Hide Notes 

Slide 1: imaginea white paper Cloud and E-Governance Cloud Computing provides a great opportunity for governments across the globe, to provide reliable E-Governance quickly, at lower costs. Cloud computing features like application virtualization, end-to-end service management, instant deployment and ease of maintenance are catalysts that jumpstart application deployment on the Cloud. With proper planning, execution, training and good management, the Cloud infrastructure can greatly reduce overall costs for government departments maintaining and managing E-Services for E-Governance, and help in efficiently utilizing the tax payer’s money. ReddyRaja A, Imaginea and Vasudeva Varma, IIIT- Hyderabad Copyright ©2009, Imaginea Inc. Imaginea is a Pramati business. All trade marks and names belong to their respective owners.
Slide 2: WHITE PAPER CLOUD AND E-GOVERNANCE 2 4 5 6 7 7 8 9 10 11 12 12 13 14 15 16 16 16 18 18 19 20 21 21 21 21 22 22 23 24 24 Contents Executive Summary E-Governance Applications Reference Architecture – Typical E-Governance Applications Cloud Computing Characteristics Considerations for building Cloud based E-Governance applications Cloud Taxonomy Cloud Service Management Data Center Operations Cloud Layers Cloud Architecture for E-Governance IaaS: Infrastructure as a Service PaaS: Platform as a Service SaaS: Software as a Service Cloud Eco System – Public, Private and Hybrid Clouds Benefits of the Cloud Reduced TCO Scaling on Demand Database Scaling Business Intelligence and Analytics Disaster Recovery Cloud Migration Strategy Organization Structure and Data Center Processes Access Controls People, Processes and Technology Cloud Risks Standards of Compliance in Cloud computing industry SAS 70 HIPAA Sarbanes-Oxley Act Summary and Conclusions imaginea
Slide 3: WHITE PAPER CLOUD AND E-GOVERNANCE 3 25 25 25 25 25 26 26 26 26 27 28 28 28 28 28 28 28 Appendix A – Challenges in E-Governance Data Scaling Auditing and Logging Rolling out new Instances, Replication and Migration Disaster Recovery Performance and Scalability Reporting and Intelligence (Better Governance) Policy management Systems Integration and Legacy software Going Green Appendix B – FAQ about Cloud Computing How does one build a private cloud? How Secure is the data on the Cloud? Can we leverage existing data centers to build cloud? Can I have my application SaaS enabled? What is multi-tenancy? How can I use public cloud for e-governance? imaginea
Slide 4: WHITE PAPER CLOUD AND E-GOVERNANCE 4 paves the way for sharing of information and workflow between agencies, and which enables the delivery of seamless services to the public. Cloud architectures allow rapid deployment of turn-key test environments, with little or no customization. No one should be deluded by the complexity and scale of services and hurdles to be overcome when implementing such a large scale program in the context of e-governance in India. Cloud migration can be attempted step-by-step, by piloting some applications. The experience and knowledge gained would help establish a solid infrastructure for e-governance. Technology merely gives us tools, but it is the people and process aspects that must be understood well, and hence standard procedures and policies to maintain the Cloud infrastructure are a must. With proper planning, execution, training and good management, the Cloud can greatly reduce overall costs and help in efficient and better utilization of the tax payer’s money. Some baby steps have already been taken in providing E-Governance services, and it is time for the big leap. The Cloud can truly become the backbone for providing services, for the government. SAS70, HIPPA and SOX offer standards of compliance to IT infrastructure. These compliances provide a solid foundation for the future. Cloud computing can start with these compliance standards and refine them as it evolves. In rest of the document we discuss Cloud Taxonomy, Cloud Layers and benefits of using the Executive Summary This white paper describes the role of Cloud computing standards and architectures in framing a good E-Governance strategy. Governments can realize the potential benefits of Information Technology when providing e-services, more quickly. E-Services deliver cost-effective services that drive the growth of the economy and government productivity. Cloud Computing provides a great opportunity for enabling reliable E-Governance quickly at lower costs. Cloud computing features like application virtualization, end-to-end service management, instant deployment and ease of maintenance are catalysts, that jumpstart application deployment on the Cloud. The paper recommends taking to a Cloud infrastructure step-by-step, rather than going in for a one step, big-bang approach. All consolidated data centers already use some of the features of the Cloud, and hence, realizing e-governance through the Cloud Computing would involve extending the use by current data centers of some of the tools and technologies to manage resources better. The strategy for E-governance would involve building a Private Cloud with public interfaces that can scale and provide the required agility and flexibility. The biggest benefit of the Cloud is that it helps consolidate all data centers and optimize resource utilization, reducing support and maintenance costs by more than half, without compromising on performance, availability and reliability of applications. A unified e-government infrastructure, based on Cloud and SOA architectures is required one that imaginea
Slide 5: WHITE PAPER CLOUD AND E-GOVERNANCE 5 • E-Taxation: E-taxation offers an easy and efficient way for individuals and businesses to pay taxes. Land Records: Managing land records, registrations, transfers, surveys and geographic maps. Revenue Management: Managing revenue sources and spending Contract Management: Tenders, contract management and such other applications. • Cloud. A section is also devoted to implementing Cloud in steps for E-Governance. E-Governance Applications The Government is the primary provider of all these applications, giving its citizens, employees, state owned enterprises and others, access to such applications. E-Governance aims to provide reliable services to all stakeholders, round-the-clock, with acceptable levels of performance. There are many E-Governance applications. Some common E-Governance applications are listed here for brevity: • E-proc urement: Automation of purchase and sale of supplies and services over the Internet for the Government and various governmental bodies. HRMS: Government can configure payroll and benefit systems, create and manage training systems and even track performance reviews. HRMS can eliminate the need for paper work, thus helping the government in its go green initiatives. E-Police: Providing easy access to information by making queries across databases of policestations across zones and states, for efficient policing. This increases safety mechanisms and helps provide better services too. E-Court: E-Court facilitates integration of different courts, improves scheduling of cases and effective exchange of information between stake holders. • • In this context, using the Cloud as a back bone infrastructure for hosting these applications becomes important. • • • imaginea
