See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/277022271

EMSCLOUD - An evaluative model of cloud services cloud service management

Conference Paper · May 2015 DOI: 10.1109/INTECH.2015.7173479

CITATION READS 1 146

2 authors, including:

Mehran Misaghi Sociedade Educacional de Santa Catarina (…

56 PUBLICATIONS 14 CITATIONS

SEE PROFILE

All in-text references underlined in blue are linked to publications on ResearchGate, Available from: Mehran Misaghi letting you access and read them immediately. Retrieved on: 05 July 2016 Fifth international conference on Innovative Computing Technology (INTECH 2015)

EMSCLOUD – An Evaluative Model of Cloud Services Cloud service management

Leila Regina Techio Mehran Misaghi Post-Graduate Program in Production Engineering Post-Graduate Program in Production Engineering UNISOCIESC UNISOCIESC Joinville – SC, Brazil Joinville – SC, Brazil [email protected] [email protected]

Abstract— Cloud computing is considered a paradigm both data repository. There are challenges to be overcome in technology and business. Its widespread adoption is an relation to internal and external risks related to information increasingly effective trend. However, the lack of quality metrics security area, such as virtualization, SLA (Service Level and audit of services offered in the cloud slows its use, and it Agreement), reliability, availability, privacy and integrity [2]. stimulates the increase in focused discussions with the adaptation of existing standards in management services for cloud services The benefits presented by cloud computing, such as offered. This article describes the EMSCloud, that is an Evaluative Model of Cloud Services following interoperability increased scalability, high performance, high availability and standards, risk management and audit of cloud IT services. Aims techniques that assist in the recovery of lost information, do to present that is possible to assess the life cycle of services not seem to be enough, because some companies are still offered in the cloud in the technical dimensions of usability, good afraid of adopt this new paradigm. Concerns about security of practices and economic viability. transmitted and stored data in the hands of third parties, cause delay its adoption [3]. Keywords— cloud computing; service assessment; risk management; evaluation model component Easy access to computing resources of high capacity, as I. INTRODUCTION well as access to services through the Internet and pay-per-use encourages their use popularizing it and increasingly Public and private organizations, as well as the home user, reinforcing the need for analysis of the risks involved in its need access to updated information at all times. Cloud services adoption [4]. provide better security and continuous operational availability guarantee in all environments of your daily routine, whether at According to [5], a checklist must be done, before work, at school, in the communication and leisure. To this be adopting cloud computing: cloud migration viability, possible, policies are necessary for cloud services relating to definition of immigration proceedings, list what may or may the reduction of risks by security in the services offered and not be migrated, define and evaluate the model to be chosen. reducing risks to ensure high availability in this highly scalable environment. The mentioned checklist, as well as the study of concepts related to cloud computing and service management standards, The necessary technological developments to supplement risk management and usability are important for the adoption the daily necessities of connection have gone through several of these services. Help improve the quality of the life cycle of stages of development that became the basis for the high services and help on security issues, performance metrics and processing power, mobility and availability of information. risk involved.

The benefits as mobility, flexibility and portability are a This paper presents the structure of an evaluation model of natural evolution of computing and evidenced when IT cloud services, the EMSCLOUD, using the technical (Information Technology) services are in the cloud. According dimensions of usability, good practices and economic to [1], the pool of dynamic resources, virtualization and high viability. applicability that cloud computing offers makes it become the new computing platform. II. STATE OF THE ART This article examined the available literature on When services are cloud, processing, update, security, management of IT services and followed the following steps: storage and backups of information, they are the responsibility (1) approach of the principles and concepts of cloud of its suppliers, offered by the Internet which is now a large computing and managed services; (2) define evaluation

