APIs / 2.3 Simple application creation techniques Utilising non-data services to Billing Solutions / 2.4 /2.3 provide cloud access to feature Predicting best SLAs / 3.1 Localization and multi-lingual Mobile phone/2.5 Cryptography mechanisms for access/2.5 Automation of SLA management & Cloud /3.2 Voice based interactions to cloud monitoring/3.1 services through the mobile / 2.5 Framework for SLA-based autonomous evaluation & selection of Services/ 3.1

4.6 The Role of CCICI in Accelerating and Realizing the Roadmap

We see a crucial role for the CCICI in accelerating and realizing the roadmap outlined previously. The role of CCICI should be as follows:

 Bringing stakeholders together to jointly establish and refine goals for the various phases.  Helping formulate and issue “challenges” for the cloud community to spur innovation.  Nurturing a broad India-based cloud professional community to drive and develop open implementations and standards, as well as helping specify an open community cloud platform for innovation.  Acting as a trusted advisor to the government in policy formulation and adoption of technologies and standards, and in driving community based initiatives.  Forming industry-specific cloud workgroups to accelerate Indian leadership in this area.  Promoting partnerships across academia, industry, and government to accelerate skills building and drive research on large-scale cloud challenges.  Acting as an independent body measuring progress of India against the road-map.

In summary, India has significant opportunity to be a role model and world leader in adoption of Cloud Computing and Cloud Computing-based innovation. This will be crucially dependent on foundational initiatives that are undertaken with a sense of urgency, particularly in establishing program and incentives to drive national scale usage scenarios and India-based global clouds, establishing and leading in open standards and interoperability, and in fostering a skill pool of highly competent professionals extending to startups and research labs.

Annex A

(informative)

References

A.1 References cross referenced in this white paper

[1] 2013 Global venture capital confidence survey results, Deloitte and the National Venture Capitalist Association, http://www.deloitte.com/assets/Dcom- UnitedStates/Local%20Assets/Documents/TMT_us_tmt/us_tmt_2013VCSurvey_081313.pd f. [2] 21 Point Checklist for Selecting an Enterprise-Ready Cloud Service. Skyhigh. http://resources.idgenterprise.com/original/AST- 0116693_Skyhigh_21_Point_Checklist_for_Selecting_Cloud_Service_web_0114.pdf. [3] Adopting Cloud Services to drive business value, CII Report Feb 2013. http://www.cii.in. [4] Aircel partnership brings Wikipedia Zero to India, Wikimedia Blog, July 25, 2013, http://blog.wikimedia.org/2013/07/25/aircel-partnership-brings-wikipedia-zero-to-india/. [5] “Apple includes Multipath TCP networking in iOS 7,” IT World, September 30, 2013, http://www.itworld.com/mobile-wireless/374094/apple-includes-multipath-tcp- networking-ios-7. [6] Bean, L. (2009). “Cloud Computing: What Internal Auditors Need To Know.” Internal Auditing, 24(5), 34–38. Retrieved from http://search.proquest.com/docview/214387723?accountid=35207. [7] Benchmark Your Data Center’s Energy Efficiency, EnergyStar®, http://www.energystar.gov/index.cfm?c=prod_development.server_efficiency. [8] Best Practices Guide for Energy-Efficient Data Center Design, National Renewable Energy Laboratory (NREL), a national laboratory of the U.S. Department of Energy, March 2011. http://www1.eere.energy.gov/femp/pdfs/eedatacenterbestpractices.pdf. [9] Bihina Bella, MA; Eloff, JHP; and Olivier,MS, “Using the Internet Protocol Detail Record standard for next-generation network billing and fraud detection,” Information and Computer Security Architectures (ICSA) Research Group, Department of Computer Science, University of Pretoria, Pretoria, South Africa. [10] Burns, C. (2014). 1 CLOUD. Insurance Networking News, 16(6), 10. Retrieved from http://search.proquest.com/docview/1473609968?accountid=35207. [11] Chowdhary, Sudhir. “India needs to bolster its intellectual property policies.” Financial Express. (2013, Dec 23). http://archive.indianexpress.com/news/india-needs-to-bolster- its-intellectual-property-policies/1210564/. [12] Cloud Adoption in Governments: A White Paper,” Rick Almonrode and Santosh Thomas, IBM, 2013.

[13] Cloud Computing and Enterprise Software Forecast Update, 2012, Louis Columbus, Forbes Contributor, http://www.forbes.com/sites/louiscolumbus/2012/11/08/cloud-computing- and-enterprise-software-forecast-update-2012/. [14] Cloud Computing Reference Architecture, May 2011, https://www.ibm.com/developerworks/community/blogs/c2028fdc-41fe-4493-8257- 33a59069fa04/entry/chapter_13_cloud_computing_reference_architecture1?lang=en. [15] Cloud Standards Customer Council Press release, Successfully Converging Social and Mobile with Cloud, http://www.cloud-council.org/press-release/07-11-13.htm. [16] Consultation Responses: Improving Local Government Transparency, Open Data Institute, http://www.theodi.org/consultation-response/improving-local-government-transparency. [17] Consultation Responses: Code of Practices (Datasets), Open Data Institute, http://www.theodi.org/consultation-response/code-practice-datasets. [18] Dahbur, K., Mohammad, B., and Tarakji, A. B. “Security Issues in Cloud Computing: A Survey of Risks, Threats and Vulnerabilities.” International Journal of Cloud Applications and Computing (IJCAC), 2011, 1(3), 1–11. [19] Dhar, Subhankar. “From outsourcing to cloud computing: Evolution of IT services.” Management Research Review, Emerald Group Publishing, Ltd. (2012) Vol. 35(Issue 8), pp. 664–675. [20] DMTF to Address Need for Open Software Defined Data Center Standards Incubator group formed to develop common definitions and scope for emerging architecture model, May 28, 2013, http://www.dmtf.org/news/pr/2013/5/dmtf-address-need-open-software- defined-data-center-standards. [21] ENERGY STAR® for Data Centers. Alexandra Sullivan, US EPA, ENERGY STAR, February 4, 2010, http://www.energystar.gov/ia/partners/prod_development/downloads/DataCenters_Gree nGrid02042010.pdf. [22] ENSIA, Cloud Computing Risk Assessment, November 2009. http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud- computing-risk-assessment. [23] “Enterprise Content Collaboration: How SaaS Is Changing the Game,” IDC Report, May 2013 http://www.idc.com/getdoc.jsp?containerId=WC20130516. [24] Ernst & Young, Tax Considerations in Cloud Computing: Global Survey Report. 2012. http://www.ey.com/Publication/vwLUAssets/Tax_considerations_in_cloud_computing_glo bal_survey/$FILE/Cloud_computing_survey_results.pdf. [25] Ernst & Young, Turning the Corner: Global venture capital insight and trends. http://www.ey.com/Publication/vwLUAssets/Global_VC_insights_and_trends_report_2012 /$FILE/Turning_the_corner_VC_insights_2013_LoRes.pdf. [26] ETSI EG 202 009-1, User Group; Quality of telecom services; Part 1: Methodology for identification of parameters relevant to the Users. [27] ETSI ETR 003, Network Aspects (NA); General aspects of quality of service and network performance in digital networks, including ISDN.

