Sei sulla pagina 1di 26

Engineering the Cloud A Paper in "Enterprise Architecture Development Issues"

Submitted by: Anna Loretta Q. Capanang MSIT-MIS

Date Submitted: August 31, 2013

Submitted to: Prof. Rosicar Escober EAD Professor

Introduction Any IT applicationix needs a model of computation, a model of storage, and a model of communication. This job is taken care of by Software engineering, particularly in designing the enterprise architecture. Enterprise architecturei is a logical organization of a business and its supporting data, applications, and IT infrastructure, with clearly defined goals and objectives for the future success of the business. Enterprise architecture (EA) aligns the following key areas:

Business, Information, Application and Infrastructure. In business, enterprise architecture deals with the processes, strategies, organization charts, and functions of each stakeholders. In information, EA talks about conceptual, logical and physical data models to show what information is needed and how it relates to other information For example, a customer and an order. A customer orders a product or services. An order can be a product or a service that is asked of by a customer. A customer can have one or many orders. In application, EA deals with portfolios, interfaces, and services the program or software can offer the end-user. It must be able to deliver the kind of service expected from it, the moment it was requested. In infrastructure, EA deals with the network concept diagrams and technology reference models. The program must be able to run in the

available technology of the business, as well as, have the flexibility of being able to adapt to the technological advances we have nowadays. At the planning stage, developers focus on 4 key aspects of development: strategy, architecture, communication, motivation, and performance adaptation. Strategy would be on the business side concepts application such as business and revenue models to yield profit. These concepts must be applied and put into practice in every software development project being built. An application will be useless if it will not be used to gain profit and improve the business conditions and processes. Architecture is simply putting into practice any issue anticipations the application might encounter. One must be vigilant to develop gap analysis and road map. The design of the system must be able to provide flexibility in terms of infrastructure improvement. It must also be able to deliver the expected outcome as the user uses the system. Motivation is more on the development of human capital. The user of the system must be able to improve his/her activities when using it. The adaptation of technology to increase productivity must be seen when one adopts such process. If the system will not make the users performance better, then the system will not motivate the user to patronize it and instead go back to its manual or old process of doing activities. Performance adaptation pertains to establishing oversight which leads to establishing decision processes that would generate

evaluation of performance and adaptation. When the system improve ones performance, then it is more likely that the whole organization will benefit more from it. Increase in productivity means better performance, and better performance leads to increase in profit and better relationships with the clients. Lastly, communication is analysis of feedback and how you deliver responses to these feedbacks. There must be a consistent and continuous analysis of how the users were able to perform their work using the system. A feedback enables the programmer or developer to know if he/she met the users expectations and requirements. A feedback also acknowledges that the developer was able to put into application what was asked of him during the design stage. Figure 1 shows in detail the development framework of enterprise architecture.

Figure 1 Enterprise Architecture Development Framework

The cloud as one of the aspect of infrastructure states the need for discipline in enterprise architecture development. According to Gartner, cloud engineeringii is the process of designing the systems necessary to leverage the power and economics of cloud resources to solve business problems. It is the application iii of engineering disciplines to cloud computing which brings a systematic approach to the high level concerns of commercialization, standardization and governance of cloud computing solutions. In practice, it influences the methods and tools of engineering in envisioning, building up, operating and maintaining cloud computing systems and solutions. Developing an enterprise applications or Software-as-a-Service (SaaS) applications is easy. However, scalability and manageability becomes an issue. Common reservations would be how to buy and quality of service or achieve interoperability among its features. Since it is an enterprise application, it is bound together by a set of business rules that require an engineering approach. As there has been a growing interest in it, more cloud providers are offering computing power, software, storage services, and platforms to external clients on demand over the internetiv. The cloud computing providers typically charge customers on a pay-per-use model. Cloud computing can be viewed from two perspectives, based on capability and based on access. The three types of cloud computing based on capabilities are (1) Software as a Service, (2) Platform as a

Service, and (3) Infrastructure as a Service. The two types of cloud computing based on access are public cloud and private cloud. In SaaS, organizations and developers can use the business-specific capabilities developed by third parties in the cloud. Iaas on the other hand, provides computational infrastructure such as computation of cyclers or storage over the internet. Developers and providers extend their IT infrastructure on an on-demand basis. This paper hopes to tackle the things that affect cloud engineering in relation to enterprise architecture development.

