J Grid Computing (2011) 9:3–26DOI 10.1007/s10723-010-9171-y

Architectural Requirements for Cloud ComputingSystems: An Enterprise Cloud Approach

Bhaskar Prasad Rimal · Admela Jukan ·Dimitrios Katsaros · Yves Goeleven

Received: 9 March 2010 / Accepted: 26 October 2010 / Published online: 7 December 2010© Springer Science+Business Media B.V. 2010

Abstract Cloud Computing is a model of servicedelivery and access where dynamically scalableand virtualized resources are provided as a serviceover the Internet. This model creates a new hori-zon of opportunity for enterprises. It introducesnew operating and business models that allowcustomers to pay for the resources they effectivelyuse, instead of making heavy upfront investments.The biggest challenge in Cloud Computing is thelack of a de facto standard or single architec-tural method, which can meet the requirementsof an enterprise cloud approach. In this paper, we

B. P. Rimal (B) · A. JukanInstitute of Computer and Network Engineering,Technische Universität Carolo-Wilhelmina zuBraunschweig, Hans-Sommer-Straße 66,38106 Braunschweig, Germanye-mail: b.bprimal@gmail.com

A. Jukane-mail: jukan@ida.ing.tu-bs.de

D. KatsarosDepartment of Computer and CommunicationEngineering, University of Thessaly,Volos 38221, Hellas, Greecee-mail: dkatsar@inf.uth.gr

Y. GoelevenCapGemini, Bessenveldstraat 19,1831 Diegem, Belgiume-mail: yves@goeleven.com

explore the architectural features of Cloud Com-puting and classify them according to the require-ments of end-users, enterprises that use the cloudas a platform, and cloud providers themselves.We show that several architectural features willplay a major role in the adoption of the CloudComputing paradigm as a mainstream commodityin the enterprise world. This paper also provideskey guidelines to software architects and CloudComputing application developers for creating fu-ture architectures.

Keywords Architecture · Cloud Computing ·Grid Computing · Requirements · On-demand

1 Introduction

The overarching goal of Cloud Computing is toprovide on-demand computing services with highreliability, scalability, and availability in distrib-uted environments. Despite this common goal,Cloud Computing [9] has been described in manydifferent ways [2, 73] and no standard definitionhas been adopted until now. Two examples fol-low. Cisco Systems [41] defined Cloud Computingas, IT resources and services that are abstractedfrom the underlying infrastructure and provided“on-demand” and “at scale” in a multitenantenvironment.” Recently, the Information Tech-nology Laboratory at the National Institute of

4 B.P. Rimal et al.

Fig. 1 Cloud computing: everything is a service model

Standards and Technology (NIST) [52] has posteda working definition of cloud computing: “CloudComputing is a model for enabling ubiquitous,convenient, on-demand network access to a sharedpool of conf igurable computing resources (e.g.,networks, servers, storage, applications, and ser-vices) that can be rapidly provisioned and re-leased with minimal management ef fort or serviceprovider interaction. This cloud model promotesavailability and is composed of f ive essential char-acteristics (Rapid Elasticity, Measured Service, On-Demand Self-Service, Ubiquitous Network Access,Location-Independent Resource Pooling), threedelivery models (Software as a Service, Platform asa Service, and Infrastructure as a Service), and fourdeployment models (Public Cloud, Private Cloud,Community Cloud and Hybrid Cloud).”

Conceptually, in Cloud Computing everythingis assumed as a service (XaaS) [33], such as TaaS(Testing as a Service), SaaS (Software as a Ser-

vice), PaaS (Platform as a Service), HaaS (Hard-ware as a Service). This is illustrated in Fig. 1. Tothis end, a large number of cloud service providersand middleware suits have emerged, each pro-viding different Cloud Computing services. Theseproviders include Amazon EC2,1 Google AppEngine (GAE),2 SalesForce.com (SFDC),3 Mi-crosoft Azure,4 IBM Blue Cloud,5 3Tera,6 toname a few. As we will discuss throughout thepaper, the major challenge of the current CloudComputing evolution, with multiple offerings and

1Amazon EC2, http://www.amazon.com/ec2/.2Google App Engine, http://code.google.com/appengine/.3SalesForce.com, http://www.salesforce.com/.4Microsoft Azure, http://www.microsoft.com/windowsazure/.5IBM Blue Cloud, http://www.ibm.com/ibm/cloud/.63Tera, http://www.3tera.com/.