[28] “Eucalyptus Cloud to Remotely Provision E-Governance Applications,” Sreerama Prabhu Chivukula, Rajasekhar Krovvidi, Aneesh Sreevallabh Chivukula, Journal of Computer Networks and Communications, 2011. [29] “Federal Cloud Computing Strategy,” Vivek Kundra, U.S. Chief Information Officer, February 2011. [30] “Forecast Overview: Public Cloud Services, Worldwide, 2011–2016, 4Q12 Update.” http://www.gartner.com/resId=2332215. [31] Forell, Tim; Milojicic, Dejan; and Talwar, Vanish “Cloud Management: Challenges and Opportunities,” Hewlett Packard, Published Online http://www.hpl.hp.com/people/vanish_talwar/CR_2011_HPGC_CloudMgmtChallenges.pdf [32] Getting Started with Twitter via your mobile phone, Twitter, Inc., https://support.twitter.com/articles/14589-getting-started-with-twitter-via-sms. [33] Giessmann, Andrea and Stanoevska-Slabeva, Katarina (2012). “Business Models of Platform as a Service (PaaS) Providers: Current State and Future Directions,” Journal of Information Technology Theory and Application, Volume 13, Issue 4, pp. 31–55, December 2012. [34] Harms, H. and Yamartino, M., “The economics of the cloud,” Microsoft Corporation, Redmond, WA, USA, Microsoft Whitepaper, November 2010. Published online http://www.microsoft.com/presspass/presskits/cloud/docs/The-Economics-of-the- Cloud.pdf. [35] “Hot trend in IT—industry-specific clouds,” Nick Clunn, Tech Page One September 10, 2013. [36] Iceland bets future on large data center development, Penny Jones – Datacenter Dynamics, 6 March 2013, http://www.datacenterdynamics.com/focus/archive/2013/03/iceland-bets-future-large- data-center-development. [37] Identity in the Cloud Use Cases, V1.0, 8 May 2012, http://docs.oasis-open.org/idcloud/IDCloud-usecases/v1.0/cn01/IDCloud-usecases-v1.0-cn01.pdf. [38] Indian Lawyer 250, “Encryption in India.” 6 June 2013. Copyright © 2014, Law Business Research Ltd. http://indianlawyer250.com/features/article/81/encryption-india/. [39] “Industry specific clouds come rolling in,” Esther Shein, Computer World, October 3, 2011. http://www.computerworld.com/s/article/9220349/Industry_specific_clouds_come_rollin g_in?pageNumber=1. [40] “Industry-specific requirements shape the evolution of the XaaS market,” Caitlin White, http://www.searchcloudcomputing.com. [41] Investopedia, Business Model, http://www.investopedia.com/terms/b/businessmodel.asp [42] ISO/IEC 27001:2013, Information Security Management. [43] ITU-T Recommendation G.1000, Communications Quality of Service: A framework and definitions. [44] Jaekel, Michael and Luhn, Achim. “Cloud Computing—Business Models, Value Creation Dynamics and Advantages for Customers.” Siemens IT Solutions and Services, 2009.

[45] John, O. O., and Njihia, J. (2014). “Challenges of cloud computing in business: Towards new organizational competencies.” International Journal of Business and Social Science, 5(3) Retrieved from http://search.proquest.com/docview/1511129999?accountid=35207. [46] Kaushik, Preetam. “The Cloud is Calling, but Is India Ready?” The Business Insider, May 29, 2014. http://www.businessinsider.in/TheCloud-Is-Calling-But-Is-India- Ready/articleshow/35727267.cms. [47] Kumar, Ajit. “Cloud computing in Indian perspective.” Institute of Applied Manpower Research, Planning Commission. 2013. [48] Luoma, Eetu; Rönkkö, Mikko; and Tyrväinen, Pasi. “Current Software-as-a-Service Business Models: Evidence from Finland” Software Business: Third International Conference, ICSOB 2012, Cambridge, MA, USA, June 18–20, 2012. Proceedings, Springer Berlin Heidelberg, pp. 181–194. [49] Managed Virtualization. Rackspace: The Open Cloud Company. http://resources.idgenterprise.com/original/AST-0116820_Managed_Virt- Rackspace_v7.pdf. [50] “Mary Meeker’s Latest Must-Read Presentation On The State Of The Web,” Business Insider, http://www.businessinsider.com/mary-meeker-2012-internet-trends-year-end- update-2012-12#-34. [51] McCarthy, M. P., and Hill, S., Cloud adoption points to IT risk and data governance challenges. 2011. Directorship, 37(2), 72-72, 4. Retrieved from http://search.proquest.com/docview/864752899?accountid=35207. [52] Mckendrick, Joe. “IT outsourcing hits a new stride.” Insurance Networking News. July 1, 2013. http://www.insurancenetworking.com/issues/2008_96/it-outsourcing-new-stride- 32595-1.html. [53] Meghraj: GI-Cloud Adoption and Implementation Roadmap, April 2013, Government of India, Department of Electronics and IT. http://deity.gov.in. [54] Meghraj: GI-Cloud Strategic Direction Report, April 2013, Government of India, Department of Electronics and IT. http://deity.gov.in/sites/upload_files/dit/files/GI- Cloud%20Strategic%20Direction%20Report%281%29.pdf. [55] Meeker, Mary, 2013 Internet Trends, Kleiner, Perkins, Caufield, Byers (KPCB), 29 May 2013, http://www.kpcb.com/insights/2013-internet-trends. [56] NIST SP 500-291, NIST Cloud Computing Standards Roadmap, http://www.nist.gov/itl/cloud/upload/NIST_SP-500-291_Jul5A.pdf. [57] NIST SP 500-292, NIST Cloud Computing Security Reference Architecture, http://collaborate.nist.gov/twiki-cloud- computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2 013.05.15_v1.0.pdf. [58] NIST SP 800-145, The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards and Technology, http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.