Analysis and Discussion of Related Literature and Studies Presented in the succeeding statements is a synthesis of literatures and studies from different authors that supports the evaluation of the cloud computing as a part of software engineering. In particular, it discusses the issues and challenges each enterprise architecture design encounters when it comes to incorporating cloud services into their system, as well as what forces or factors drive the cloud computing technology to be incorporated in the development of enterprise systems. At the end of the synthesis, the author presents her analysis of both the pros and cons of the application of cloud in software engineering to check the things software developers must look at whenever they try to implement cloud computing technology in their projects. Forces that drives the Cloud Computing Technology In this section, we study the factors driving the increase in the demand for Cloud Computing to compare these with the risks involved. According to the literature Software Engineering Issues from the Cloud Application Perspective(2010), the driving factors of clouds growth rate are (1) expanded sources of innovation, (2) rising energy cost and compliance to green computing, (3) pressures coming from establishing data centers, (4) increase in network capacity and availability, (5) partnerships and collaborations, (6) data collaborations, (7) development of data-intensive applications, (8)

shared services across lines of business in IaaS (Infrastructure as a Service) type of cloud. Interoperability and innovations in the delivery of smarter, efficient business outcomes has been going up because enterprises these days are pushing for the development of such in technology advancements. The end-users now demands for a faster and more efficient way of conducting businesses. Thus, standards are continuously evolving as new technology arises that would address this demands The new technology trend addresses concerns on global warming, thus, the call for green computing. Each manufacturing companies are trying their best to produce hardware that are more efficient in terms of power conservation and consumption. Workload distribution among installed servers or machines now run and managed by other companies, thus, the advent of business process management (BPM). This is where cloud computing comes in since services offered by the cloud technology requires an architecture of servers that small and medium enterprise (SME) companies may not be able to afford. If these SMEs would acquire the cloud technology in their systems, then the demand for their own individual power consumption will be lessened since cloud services are on a pay per use scheme. The world today is getting smarter in the race of energy, as well as, other resources conservation. For the case of existing data centers, extra workload may be a problem if they are nearing their capacity. This is where cloud computing comes in. The cloud technology model delivers massively scalable and flexible platform for this kind of data-intensive workload.

It is because the computer model used by cloud services is on ad hoc basis. It is also important to note that businesses know the importance of speed and capacities. However, having said that, fully acquired hardware devices by every company are now more concerned on how their machines can be exploited to its maximum extent. The cloud model encourages optimization of internet scale workloads such as searching for data or any file types, mobile computing, delivery of 3D internet and even the use of the machine in education. It is also one of the trends these days for organizations to share resources by being a part of a grid, for example. Simply put, cloud computing is the outcome of collaboration of SMEs and big enterprises which are now joining hands to achieve the maximum efficiency of service delivery at minimum transaction and operation costs. It provides a collaboration of a platform for knowledge sharing and knowledge management. Besides rapid provisioning of IT resources, its sharing and massive scaling, cloud also offers acceleration in the creation of new services through its quick prototyping capabilities. This is done and is possible since hardware resources are now shared, such as in a grid. Huge data transfer is now possible and can be done frequently because of cloud computing technology. Lastly, since the cloud grip is large enough, it provides the industry specific services which may be shared remotely anywhere by different divisions of an enterprise.