Architectural Requirements for Cloud Computing Systems 5

providers, is the lack of standardized APIs andusage model.

It is important to note that the concept ofCloud Computing is not new, but it representsthe next evolutionary step of several initiativescarried out in the last few years, including Dis-tributed Computing [31], Grid Computing [27],Utility Computing [61], Virtualization [4], andServer Clusters [30]. Examples of such efforts in-clude the seminal work on Grid virtualization byFigueiredo et al. [23], lease-oriented mechanismfor Grid system virtualization by Shirako [39], Au-tonomic Clouds on the Grid by Murphy et al. [54].Other related work focuses on Dynamic VirtualClustering [20], Violin [25], Virtual Workspaces[45], Virtual Cluster [28], In-VIGO [1], Grid andCloud integration for next generation network[60] and Virtual Organization Clusters [53]. Inparticular, Cloud Computing is considered thebusiness-oriented evolution of Grid Computing,which was focused on research and collaboration[29]. In addition, Cloud Computing provides aparadigm shift of business and IT infrastructure,where computing power, data storage and servicesare outsourced to third-parties and made availableas commodities to enterprises and customers. Thebasic differences between Cloud Computing andGrid Computing are shown in Table 1.

In this paper, we would like to considerimportant architectural requirements for CloudComputing systems from the point of view ofenterprise users, such as infrastructure, storage,scalability, compliance and security. These consid-erations provide a guideline for creating architec-tural mechanism that will be helpful for softwarearchitects and developers while designing Cloud-based applications. The specific contributions inthis paper are as follows:

• Delineation of motivation and issues andchallenges specific to enterprise CloudComputing.

• Classification of three layered architecturalrequirements for Cloud Computing, includingprovider requirements, enterprise requirementsand user requirements.

• Discussion and a “vertical” analysis of therequirements common to all three layers.

The rest of this paper is organized as follows.Section 2 describes the architectural requirementsof Cloud Computing systems within the threecategories. Section 3 describes the discussion anda comparative analysis of the common require-ments with partial mapping of requirements andfinally, we conclude the paper with a summary inSection 4.

Table 1 Differences between Grid and Cloud

Parameters Grid Computing Cloud Computing

Focus Predominantly on science, research, On business and web-based applicationsand collaboration purposes

Resource pattern Collaborative use of heterogeneous Mostly the behavior of resource units are homo-resources such as hardware/software geneous and virtualized (e.g., Google andconfigurations, access interfaces and Amazon, in general contain homogeneousmanagement policies resources, operated under central control)

Management Decentralized management systems, Clouds operate as the centralized managementwhich spans across geographically systems from the viewpoint of users withdistributed sites a single access point

Business model There is no fundamental business Pay-per-use/pay-as-you-go business model is amodel for Grid de-facto assumption for cloud services

Interoperability Grid technology deals with the Still vendor lock-in and integration probleminteroperability between providers

Middleware There are many middleware such as There are many middleware such as GlobusUnicorea, gLiteb etc. but Globus Nimbus [44], Open Nebula [64, 65],middleware [26] is a de-facto standard Eucalyptus [55] etc but no single

de facto standardaUnicore project, http://www.unicore.org/bgLite, http://glite.web.cern.ch/glite/

6 B.P. Rimal et al.

2 Architectural Requirements for CloudComputing Systems

Many Cloud Computing systems are availablefrom industry as well as academia. Despite sig-nificant advances, there are several open issueswith cloud such as security, availability, scalabil-ity, interoperability, service level agreement, datamigration, data governance, trusty pyramid, user-centric privacy, transparency, political and legalissues, business service management etc. The ma-jor challenges for the Cloud Computing paradigm,however, will be the standardized API and usagemodel. As of today, there is no general designguideline that architects and developers can fol-low for Cloud-based applications. As discussed in

[5, 14], defining a standard and scalable architec-ture will be pivotal to the success of Cloud Com-puting, as it will serve as a means of coordinationand communication between the service providersand end users. These issues can be addressed byproper design of Cloud Computing architecture.To this end, it is important to start deriving gen-eral architectural requirements as the first step to-wards the future architecture of the cloud systems.