Slide 6: WHITE PAPER CLOUD AND E-GOVERNANCE 6 Reference Architecture – Typical E-Governance Applications Fig 1.0 A typical E-Governance Application Architecture A typical E-Governance application architecture, as shown in Fig 1.0, has the following layers: 1. Front End: This is the UI layer, with which users interact. This layer can be accessed from a variety of devices like a mobile phone, a home PC, or a kiosk. While Web 2.0 technologies provide rich user interfaces, they could limit cross-browser compatibility. 2. Middle-Tier: This is the layer where all the business objects, their interactions and processes exist. This layer computes the business logic. Backend Systems: Backend systems contain all the data. These are the resources that need to be protected and hence, we see most commonly a firewall that closes all the 3. imaginea
Slide 7: WHITE PAPER CLOUD AND E-GOVERNANCE 7 characteristic helps the Government in efficient utilization of hardware and software. They do not have plan, or bother about over-provisioned resources, as they likely to get resources whenever required. 3. The resources are geographically located at different places. This characteristic helps the government do better disaster planning. Cloud computing allows for abstraction of hardware and software. This allows for procurement of hardware and software resource from multiple vendors without vendor lock-in. The resources scale easily and can be safely assumed to have infinite capacity. ports except the database ports. This layer needs utmost protection from hackers to avoid data theft, misuse etc. The biggest benefit of this architecture comes from the virtualization of these layers. The layers, when they operate, can be moved around to provide fault tolerance and high availability, and the ability to scale horizontally. Most E-Governance applications can be designed using the above stack. The actual technical stack does not really matter. The technology could be based on J2EE or .Net architecture or LAMP. But the basic principles of application design would remain the same. All the E-government applications may not fit into this architecture but nevertheless, this would be the reference architecture for most E-Governance applications. Cloud Computing Characteristics There are various definitions of Cloud computing. All the definitions describe the following characteristics: 1. Infrastructure costs will be OPEX (operational expenditure) and no CAPEX (Capital Expenditure). This essentially amounts to providing and hardware infrastructure to various departments of governments instantaneously with ease. The departments do not have to bother about procuring hardware and software resources, allowing them to focus on the services they provide. Pay-as-you-go basis and resources are available dynamically and immediately. This 4. 5. Considerations for building Cloud based E-Governance applications The following are important considerations while building cloud based applications: 1. High Availability: Applications deployed are inherently high available without incurring too much on infrastructure costs. This feature is extremely useful in disaster recovery and planning. Dynamic scalability: The resources can scale immediately and are available on demand. Low latency across all layers of Web Application like Front end, middle layer and database layer, as shown in Fig 1.0. Scaling the DB is the most challenging aspect of designing the application. 2. 3. 2. imaginea
Slide 8: WHITE PAPER CLOUD AND E-GOVERNANCE 8 • Virtualized Resources: Resources that are assigned to services. These resources need not be bound to one physical resource, and can be moved from one physical resource to the other. For example, an application running on virtual machine can be moved from one physical machine to other physical machine without the user being aware of it. Cloud Taxonomy An overview of the Cloud Taxonomy is shown in Figure 2.0. A brief description of Cloud Taxonomy is given below: Fig 2.0 Cloud Taxonomy • Physical Resources: These are blade servers, SAN and switches. Typically, the equipment would be the latest. There could be issues of compatibility, vendor lock-in, hardware life cycle management, and so on. • Platform Services: These consist of re-usable platform services. Middleware, integration and security services top the list. These services form a standard, reusable software library that can be used across all e-governance applications. imaginea
Slide 9: WHITE PAPER CLOUD AND E-GOVERNANCE 9 Cloud Service Management A service management system provides the visibility, control and automation needed for efficient Cloud delivery in both public and private implementations. Cloud Service management involves the following basic services: • Simplified user interaction with IT: A user friendly self-service interface accelerates time to value. The service catalog enables standards which drive consistent service delivery and provides enhanced transparency and accountability. Applications can be chosen from a service catalog and deployed within minutes. After sufficient testing and customization, service management tools can be used to create a production instance with required backup services. All of this can happen in no time compared to a month required for deployment in traditional architectures. Service catalogs can cater to various services from provisioning an individual server, to automatic provisioning of a three-tier E-Governance application. Provisioning enables policies that lower cost: Automated provisioning and de-provisioning speeds up service delivery. The provisioning of policies allows release and reuse of assets. Its centralized identity and access control policies provides fast and affordable adherence to security compliance. Increased system administrator productivity: The productivity increase