Stephen Yau and Ho An, couldnt agree more when they mentioned the same benefits of cloud technology in their article Software Engineering Meets Services and Cloud Computing(2012)x. In the said article published in the Computer magazine sponsored by InfoQ and IEEE Computer Society, the mentioned that cloud computing enables convenient, on-demand network access to a shared pool of configurable computing resources, such as networks, servers, storage, applications, and services, which the cloud system can rapidly provision and release automatically. This is because to the fact that cloud computing lets a user request computing capabilities ubiquitously. That is, as needed, across networks anytime, anywhere, in any medium. Some researchers imagine the future Internet as a kind of supercomputer that will depend deeply on cloud computing features, such as resource sharing and virtualization, on-demand service, and ubiquitous access. In the article 10 Benefits of Cloud Computing v (Delaney, 2013), there are 10 factors that proves to be beneficial if cloud computing technology is implemented. These factors are as follows: 1. Achieve economies of scale 2. Reduce spending on technology infrastructure 3. Globalize your workforce on the cheap 4. Streamline processes 5. Reduce capital costs 6. Improve accessibility 7. Monitor projects more effectively 8. Less personnel training is needed 9. Minimize licensing new software 10. Improve flexibility

Cloud computing basically increase volume output or productivity with fewer people, thus, transaction and operation cost for a project or a product is reduced. You dont need to acquire new hardware infrastructure so hardware maintenance cost becomes nil, yet you can still maintain easy access to your information with minimal upfront spending pay-per-use, based on demand. Since expenditures on hardware, software or licensing fees is eliminated; there is a reduction in capital costs.

People worldwide can access the cloud, provided they have an Internet connection. You can now globalize your workforce at an affordable cost of services rendered. You get more work done in less time with less people, or the other way around, having more people doing more work in less amount of costs incurred, and time. With the benefit of staying connected all the time, monitoring of projects at hand will become more efficient. The cloud computing technology enables you to stay within budget and finish the project ahead of completion cycle times. Data and information is always available online, you have access to it anytime, anywhere making your life so much easier. It takes fewer people to do more work on a cloud, with a minimal learning curve on hardware and software issues. You can stretch and grow your enterprise systems without the need to buy expensive software licenses or programs because the back end is flexible and secured online. You can also change direction without serious people

or financial issues at stakes at any given time. Project development has improved flexibility because of this. The report Economics of Cloud Computing vi(Alford et al, 2010) addresses the benefits gained if an organization adopted the technology in their infrastructure. Embracing cloud computing as a means of reducing expenses for IT infrastructure and services is equal to significant outyear savings for the organization. In the study report conducted by the above-mentioned authors of Booz Allen Hamilton, their economic analysis focused on IT data centers and the use of a proprietary cost model and extensive experience in cost and economic analysis of government IT programs. The results confirmed the governments expectations of significant cost savings implying over a 13-year life cycle, that the cost of implementing and sustaining a cloud environment may be as much as 66% lower than maintaining the traditional IT data center. The study take into consideration not only the cost savings from hardware replacement but more of the transition costs and life-cycle operations, as well as migration schedules which other studies usually ignore or treat incidentally.

Figure 2 below, is a diagram of their suggested architecture-driven cloud environment for a government organization.

Figure 2 An Overview of the proposed architecture-driven cloud environment

Issues and Challenges of Cloud Computing Technology In this section, we evaluate the technology employed in Cloud computing to relate it with the risks, issues and challenges in putting it in software development projects. According to a blog written by Anthony Finkelstein vii (2012), engineering the cloud becomes an issue because developers doesnt know how to manage Software as a Service, in particular, the business side of it. The application of business rules through business models that should yield profit is not thoroughly thought of. Lewisviii (2010) states that although the term sounds technical, it simply means that cloud computing is fundamentally an economic model for a different way to acquire and manage IT resources. Any business organization needs to do a cost-benefit analysis as well as weigh the risks of cloud computing in determining whether to adopt it as an IT strategy or not. Alviix, et al. (2011) states that this technology has the capacity to admit a common collection of resources on request. Though it has many advantages for IT organizations, cloud has some issues that must be considered during its deployment. The main concern is security privacy and trust which arises during the deployment of mostly in public cloud since the customer is not aware where the data is stored & how over the internet. Piplode and Singhx (2012) couldnt agree more when they both agreed that cloud computing is a promising technology to aid the