[59] OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) Technical Committee—Charter—Statement of Purpose, 20 December 2013, https://www.oasis- open.org/committees/tosca/charter.php. [60] OASIS Identity in the Cloud Technical Committee—Charter—Statement of Purpose, https://www.oasis-open.org/committees/id-cloud/chgarter.php. [61] Open Flow Switch Specification, Open Networking Foundation, ONF, https://www.opennetworking.org/sdn-resources/onf-specifications/openflow. [62] Owenby, S. (2014, Jun 02). “Cloud can transform your business.” The Business Times. Retrieved from http://search.proquest.com/docview/1531047962?accountid=35207. [63] Parallels Continues to Propel Indian SMBs’ Cloud Services Adoption, May 27, 2013. http://www.parallels.com/news/id,33040. [64] Project Spoken Web: Creating a parallel of the World Wide Web, IBM®, https://www.research.ibm.com/irl/projectspokenweb.html. [65] Reuser's Guide to Open Data Licensing, Open Data Institute, http://www.theodi.org/guide/reusers-guide-open-data-licensing. [66] Rethink Storage: Transform the Data Center with EMC ViPR Software-Defined Storage (White Paper), EMC Corporation, http://www.emc.com/collateral/white-papers/h11749- transform-data-center-with-vipr-software-defined-storage-wp.pdf. [67] Snaptu: Acquisition by Facebook, http://en.wikipedia.org/wiki/Snaptu#Acquisition_by_Facebook. [68] SNIA dictionary, http://www.snia.org/education/dictionary/s. [69] Taft, Darryl K., Cloud Computing's Promises and Challenges. eWeek. 10/6/2008, Vol. 25 Issue 28, p23. 1/2p., Database: Business Source Complete. [70] Technical Standards for Interoperability Framework for E-Governance in India, https://egovstandards.gov.in/sites/default/files/Published_Standards/Technical%20Standa rds%20for%20IFEG/Technical_Standards_for_IFEG_Ver1.0.pdf. [71] The Green Grid, Energy Policy Research and Implications for Data Centers in EMEA, http://www.thegreengrid.org/~/media/WhitePapers/Energy%20Policy%20Research%20an d%20Implications%20For%20Data%20Centres%20In%20EMEA%20Abstract%202012-03- 06%20-%20Final.pdf. [72] The Global Information Technology Report 2008–2009: Mobility in a Networked World, Soumitra Dutta and Irene Mia, http://hd.media.mit.edu/wef_globalit.pdf. [73] The Indian Cloud Revolution, the Confederation of Indian Industry (CII), http://www.cii.in/cloudreport. [74] The Power of a Billion: Realizing the Indian Dream, FICCI-KPMG: India Media and Entertainment Industry Report 2013, http://www.ficci.com/spdocument/20217/FICCI- KPMG-Report-13-FRAMES.pdf. [75] The National Mobile Governance Initiative, Mobile Seva FAQ, http://www.mgov.gov.in/msdp_faq.jsp?ln=eng.

[76] The Power of Cloud: Driving Business Model Innovation,” IBM Institute of Business Value, 2012. [77] The Rise of the Purpose-Built Industry Cloud, Rich Miller, Data Center Knowledge, September 23, 2013. http://www.datacenterknowledge.com/archives/2013/09/23/the- rise-of-the-purpose-built-industry-cloud/. [78] “Towards an E-Governance Grid for India (E-GGI)—an Architectural Framework for Citizen Services Delivery,” C.S.R. Prabhu, National Informatics Center, Hyderabad. [79] Unique Identification Authority of India, Aadhaar Data Portal, https://data.uidai.gov.in/uiddatacatalog/dataCatalogHome.do. [80] “United Nations E-Government Survey 2012,” United Nations Department of Economic and Social Affairs, New York, 2012. [81] Vizard, M. (2014). “Cloud Challenges Are On Tap for the Channel in 2014.” Channel Insider, pp. 1–2. [82] Waris, Salman. “Government Asleep over Encryption Regulations.” Legally India, 20 August 2009. http://www.legallyindia.com/20090820138/Legal-opinions/government-asleep-over- encryption-regulations. [83] What’s Happening with Watson, IBM, 2014. https://www- 03.ibm.com/innovation/us/watson/. [84] Wikipedia, Business Model, http://en.wikipedia.org/wiki/Business_model [85] “World's first Braille smartphone in development,” Eric Larson for CNN, April 29, 2013, http://edition.cnn.com/2013/04/26/tech/mobile/first-braille-smartphone. [86] Worldwide SaaS and Cloud Software 2012–2016 Forecast and 2011 Vendor Shares, IDC Report, Aug 2012, http://www.idc.com/getdoc.jsp?containerId=236184. [87] http://www.slideshare.net/darpanmehta/concept-of-permanent-establishment

A.2 Additional sources and websites

[88] A User-Centric Service-Oriented Modeling Approach, Ding-Yuan Cheng, Kuo-Ming Chao, Chi-Chun Lo, Chen-Fang Tsai, World Wide Web, 2011, pp 431–459. [89] ASHRAE, “Data Center Essentials: Guidance on Energy-Efficient Design and Operation,” Hard Bound Volume—ISBN(s):9781936504510, Published 2013. [90] Bohn, Robert, NIST Cloud Computing Reference Architecture and Taxonomy Working Group. [91] Busch, John, Are Outdated Data Architectures Holding Back the Cloud? February 21, 2011. http://gigaom.com/2011/02/21/are-outdated-data-architectures-holding-back-the- cloud/. [92] Carbon Pollution Standards, United States Environmental Protection Agency, http://www2.epa.gov/carbon-pollution-standards.

[93] “Cloud Computing Innovation Council of India: A Concept Paper,” CCICI Executive Committee, July 13, 2013. [94] Cloud Computing Issues and Impact, Global Technology Industry Series, Ernst and Young, 2011. [95] Cloud Computing Model for National e-Governance Plan (NeGP), D. G. Chandra, R. S. Bhadoria, Fourth International Conference on Computational Intelligence and Communication Networks, 2012. [96] “Cloud Federation,” Tobias Kurze, Markus Klems, David Bermbach, Alexander Lenk, Stefan Tai and Marcel Kunze, Steinbuch Centre for Computing (SCC), Karlsruhe Institute of Technology (KIT), Hermann-von-Helmholtz-Platz 1, 76344 Eggenstein-Leopoldshafen, Germany. [97] Cloud Security Alliance (CSA), “The notorious nine cloud computing top threats in 2013,” Top Threats Working Group, CSA, February 2013, https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine _Cloud_Computing_Top_Threats_in_2013.pdf. [98] Cloud Security Alliance (CSA), “Cloud computing vulnerability incidents: A statistical overview,” CSA Cloud Vulnerability Working Group, Mar 13th 2013, https://cloudsecurityalliance.org/download/cloud-computing-vulnerability-incidents-a- statistical-overview/. [99] Cloud Standards Customer Council, “Practical Guide to Cloud Service Level Agreements Version 1.0.” April 10, 2012. http://www.cloudstandardscustomercouncil.org/2012_Practical_Guide_to_Cloud_SLAs.p df.

[100] CO2 baseline database for Indian Power Sector, March 2011 published Ministry of Power, Govt. of India, http://www.cea.nic.in/reports/planning/cdm_co2/user_guide_ver6.pdf. [101] “Consumer-centric QoS-aware selection of web services.” Wei-Li Lin, Chi-Chun Lo, Kuo- Ming Chao, and Muhammad Younas. Journal of Computer and System Sciences, Volume 74, Issue 2, March 2008, Pages 211–231. [102] Demystifying the Cloud, by Janakiram MSV, http://www.janakiram.com/downloads/Demystifying%20The%20Cloud.pdf. [103] Elmroth, Erik; M´arquezy, Ferm´ın Gal´an; Henriksson, Daniel; and Perales Ferreray, David. “Accounting and Billing for Federated Cloud Infrastructures.” Department of Computing Science and HPC2N, Umea University, Sweden. [104] Energy Efficiency and Renewable Energy, United States Department of Energy, “Quick Start Guide to Increase Data Center Energy Efficiency,” Published online https://www1.eere.energy.gov/femp/pdfs/data_center_qsguide.pdf. [105] Energy Efficiency and Renewable Energy, United States Department of Energy, “Best Practices Guide for Energy Efficiency Data Center Design,” Published online at https://www1.eere.energy.gov/femp/pdfs/eedatacenterbestpractices.pdf. [106] Gonzalez, Nelson; Miers, Charles; Redigolo, Fernando; Simplicio, Marcos; Carvalho, Tereza; Naslund, Mats; and Pourzandi, Makan. “A quantitative analysis of current security concerns and solutions for cloud computing,” Journal of Cloud Computing, 2012.