is attributed to its • Application Services: The Layer where application services are virtualized. This is also termed as a SaaS Layer, and is described in the next section. The application service customization can be configured and deployed. Additionally, applications can be shared using multi-tenant architecture, with multiple tenants sharing the same instance. Service Life Cycle management: This layer provides most of the operational services for deploying and provisioning applications. Images are snapshots of operating system and/or application software running in virtual machines. By dealing with images, the Cloud virtually makes them highly available and fault tolerant applications. End-user management: Request management, service catalog, design build services, SLA monitoring and other functions like billing etc provide end-user management services. Operations Management: Day-to-Day operations of the cloud computing structure. Procedures and policies, deployment considerations and use of catalog if images are considered for consumption etc. • • • • • imaginea
Slide 10: WHITE PAPER CLOUD AND E-GOVERNANCE 10 center operations must be carried with set of procedures and policies to secure resources from hacking for denial of service attacks and data theft. • location and monitor the performance of these machines and their hosts. It is possible to migrate applications live, from one virtual host to the other. They also enable dynamic, policy-based allocation of IT resources with automated load balancing, and eliminate repetitive configuration and maintenance tasks. Service catalog, end-user management: The service catalog lists all the services offered by the Cloud. It could be infrastructure services or application services. The Cloud infrastructure must also offer design and build services optimized for the Cloud. End-user management deals with managing user expectations, be it an individual customer, or a small and medium business. move from management silos to a service management system. • Improved service delivery to the citizens in their constituencies: Provides improved informational services to citizens. Automates virtual infrastructure for peak performance: Virtual infrastructures accelerate provisioning time by 50 to 70%. They help manage virtual machines from a central. • Data Center Operations • Cloud and Service Level Agreements Fig 3.0 Data Center Operations • Data center operations form the crucial part of the Cloud management. Operations can pan multiple data centers. Data center operations should include monitoring the health of various services for performance, availability and security, apart from others. The following diagram in Figure 3.0 depicts a summary of operations on the Cloud. Data Top players promise 99.95% of availability for the infrastructure they provide. The same tools that are used for monitoring and enforcing of SLAs in the data center can be used for the Cloud. For a Cloud, SLAs offer additional benefit in the form of a feedback to the system to scale up or scale down resources. • imaginea
Slide 11: WHITE PAPER CLOUD AND E-GOVERNANCE 11 • SaaS offers service virtualization. SaaS services are pre-built services that can be deployed on demand. SaaS shows a peep into the future for major E-governance projects. A typical e-governance application setup can come down to few days compared to weeks and months of application deployment effort using SaaS Services. Cloud Layers Cloud computing is divided into three layers based on the type of services each layer provides. Each layer provides independent services across these layers. • IaaS provides network, storage and CPU on demand. The infrastructure should provide backup and restore facilities that can be used by the services. PaaS offers certain platforms as services. A Queue Service for a payment gateway needs Queuing infrastructure. This infrastructure is provided to the applications as part of the Cloud. Applications could use this service as part of their solution. • Fig 4.0 Cloud Computing Layers imaginea
Slide 12: WHITE PAPER CLOUD AND E-GOVERNANCE 12 Cloud Architecture for E-Governance The section deals with elements of the Cloud which are useful for deployment on the Cloud. IaaS: Infrastructure as a Service Some typical IaaS services provided by a Cloud are shown in Figure 5.0, below. Fig 5.0 IaaS in the Cloud • Servers: Virtual Servers can be dynamically allocated on pay-per-use basis from the Cloud. There could be a choice of operating systems. Currently, Linux (different flavors) and Windows are preferred operating systems on the Cloud. Different vendors provide virtualization of servers over physical servers. Some of them are VMware, Citrix. • Network: The Cloud provides networks ondemand. Configuring networks dynamically, as per requirement, is challenging. Virtual interfaces, switches provide increased level of fault tolerance and better management of bandwidth. Storage: Storage required for the applications is allocated on demand. Typically this is provided by the Storage Area Network. SAN is an essential • imaginea
Slide 13: WHITE PAPER CLOUD AND E-GOVERNANCE 13 • Load Balancer: Applications need to scale on demand and/or as per the planned traffic. This requirement demands that applications have to be clustered in a proper way. E-governance application infrastructure: Application stack can be standardized and delivered consistently for various applications. This eases delivery of patches and saves cost in support and maintenance. The application infrastructure service could include: • Database Services • Work flow services • Queuing Services • Security Services • Integration Services • Backup Services E-governance applicability: The PaaS layer, also referred to as the Platform Services in the Cloud Taxonomy shown in fig 2.0, is the most important for E-Governance. E-Governance requires standardization of platform and application stack. The same platform can be deployed again and again without much effort. The benefits of this service are: • • • Availability of a pre-configured and customized application stack Deployment for development and production made possible in a consistent manner Patch deliveries becomes easy and uniform across the platform part of the Cloud and provides storage services. SAN can be built using iSCSI or Fiber Channel devices. E-governance applicability: Servers could be allocated on demand for E-Governance applications. Customized virtual machines with in-built security and pre configured tools can be standardized for typical class of E-Governance applications. This helps reduce maintenance efforts, and troubleshooting becomes easy. Some of the salient features that can be leveraged from the Cloud are: • • • • • • • On demand provisioning of virtual servers Pre-configured, customized virtual machines Storage on demand Snapshots of virtual machines and apps managed by the Cloud Instantly restoration of snapshots Effortless replication and migration of applications, which helps in disaster recovery Provisioning of virtual servers through web services API helps applications request servers and storage on demand • PaaS: Platform as a Service Platform as a service provides the following features: • Middleware: Middleware software like J2EE or .Net containers (comes with Windows) can be made available on demand. These middleware can be provisioned for deploying applications in a few minutes. imaginea