infrastructures. However, they also note that without security embedded into innovative technology that supports cloud computing, businesses are setting themselves up for a fall. The trend of frequently adopting this technology by the organizations automatically introduced new risk on top of existing risk. Obviously putting everything into a single box i.e. into the cloud will only make it easier for hacker. Another issue and challenges that authors look at when they discuss cloud engineering is warehouse-scale computers. According to (Simon, 2012) thousands of individual computing nodes are required which is equated to costly equipments and maintenance think about as in well as appropriation would of be large dealing buildings with with engineering teams to facilitate and maintain it. The main factors to maintenance energy consumption, failures and computing architecture that is consistently evolving. According to an article written by Stephen Yau and Ho An, entitled Software Engineering meets Cloud Computingxi (2012), cloud computing can help meet the challenge of managing the runtime QoS of loosely coupled services involving distributed service providers through resource allocation and virtualization. However, it struggles both with providing interoperability across different types of clouds. This is due to the rapid development of the cloud and its adaptation to the ever-changing business environments and requirements.

With these issues, a service-oriented architectures (SOA) standard interfaces and protocols could help address this challenge. Dynamic service discovery on the other hand can provide the capabilities needed for dynamic adaptation in cloud computing environments. Aside from the common issues discussed above, it may also be noted that cloud computing, as summarized in the Software Engineering Issues from the Cloud Application Perspective article written by Chabbra et alxii (2010), calls for software engineering simply because of the following issues: (1) security, (2) privacy, (3) regulatory and legal issues, as well as, (4) the negotiation of quality of service (QoS) between users and providers to establish Service Level Agreements(SLAs), (5) the mechanisms and algorithms for allocation of VM resources to meet SLAs, and (6) manage risks associated with the violation of SLAs. Furthermore, in Cloud Computing environment, the development of software is multilateral unlike the application software development.

Figure 3


Cloud word cloud, summarizing 25K research papers on cloud computing

Why is security a challenge in the cloud? According to the white paper entitled Security Issues for Computing xiv (Hamlen, et al, 2010), the numerous issues of cloud computing as it covers many technologies includes networks, databases, operating systems, virtualization, resource scheduling, transaction management, load balancing, concurrency control and memory management. The network that interconnects the systems in a cloud, the virtualization paradigm in cloud computing, mapping the virtual machines to the physical machines, data encryption policies, resource allocation algorithms, as well as, data mining algorithms, these are the common factors that must ensure security using a secured cloud data layer, secured virtual machine layer, secured cloud storage layer and secure virtual network layer. The challengexv lies on where you save your data, how you access this data, and how you control your data. Data must be protected as it moves over the internet to and from the cloud. Threat on its confidentiality must be employed by the provider as it mingles with that of the customers. In case there is cloud breach, there must be legal redress. Before moving, mission-critical data to the cloud, organizations require not just security but robust security that they can trust and monitor. Cognizant 20-20 insights.

Interestingly, engineering.






Engineering services affirms the need for a systematic way of cloud

Their website services states that the growing need for cloud computing should bring about a systematic approach to the high level concerns of commercialization, standardization and governance. The need to delve into finding the right cloud computing technology, cutting edge solutions and discovering new ways to revolutionize the way companies do businesses is their primary goal in bringing efficient Cloud Engineering services. This involved design, development and analysis, writing and implementing algorithms, data harvesting, integration and support as well as keeping with the trends in technology. They believe that to address issues of the cloud technology in reference to enterprise architecture design, they must be able to ensure that their engineers will be able to carry out a successful implementation of an effective, efficient, cloud engineering. In the proceedings of APSEC 2010, a white paper entitled An Analysis of the Cloud Computing Security Problemxvii was presented by Al Morsy,et al, indicating the issues and challenges cloud computing technology imposes when it is implemented. These are cloud management security issues, cloud access methods security issues, service delivery issues, deep dependencies stack, and the overall security of the application. Moreso, cloud security, though several solutions were presented in researches, was analyzed by the IDC White Paper presentation of Gu and Cheung, (Gu and Cheung, 2010)xviii, as still in its infancy stage.