[107] http://arxiv.org/ftp/arxiv/papers/1303/1303.4814.pdf. [108] http://blog.flurry.com/bid/94352/China-Knocks-Off-U-S-to-Become-Top-Smartphone- tablet-Market. [109] http://blogs.hbr.org/2012/11/2012-the-first-big-data-electi/. [110] http://borjournals.com/Research_papers/Jul_2013/1364IT.pdf. [111] http://brianberger.sys-con.com/node/1411630/mobile. [112] http://cloudcomputing.ieee.org/intercloud. [113] http://dmtf.org/standards/ovf. [114] https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf. [115] http://en.wikipedia.org/wiki/Content_delivery_network. [116] http://en.wikipedia.org/wiki/EGovernment_in_Europe. [117] http://healthcare.financialexpress.com/201109/itathealthcare04.shtml. [118] http://info.exist.com/blogs/bid/61400/Cloud-Computing-for-Healthcare. [119] http://nationalatlas.gov/articles/people/a_age2000.html. [120] http://newsroom.cdw.com/features/feature-05-26-11.html. [121] https://nsdg.gov.in. [122] http://readwrite.com/2013/03/04/9-top-threats-from-cloud-computing. [123] http://searchsecurity.techtarget.in/news/2240187903/The-cloud-security-issues-holding- back-cloud-adoption-in-India. [124] http://searchcloudcomputing.techtarget.com/feature/Enterprises-see-clear-advantage- of-cloud-computing-and-BYOD-combo. [125] http://solidfire.com/press-releases/solidfire-unveils-benchmark-to-guarantee-quality-of- service-in-the-cloud-challenges-storage-industry-to-deliver/. [126] http://statspotting.com/india-mobile-statistics-monthly-average-revenue-per-user-2-46- usd/. [127] http://stats.wikimedia.org/wikimedia/squids/SquidReportCountryData.htm. [128] http://techcircle.vccircle.com/2011/12/01/meet-india%E2%80%99s-hottest-angel- investors/. [129] http://techcurry.co/some-bizarre-numbers-on-smartphones-in-india/. [130] http://thehealthcareblog.com/blog/2011/05/02/health-care-in-the-cloud/. [131] http://thoughtsoncloud.com/2014/05/building-hybrid-cloud-3-ways-dynamic-cloud- powers-innovation/. [132] https://www-03.ibm.com/innovation/us/watson/watson_in_healthcare.shtml. [133] http://www.4pi.in/racs/speakersppt/CloudSecpaventhan.pdf. [134] https://www.cia.gov/library/publications/the-world-factbook/index.html.

[135] http://www.cisco.com/en/US/services/ps2961/ps10364/ps10370/ps11104/services_clou d_enablement_overview_public_sector.pdf. [136] http://www.cloud-council.org/. [137] http://www.cloudbook.net/resources/stories/can-cloud-computing-help-fix-health-care. [138] http://www.cloudcomputingzone.com/2011/02/healthcare-coming-to-the-cloud/. [139] http://www.cloudpro.co.uk/cloud-essentials/hybrid-cloud/3840/ibm-hails-composable- business-as-future-of-it-and-cloud. [140] http://www.computerworld.com/s/article/9215679/Report_Iron_Mountain_to_shutter_c loud_storage_service. [141] http://www.convergedigest.com/2012/10/china-mobile-nears-700-million-users.html. [142] http://www.data.gov.in. [143] http://www.dhs.gov/sites/default/files/publications/digital-strategy/federal-cloud- computing-strategy.pdf. [144] http://www.dmtf.org/. [145] http://www.ecommercetimes.com/story/Googles-No-Bellwether-for-Healthcare-Cloud- Services-72829.html. [146] http://www.emarketer.com/newsroom/index.php/digital-ad-spending-top-37-billion- 2012-market-consolidates/. [147] http://www.enterpriseefficiency.com/author.asp?section_id=2405&doc_id=264659. [148] http://www.enterpriseefficiency.com/author.asp?section_id=2405&doc_id=261933. [149] http://www.etsi.org/deliver/etsi_ts/182000_182099/182019/03.01.02_60/ts_182019v03 0102p.pdf. [150] http://www.expresshealthcare.in/201109/itathealthcare04.shtml. [151] http://www.factbrowser.com/facts/5037/. [152] http://www.fedramp.gov. [153] http://www.gapminder.org/. [154] http://www.gictf.jp/index_e.html. [155] http://www.globaljurix.com/fdi-in-multi-brand-retail-sector-india.php. [156] http://www.healthcarebusinesstech.com/cloud-computing-challenges/. [157] http://www.iamwire.com/2012/04/india-to-be-the-fastest-growing-e-commerce-market- in-asia-pacific/market-set-to-grow-to-8-8-billion-by-2016/. [158] http://www.information-management.com/news/health-care-cloud-computing- 10020883-1.html. [159] http://www.informationweek.in/informationweek/news-analysis/277145/rise- development-governance-apps-predicted-indian-government-releasing-3500-datasets-49- departments. [160] https://www.nics.uma.es/research/cloud.

[161] http://www.nist.gov/. [162] http://www.negp.gov.in. [163] http://www.o3bnetworks.com/media/45606/o3b_latency_mobile%20backhaul_130417.p df. [164] http://www.ocean- project.eu/bin/view/Services/Open_Cloud_Interoperability_Framework http://www.opendatacenteralliance.org. [165] https://www.opennetworking.org/. [166] http://www.openstack.org/. [167] http://www.oxford-consulting.com/industry-news/2011/08/integration-challenges- slowing-adoption-of-cloud-for-healthcare/. [168] http://www.parallels.com/news. [169] https://www.pcisecuritystandards.org/documents/Virtualization_InfoSupp_v2.pdf. [170] http://www.pwc.com/gx/en/technology/moneytree/private-equity-vc-investing-in- india.jhtml. [171] http://www.rediff.com/business/slide-show/slide-show-1-countries-with-the-most- millionaires/20110603.htm?print=true. [172] http://www.serc.iisc.ernet.in/~jlakshmi/Research/CloudsandQoS/CloudMonitoring- Grid12.pdf. [173] http://www.sienainitiative.eu/Repository/FileScaricati/1a286876-d56e-4a45-a1b7- 22f857e04278.pdf. [174] http://www.slideshare.net/mukundmohan/startup-application-trends-spring-2013. [175] http://www.slideshare.net/QuantMarkets/online-market-in-india. [176] http://www.snia.org. [177] http://www.technologyreview.com/featuredstory/508836/how-obama-used-big-data-to- rally-voters-part-1/. [178] http://www.technologyreview.com/featuredstory/508851/how-obama-wrangled-data-to- win-his-second-term/. [179] http://www.totaltele.com/view.aspx?ID=472089. [180] http://www.trendmicro.tw/cloud- content/us/pdfs/about/2012_global_cloud_security_survey_executive_summary.pdf. [181] http://www.vijayanand.name/2012/10/comparing-accelerators-in-india-side-by-side-part- 1/. [182] http://www.w3c.org. [183] http://www.w3.org/standards/semanticweb/data. [184] http://www.w3.org/WAI/mobile/. [185] http://www.w3.org/Mobile/IG/.