The architectural requirements are classifiedaccording to the requirements of cloud providers,the enterprises that use the cloud, and end-users.A three-layered classification of architectural re-quirements of cloud systems is illustrated in Fig. 2.As it can be seen from this figure, from the ser-vice provider’s perspective, highly efficient service

Fig. 2 Three layered architectural requirements

Architectural Requirements for Cloud Computing Systems 7

architecture to support infrastructure and servicesis needed in order to provide virtualized and dy-namic services. A well-organized and secured datamanagement and storage mechanism is herewithrequired along with an attractive cost model.

From the enterprise’s perspective in the firstplace, a QoS-enabled, secure and scalable systemis needed. The enterprises should have a capabil-ity of providing their business management ser-vices with internal/external interoperable mecha-nism which can be easily deployed within differentcloud models. Finally, from the user’s perspective,the basic requirement is a simplified interfacewith adaptability and self-learning capability thatshould address transparent pricing, metering andservice level agreements (SLAs). A user-centricprivacy, encryption/decryption will increase thestability and usability of the cloud services.

There is a correlation between those require-ments. For example, if the cloud service providersare not fully aware on the issues of transparencyfor billing and data governance, there will alwaysbe concerns about trust. How user trusts the cloudservice provider’s services, depends on the levelof assurance they are given. In a similar fashion, ifthere are data security issues in the cloud services,large corporate firms will not host their applica-tions/data in the cloud. In addition, the aspectsof security, compliance, reliability, migration, andSLAs are directly associated with the performanceof cloud services. Those requirements will playa vital role in the enterprises to develop theirbusiness strategies over the cloud.

In the following subsections, we provide moredetails on the requirements related to each ofthe layers presented here, i.e., provider, enterpriseand user.

2.1 Provider Requirements

According to J. Dean and S. Ghemawat [18],Google currently processes over 20 terabytes ofraw web data per day. This shows the com-putational volume and complexity that a cloudprovider has to deal with. For example, this kindof load typically increases the complexity of thearchitecture and thus the cost of operating acloud provider system. To try and reduce the

load, cloud service providers could for exampleutilize price discrimination based on several keyfactors such as usage patterns, bandwidth, andservice level. This section describes the require-ments of provider service delivery model require-ments, service-centric issues, data management,storage and processing, fault-tolerance, virtualiza-tion management, and load balancing.

2.1.1 Provider Service Delivery Model

The provider service delivery model can be clas-sified according to the services that they offer.Basically, in cloud systems three service deliverymodels can be considered such as Software as aService (SaaS), Platform as a Service (PaaS), andInfrastructure as a Service (IaaS). These servicesare usually exposed as industry standard inter-faces, such as web services, service oriented ar-chitecture (SOA) [68] or REpresentational StateTransfer (REST) [22] services or any proprietaryservices.

Software-as-a-Service (SaaS) Software as a Ser-vice (or application as a service) is a multi-tenantplatform. It uses common resources and a sin-gle instance of both the object code of an ap-plication as well as the underlying database tosupport multiple customers simultaneously. SaaS[13, 63, 72] commonly referred to as the Appli-cation Service Provider (ASP) model, is heraldedby many as the new wave in application soft-ware distribution. Examples of the key providersare the Salesforce Customer Relationships Man-agement (CRM) system, NetSuite, and GoogleOffice Productivity application. The major con-siderations in SaaS are the integration require-ments with other applications. Another criticalcomponent is the composition of different types oftechnology like J2EE, .Net, Hibernate, Spring,Scalable Infrastructure and Services. At the appli-cation level, the important aspects of scalability,performance, multi-tenancy, configurability andfault-tolerance are primary considerations for thearchitect.

Platform-as-a-Service (PaaS) The idea behindPaaS is to provide developers with a platform

8 B.P. Rimal et al.

including all the systems and environments com-prising the end-to-end life cycle of developing,testing, deploying and hosting of sophisticatedweb applications as a service delivered by a cloudbased platform. Key examples are:

• Integrated-oriented platform, i.e., a platformfor realization of e-business and apps thatprovide a wide range of interaction betweenplatforms, languages in use or users, such asFacebook F8, Salesforge App Exchange.

• Development-oriented platform, i.e., a plat-form that provides an environment for devel-opers to develop, test and deploy their ap-plication easily such as Google App Engine,Bunzee connect, and SF force.com etc.