According to Pearsonxix(2009), there are privacy issues in the cloud environment as well as deficiencies that are present in the service level agreement requirements which defines the relationship between the cloud service provider and the recipient of the services. Yunisxx (2009) take into account the following critical security issues for the cloud infrastructure as: (1) extensive resource sharing (2) lack of data ownership (3) reducing encryption in order to increase the speed of service delivery, thus, a vulnerability to hacking or security attacks (4) refusal of service (5) loss of data due to technical failure and (6) other unknown attacks.

Analysis, Conclusion and Recommendation So what can we do to address the issues in cloud engineering pertaining to Software Development or Enterprise Architecture Design of Systems? Knowing that software engineer includes (INCOSE, 1995) four main components: requirements analysis, functional analysis, synthesis, system analysis, and controls; our goal is to apply these processes for cloud computing systems, particularly the requirements analysis and functional analysis. This is to identify and construct an agile adaptive security model that we can use in our software design. Considering the identified requirements, a framework for

requirements engineering must be properly defined to create a secure cloud system. Software and cloud engineers must ensure that the technical requirements are the providers capabilities, the user requirements must meet the recipient requirements of trusted and reliable services, and lastly, to define that the functional requirements are the virtualization translation capabilities of the clouds and associated services. Lombardi and Di Petro

(2010) have also proposed the Advanced

Cloud Protection System (ACPS), which is meant to actively protect the reliability of the guest virtual machines and of the distributed computing middleware by permitting the host to monitor guest virtual machines and infrastructure components. The identified set of requirements to be met by a security monitoring system for clouds according to Lombardi and Di Pietro are effectiveness, precision,

transparency, non-subvertability, deployability, dynamic or adaptive reaction and accountability. Effectiveness pertains to the systems ability to detect most types of attacks and integrity violations. It must be able to anticipate breach of security and what to do when it happens. Precision ideally allows the system to avoid false positives or mistakenly detecting malware attacks where authorized activities are taking place. It must be able to know which system activities are valid and which are not. Transparency is the characteristic of a system that enables it to minimize visibility, disallowing potential intruders to detect the presence of the monitoring system. The host system, cloud infrastructure and the virtual machine should be protected from unauthorized access and attacks proceeding from a compromised guest. It should not be possible to disable or alter the monitoring system itself. This is known as the non-subvertability characteristic. Deployability allows the monitoring system to be set out on the vast majority of available cloud middleware and different configurations. The system should also be able to detect an intrusion attempt over a component and if required, take the appropriate action against the attempt and against the compromised guest and/or notify remote middleware security-management components.

It must also not interfere with other cloud application actions, but must collect data and snapshots to enforce accountability policies. Another solution will be architecting a cloud-driven adaptive security system. Agile strategies are linked with security systems engineering. We are to develop an adaptive security system and a cloud computing paradigm. It could be developed through the application of model driven engineering as suggested by Brumiliere, et al (2010), an ongoing working model. Sherwoods provided a framework for Enterprise Security

Architecture(Sherwood et al, 2005) named Applied Business-driven Security Architecture (SABSA). An architecture Development Model (ADM) that can be used to deliver an enterprise architecture was described by the Open Group Architecture Framework (TOGAF) which is currently developed to integrate security features represented in SABSA. The design states that SABSA can provide the security architectural models within TOGAF(TOGAF & SABSA Working Group, 2010). The cloud computing model is one of the computing models for service providers, cloud providers and cloud consumers that show potential. To best utilize the model, though, we need to block the existing security holes.