Slide 14: WHITE PAPER CLOUD AND E-GOVERNANCE 14 shown below. As observed, with the shared approach, the initial cost is greater as compared to the isolated model. Over a period of time, the shared model reduces the total cost of ownership. E-governance applicability: E-Governance applications require a SaaS model for consistent delivery of applications. E-Governance could use all these types of models based on the requirements of an application. With SaaS, pre-customized applications can be delivered instantly in a matter of days. Good security patterns should be given importance in a shared model for enhanced safety and data isolation. • • • Pre-configured and customized application services Faster deployment of application service instances Sharing of application reduces overall cost of ownership. • • Reduced maintenance and support Knowledge of stack eases development time and effort, thereby reducing overall costs in development and maintenance of enhanced or new software for delivery SaaS: Software as a Service Software as a Service is an important paradigm that helps reduce the total cost of ownership. Software as a service facilitates easy deployment and maintenance of services, by standardizing services. SaaS services vary, based on how they share the database infrastructure: • Isolated database, different source code for each service and different instances Fig 6.0 Cost savings with Shared Model • • • • Isolated database, same source code, different instances for each application Isolated database, share the same instance Shared database, the same, shared instance The economic results of a shared approach against an isolated approach over time, is imaginea
Slide 15: WHITE PAPER CLOUD AND E-GOVERNANCE 15 strategy around Cloud resources, spending little or no capital to manage their own IT infrastructures. The Eco system was built around Public Clouds – commercial Cloud providers who offer a publicly accessible remote interface to create and manage virtual machine instances within their proprietary infrastructure. Cloud Eco System – Public, Private and Hybrid Clouds The key components of a Cloud are the systems for virtual infrastructure management, and for automated provisioning from a pool of resources meeting requirements. At the core of the Virtual Management Infrastructure is the Hypervisor technology, which allows virtualization of physical Fig 7.0 Cloud ECO System- Public, Private and Hybrid servers into virtual machines. The biggest benefit of virtualization is movement of machines without worrying about where they are located. Over time, an Eco system of Cloud providers has started offering different types of services. A growing number of IT companies are devising their Private Cloud- Open Source Cloud Computing and other tools that allow organizations to build their own IaaS Clouds using their internal infrastructure. The primary aim of these Private Clouds is not to sell Cloud Computing Resources such as CPU, Storage and Network, but to provide a flexible and agile imaginea
Slide 16: WHITE PAPER CLOUD AND E-GOVERNANCE 16 • Can reduce IT labor costs by 50% in configuration, operations, management and monitoring Can improve capital utilization by 75%, significantly reducing license costs • infrastructure to run service workloads within their administrative domain. Private Clouds can supplement their infrastructure with computing capacity from external Public Clouds. A Private/ Hybrid Cloud can allow remote access to its resources over the internet using remote interfaces, such as web services interfaces used in Amazon EC2. E-Governance applicability: A Private Cloud exposed to users with Public Cloud interfaces will be appropriate for E-governance use. The aim of such an approach would be providing agile and flexible resource management, along with maximum server utilization. The current data centers of E-governance applications can be architected to become Private/Hybrid Cloud, with resources managed using the Cloud interface, but within the Private Cloud. Data centers with virtualized infrastructure management would become Private Clouds. The challenge would be to manage the finite number of resources efficiently. In order to satisfy service level agreements, requests for resources have to be prioritized, queued, deployed and even rejected, and hence good management solutions have to be built around Private/Hybrid clouds. Benefits of the Cloud Reduced TCO A simple graph showing the cost advantages of Cloud over traditional infrastructure is shown below. The Cloud infrastructure: Fig 8.0 Governments can significantly reduce costs using the Cloud infrastructure as against traditional IT infrastructures. • • Reduce provisioning cycle times from weeks to minutes Can reduce end user IT support costs by up to 40% Scaling on Demand The three tier application architecture that was discussed earlier is inherently scalable. However, scaling involves deployment and configuration of hardware and software. Doing this manually is a huge task and could takes weeks to months. One also needs to take into account planned downtime. It is because of these reasons; applications are imaginea