• Infra-oriented platform, i.e., a platform thatprovides developers a scalable infrastructureand storage such as Amazon EC2, SimpleStorage, Simple DB etc.

Compared with conventional application devel-opment, PaaS can significantly reduce the devel-opment time, and also offers hundreds of readilyavailable services. PaaS provides a solution foroffering multiple applications on the same plat-form thus increasing the economy of scale andreducing complexity.

PaaS is completely reliant on the providerfor complete uptime and operation. There is ahigh possibility of “lock-in” if PaaS needs tooffer proprietary service interfaces or develop-ment languages. Therefore, PaaS providers shouldbe aware these features as well as be capable toredefine the system discovery and services. OpenPlatform as a Service (OPaaS or Open PaaS) [58]is another step in the PaaS evolution. The OPaaSprovides a wide range of facilities to the develop-ers such as any programming language environ-ment, development tools, servers, database etc.

Infrastructure-as-a-Service (IaaS) IaaS is alsosometimes called Hardware as a Service (HaaS).According to Nicholas Carr [10], “the idea of buy-ing IT hardware—or even an entire data center—as a pay-as-you-go subscription service that scalesup or down to meet your needs. But as a result ofrapid advances in hardware virtualization, IT au-tomation, and usage metering and pricing, I thinkthe concept of hardware-as-a-service—let’s call it

HaaS—may at last be ready for prime time...” Thismodel is advantageous to the enterprise users,since they do not need to invest in building andmanaging the IT systems hardware. Aside fromthe higher flexibility, a key benefit of IaaS is theusage-based payment scheme. This allows cus-tomers to pay as they grow. Another importantadvantage is to buy and use the latest technol-ogy. On-demand, self-sustaining or self-healing,multi-tenant, customer segregation are the key re-quirements of IaaS. GoGrid,7 Mosso/Rackspace,8

MSP On Demand,9 masterIT,10 NewServers Inc11

are the pioneer IaaS providers. Dynamicallyconfiguring and managing of network, storageand computing resources in a holistic approach isthe significant challenges. In addition, there aresome critical issues in the architectural strategiesto incorporate IaaS successfully, for instance inanswering the following questions.

• How will the applications behave due to dy-namic infrastructure scaling? Can the usersdesign their application in such a way as tomaximize the scaling advantage?

• How to understand the Cloud workload (e.g.,transactional database, fileserver, web server,application server, batch data processing) todesign successful IaaS?

• How to asses the power consumption and en-vironmental impact?

• How to isolate of service failure within eachtenant?

• How to minimize the response time of elas-tic demand and maximize the throughput ofrequests?

2.1.2 Service-Centric Issues

Cloud Computing as a service needs to respondto the real world requirements of enterprise’s IT

7GoGrid, http://www.gogrid.com/.8Rackspace, http://www.rackspacecloud.com/.9MSP On Demand, http://www.mspondemand.com/.10masterIT, http://master-it.com/index.html.11NewServers, http://www.newservers.com/.

Architectural Requirements for Cloud Computing Systems 9

management. To fulfill the requirements of enter-prise’s IT management, cloud architecture needsto deal with unified service-centric approach. Thecloud services should be:

• Autonomic: Cloud systems/applications shouldbe designed to adapt dynamically to changesin the environment with less human as-sistantship. Autonomic behavior of servicescan be used to improve the quality of services,fault-tolerance and security.

• Self-describing: Self-describing service inter-faces can depict the contained informationand functionality as reusable, and context-independent way. The underlying implemen-tation of a service can be changed simul-taneously without reconfigurations when theservice contract is updated. Every service maybe validated against each potential cloud inruntime before it is deployed. Self-describingservices are advantageous, because they cannotify the client application exactly how theyshould be called and what type of data theywill return.

• Low cost composition of distributed applica-tions as well as it should provide infrastructurefor multi-party interactions and collaboration.

Overall, the service-centric model for CloudComputing needs to include processes related toprovisioning and deployment, service decommis-sioning, and service planning.

2.1.3 Interoperability

Interoperability focuses on the creation of anagreed-upon framework/ontology or open dataformat or open protocols/APIs that enables easymigration and integration of applications and databetween different cloud service providers andalso facilities for the secure information exchangeacross platforms. It is essential requirements forboth service providers and enterprises. For en-terprises, it is important to provide interoperabil-ity between enterprise clouds and cloud serviceproviders. It is about more to its utility as a viableenterprise platform and industry-wise standard.