[186] http://www.zdnet.com/news/challenges-of-cloud-computing-in-healthcare- integration/6266971. [187] Introducing the Windows Azure Platform, Microsoft Corporation, http://go.microsoft.com/fwlink/?LinkId=158011. [188] Introducing Windows Azure, Microsoft Corporation, http://go.microsoft.com/?linkid=9682907. [189] Kyriazis, D., Varvarigou, T. and Konstanteli, K., Achieving Real-Time in Distributed Computing: From Grids to Clouds (pp. 1–15). IGS Global, Hershey, PA: Information Science Reference. 2012. [190] Kyong Hoon Kim, Anton Beloglazov, Rajkumar Buyya, “Power-aware Provisioning of Cloud Resources for Real-time Services,” Published online http://www.cloudbus.org/papers/Power-AwareCloud-MCG2009.pdf. [191] Luoma, Eetu; Mikko Rönkkö; and Pasi Tyrväinen. “Current Software-as-a-Service Business Models: Evidence from Finland.” Software Business. Springer Berlin Heidelberg, 2012. 181–194. [192] Market Trends: Platform as a Service, Worldwide, 2012–2016, 2H12 Update Published: 5 October 2012. [193] Moving to the Cloud, Dinkar Sitaram and Geetha Manjunath, Elsevier Publications, Dec 2011. [194] NIST SP 800-144, Guidelines on Security and Privacy In Public Cloud Computing, Wayne Jansen and Timothy Grance, December 09, 2011, http://www.nist.gov/manuscript- publication-search.cfm?pub_id=909494. [195] Offermann, P. and Hoffmann, M. and Bub, U., “Benefits of SOA: Evaluation of an implemented scenario against alternative architectures,” 13th Enterprise Distributed Object Computing Conference Workshops, 2009. EDOCW 2009, IEEE, 2009, pp. 352–359. [196] Piraino, Antonio, Quality of Service: The Next 'Great' Expectation of the Cloud, 11 July 2013. [197] Poltavets, O. (2009). “Cloud security challenges adoption.” Dealing with Technology, 6(2), 9. [198] QoS-aware service selection via collaborative QoS evaluation, Yu Qi, http://dx.doi.org/10.1007/s11280-012-0186-0, Springer US, 2012-09-14, pp 1–25. [199] “RESERVOIR—When one cloud is not enough,” Benny Rochwerger, Johan Tordsson, Carmelo Ragusa, David Breitgand, Stuart Clayman, Amir Epstein, David Hadas, Eliezer Levy, Irit Loy, Alessandro Maraschini, Philippe Massonet, Henar Mu˜noz, Kenneth Nagin, Giovanni Toffetti, and Massimo Villari. [200] “Resource Infrastructure in the NEXOF Reference Architecture,” Creative Commons, June 30, 2010. [201] Sekar, Vyas and Maniatis, Petros. “Verifiable Resource Accounting for Cloud Computing Services,” Intel Labs.

[202] Sustainability and the Cloud, The Global Environmental Benefits of IT Hosting and Cloud Technology, Diversity Limited and Rackspace Hosting, http://broadcast.rackspace.com/hosting_knowledge/whitepapers/sustainability-and-the- cloud.pdf. [203] Thirukumaran, S., Sanjay Ram, M., and Vijayraj, A., “Security perspective of cloud computing with survey of security issues,” Volume 3, No. 1, January 2012 Journal of Global Research in Computer Science. [204] Towards Quality of Service in clouds, Django Armstrong, Karim Djemame, 2009 http://www.comp.leeds.ac.uk/ukpew09/papers/18.pdf. [205] User-centric Quality of Service Management in UMTS, LANOMS 2005 - 4th Latin American Network Operations and Management Symposium, 2005. [206] User-Centered QoS Computation for Web Service Selection. Chunqi Shi, Donghui Lin, and Toru Ishida. IEEE 19th International Conference on Web Services, 2012. [207] Web Service Level Agreement (WSLA) Language Specification, version 1.0 Revision wsla- 2003/01/28, IBM Corporation. [208] Windows Azure Platform: A perspective – David Chappel [209] Windows Azure and ISVs: A Guide for Decision Makers http://go.microsoft.com/fwlink/?LinkID=157857. [210] Wu, Linlin and Buya, Rajkumar. (2012). Service Level Agreement (SLA) in Utility Computing Systems. Performance and Dependability in Service Computing: Concepts, Techniques and Research Direction, pp 1–25. [211] Zinnov Consulting, http://zinnov.com/Global/index.php.

APPENDIX A

ORGANIZATION PRINCIPLES

Organizational best practices are being adopted from the study of the organizational principles being developed around “Commons-based peer production”:

Commons-based peer production is a term coined by Harvard Law School professor Yochai Benkler. It describes a new model of socio-economic production in which the creative energy of large numbers of people is coordinated (usually with the aid of the Internet) into large, meaningful projects mostly without traditional hierarchical organization. These projects are often, but not always, conceived without financial compensation for contributors. The term is often used interchangeably with the term social production. “People participate in peer production communities,"” they write, “for a wide range of intrinsic and self-interested reasons....basically, people who participate in peer production communities love it. They feel passionate about their particular area of expertise and revel in creating something new or better." (Source: WIKIPEDIA)

“Open innovation is a paradigm that assumes that firms can and should use external ideas as well as internal ideas and internal and external paths to market, as the firms look to advance their technology”. Alternatively, it is “innovating with partners by sharing risk and sharing reward.” The boundaries between a firm and its environment have become more permeable; innovations can easily transfer inward and outward. (Source: WIKIPEDIA)

The primary outcomes from this forum would be in the form of “INNOVATION PROPOSALS”. These proposals are most conducive to the CBPP model of collaborative innovation. The following categories and the likely outcomes have been defined:

Standards and Interoperability: These would take the form of reflector groups of Global Standards bodies with the objective to build deep expertise, influence, and leadership in Cloud Computing Standards. These reflector groups will also propose new standards and recommendations for adoption of standards in India. Recommendations for organizational constructs to help drive Interoperability test beds, benchmarking and certification to accelerate the market adoption of Cloud Computing are also expected outcomes.

Thinktank of Experts: There are huge investments planned around Cloud Computing. This also represents a huge opportunity for India to become the global hub for “Innovation on the CLOUD”. A body of subject-matter experts coming together and publishing white papers, reference architectures, policy recommendations, and guideline documents can be a major catalyst to accelerate the impact of the investments and help seize the market opportunity.

Pilot Projects: In the spirit of “social innovation”, experts coming together to experiment and pilot innovative solutions for citizen services, eEducation, eHealth, and similar areas where Cloud Computing can lead to great societal impact (especially for the “bottom of the pyramid”) is also an important likely outcome.

Research Projects: Cloud Computing requires many multi- disciplinary experts to come together and drive solutions with an end-user focus. Hence the research around Cloud Computing should mandatorily require industry, academia, and government labs to collaborate. CCICI could be the forum to direct all such discretionary research funding around Cloud Computing towards such collaborative proposals.

