MANAGEMENT OF CLOUD SOURCED APPLICATIONS A MANAGEMENT FRAMEWORK Master Thesis Information Management Anne Slaa © 2011 Capgemini. All rights reserved. MANAGEMENT OF CLOUD SOURCED APPLICATIONS Thesis Master Information Management Author J.C. (Anne) Slaa Tilburg University Capgemini Nederland B.V. Warandelaan 2 Papendorpseweg 100 5037 AB Tilburg 3528 BJ Utrecht Supervisor Supervisor prof. dr. W.J.A.M. (Willem-Jan) van den Heuvel M. (Marcel) Lamb Information Management School of Economics and Management Tilburg University Tilburg, 30 November 2012 © 2011 Capgemini. All rights reserved. Management of cloud sourced applications MANAGEMENT SUMMARY Software-as-a-Service (SaaS) refers to a software application that is being offered over a networked medium, for example the internet. The software application represents the top layer of three layers entailed by cloud computing: infrastructure (IaaS), platform (PaaS) and software (SaaS). Cloud computing is mainly characterized by on-demand provisioning over a networked medium, dynamical scaling and pay-per-use. Cloud computing reduces the technological overhead as well as management tasks for the customer. Cloud services can be distinguished by their deployment method: public, private, hybrid or community. The characteristics of cloud computing make it easy to start or stop using a service and therefore it fits temporary projects well and lowers the barriers to try something new. Software development has been going through different cycles that made development more abstract and therefore better understandable. The most abstract layer is visual programming or model-driven development. Traditionally software was being developed by engineers writing source code. But with visual programming, a model defining the software flow, cohesion, state transitions and windows is created and the source code is generated automatically from this model. Software development can be approached in two ways: by ongoing incremental iterations or as a sequence in which the progress flows steadily downwards. A popular incremental method is called “agile” and involves the end-user in the development process. Agile development and SaaS deployment support each other because changes can be quickly shown to the end-user. Traditional methods like the ITIL and ASL frameworks for IT management are built on practices for traditional software that is not provided on-demand, over the internet, easily scalable and paid per consumption. Traditional software is developed by programmers and installed on-premise. This requires all resources to be purchased upfront and IT management functions to be deployed locally. When deploying a software solution as SaaS, management tasks shift from the customer to the vendor, new roles can be involved and some management tasks should be set up differently. The ITIL 2011 version adapts changes to fit the service lifecycle better than earlier versions. For ASL, a proposal is available that takes some SaaS aspects into consideration. Both traditional frameworks, however, represent a part of the management functions and can be integrated into one framework that covers all management functions. This is exactly what Capgemini has been doing for traditional IT management by creating their Way of Working framework. The literature is combined to form the first concept of the theory, which consists of the SaaS management framework, the change management process and the configuration management process. The framework is the set of processes at the highest abstraction level, meaning that it describes which management processes may apply and how they interact. To find whether SaaS deployment and model-driven development involve changes at process-level, the change and configuration management processes have been studied. These processes are present in all versions of ITIL and ASL and likely to be still applicable in a SaaS deployment environment. Both these processes belong to the framework’s core and interact with each other. The first concept of the developed theory was tested by conducting case studies. The case studies were performed to test the two subjects of this research in practice. SaaS deployment and model-driven development are both aspects supported by the Mendix development platform. The first case study was conducted at PKN, the organization that uses and maintains the largest Mendix-based application currently deployed and a pioneer in the use of the platform. The second case study was conducted at Nobel, an organization that provides hosting, development and management services. The first organization has implemented IT management on a single Mendix application and the latter manages multiple Mendix applications. After the theory testing phase, the theory has been modified. In the final phase, the theory has been validated by IT management and development experts within the companies PostNL and Capgemini. The validation was approached similarly to the case studies, but left out the questions that are related to the theory indirectly. After