The issues of interoperability are either to al-low applications to be ported between clouds, orto use multiple cloud infrastructures before crit-

ical business applications are delivered from thecloud. In addition, some issues are relevant in thecontext of enterprises such as mechanism of incre-mentally migration of enterprise applications tocloud platforms, procedure to extend enterprisespolicies and governance to cloud deployments,and design of public clouds to meet enterprisesystems scope etc. Furthermore, interoperabilitymight focus how to integrate entire cloud and gridsystems into each other across service providersand enterprises as well as to investigate the rele-vancy of clouds of grids and grids of clouds.

There are many organizations working in thefield of enterprise cloud interoperability. CloudComputing Interoperability Forum (CCIF) [67]is one of them. In this forums, it is discussedwhether a mechanism like network weather mapis required to monitor the cloud and also whatlevel of user control is needed to allow for inter-operability.

2.1.4 Quality of Service (QoS)

In general, QoS provides the guarantee of per-formance and availability as well as other aspectsof service quality such as security, reliability anddependability etc. QoS requirements are associ-ated with service providers and end-users. SLAsplay a facilitator key role to make agree upon QoSbetween service providers and end-users.

Transparent management systems to monitorresources, storage, network, virtual machine, ser-vice migration, and fault-tolerance are subjectedby QoS. The state of art of QoS concept is exactlysimilar to the Grid Computing paradigm withsome additional issues, such as virtualization of ITand network resources, virtual machine image mi-gration. In the context of cloud service providers,QoS should emphasis on the performance of vir-tualization and monitoring tools.

The question is what the performance require-ments are of applications and services that userplan to utilize from the cloud. In the case of highperformance SLAs, service provider may still notbe able to satisfy the performance levels at all thetime due to inherent network latency of Internet.Since users expectations on QoS will always re-main high, it is important to set the tolerance levelof enterprise business processes.

10 B.P. Rimal et al.

2.1.5 Fault-tolerance

Fault-tolerance enables the systems to continueoperating in the event of the failure of some of itscomponents. In general, fault-tolerance requiresfault isolation to the falling components, andavailability of reversion mode etc. Fault-tolerancesystems are characterized in terms of outages.

Cloud Computing outages are associated withthe platforms. Some of the outages reported inthe past were quite lengthy, see Table 2. For ex-ample, Microsoft Azure had an outage that lasted22 hours in March 13th and 14th, 2008 which wasdeadly. If critical data/corporate business applica-tions are hosted in the cloud and face such prob-lems, perhaps it might be loss of billions of dollars.Thus, cloud reliance can cause significant prob-lems if the control of downtime and outages areremoved from cloud service provider’s control.Table 2 also shows failover records for some ofthe cloud service providers. Every year, thou-sands of websites struggle with unexpected down-time, and hundreds of networks break or haveother issues. Indeed, the major problem for cloudprovider is how to minimize such kind of out-age/failover to provide reliable services.

This table also illustrates the service availabilityand reliability of service providers. If the dura-tion attribute is more, this means less reliabilityand availability of that particular service in the

specified date. For instance, from table it seemsthat FlexiScale and Microsoft Azure are less reli-able and having less availability on that particulardate mention above for that service.

Cloud providers need to detect failure in cloudsystems/applications with proper tools and mecha-nism such as application-specific Self-Healing andSelf-Diagnosis mechanism. Furthermore, induc-tive systems like classification or clustering wouldbe helpful not only for detection of failure but alsoto determine its possible cause.

2.1.6 Data Management, Storage, and Processing

The shift of computer processing, local storagelike RAID storage and software delivery awayfrom the desktop and local servers, across theInternet, and into Cloud Computing facilities,results in limitations as well as new opportuni-ties regarding data management. The data willbe replicated across large geographic distanceswhere its availability and durability is paramountfor cloud service providers. If the data is storedat un-trusted hosts that can create enormousrisks for data privacy. Another characteristic ofclouds is that the computing power is elastic inorder to face the changing conditions. For in-stance, additional computational resources canbe allocated on the fly to handle the increaseddemand.