978-1-4673-7551-1/15/$31.00© 2015 IEEE 99 metrics; and (3) present the evaluation model of cloud services  Community Cloud: is characterized by the sharing of and their benefits and limitations. cloud infrastructure between several organizations with common interests [22]. III. CLOUD COMPUTING Cloud computing is the evolution of terms known as grid  Hybrid Cloud: is considered as "the great network", it is computing [6], utility computing [7], virtualization [8] and the combination of more clouds united by the automic computing [9]. standardization of technologies that allow portability between them [4] [10]. A. Cloud Computing Characteristics To be considered cloud computing it should present some D. Management Services features considered essential [10][11]: The IT (Information Technology) is increasingly present in  Broad network access: provision of resources be the organization's business strategies, optimizing and accessed via the Internet by any device [12]; managing the processes, which helps to improve the quality, efficiency and effectiveness of services offered [28].  Fast elasticity: provisioning and scheduling of resources and automatically at the desired time, giving IV. THE EVALUATION MODEL OF CLOUD SERVICES the impression of being unlimited [13]; To reach the proposed evaluation model was necessary to  Measurable service: access and management of define the evaluation criteria described below: resources made transparently between users and suppliers [14];  Availability: the system should be working properly at the time requested. [29] It can be measured by the  On-demand services: resources made available average failure time divided by the average failure automatically as requested [15]; time added with the average recovery time [30];  Pooling services: virtualization of resources  Reliability: the providers of cloud services should dynamically and on demand [16] [17]. ensure access at the time requested, elastically, with precision and control [31][32]; According to [18], cloud computing is considered a processing technology and reduce time and money, making  Security: protection methods used by service available everywhere drives the economy of scale [19]. providers to avoid problems with the information from unauthorized access to the data loss. Can be measured B. Service Models by the backup mechanisms, contingency plans, This section examines the service models most commonly antivirus, secrecy strategies, data encryption, access used in cloud computing, as well as their characteristics. control and internal and external audits [33];  Software as a Service (SaaS): applications are  Portability: system capacity interoperate with other accessed over the internet and made available as a systems without losing performance [34]. service [20]. The work updates, backups and storage are cloud provider's liability [21].  Facility: it is when the user performs its functions with minimal effort. Its measurement can be made through  Platform as a Service (PaaS): the development the time taken to run the necessary services [34]; environment offer, as the operating system and the programming language required for cloud application  Flexibility: scalability capacity of resources offered to developers [22] [23]. multiuser dynamic and heterogeneous. It can be measured by the total funds allocated in relation to  Infrastructure as a Service (IaaS): virtualization of amount of requesting users [35][36]; storage infrastructure and processing, scaled on demand and offered cloud [24]. IV. EMSCLOUD FRAMEWORK C. Deployment Models A. Framework Evaluation Model The types of offered clouds are called deployment models, To develop the evaluation model were taken into account and are divided into: public, private, community and hybrid technical factors, best practices, usability and economic [25]. viability. The framework of the evaluation model was  Public Cloud: the supplier has control of the resources conceived during the life cycle of cloud services, in order to that are easily accessible and available to the general help the quality of services guaranteed SLA. public, giving the impression to be infinite due to high elasticity. Some authors do not recommend that sensitive To develop this evaluation model were considered the information is stored in this type of cloud, for security standards related to the management of services such as reasons [26]. ISO/IEC 20000:2011, ISO/IEC 20000/7:2012, ISO/IEC 38500:2009, Cobit 5, ITIL V3 e Togaf 9.1:2011. The  Private Cloud: the difference between public cloud and standards related to risk management as ISO/IEC 27005:2011, private cloud is the control of information, which is in ISO/IEC 27014:2013 and ISO/IEC 31000:2009. The rules private by the organization, bringing more security in the relating to the usability of computer systems, as ISO/IEC storage of sensitive information [13]. 25010:2010.

100 The structure of EMSCloud is shown in Fig. 1.

Fig. 1 – Simplified structure of EMSCloud

The EMSCloud framework is designed to ensure the quality of services offered in the cloud, through performance indicators throughout the life cycle of services. For this, technical factors were considered, best practices, customer needs and economic viability. Issues related to the user's needs were approached in the concepts of usability, as well as the metrics used to determine the quality of a particular service. To evaluate the usability questions, were taken into account certain factors such as response time, accuracy of information, security, system flexibility and ease of use.