Slide 17: WHITE PAPER CLOUD AND E-GOVERNANCE 17 touch peak loads during tax-filing season, and during other times the application would be underutilized. This reduces the overall utilization. The Cloud help resources to be utilized to 70% their capacity. Cloud provides semantics to allocate resources on a need basis. A sample use case showing the addition of new instances on demand is shown below: sized for their peak traffic. For example, Tax filing applications are sized for their peak load, even though the traffic will be high only three months of tax season. The Cloud will allow the applications to size according to their traffic, and provision resources on demand. The resources can be scheduled automatically by monitoring certain quantitative parameters like request per sec, traffic, overall throughput, average load etc, to scale up and down. The resources can also be scheduled manually to meet periodic demands in load. Fig 9.0 Automatic scaling-up in a Cloud The Cloud architecture offers tools, using which applications can scale linearly and even downsize themselves, when there is no longer a need for resources. The E-Governance application architecture proposed earlier scales easily. The Cloud will help in automatic scaling up or down based on needs. For example, the infrastructure may Fig 9.0 above shows that a new Amazon EC2 instance is added based on the monitored load. The instance is configured and added to the load balancer to take additional loads. The scaling up or down can be driven with policy to support wide variety of policies and configurations. imaginea
Slide 18: WHITE PAPER CLOUD AND E-GOVERNANCE 18 effectively to provide intelligence on what has worked and what has not. Distributed Computing technologies like Hadoop are used for large scale processing. Hadoop along with Cloud computing can be used to processing large amount of data. E-Governance requires business intelligence mined from huge volume of data. This intelligence can be used to better provide services to end users. Database Scaling The Cloud offers multiple options for scaling databases. Traditionally applications were designed using RDBMS technology. The databases can be scaled in a Cloud either by adding additional storage facilities, or using partitioning technologies. The databases should be scalable to deal with large data that is generated and stored over the years in case of E-Governance applications. Scaling these applications becomes expensive after the database reaches a certain size. New classes of databases using Key Pairs scale well and ensure that application availability is higher compared to those using traditional databases. Certain classes of applications perform better with the new type of databases that can store data using Key Value pairs. While Relational Databases ensure the integrity of data at the lowest level, Cloud databases could be scaled and can be used for such type of applications. Cloud databases offer unprecedented level of scaling without compromising on performance. Cloud databases must be considered if the foremost concern is on-demand, high-end scalability – that is, large scale, distributed scalability, the kind that can’t be achieved simply by scaling up. Business Intelligence and Analytics Even though the commonly used term in the business context, business intelligence has been used here, the term here refers to the actual intelligence about the services of various government functions and their effectiveness. The huge amount of data available with the government can be mined Fig 10.0 Sample Charts illustrating BI imaginea
Slide 19: WHITE PAPER CLOUD AND E-GOVERNANCE 19 The simplest Disaster Recovery plans are to take regular backups of both programs and data and store it in multiple locations separated geographically. These backups can be used to restore the system at a later point of time. The second approach is to take a backup of the program once and of the data at regular intervals, and store them at different locations. The biggest disadvantage with this approach is the time taken for recovery. The Cloud offers tools and technologies that make disaster recovery simple and easy. The following picture shows that data and programs are regularly backed across different data centers. Each application is replicated across two other data centers. This is apart from the backups that happen locally at each data center. The replication mechanism is made simple with Storage Area Network technologies where the disks can be E-Governance applications might have to mine data and process large data-sets for generating reports or charts. The application that does this processing requires higher number of CPU and storage. The output of these applications can be used to provide better intelligence to users of applications that provide services. Distributed application frameworks like Hadoop can blend well into Cloud computing architectures that solve the problem of large data processing. Resources can be allocated dynamically to these kinds of applications from a free pool of resources. Disaster Recovery Disaster recovery, the process of protecting a data and IT infrastructure in times of disaster, is typically one of the more expensive options. It involves maintaining highly available systems, keeping both the data and system replicated off-site, and enabling continuous access to both. Fig 11.0 Disaster Recovery Mechanisms imaginea
Slide 20: WHITE PAPER CLOUD AND E-GOVERNANCE 20 • Cloud Criteria: Come up with a simple criteria on what kind of applications should move to the Cloud and why. The architects can collection information on application usage, traffic flow, requests per sec, application stack, architecture etc before making a decision to move to the Cloud. Information related application sharing, platform compatibility, applicability to multiple tenants, scaling up and down based on load should be considered before moving the application to Cloud. Cloud ROI: ROI should be evaluated for short-term and long-term before a set of applications are migrated to the Cloud. The points to be considered are hardware costs, software licensing costs, control and cost tradeoffs etc. One should ensure that performance is part of the evaluation. Applications from others vendors with better billing models could also be considered before making the move to the Cloud. Cloud Migration: Once the application to be moved to the Cloud is determined, its migration has to be planned. A Proof of concept would be a good way of checking this out. Application development and deployment processes, path updates etc should be considered while designing the applications to be moved to the Cloud. Cloud Maintenance: Once the application is deployed and running, the application has to be supported and maintained. One should backed up. The latest backups can be located on the disks and old backups can be copied to tapes. When a disaster happens, resources on the other data source can be bought up immediately to provide high availability. In Cloud, this is simply done by using the latest snapshot of the application image. The image can contain the program