Table 2 Outages indifferent cloud services

Service and outage Duration Date

1 Microsoft Azure: malfunction 22 h March 13–14, 2008in Windows Azure [46]

2 Gmail and Google Apps Engine [15] 2.5 h Feb 24, 20093 Google search outage: 40 min Jan 31, 2009

programming error [51]4 Gmail: site unavailable due to 1.5 h Aug 11, 2008

outage in contacts system [40]5 Google AppEngine partial outage: 5 h June 17, 2008

programming error [59]6 Google AppEngine experienced an outage 5 h 50 min July 2, 2009

that ranged from partial to complete [6]7 S3 outage: authentication service overload 2 h Feb 15, 2008

leading to unavailability [66]8 S3 outage: Single bit error leading to 6–8 h July 20, 2008

gossip protocol blowup [3]9 FlexiScale: core network failure [71] 18 h Oct 31, 2008

Architectural Requirements for Cloud Computing Systems 11

The focus of Cloud Computing is high perfor-mance computation, infinite capacity on-demandand no up-front cost. However, these character-istics may be easier to interpret in the context ofcomputation than of storage. For the latter, theCloud Computing providers must ensure that thestorage infrastructure is capable of providing richquery languages which is based on simple datastructures to allow for scale-up and scale-downon-demand. In addition, the providers need tooffer performance guarantees with the potentialto allow the programmer some form of controlover the storage procedures. These goals are chal-lenging, and currently no commercial solution ex-ists incorporating all these features.

On one side of the spectrum of challenges re-lated to storage is the Elastic Block Store (EBS)offered by Amazon that looks like a physicalstorage and where the programmer is responsiblefor managing the entire software stack. Althoughthis approach gives the programmer full controlover the processes, it is very difficult to providescale-up on-demand and also to allow for thedesign of automatic replication facilities by thecloud provider, because the data storage model isapplication dependent. On the other side of thespectrum is Google’s AppEngine, whose storagemodel is supported by the Bigtable [12], whichprovides excellent scalability, but it is tied to avery specific application model, i.e., that of Webservices. Thus, it is not straightforward for thisapproach to support general purpose computingso as to allow various business applications to runon top of it. Finally, Microsoft’s proposal based onAzure and a restricted view of structure query lan-guage (SQL) is an intermediate approach strivingto gain from both worlds.

Even though these approaches will survive inthe years to come, especially because they aresupported by the today’s software “giants” suchas Amazon, Google, Microsoft, there are two pa-rameters that these approaches currently do notprovide. First, they do not provide the advancesin storage technologies related to solid state disks(SSDs), i.e., flash-based disks. Second, they donot address the need by the scalable storage tosupport both MapReduce [18] operations overthe raw data, and also declarative data man-agement, as it is offered by traditional database

management systems. The noticeable point hereis SSD consumes less power in idle case, whilehard disk drives (HDDs) need significant energyconsumption.

In terms of storage technologies, there shouldbe a shift from HDDs to solid-state drives [36, 47]or, since the complete replacement of hard disksis prohibitively expensive, the design of hybridhard disks–hard disks augmented with flash mem-ories [49], as the latter provide reliable and highperformance data storage. The biggest barriers toadopting SSDs in the data centers have been price,capacity and, to some extent, the lack of sophisti-cated query processing techniques for SSDs. How-ever, this is about to change, because the IOPS(input/output operations per second) benefits ofSSDs are becoming important [48], for their ca-pacity increases at fast pace, and new algorithmsand data structures tailored to solid state disks[70].

The integration of magnetic and solid state disksin data centers is expected to boost the perfor-mance of applications running at cloud providers,but it will depend on the ability of the underlyinginfrastructure to recognize which applications areread-bound (e.g. data mining, processing of datacoming from e-Science experiments), and whichare write-bound (e.g. on-line transactional sys-tems such as e-commerce applications).

Currently, the programming model of data cen-ters supported by the current industry giants is aLisp-based form, termed MapReduce. Despite itsclaimed generality, effort should be spent to con-vert traditional algorithms to this programmingparadigm, since it is too low level and rigid, andleads to a great deal of custom user code that ishard to maintain and reuse.

Although MapReduce is a perfect fit for manytasks related to Web information retrieval (e.g.,PageRank computations, inverted index construc-tion), higher level abstractions are necessary toallow it to be used in enterprise-related tasks thatrequire ad-hoc analysis of extremely large data sets.Towards this direction, new languages and systemsmust be developed to realize hybrid designs amongDBMSs and Map-Reduce-like systems. The PigLatin [57] and Clustera [19] comprise character-istic examples of a language and a system thataddress this goal.