Entity Incubation: It is also envisioned that as CCICI matures it could actually become the “umbrella forum” to help incubate various entities to further strengthen the Cloud Computing ecosystem such as Innovation Cluster, Innovation Sandbox, startups (refer to Section 1.6); World Cloud Council (refer to Section 3.4), etc.

Capability building: Finally it is foreseen that the body of experts at CCICI will partner with other professional bodies such as CSI, NASSCOM, IEEE, SNIA etc. to promote skill and capability building around Cloud Computing through:

. Knowledge sharing events—conferences, workshops, etc. . Training—eLearning . Rewards and Recognitions—Challenges, Awards, fellowships etc.

Support Committees: Various support committees will be formed to provide operational support to the team. Some of the key committees are as follows:

. Collaboration Platform Team—Responsible for establishing and operationalizing the collaboration portal as well as establishing the tools and processes to support the activities of the working groups, execomm, and advisory board. The team members are program managers, web masters, and web designers. (Refer to Appendix B).

. Governing Board—This committee formulates the policies for new member nominations and also oversees the appointments to the various Chair/Vice Chair positions with the objective to sustain productivity, vitality, and credibility of CCICI. (Refer to Appendix B).

. Program Management Committee—Responsible for providing organizational support, streamlining operations, and running technology workshops, working groups, executive committee meetings, advisory board meetings, etc. Responsible for member onboarding and continuous engagement.

APPENDIX B

List of Members Section 1—Usage Scenarios and Service Delivery Framework Section 1 Chair Gopal Pingali IBM- Distinguished Engineer, Director Section 1 Vice Chair D Janakiram IITMadras, Professor Section 1 Program Sai Dattathrani Development Lead, IBM Manager WG1.1—e-Governance WG 1.1 Chair Dr. CSR Prabhu Former NIC (Retd), KMIT, Hyderabad WG 1.1 Vice Chair Gopal Pingali IBM, Director, DE WG 1.1 Member B M Rao NIC, Hyderabad WG 1.1 Member Annapurna NIC, Hyderabad WG 1.1 Member Sanjai Researching Souls Technologies India Private Limited WG 1.1 Member Abhishek Tiwari Centre for Good Governance Hyderabad, Project Manager WG 1.1 Member Vikram Manchanda Microsoft, Director - Cloud Services WG 1.1 Member Jayanthi Chellappan Center of e-Governance, Karnataka WG 1.1 Member Dr. DS Ravindran CEO, e-Governance, Karnataka WG 1.1 Member Prof Dinkar Sitaram PESIT – Cloud Computing CoE WG 1.1 Member Ganesh Kotyan Tarshan LLC WG 1.1 Member Nandakumar WIPRO WG 1.1 Member Gaurav Chhaunker CITRIX WG 1.1 Member Rohan Joshi Wolken Software WG 1.1 Member Kailash S C-DAC, Chennai WG 1.1 Member Arun Kumar IBM Research, IBM India WG 1.1 Member Surender Gupta TCS WG 1.1 Member Anil Bidari CloudEnabled WG 1.1 Member Bijoy Nath Director (TERM), DoT, Himachal Pradesh WG 1.1 Member Animesh Giri PESIT, Bangalore WG 1.1 Member M S Venkatesh Prasad Senior Consultant—Program Management at NISG WG 1.2—Industry Specific Clouds WG 1.2 Chair Gopal Pingali IBM, Director, DE WG 1.2 Member Pranav Pacific GearShift Technologies, Director WG 1.3—ICT for Development WG 1.3—eHealth Chair Vibhakar Bhushan Trignon Health and AnyTime Medicare, Founder Director WG 1.3—eHealth Member Srinivasan Ramakrishnan DG, former C-DAC WG 1.3—eHealth Member Mohit Maniar Architect, Yash Technologies WG 1.3—eHealth Member Sriharsha Boregowda Chief Architect, SHARP WG 1.3—eHealth Member Gaur Sunder C-DAC WG 1.3—eHealth Member Shyamol Banerji Founder Director, i2itelesolutions WG 1.3—eHealth Member Anita Shet Pinkwhale Healthcare Solutions WG 1.3—eHealth Member CV Ramdas C-DAC WG 1.3 Member Alpesh Shah — WG 1.5—eHealth Member Krovvidi Rajsekhar NIC WG 1.5—eHealth Member Kunjan Maheta Silver Oak College of Engineeering and Technology, Assistant Professor WG 1.5—eHealth Member Dileep Paruchuri Intel WG 1.5—eHealth Member Vishwambhar Pathak Birla Institute of Technology MESRA (Ranchi) Jaipur Campus,

Assistant Professor WG 1.5 Member Kaushank Khandwala — WG 1.4—SaaS and Applications development WG 1.4 Chair T.S. Mohan Principal Researcher, Infosys WG 1.4 Member Gopal Pingali DE, Director , IBM WG 1.4 Member CSRP DDG, NIC WG 1.4 Member Vibhakar Bhushan Founder, ATM, Trignon WG 1.4 Member Sandeep Kumar J Director, Webseer WG 1.4 Member CV Ramdas C-DAC WG 1.4 Member Srikanth C IDOS WG 1.4 Member Saurabh Deshpnade ABB WG 1.4 Member Vinod Ninan Rolta India Limited WG 1.4 Member Lalit M Sanagavarapu IDRBT WG 1.4 Member Vishwambhar Pathak Birla Institute of Technology MESRA (Ranchi) Jaipur Campus WG 1.4 Member Vinod Ninan Rolta India Limited, Group Technology Architect WG 1.5—Big Data and Analytics WG 1.5 Chair Geetha Manjunath Research Area Manager, Xerox Research Center WG 1.5 Vice Chair Srinivas Sengamedu VP, Amazon WG 1.5 Member M Chellaiah Academic Relations Head, Yahoo WG 1.5 Member Prahlad Rao Director, C-DAC WG 1.5 Member Vibhakar Bhushan Founder, ATM WG 1.5 Member Lenin NIC WG 1.5 Member Aneesh OPENSCG WG 1.5 Reviewer Rajdeep Dua VMware WG 1.5 Member Sriharsha Boregowda Chief Architect, SHARP WG 1.5 Member Mohit Maniar Architect, Yash Technologies WG 1.5 Member Sandeep Kumar J Director, Webseer WG 1.5 Member CV Ramdas C-DAC WG 1.5 Member Aditya Mogadala Reasoning Global eApplications Ltd WG 1.5 Member Kiran Sriharsha IIIT Hyderabad WG 1.5 Member Pankaj Bavishi IBM WG 1.5 Member Siddarth R MeraData Pvt Ltd WG 1.5 Member Prasad Chitta Tata Consultancy Services WG 1.5 Member NAMITA MITTAL MNIT JAIPUR, India WG 1.5 Member Vikas Gupta Surewaves WG 1.5 Member Vijay Nadadur Tationem WG 1.5 Member Shreekant Jere Reva ITM, Bangalore WG 1.5 Member Richa Sinha Kalol Institute of Technology and Research Center WG 1.6—Innovation Ecosystem WG 1.6 Chair D Janakiram Professor, IIT Madras WG 1.6 Chair Yogesh Simmhan Assistant Professor, SERC Department, IISc WG 1.6 Vice Chair Rohan Joshi Founder, Wolken Software WG 1.6 Member Prashant Gupta Group Manager, Cloud Strategy, MS WG 1.6 Member Gopal Pingali DE, Director, IBM WG 1.6 Member K Radha Investment Mngr, Unitus Seed Fund WG 1.6 Member Saksham Khandelwal Wipro WG 1.6 Member Shanti Mohan Lets Venture WG 1.6 Member Sandeep Kumar J Director, Webseer WG 1.6 Member Mukul Sinha Expert Software WG 1.6 Member Anitha Prabhu Wolken Software WG 1.6 Member Udayan Banerjee VP, NIIT technologies WG 1.6 Member Mohan Kumar R Philips Healthcare, System Architect Section 2—Infrastructure and Platforms Innovation Framework Section 2 Chair Sandeep Dhar Principal Engineer, CISCO