We can summarize the cloud security problem as follows: Security problems inherited from the used technologies such as virtualization and SOA. Multi-tenancy and isolation that requires a vertical solution from the SaaS layer down to physical infrastructure Critical to control is security management Holistic security wrapper for the cloud model such that any access to any object of the cloud platform should pass through security components first. Recommended cloud computing security solutions based on the above issues to be addressed are as follows: Use model-based approaches to capture different security views and link such views in a holistic cloud security model Delivered mechanisms (such as elasticity engines) and APIs should provide flexible security interfaces Support for multi-tenancy where each user can see only his security configurations, elasticity, to scale up and down based on the current context. Support integration and coordination with other security controls at different layers to deliver integrated security. Be adaptive to meet continuous environment changes and stakeholders needs. In conclusion, a thorough engineering analysis of the requirements must be done to be able to design the best architecture for an enterprise solution using cloud technology.


architecture-maximum-value/ Accessed: August 25, 2013.



August 25, 2013.


Accessed: August

25, 2013.

Foster, I., Zhau, Y., Ioan, R., & Lu, S. Cloud Computing and Grid

Computing 360-Degree Compared. Grid Computing Environments Workshop, 2008.2. URL: Delany, Laurel. (2013). 10 Benefits of Cloud Computing. Published

in Verio. URL: Accessed: August 15, 2013.


Alford, Ted, Morton, Gwen. (2010). The Economics of the Cloud the Benefits of Infrastructure in the Cloud. URL:

Addressing Accessed: August 17, 2013.









Challenges. URL: Accessed: August 17, 2013.


Lewis, Grace. Basics About Cloud Computing (2010) Carnegie Software Engineering Institute. Pittsburgh, PA. URL:



F. A. Alvi, , B.S Choudary ,N. Jaferry , E.Pathan. A Review on

Cloud Computing Security Issues and Challenges. (2011). Pakistan.

Piplode, Rajesh and Singh, Umesh Kumar. An Overview and Study of

Security Issues and Challenges in Cloud Computing. International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 2, Issue 9, September 2012. India


Stephen S. Yau and Ho G. An. (Jan 04, 2012). Computer Magazine:

Software Engineering Meets Services and Cloud Computing.


Bharat Chhabra, Dinesh Verma & Bhawna Taneja. International

Journal of Information Technology and Knowledge Management. JulyDecember 2010, Volume 2, No. 2, pp. 669-673. Software Engineering Issues From The Cloud Application Perspective

Harmana, Mark, Lakhotiaa, Kiran, Singerb, Jeremy, Whiteb, David

R., Yooa, Shin. (March 2013). Cloud Engineering is Search Based Software Engineering too. Accessed: August 17, 2013. URL:

Hamlen, Kevin, Mantarcioglu, Murat, Khan, Latifur, Thuraisingham,

Bhavani. (2010). Security Issues for Cloud Computing. International Journal of Information Security and Privacy, 4(2), 39-51, April-June 2010.


Franchitti, Jean-Claude, Roy, Purna, Bardhan, Anant. (2012).

Understanding Cloud Security Challenges. Cognizant 20-20 Insights.







URL: Accessed: August 17, 2013.


Al Morsy, M. Grundy, J. Muller, I. An Analysis of the Cloud Security Problem. (2010). The APSEC 2010 Cloud


Workshop. Sydney, AU.


Gu L, Cheung S-C. (2009) Constructing and testing privacy-aware in a cloud computing environment: challenges and


opportunities. In Internetware 09: Proceedings of the first Asia-Pacific symposium on internetware. ACM New York, NY, USA, pp. 110.


Pearson S. (2009) Taking account of privacy when designing cloud

computing services. In Cloud09: Proceedings of the 2009 ICSE workshop on software engineering challenges of cloud computing, IEEE Computer Society, Washington, DC, USA, pp. 4452.


Yunis, M.M. (2009) A cloud free security model for cloud

computing in Int. J. of Services and Standards 5(4): 354 - 375, Inderscience.


Lombardi F, and Di Pietro R. 2010 Secure virtualization for cloud

computing. Journal of Network and Computer Applications, Elsevier Ltd.