12 B.P. Rimal et al.

2.1.7 Virtualization Management

Virtualization [35] refers to the abstraction oflogical resources away from their underlyingphysical resources in order to improve agility,flexibility, reduce costs and thus enhance busi-ness value. Handling a number of virtualiza-tion machines on the top of operating systemsand evaluating, testing servers and deploymentto the targets are some of the important con-cerns of virtualization. The basic elements ofthe hypervisor include CPU, memory manage-ment, and I/O which provide the greatest per-formance, reliability and compatibility. Virtualiza-tion in the cloud includes server virtualization,client/desktop/application virtualization, storagevirtualization (Storage Area Network), networkvirtualization, and service/application infrastruc-ture virtualization, i.e.,

• Server virtualization: A common interpreta-tion of server virtualization is the mapping ofsingle physical resources to multiple logicalrepresentations or partitions.

• Client/desktop virtualization: Thin client tech-nique is one of the cheapest models of achiev-ing cloud virtualization, with security beingthe major concern.

• Storage virtualization: It provides the ab-straction between logical storage and physi-cal storage. Capacity, performance, durabil-ity, and availability are some of the relatedconsiderations.

• Network virtualization: It provides an envi-ronment to run multiple networks which canbe customized for specific purpose at the sametime over a shared substrate. It is the com-bination of hardware resources and softwareresources.

• Service/application virtualization: It virtualizesthe application and provides an access througha centralized web server. Application licens-ing and user provisioning is easy to manageas well as it reduces application deploymentcosts, and enables delivery of applications asservices.

• Infrastructure virtualization: It deals with theseparation of application and infrastructurelogic which enables the application develop-

ers to focus on building application insteadof building infrastructure code. Infrastructurecan be virtualized on the top of physical in-frastructure. Virtual resource pool with virtualnet resources facilitates to connect virtual in-frastructure and resource virtualization.

• Resource virtualization: The idea behind re-source virtualization is to customize resourceprovisioning in cloud and data center envi-ronment to meet workload requirements andto provide the ability to control the virtualresources execution. Several resources can bevirtualized on the top of physical resources.Developing the strategies for service-specificpolicies and resource-specific policies are al-ways focal concern in resource virtualization.

Virtualization is therefore well suited to a dy-namic cloud infrastructure, because it providesimportant advantages in sharing of cloud facil-ities, managing of complex systems as well asisolation of data/application. Additionally, the sig-nificant idea is to ensure whether the data cen-ters are locked or not into a particular operat-ing system environment through their choice ofa virtualization.

2.1.8 Scalability

Scalability deals with the ability of the softwaresystem to manage increasing complexity whengiven additional resources. Scalability with largedata set operations is a requirement for CloudComputing. Horizontal scalability is what cloudsprovide through load balancing and applicationdelivery solutions. Distributed hash table (DHT),column-orientation, and horizontal partitioningare examples of horizontal scalability. Verticalscalability is related to resources used, muchlike the old mainframe model. If an applicationdoesn’t scale well vertically, it’s going to increasethe costs to run in the cloud. Applications thatfail to vertically scale may end up costing morewhen deployed in the cloud because of the addi-tional demand on compute resources required asdemand increases.

Force.com was designed to run a simple busi-ness application and it is based on a databasecentric architecture. It seems to be limited in

Architectural Requirements for Cloud Computing Systems 13

scalability as it partitions its database per appli-cation. This means that if an application needsto scale more than what a single database canprovide, there is a challenge.

Even though DHT, column-oriented store ordocument-centric approaches were designed toaddress the issues of scaling or write heavy ap-plications, they cannot support for complex joins,foreign keys as well as reporting. They may beconsidered as a part of an overall architecture andthey can play a vital role to reduce writing heavybottlenecks. However, they should not be consid-ered a replacement for a relational database.

Considerations of Cloud-based scaling are ba-sically dependent on the nature of the applica-tions and the expected volume of usage. Werner[74] suggested that architect must be carefullyinspect along which axis we expect the system togrow, where redundancy is required, and how oneshould handle heterogeneity in the system, andmake sure that architects are aware of which toolsthey can use under which condition, and whatthe common pitfalls are. Architecting a scalableenterprise application is not a trivial task.