The EMSCloud consists of technical issues as Fig. 2 – Complete structure of EMSCloud requirements for cloud services, the needs of identified users through research, issues related to economic viability involved As shown in Fig. 2, are used standards and good practices with cloud services, and best practices, such as standards, in service management, the risk management and usability in guides and cloud IT governance libraries. computer systems, serve as the basis for the definition of the survey instrument. Through research with the desired user The main benefits of the application of evaluation model in requirements are defined. In the evaluation process are the organization are: initially defined evaluation criteria, then defines the point of • Based on ISO/IEC 31000:2009, reduce risks in cut. contracting cloud services [33]; It is important to set a cut point in order to ensure the • Evaluate the quality of services following the concepts of quality level desired for the organization that will use the usability, according to ISO/IEC 25010:2011 [34]; model to evaluate cloud services offered. • Evaluate the ROI, VOI and TCO, based on ISO/IEC The questionnaire is necessary to identify the degree of 27014:2013 [32]; user satisfaction. If the search result is equal to or greater than the cut-off point will be generated reports and the research • Check if the availability of services is in accordance with will be applied after 12 months. If the search result is less than the SLA contract [35]; the cut-off point should be implemented a plan of action, the • Based on the PDCA (Plan, Do, Check, Act), enable the reports should be generated and the search should be applied continuous improvement of services in accordance with after 12 months. ISO/IEC 20000:2011 [36]. The architecture of EMSCloud is described in the table 1, and consists of 4 dimensions (technical, user needs, best practices and economic viability), each dimension is In Fig. 2 shows the standards used for the development of composed with a number of criteria and metrics. For a better the evaluation model and the research procedures. visualization of the model in the picture is shown schematically the EMSCloud architecture.

101 TABLE I. MODEL EVALUATIVE In the dimension of economic viability for the highlight Dimension Description Metrics hint ROI (return on investment) account. Flexibility Capacity adjustments Extensibility Ability to accept new features Technical Interoperability Time that the service runs non-stop (3) issues Availability Response time, adaptive SLA Contingency plan Recovery time of a failure Functionality Adaptation to user needs TCO (Total Cost of Ownership), is a systematic analysis Reliability Correct operation in the time or management method, used to determine the total cost of the Usability Service be intuitive information technology to a long term. User needs Efficiency Time used for the execution of the service Maintainability Be easy to repair after a failure

Portability Adaptability (4) SLA Custom contract between supplier and customer CBA (Cost Benefit Analysis) is used frequently in business Good SLM Measurement and control of SLA planning and decision support. It is written as cost benefit for practices Reuse capacity Reuse the services for other users instance. Because the term "cost benefit analysis" does not Risk management Policy of prevention and error correction refer to any specific approach or methodology, the business Audit services Apply multipair audit SLA person who is asked to produce one should take care to find ROI Net income divided by the cost of out exactly what is expected or needed. investment Economic TCO Initial cost plus direct and indirect costs viability (5) CBA Benefits least cost, divided by the time

The adaptation of standards, good practices and tools Due to the relevance of some metrics contained in the available in service management help to control and simplify Table 1 will be described in more detail for a better the necessary adjustments in the cloud computing. understanding. MapReduce is a programming model well known and Related technical issues can be given emphasis on infrastructure to distributed computing in parallel server flexibility, capacity adjustments without loss of performance. clusters, able to process large volumes of data in parallel, dividing the work into a set of independent tasks. The facility to use in parallel and distributed systems, through (1) transparency of parallelization details, location, fault tolerance and load balancing [37]. One should highlight the availability, because it is cloud Due to limited analysis of large volumes of data, for services, the response time between a request and its response example the trafficked social networking, and cloud is crucial. To ensure the quality of services the adaptive SLA computing, Google developed the Cloud Dataflow, a new should be used. open source system, which makes the cloud data analysis [38]. The high capacity of information analysis, interactively, in (2) real-time and large-scale, makes the use of this model becomes attractive. Where MTTF (Mean time between failures) and MTTR Additional analysis systems [39] dimensions are (Mean time to repair). considered best practices used in the evaluation model developed in order to manage the security of data traffic on the SLA is a contract between the area of IT and its internal network, reducing risks and ensuring the three basic principles customers. This agreement describes the IT service, assigns of information security: integrity, availability and responsibilities between the parties involved in the contract confidentiality. and sets goals to be achieved. In ITIL context, refers to the design of the SLM negotiated service. In Fig. 3 presents the evaluative model for a better view of the distribution of the metrics used in developing the The SLM is the management of SLA, since its trading until EMSCloud. proper documentation of service levels that fulfill the needs of the business and its application. As expected consequence enables the delivery of IT services to the agreed quality. The evaluation model of cloud services, shown in Fig. 3, brings the interrelationship between the four dimensions The use of indicators for SLAs control is essential for covered in EMSCloud. It is important not only approach the transparency relationship between IT and its stakeholders. The technical issues, but also the needs of users, financial issues most commonly used quantitative indicators are the and existing good practice and have contingency plans for availability and MTBF. There are other indicators that may be possible problems that may occur, all described in SLA used. adaptive, ensuring ROI for organization.