code, data recovered from backup and runs. This kind of restoration can be configured to be instantaneous or can be done manually. In both cases, the time to bring up an application in the Cloud would reduce from weeks to hours of deployment time. Using the Cloud, advanced disaster recovery mechanisms can be maintained, where applications in one data center are automatically backed up in other data centers. In case of disaster, one simply needs to deploy the snapshots on a different data center and enable them for use. Recovery plans and customized recovery procedures for each application can be customized in the Cloud architecture. Cloud Migration Strategy Migrating to the Cloud has to be carefully thought out and must be done in little steps rather than with a big bang. It takes lot of resources, research and successful proof of concepts before getting it right. Before migrating to the Cloud, architects and line of business managers must treat IT as a service and understand the business benefits of service, and its current and future architecture. The following steps are suggested guidelines for architects and CIOs to migrate to the Cloud: • • • imaginea
Slide 21: WHITE PAPER CLOUD AND E-GOVERNANCE 21 revoked when the job is done. This allows strict control and helps audit changes taking place in the data center. People, Processes and Technology The technology aspect is taken care by the Cloud. People and processes are the most critical parts in making E-Governance successful. The data center processes have to be rigorously worked out and some of the well known compliances like HIPPA and SAS 70 audit procedures should be in place. The security procedures of the data center must have good access control mechanisms in place and give access only when needed, and must revoke access after the job is completed. Cloud Risks Cloud technologies have evolved and increasingly being used in enterprises, education and healthcare. Cloud computing is used primarily on a pay-asyou-go basis model by companies that need huge computing power for short periods of time. Different Cloud providers follow different APIs and exchange messages in their systems. There is little or no Cloud interoperability. For E-governance, this is not an issue at all, since it is expected to host all E-Governance applications on a Private Cloud built exclusively for E-Governance. Technology is no longer a bottleneck for E-Governance but complying with various regulatory requirements is a major stumbling block. The Government should quickly put in place Accountability Law, Law for Privacy, Laws against data theft etc for a full fledged control and monitor the software and adapt as the requirements change. Organization Structure and Data Center Processes Governance requires strict access controls to manage access to the Cloud infrastructure. Cloud security can be classified into three levels: • • Physical Security: The physical security of the machines, including theft, terrorist activities etc. Access to Cloud Infrastructure tools: Strict access control restrictions with SAS70 type II audition certification standards are required. Application security: Security of the application hosted. In some cases, the applications hosted can become the ‘bad guys’ that generate denial of service attacks and other attacks on the Cloud. • A report from one analyst pointed out that less than one-third of data centers follow ITIL process methodologies. According to a research paper, 30% are working on introducing ITIL initiatives and 9% are making plans to implement ITIL. There were 20% merely investigating ITIL and 12% confessed they were not familiar with it at all. Access Controls Access to the host machine has to be completely protected. No employee must be able to get into to the host machine at will. They can only access the data required and any changes must be made using change control processes. In case of access to the host, the concept of least privilege and two-factor authentication needs to be provided. Controlled access is issued only when required and imaginea
Slide 22: WHITE PAPER CLOUD AND E-GOVERNANCE 22 auditor’s examination performed in accordance with SAS No. 70 (“SAS 70 Audit”) is widely recognized, because it represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SAS 70 audit reports even more important to the process of reporting on the effectiveness of internal control over financial reporting. A Type I report describes the service organization’s description of controls at a specific point in time (e.g. June 30, 2003). A Type II report not only includes the service organization’s description of controls, but also includes detailed testing of the service organization’s controls over a minimum six month period (e.g. January 1, 2003 to June 30, 2003). The contents of each type of report are shown in the following table: E-Governance using the Cloud. The overall bandwidth provided by the Cloud for various applications could be limited because of its centralized model and sheer size of the center. Applications that need lots of data transfer have to be evaluated before being embraced. Technology is no longer the driving factor. However, compliance, government regulations and laws to protect the data are determining the contours of this area. There are no compliances formulated by the government for Cloud providers and usage. The compliance and regulations followed in US could be adopted for E-Governance in India. Standards of Compliance in Cloud computing industry The standards and compliances for providing Cloud Computing services are evolving. Today, SAS 70 is used by Cloud providers as a standard for providing services to the consumers. Regulations with respect to the location of the data, various controls in place to protect the data, proper auditing procedures to monitor the effectiveness of the controls have to be in place for using Cloud Computing E-Governance. Since, we advocate a private cloud for Government, data protection, security would be a very important aspect being managed. SAS 70 Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service imaginea