Section 2 Vice Chair Geetha Manjunath Research Manager, Xerox WG 2.1—System Architecture WG 2.1 Chair Sandeep Dhar Principal Engineer, CISCO WG 2.1 Member Santosh NetApp WG 2.1 Member Payal C-DAC WG 2.1 Member Kailash C-DAC WG2.1—Cloud OS and Lead Prabhakar Kandasamy VMware Vitualisation WG2.1—Cloud OS and Member Amir Mukeri VMware Vitualisation WG2.1—Cloud OS and Member Rajdeep Dua VMware Vitualisation WG2.1—Cloud OS and Member Niranjan VMware Vitualisation WG2.1—Cloud OS and Member Shyam VMware Vitualisation WG2.1—Cloud OS and Member Venkat Jagana STSM, IBM Vitualisation WG 2.1—Compute and Member Sivakumar Manager, Yahoo Networking Architecture WG 2.1—Compute and Member Hariharasubramanian R IBM, Architect Networking Architecture WG 2.1—Compute and Member Swapnil Kulkarni Calsoft Inc, Principal Development Networking Architecture Engneer - Cloud R&D WG 2.1—Compute and Member Maulik Parekh Juniper Networks, Systems Engineer Networking Architecture WG 2.1—Compute and Member Kartik Lakhani Juniper Networks, Systems Engineer Networking Architecture WG 2.1—Compute and Member Sunil Reva ITM Bangalore, Prof and Head Networking Architecture ECE WG 2.1—Compute and Member G S Madhusudan IIT-Madras, Principal Scientist Networking Architecture WG 2.1—Compute and Member Vivek Parmar IIT Delhi, Student (RA) Networking Architecture WG 2.1—Compute and Member Ranganath V N.J. Dataprint Pvt. Ltd., Director - Networking Architecture ESG WG 2.1—Compute and Member Prasad Gorja Freescale, Principal Staff Systems & Networking Architecture Architecture Engineer WG 2.1—Compute and Member Hariharasubramanian R IBM Networking Architecture WG 2.1—Compute and Member Kunjan Maheta Silver Oak College of Engineeering Networking Architecture and Technology WG 2.1—Compute and Member Shijil sparksupport Networking Architecture WG 2.1—Compute and Member Maulik Parekh Juniper Networks Networking Architecture WG 2.1—Compute and Member Kartik Lakhani Juniper Networks Networking Architecture WG 2.1—Compute and Member Sunil Reva ITM Bangalore Networking Architecture WG 2.1—Compute and Member Mohan Kumar R Philips Healthcare Networking Architecture WG 2.1—System Member Subhojit STSM, IBM Architecture WG 2.2—CLOUD Storage WG 2.2 Chair Sairam Iyer Distinguished Engineer, EMC2 WG 2.2 Vice Chair Dinkar Sitaram PESIT WG 2.2 Member Subhojit Roy IBM WG 2.2 Member Sandeep Patil IBM WG 2.2 Advisor Prof. B Gopinath IISc

WG 2.2 Advisor Prof. Vijay Kumar IISc WG 2.2 Member Sivakumar Manager, Yahoo WG 2.2 Member Sabita Saha Solutions Architect, Cloud Enabled WG 2.2 Member Subhojit STSM, IBM WG 2.2 Member Kapali Viswanathan — WG 2.2 Member JayPrakash Lalchandani IIITB WG 2.2 Member Kishan Bhat IIITB WG 2.2 Member Raghav S IIITB WG 2.2 Member Sudhir Dixit IIITB WG 2.3—CLOUD Application and Data Platforms WG 2.3 Chair Geetha Manjunath Research Manager, Xerox WG 2.3 Vice Chair Praveen Gurram VP, Oracle WG 2.3 Member Sivakumar Manager, Yahoo WG 2.3 Member Rajdeep Dua Director R&D, VMware WG 2.3 Member Tirumal Chamarti JDA WG 2.3 Member Vasant Arkachari C-DAC WG 2.3 Member Annapurna NIC WG 2.3 Member Supriya Santosh Wagh Sinhgad institute Lonavala WG 2.3 Member Hemant Kumar Mehta Devi Ahilya University, Indore, India/ INRIA, Rennes-Ecole Des Mines, Nantes France, Assistant Professor (on leave)/Post Docotoral Researcher WG 2.3 Member Janakiram MSV Janakiram & Associates, Principal Analyst WG 2.4—CLOUD Management WG 2.4 Chair Dinkar Sitaram PESIT WG 2.4 Vice Chair Manoj Jain EMC2 WG 2.4 Member Vinod Novatium WG 2.4 Member Haridas Pai WIPRO WG 2.4 Member Padmakar Jogdankar WIPRO WG 2.4 Member Ganesh Kotyan Tarshan LLC WG 2.4 Reviewer Rajdeep Dua VMware WG 2.4 Member Kanan ncode solutions pvt ltd, assistant manager WG 2.4 Member Shijil sparksupport, CEO WG 2.4 Member Richa Sinha Kalol Institute of Technology and Research Center, Assistant Professor

WG 2.4 Member Annapurna NIC, Scientist-B WG 2.4 Member Chetan Jain Inspira Enterprise India Pvt Ltd, Director WG 2.4 Member Sanjay Bobde Microsoft Corporation WG 2.5—Sustainability, Mobility and Access Technologies WG 2.5 Chair Pamela Kumar HP WG 2.5—Sustainability Lead Anand Hariharan Vigyan Labs WG 2.5—Sustainability Member Srinivas CEO, Vigyan Labs WG 2.5—Sustainability Member Kota Murali STSM, IBM WG 2.5—Mobility and Lead V Shrinath Former Nokia Access WG 2.5—Mobility and Member CV Ramdas C-DAC Access WG 2.5—Mobility and Member Mahesh Patil C-DAC Access WG 2.5—Mobility and Member Arun Kumar IBM Access WG 2.5—Mobility and Member Sandeep Kumar J Director, Webseer Access WG 2.5—Mobility and Member Subramaniam Solution Architect, Vodafone Access Ananthakrishnan