102 This article aims to present an evaluative model of services offered in cloud EMSCloud. Based on the usability standards, service management and managing IT risks. To achieve the aim of this article were searched in the literature the concepts that define the cloud computing deployment models and models of services offered. To the study were approached the essential characteristics that define the service as a cloud service, the benefits and risks involved in its adoption. The reduction of risks in cloud services and increased availability of time requires a planning proactive risk to resolve any problems of each type of cloud, which analyze risks, which countermeasures have a good value for money and what to evaluate after the risks are reduced. In order to contribute to the continuous improvement of cloud IT services, there are some suggested topics for the development of future work that could result in improved quality of IT services offered in the cloud:  Development of a tool which supports the use of EMSCloud;  Apply the evaluation model;  Search for other standards that could be used for defining evaluation criteria.

Fig. 3 – Evaluative Model REFERENCES

B. Limitations of EMSCloud [1] LIANG, H.; CHEN, W.; SHI, K. Cloud computing: programming model and information exchange mechanism. Proceedings of the 2011 The main limitations highlighted in the use of EMSCloud International Conference on Innovative Computing and Cloud model are: Computing. New York, NY, USA: ACM, 2011. (ICCC ’11), p. 10–12. ISBN 978-1-4503-0567-9. http://doi.acm.org/10.1145/2071639.2071642  Do not evaluate the data that can not be collected; [2] YU, H. et al., “Cloud computing and security challenges”. ACM-SE '12: Proceedings of the 50th Annual Southeast Regional Conference. March  Do not evaluate the factors that may impact the 2012. environment, due to the need of measuring [3] MOUSUMI, P.; DEBABRATA, S.; GOUTAM, S. Dynamic job instruments; scheduling in cloud computing based on horizontal load balancing?  Do not evaluate the factors related to instability and International Journal of Computer Technology and Applications (IJCTA), v. 2, n. 5, p.1552{1556, 2011. ISSN: 2229-6093. variations of the communication link; [4] MORIN, J. ; AUBERT , J. and GATEAU, B ."Towards Cloud  Do not evaluate the generated errors and not collected Computing SLA Risk Management: Issues and Challenges," System of any kind; Science (HICSS), 2012 45th Hawaii International Conference on , vol.,  Do not evaluates data traffic packages of other no., pp.5509-5514, 4-7 Jan. 2012 doi: 10.1109/HICSS.2012.602. applications not monitored. [5] MELO, M. M. d.; FAGOTO, P. D. E. A. d. M. A decision-making tool for assessing to cloud computing migration. In: 10th International Conference on Information Systems and Technology Management CONTECSI. São Paulo - Brasil: [s.n.], 2013. CONCLUSION AND FUTURE WORK [6] DIKAIAKOS, M. D. et al. Cloud computing: distributed internet computing for IT and scientific research. 2009. IEEE Internet Cloud computing has occupied a prominent space as a new Computing Magazine. http://www.cs.ucy.ac.cy/ trend in the means to get, keep and pay for technological gpallis/publications/journals/editorial.pdf services. Characterized by a set of IT services offered to [7] LIU, S.; WU, J., LU, Z., and XIONG, H., “VMRaS: A Novel Virtual customers via the Internet and easily scale as needed. Machine Risk Assessment Scheme in the Cloud Environment”, Services Computing (SCC), 2013 IEEE International Conference on, Digital Some of the advantages offered to adopt her are: Object Identifier: 10.1109/SCC.2013.12, Publication Year: 2013, scalability, resilience, flexibility, efficiency and outsourcing Page(s): 384- 391 non-core activities. Despite the benefits offered by adopting [8] FRANKE, H. A. KOCH, F. L.; ROLIM, C. O.; C. B. WESTPHALL and BALEN, D. O. “Grid-M: Middleware to Integrate Mobile Devices, cloud computing as a new form of business, some Sensors and Grid Computing,” Third International Conference on organizations are afraid of to adopt it because of the security Wireless and Mobile Communications, March 2007, pp. 19-25. challenges involved in its adoption. The change of supply of [9] WESSLER, M.; OCP; CISSP. Enterprise cloud infrastructure for product systems for service increases the need for alignment of dummies, Oracle Special Edition. 1. ed. New Jersen: John Wiley Sons, IT service management and managing IT risks in cloud. 2012. Hoboken, NJ 07030-5774.