Slide 23: WHITE PAPER CLOUD AND E-GOVERNANCE 23 Type I Report Included Type II Report Included Included Included Report Contents 1 2 3 Independent service auditor’s report (i.e. opinion). 4 Service organization’s description of controls. Included Information provided by the independent service Optional auditor; includes a description of the service auditor’s tests of operating effectiveness and the results of those tests. Other information provided by the service organi- Optional zation (e.g. glossary of terms). Optional In a Type I report, the service auditor will express an opinion on (1) whether the service organization’s description of its controls presents fairly, in all material respects, the relevant aspects of the service organization’s controls that had been placed in operation as of a specific date, and (2) whether the controls were suitably designed to achieve specified control objectives. In a Type II report, the service auditor will express an opinion on the same items noted above in a Type I report, and (3) whether the controls that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the control objectives were achieved during the period specified. HIPAA HIPAA provides national minimum standards to protect an Individual’s health information. HIPAA was originally created to streamline healthcare processes and reduce costs, while ensuring individual consumer privacy. The U.S department of Health and Human Services (HHS) manages and enforces these standards. HIPAA covers Protected Health Information (PHI), which is any information regarding an individual’s physical or mental health, the provision of healthcare to them, or payment of related services. PHI includes personal information such as Social Security Number, name, address, phone number, medical condition when linked to a patient, and some type of billing information. HIPAA’s privacy rule requires that the health information of individuals is properly protected by covered entities. Among other requirements, the privacy rule prohibits entities from transmitting PHI over open networks or downloading it to public or remote computers without encryption. HIPAA’s security rule requires entities to put in place detailed administrative, physical and technical safeguards to protect electronic PHI. The covered entities are required to implement access controls, encrypt data, and setup back-up and audit controls imaginea
Slide 24: WHITE PAPER CLOUD AND E-GOVERNANCE 24 end user satisfaction levels. Cloud architectures when properly applied to developing E-Governance applications transforms the nation into an Information Society. Service level agreements are the key for the government to measure how well the services are being performed and provided by the government. The Cloud helps provide E-Governance services faster and cheaper thereby accelerating the adoption and use of Information technology for e-services. Cloud architectures allow rapid deployment of turn-key test environments with little or no customization. Current data centers are already using the Cloud in one form or the other. Consolidating these data centers and applying some of the Cloud architectures would drastically improve the utilization of resources and reduce the total operating costs for these data centers by more than 50%. Monitoring data centers for traffic and resource utilization is the key to the adoption of Cloud Computing architectures for E-Governance. The E-governance should consider people, process and technology and come up with comprehensive processes, standards to be followed when managing E-Governance infrastructures. for electronic PHI in a manner commensurate with the associated risk. Sarbanes-Oxley Act Sarbanes-Oxley, also called as Sarbox or SOX, is geared towards accountability of public companies along with Investor Protection Act, and Corporate and Auditing Accountability and Responsibility Act. The act significantly raises criminal penalties for securities fraud, for destroying, altering or fabricating records in federal investigations or any scheme or attempt to defraud shareholders. As expected, there are criticisms and praises for SOX. Former Federal Reserve Chairman Alan Greenspan praised Sarbanes-Oxley act. He felt that corporate managers should be working on behalf of shareholders to allocate business resources to their optimum use. Other view is that SOX is an unnecessary and costly government intrusion into corporate management that place U.S corporations at competitive disadvantage with foreign firms and bring an overly complex regulatory environment into US financial markets. Summary and Conclusions The Cloud provides a solid foundation for the introduction of widespread provision of services to various stakeholders. Applications designed using the principles of Service Oriented architecture and deployed in Cloud architectures will help the government reduce operating costs and increase imaginea
Slide 25: WHITE PAPER CLOUD AND E-GOVERNANCE 25 Rolling out new Instances, Replication and Migration Traditionally, applications in E-Governance are built for government departments and municipalities, and so these take more time, effort, resources and budgetary allocations. This is true for all types of applications. It should be possible to replicate these to other municipalities, departments or e-courts whenever needed, as part of E-Governance. Cloud architectures offer excellent features to create an instance of application for rolling out to a new municipality. The Cloud can reduce the time to deploy new application instances. Disaster Recovery Natural disasters like floods, earthquakes, wars and internal disturbances could not only result in the loss of data from E-Governance applications, but these events can also make services unavailable to people in times of need. Multiple installations in geographically separated locations with complete backup and recovery solutions must be provided. This could create other problems if not properly managed. Disaster recovery procedures must be in place and practiced from time to time. Applications and data must be made redundant and should be available on a short notice so that one can switch from one data center to the other. Cloud virtualization technologies allow backups and restoration. It offers seamless application migration compared to traditional data centers. Appendix A – Challenges in E-Governance Data Scaling The databases should be scalable, to deal with large data, generated over the years, for E-Governance applications. Where Relational Databases ensure the integrity of data at the lowest level, Cloud databases could be scaled and can be used for such type of applications. Cloud databases available for deployment offer unprecedented level of scaling without compromising on performance. Cloud databases must be considered if the foremost concern is on-demand, high-end scalability – that is, large scale, distributed scalability, the kind that can’t be achieved simply by scaling up. Auditing and Logging Traceability of any changes to informational content in the E-Government services is very important. Corruption in government organizations can be controlled by using Information Technology services, by making the providers of the services accountable. Process audits and security audits must be executed periodically to ensure system security. The Cloud can help in analyzing huge volumes of data and detecting any fraud. It can help in building and placing defense mechanisms to enhance the security, thereby making the applications reliable and available. imaginea