a total of four case studies in two separate phases, the theoretical framework has been adapted to practice. Important findings during the case studies were that cloud computing is likely to involve multiple vendors due to its nature. The end-customer and every vendor have their own role in the management of the service and its underlying resources. This differs per application, but the distinction between different functions is shown in the framework. The management aspects “chain management”, “customer success management” and “access management” were discovered as new processes and other processes were merged or placed at another level in the service lifecycle. Management summary i Management of cloud sourced applications PREFACE With this master thesis I complete the Information Management Master program at Tilburg University. Slightly over two years ago I started the preliminary pre-master program at Tilburg University that after one year got me into the Master program. The pre-master followed up on the Bachelor of Information & Communication Technology I completed at Fontys University of Applied Sciences in Eindhoven. The final phase of writing my master thesis took me three months longer than the Information Management program dictates. My focus was therefore not on finishing within the academic year, but on conducting a complete and valid research that is also usable in practice. The university and my university supervisor really supported this by providing good feedback while also having high expectations. This could be afforded by the small and intimate scale of the Information Management department at the university. This thesis describes the research I did on the management of Software-as-a-Service (SaaS) applications. For traditional applications, frameworks like ITIL and ASL are nowadays considered to describe a de-facto standard set of processes for shaping effective, efficient and mature management processes for technical, functional and application management. However, these frameworks are based on good practices that may not be applicable in a cloud environment. Since model-driven development is also emerging with this trend of cloud deployment, SaaS and model-driven development are the studied subjects of this research. The research subjects result from the initial conversation I had with Capgemini operational manager Marcel Lamb. This conversation clarified that many large companies, among which Capgemini, are currently seeking how they should use these emerging technologies. The companies do not question whether and how they should do the development, since that has already been going on for some years, but nowadays the interest is mainly in how these technologies need to be managed after they have been developed. I would hereby like to thank everyone who helped me with my research or was somehow involved in it. I would especially like to thank my university supervisor for the ideas and insights resulting from the regular conversations we had. I thank all people who participated in the two case studies and the two validation cases involving expert reviews. Without the interviews you were willing to participate in, the theory developed in this research could not have been adapted to the use in practical situations. I would like to thank my parents for reading my thesis and providing their feedback, I thank the study association ASSET | SBIT for organizing some memorable activities and always being there for a break and I thank my family and friends for the support they gave me during my study and the months of writing my thesis. Above all, I thank God for the opportunities He brought on my path. Anne Slaa Tilburg, November 2012 Preface ii Management of cloud sourced applications TABLE OF CONTENTS MANAGEMENT SUMMARY I PREFACE II TABLE OF CONTENTS III FIGURES AND TABLES V INDEX OF FIGURES V INDEX OF TABLES V LIST OF ABBREVIATIONS VI 1. INTRODUCTION 1 1.1. RESEARCH SETTING 1 1.1.1. Profile Capgemini 1 1.1.2. Structure Capgemini 1 1.1. RESEARCH MOTIVATION 2 1.2. RESEARCH OBJECTIVE 4 1.3. PROBLEM STATEMENT & RESEARCH QUESTIONS 4 1.4. RESEARCH METHOD 5 1.4.1. Design science research 5 1.4.2. Research design 6 1.5. SCOPE AND LIMITATIONS 7 1.6. THESIS STRUCTURE 8 2. THEORETICAL FOUNDATION 9 2.1. PRESENTING THE CLOUD 9 2.1.1. Definition 9 2.1.2. Key advantages 10 2.1.3. Entrance barriers and challenges 10 2.1.4. The cloud computing stack 11 2.1.5. Cloud service environment and lifecycle 12 2.1.6. A part of evolution history 13 2.2. SOFTWARE DEVELOPMENT AND DELIVERY 14 2.2.1. Software delivery models 14 2.2.2. Agile development 15 2.2.3. Model-driven application development 16 2.2.4. Template-driven application development 17 2.3. TRADITIONAL IT MANAGEMENT 17 2.3.1. Defining governance, management, maintenance & control 18 2.3.2. IT service management, ITIL & ASL 20 2.3.3. Capability maturity models 22 2.3.4. The Capgemini management framework 23 2.3.5. Management implications of cloud computing 24 2.4. CHAPTER SUMMARY 26 3. DEVELOPING THE SAAS MANAGEMENT FRAMEWORK 27 3.1.