103 [10] WESTPHALL, C. B. Grid and cloud computing management and International Conference on Autonomous Agents and Multiagent security. IEEE/IFIP, april 2010. IEEE/IFIP NOMS 2010- TUTORIAL 3. Systems: volume 1. Richland, SC: International Foundation for http://www.inf.ufsc.br/westphal/Tutorial3-NOMS2010.pdf Autonomous Agents and Multiagent Systems, 2010. (AAMAS ’10), p. [11] DOMINY, M. et al. Impact of the cloud on supply chain mangement. 981–988. ISBN 978-0-9826571-1-9. [S.l.]: Gartner, 2011. [27] SARNA, D. E. Implementing and developing cloud computing [12] BADGER, L. et al. Draft cloud computing synopsis and applications. [S.l.]: CRC Press Taylor e Francis Group, 2011. ISBN 978- recommendations. In: Recommendations of the National Institute of 1-4398-3082-6. Standards and Technology. New York, NY, USA: NIST Special [28] ULLAH, K.; AHMED, A. and YLITALO, J. “Towards Building an Publication 800-146, 2011. p. 84. Automated Security Compliance Tool for the Cloud”. Trust, Security http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800- and Privacy in Computing and Communications (TrustCom), 2013 12th 146.pdf IEEE International Conference on. Digital Object Identifier: [13] MENG, F. et al. Research of the application of cloud computing theory 0.1109/TrustCom. 2013.195. Publication Year: 2013, Page(s): 1587- in emergent material support. In: Proceedings of the 2011 International 1593. Conference on Innovative Computing and Cloud Computing. New York, [29] CHARD, K. DRIVE: A distributed economic meta-scheduler for the NY, USA: ACM, 2011. (ICCC '11), p. 50{53. ISBN 978-1-4503-0567- federation of grid and cloud systems: a Thesis Submitted to the Victoria 9. http://doi.acm.org/10.1145/2071639.2071652 University of Wellington in Fulfilment of the Requirements for the [14] DIMITRIOS, Z.; DIMITRIOS, L. Future generation computer systems. Degree of Doctor of Philosophy in Computer Science. Victoria Elsevier, 2012. http://www.elsevier.com/locate/fgcs.pdf University of Wellington, 2011. [15] DURKEE, D. Why Cloud computing will never be free. Queue, ACM, [30] SILVA, P.F.; WESTPHALL, C.B.; WESTPHALL, C.M. and MATTOS, New York, NY, USA, v. 8, n. 4, p. 20:20{20:29, 2010. ISSN 1542-7730. M.M. Model for Cloud Computing Risk Analysis, 2015. Conference: http://doi.acm.org/10.1145/1755884.1772130 ICN 2015 – The Fourteenth International Conference on Networks. [16] NIST. Draft cloud computing synopsis and recommendations. 2011. [31] HU, H.; ZHANG, J. The evaluation system for cloud service quality National Institute of Standards and Technology. http://www.nist.gov based on servqual. Proceedings of the 2012 International Conference on Information Technology and Software Engineering, p. 577–584, 2013. [17] MELL, P.; GRANCE, T.. The NIST Definition of Cloud Computing, DOI: 10.1007/978-3-642-34528-960. Tech. rep., National Institute of Standards and Technology, Information Technology Laboratory, Jul. 2009. [32] ISO27014. ISO 27014: Governance of information security. [S.l.], May 2013. ISO/IEC 27014:2013(E). [18] MCMILLAN, L. Cloud