Slide 26: WHITE PAPER CLOUD AND E-GOVERNANCE 26 Policy management E-Governance applications have to adhere to, and implement policies of the Governments relevant to citizens. Along with the infrastructure, data center policies have to be enforced for day-to-day operations. Cloud architectures help a great deal in implementing policies in the data center. Policies with respect to security, application deployment etc can be formalized and enforced in the data center. Systems Integration and Legacy software Applications that are already deployed and are providing services not only have to be moved to the Cloud, but must also integrate with applications deployed in the Cloud. The power of Information Technology comes from co-relating the data across applications and passing messages across different systems to provide faster services to the end users. Cloud is built on SOA principles and can offer excellent solutions for integration of various applications. Also, applications can be easily moved to the Cloud. Obsolete Technologies and Migration to New Technologies Technology migration is the biggest challenge. Moving to different versions of software, applying application and security patches is the key to maintaining a secure data center for E-Governance. Cloud architecture efficiently enables these kinds of requirements, by co-existing and co-locating different versions and releases of the software at the same time. Once these applications are tested, they can be migrated to production with ease. Performance and Scalability The architecture and technology adopted for the E-Governance initiatives should be scalable and common across delivery channels. It should meet the demands of a growing number of citizens. If implemented, E-Governance portals could be accessed by the highest number of users who would be beneficiaries of Information Technology. With Cloud architectures, scalability is inbuilt. Typically, E-Governance applications can be scaled vertically by moving to a more powerful machine that can offer more memory, cpu, storage. A simpler solution is to cluster the applications and scale horizontally by adding resources. Reporting and Intelligence (Better Governance) Data center usage (CPU, Storage, Network etc), peak loads, consumption levels, power usage along with time are some of the factors that must be monitored and reported for better utilization of resources. Planning well can minimize costs. Data must be profiled in order to obtain better visibility into various services provided by the government. The Cloud offers better BI infrastructure compared to traditional ones because of its sheer size and capabilities. Cloud Computing offers seamless integration to technologies like MapReduce (Hadoop) that fits well into Cloud architectures. Applications can mine huge volumes of real-time and historic data to make better decisions when providing services. imaginea
Slide 27: WHITE PAPER CLOUD AND E-GOVERNANCE 27 This could be one of the reasons for moving to Cloud architecture for governance. Instead of duplicating these facilities, using the Cloud, one can offer centralized infrastructure that can be efficiently used to minimize pollution. Going Green More emphasis is given today, than ever before, on the amount of pollution that data centers generate. Their power usage, air-conditioning and electronic wastes create bio-hazards and pollute the environment. imaginea
Slide 28: WHITE PAPER CLOUD AND E-GOVERNANCE 28 applied. By default any web based application can be SaaS enabled. The level of SaaS could be different based on the need and architecture of the product. Here are some of the levels: • Level 1: Same application code with different customization running on different machines with a dedicated data base. Level 2: Same application code, running on different machines with dedicated database Level 3: Same application code, same instances of middleware and database. Appendix B – FAQ about Cloud Computing How does one build a private cloud? Cloud is not a software or hardware set to be licensed. It has to be built using multiple technologies, software and hardware resources from many vendors and by procuring various data center tools that can help in building the Cloud. Resources can be purchased off the shelf for a Public Cloud, but building a Private Cloud is a time consuming and costly affair. How Secure is the data on the Cloud? The data in a Cloud is as secure as it would be in a private data center. However, there are legal implications on who controls the data and how Cloud providers can use it to their advantage without proper migration strategy across cloud providers. Can we leverage existing data centers to build cloud? Yes, with the data center, the Cloud is already in use and is the best and optimum way to start building the Cloud. Adding virtualization to resources using data center tools would make the Data center, a Cloud computing facility. Can I have my application SaaS enabled? It depends on the level of SaaS that needs to be • • What is multi-tenancy? Multi-tenancy is the ability of users from different business entities sharing the same common infrastructure. The application has to be designed and architected to enable multi-tenancy into it. How can I use public cloud for e-governance? There is no technology barrier. It is more limited by the legal implications of using the cloud in terms the data control and location of the data. However, public cloud can readily be used for non mission critical applications for e-governance imaginea Imaginea provides product engineering services to independent software vendors, enterprises and online SaaS businesses looking for reliable technology partner. Services stretch end to end, from interaction design to development, testing and managing clouds. For more information on Imaginea, visit http://www.imaginea.com. Imaginea is a business unit of Pramati Technologies. (www.pramati.com) Contact:sales@imaginea.com | 1021, S. Wolfe Road, Suite 275, Sunnyvale, CA 94086 | +1 (408) 435 2700