Business and IT-Cloud alignment
This Wiki should serve as a starting point and be based on the Zachman framework in order to create a common understanding regarding the technical realisation for BPaaS in the cloud.
The topics of this Wiki address four communities:
- the business process management community addressing BPaaS - Design by providing definitions, standards tools, approaches and samples. Business and IT alignment aspects are considered via semantic lifting of business process models, ITinfrastructure model, workflow models and cloud service component modelsfor the BPaaS Allocation a modeldriven approach in order to create BPaaS Cloudlets is described by elaborating the use of UML concept models, semantics and smart mechanisms to check the consistency and correctness.
- for the BPaaS execution the workflow and SOA community providers the computer orchestration view point with standards and tools. Multi-cloud access and the service management across several cloud-infrastructures are described and approaches are pointed out the BPaaS Evaluation Environment defines how QoS and SLA need to be lifted to QoBP and how meta model extractioncanbe used for process monitoring in a multi-Cloud environment.
- for the BPaaS execution the workflowand SOA community providers the computer orchestration view point with standards and tools. Multi-cloud access and the service management across several cloud-infrastructures are described and approaches are pointed out
- the BPaaS Evaluation Environment defines how QoS and SLA need to be lifted to QoBP and how meta model extractioncan be used for process monitoring in a multi-Cloud environment.
Service Models (as in D1.5):\\ #
Software as a Service (SaaS): #
Software as a Service (SaaS) is defined by NIST as The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited userspecific application configuration settings.
Beside the application specific data protection challenges and control of certain connectivity constraints (such as enforcing encrypted communications over the web front-end using https) the consumer must delegate the enforcement completely to the provider as the underlying infrastructure and services are unknown in terms of technology, geographical location. An assessment of the data protection is not possible via the client interfaces.
Platform as a Service (PaaS) #
Platform as a Service (PaaS) is defined by NIST as "The capability provided to the consumer is to deploy onto the cloud infrastructure consumer created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment."
Similar to the SaaS model the consumer has only a very limited ability to control the enforcement and enactment of data protection policies and must rely on the provider to deliver the services in accordance to the required procedures and levels.
Infrastructure as a Service (IaaS): #
Infrastructure as a Service (IaaS) is defined by NIST as "The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls)."
As this model provides more control to the consumer it also comes with more possibilities to enforce data protection independently from the IaaS provider. For example on top of the provided storage infrastructure (e.g. Dropbox) a user can perform the necessary encryption or distribution of data parts to meet certain requirements but has no control about constraining the physical location of the server, the surroundings of the server (e.g. type of room, thickness of the walls around the servers, access policies of system administrators etc.)
Operation Models #
- Private Cloud
- Public Cloud
- Community Cloud
- Hybrid Cloud
Data Types and Classification #
- Protection Level 3 (extreme Impact)
- Protection Level 2 (high Impact)
- Protection Level 1 (moderate Impact)
- Protection Level 0 (limited Impact)