computing: The perfect match for big data. Cloud Computing Journal, may 2013. http://cloudcomputing.sys- [33] ISO31000. ISO 31000 (Risk management): principles and guidelines. con.com/node/2670093 [S.l.], November 2009. ISO 31000:2009E. [19] SHIELDS, G. How to beat a cloud skeptic: 4 steps toward rationalizing [34] ISO25010. ISO 25010:2011 Systems and software engineering systems the great cloud debate. Dell Software, 2012. and software quality requirements and evaluation (SQuaRE) System and software quality models. [S.l.], March 2011. ISO/IEC FDIS [20] VAQUERO, L. M. et al. A break in the clouds: Towards a Cloud 25010:2011(E). Definition. 2009. ACM SIGCOMM Computer Communication Review. http://ccr.sigcomm.org/online/_les/p50-v39n1l-vaqueroA.pdf [35] LIU, S.; WU, J., LU, Z., and XIONG, H., “VMRaS: A Novel Virtual Machine Risk Assessment Scheme in the Cloud Environment”, Services [21] PARAKALA, K.; UDHAS, P. The cloud: changing the business Computing (SCC), 2013 IEEE International Conference on, Digital ecosystem. 2011. KPMG. Object Identifier: 10.1109/SCC.2013.12, Publication Year: 2013, kpmg.com/IN/en/IssuesAndInsights/ThoughtLeadership/TheCloud Page(s): 384-391. ChangingtheBusinessEcosystem.pdf [36] ROT, A. and SOBINSKA, M. “IT security threats in cloud computing [22] JANSEN, W.; GRANCE, T. Guidelines on security and privacy in sourcing model”, Computer Science and Information Systems public cloud computing. In: Draft Special Publication 800-144. New (FedCSIS), 2013, Federated Conference on, Publication Year: 2013, York, NY, USA: NIST Special Publication 800-144, 2011. p. Page(s): 1153-156. 60.http://csrc.nist.gov/publications/drafts/800-144/Draft-NIST-SP800- 144.pdf [37] JEFFREY, D.; SANJAY, G. MapReduce: Simpli_ed Data Processing on Large Clusters. Google, Inc. 2004. [23] RODRIGUES, T. Anatomy of a cloud service SLA: Availability guarantees. The Enterprise Cloud, October 2012. [38] SAROJ, K. MapReduce Successor Google Cloud Dataflow is a Game http://www.techrepublic.com/blog/the-enterprise-cloud/anatomy-of- Changer for Hadoop Thunder. Cloud Times, July 7, 2014. acloud-service-sla-availability-guarantees http://cloudtimes.org/2014/07/07/mapreduce-successor-google-cloud- dataflow-is-a-game-changer-for-hadoop-thunder/ [24] HURWITZ, J. et al. Cloud Computing For Dummies. Indianapolis: Willey Publishing, 2010. [39] WESTPHALL, C. B.; WESTPHALL, C. M ; KOCH, F. L.; GERONIMO, G A. ; WERNER, J.; MENDES, R. S. ; SILVA, P.F.; [25] MELL, P.; GRANCE, T. The nist definition of cloud computing. Draft SANTOS, D. R.; SOUZA, R.F. ; MATTOS, M. M.; VILLARREAL, Special Publication 800-145. New York, NY, USA: NIST Special S.R.; WEINGARTNER, R. ; DEFENTI, L.; FLORES, A. A. ; Publication 800-145, 2011. FREITAS, R.R. and BRASCHER, Gabriel B.. Operation, Management, [26] AN, B. et al. Automated negotiation with decommitment for dynamic Security and Sustainability for Cloud Computing, 2014. Journal of resource allocation in cloud computing. Proceedings of the 9th Information Systems of FSMA n. 13 (2014) pp. 30-50.

104