WG 2.5—Mobility and Member Sriharsha Boregowda Chief Architect, SHARP Access WG 2.5—Mobility and Member Krovvidi Rajsekhar NIC Access WG 2.5—Mobility and Member Devi Sudha NOKIA Access WG 2.5—Mobility and Member Himani Manglani CCCIS Access WG 2.5—Mobility and Member Ignesius Ernest Thambyraj Ex-IBM Access WG 2.5—Mobility and Member Hemant Kumar Mehta Devi Ahilya University, Indore, Access India/ INRIA, Rennes-Ecole Des Mines, Nantes France WG 2.5—Mobility and Member Emmanuel Shubhakar Pilli MNIT Jaipur Access WG 2.5—Mobility and Member Shrikant Tangade REVA Institute of Technology and Access Management WG 2.5—Mobility and Member Laxmi B Rananavare Reva Institute of Technology and Access Management Section 3—CLOUD Enablement Framework Section 3 Chair Rahul De’ Professor, IIM Bangalore Section 3 Program Charudath Doddanakatte My Cloud Portal Manager WG 3.1—CLOUD SLA’s WG 3.1 Chair Nitin Upadhyay Goa Institute of Management WG 3.1 Member Dr J Lakshmi SERC, IISc WG 3.1 Member Robert Ravi TRAI WG 3.1 Member Subhojit STSM, IBM WG 3.1 Member Sriharsha Boregowda Chief Architect, SHARP WG 3.1 Member Soumendra Choudhury NIC Govt. of India WG 3.1 Member Kanan Ncode Solutions pvt ltd WG 3.1 Member Abhishek Tiwari Centre for Good Governance Hyderabad WG 3.2—CLOUD Security WG 3.2 Chair Dr. Sarat Chandra Executive Director, CDAC WG 3.2 Member Vineet C-DAC WG 3.2 Member Lakshmi Easwari C-DAC WG 3.2 Member Dharmendra C-DAC WG 3.2 Member Debu Nayak Huawei WG 3.2 Reviewer Dr. Kapaleesaran HP Labs WG 3.2 Advisor Dr. Sanjay Burman CAIR WG 3.2 Member Sandeep Patil IBM WG 3.2 Advisor Suhaan Mukerji NInC WG 3.2 Member Mahesh Patil Principal Technical Officer, C-DAC WG 3.2 Member Emmanuel Shubhakar Pilli MNIT Jaipur, Assistant Professor WG 3.2 Member Shrikant Tangade Assistant Professor, REVA Institute of Technology and Management, Assistant Professor WG 3.2 Member Chengappa M.R. Hewlett Packard, Software Designer WG 3.3—Standards and Interoperability WG 3.3 Chair Pamela Kumar HP WG 3.3—Standards Co-Chair Prahlad Rao Joint Director, C-DAC WG 3.3—Standards Member V Jagana STSM IBM WG 3.3—Standards Member Meenakshi Mahajan NIC WG 3.3—Standards Member Robert Ravi TRAI WG 3.3—Standards Reviewer Geetha Manjunath Xerox WG 3.3—Standards Member Madhusudan Rao C-DAC WG 3.3—Standards Member Kailash C-DAC WG 3.3—Standards Member Ashish Asthana NIC WG 3.3—Standards Advisor Deepak Jain CHAIR, IEEE P2302

WG 3.3—Interoperability Co-Chair Srinivasan Ramakrishnan DG, former C-DAC WG 3.3—Interoperability Member Amir Mukeri VMware WG 3.3—Interoperability Member Rajdeep Dua VMware WG 3.3—Interoperability Member Payal C-DAC WG 3.3—Interoperability Member Charudath My Cloudportal WG 3.3—Interoperability Advisor David Bernstein CHAIR , Intercloud Test Bed WG 3.3—Interoperability Member Subhojit STSM, IBM WG 3.3—Interoperability Member Sai Dattathrani IBM WG 3.3—Interoperability Member Rajdeep Dua VMware WG 3.3—Interoperability Member Mukul Sinha Expert Software WG 3.3—Interoperability Member Ravindra Narayanappa British Standard Institution WG 3.3—Interoperability Member Swapnil Kulkarni Red Hat WG 3.3—Interoperability Member Manoj Jha Siemens, Associate Consultant WG 3.4—Policies and Regulations WG 3.4 Chair Rahul De’ Professor, IIMB WG 3.4 Advisor Mishi Chaudhary Cyber Law expert, NY USA WG 3.4 Advisor Suhaan Mukerji NInC WG 3.4 Member CV Ramdas C-DAC WG 3.4 Member Jyoti M. Bhat IIMB WG 3.4 Member Bhavya P. Shroff IIMB WG 3.4 Member Susan Philipose IIMB WG 3.4 Member Naval Gupta Goldman Sachs WG 3.4 Member HARIHARAN NATIONAL INFORMATICS CENTRE WG 3.4 Member Lalit M Sanagavarapu IDRBT, Sr Technology Manager W.G. 3.5—Business Model and Strategies WG 3.5 Chair S Raghunath IIMB WG 3.5 Member Suasan Philipose IIMB WG 3.5 Member Vijay Nadadur Tationem WG 3.5 Member Ignesius Ernest Thambyraj Ex- IBM WG 3.5 Member Saksham Khandelwal Wipro WG 3.5 Member Nidhi Ravindra Rolta India Limited WG 3.5 Member Dileep Paruchuri Intel WG 3.5 Member Rohan Joshi Wolken Software WG 3.5 Member Vikram Manchanda Microsoft WG 3.5 Member Prashant Gupta Microsoft WG 3.5 Member Radha Rani Kizhanattam WG 1.6 Member Udayan Banerjee VP, NIIT technologies Collaboration Platform Team Collaboration Portal Chair Ignesius Ernest Thambyraj Ex-IBM Collaboration Portal Vice Chair Vijay Nadadur Tationem Collaboration Portal Member Siddarth R Mera Data Collaboration Portal Member Chengappa HP Collaboration Portal Member Ganesh Tarshan LLC Collaboration Portal Member Charudath My Cloud Portal IEEE Interface Member Sri Chandra IEEE IEEE Interface Member Yathi IEEE IEEE Interface Advisor Pamela Kumar HP White paper editor Member Sunitha C A Technical Writer CPC Member Ankith M S Freelancer CPC Member Abhrajit Kundu Freelancer CPC Member Barnabas DSouza Freelancer Program Management Committee (PMC) PMC Chair Dileep Paruchuri Intel PMC Member Vijay Nadadur Tationem PMC Member Swapnil Kulkarni Red Hat PMC Member Saksham Khandelwal Wipro PMC Member Vinod Ninan Rolta India Limited PMC Member Sai Dattathrani IBM

PMC Advisor Pamela Kumar HP PMC Member Vikas Bagri — Policies and Procedures Committee (PPC) PPC Chair Srinivasan Ramakrishnan DG, former C-DAC PPC Member Vikram Manchanda Microsoft PPC Member Adam Newman IEEE, USA PPC Member K. Sriram NIST USA PPC Member Pamela Kumar HP PPC Member Dileep Paruchuri Intel PPC Member Sourav Mukherji IIM, Bangalore PPC Member Prasanth Sugathan SFLC, Kochi & Delhi PPC Member Mishi Chaudhary SFLC, USA PPC Member Kavit Munishi Open Stack, Bangalore, India

CLOUD COMPUTING 3 Park Avenue, New York, NY 10016-5997 USA INNOVATION COUNCIL OF INDIA http://standards.ieee.org Tel.+1732-981-0060Fax+1732-562-1571 http://www.ccici.in/