2.1.9 Load Balancing

Load Balancing is an integral part of Cloud Com-puting and elastic scalability which can be pro-vided by software or hardware or virtualware. Itis the mechanism of self-regulating the workloadsproperly within the Cloud’s entities (one or moreservers, hard drives, network, and IT resources).The cloud infrastructures and datacenters needhuge computing hardware, network and IT re-sources which are always subjected to the failoverwhen the demand exceeds. Load Balancing isoften used to implement failover. The failoveroccurs due to the limited resources allocation,hardware failure, power and network interruptionetc. The service components are monitored con-tinually and when one becomes non-responsive,the load balancer is informed and no longer sendstraffic to it. This is an inherited feature fromGrid-based computing that has been transferredto Cloud-based platforms. A load balancer is akey requirement to build dynamic cloud architec-ture. It provides the ways by which applicationinstances can be provisioned and de-provisioned.

There are some architectural considerations whiledesigning the load balancers:

• design to provide scalability that could be atthe CPU level, at the machine level, at thenetwork level, or even at the application leveland data center level

• capability to manipulate the client requestsand forward it to the selected target resourcesby using load balancing policies

• scalability of the request handling capacityautomatically

• fault tolerance for applications• handling of more complex and higher traffic

needs such as Apache traffic server. Apachetraffic server12 provides high performanceweb proxy cache to improve networkefficiency and performance and improvescontent delivery for enterprises backboneproviders and large intranets by maximizingexisting and available bandwidth.

2.2 Enterprise Requirements

Gartner predicated that, by 2012, 20% of enter-prise market e-mail will be hosted on the cloud[32]. Therefore, potential cloud adopters shoulddo their assessment before being “absorbed” bythis trend, thus reading external sources of in-formation and talking to analysts, technologyproviders and experts in order to understand thereal challenges and benefits of this new technol-ogy. According to Robbins [17], an enterpriseshould always make sure that they know what ser-vices they are paying for, and should pay carefulattention to the issues like service levels, privacymatters, compliances, data ownership, and datamobility.

This section describes cloud deployment re-quirements for enterprises, including a long listof requirements ranging from security, cloudo-nomics, data governance over to business processmanagement requirements and transferable skillsrequirements.

12Apache traffic server, http://trafficserver.apache.org/.

14 B.P. Rimal et al.

2.2.1 Cloud Deployment for Enterprises

The cloud services are ubiquitous as a single pointof access with four types of deployment models.These are public, private, community and hybridclouds. Each of types has its trade-offs. Privatecloud involves enterprise firms to deploy theirkey enabling technologies such as virtualizationand multi-tenant applications to create their ownprivate cloud data centers. Individual businessescan pay for using standardized services in linewith agreed charge-back mechanisms. For manyenterprises, this approach is more attractive thanmove to the public cloud.

• Public Cloud: The concept of sharing the ser-vices and infrastructure provided by off-sitethird-party service provider (own and managephysical infrastructure) in a multi-tenant en-vironment, usually called as public cloud. Itdescribes Cloud Computing in the traditionalmainstream sense, whereby resources are dy-namically provisioned on a fine-grained, self-service basis over the Internet, via web ap-plications/web services. Generally, enterprisesdo not want to move their mission-critical andcore-business applications in the public clouddue to security and control.

• Private Cloud: The idea behind private cloudis to share services and infrastructure providedby an organization or its specified serviceprovider in a single-tenant environment. It isnot as cost effective as the public cloud, butit is cheaper than buying and maintaining adata center. Similarly, it gives companies ahigh level of control over the use of cloudresources. Public clouds can access the dataon the private cloud with data services. Theservices in the public cloud communicate witha data service layer. The latter figures outhow to retrieve the physical data from theappropriate location over a secure protocol.The best way to achieve enterprise cloud is tointroduce the private cloud which can be builtfrom both internal and external computingresources. Private cloud provides trusted self-services capabilities.

• Community Cloud: According to NIST [52],the community cloud is shared by several or-

ganizations and is supported by a specific com-munity that has shared concerns (e.g., mission,security requirements, policy, and complianceconsiderations).

• Hybrid Cloud: It consists of multiple internalor external providers. It can provide cost sav-ings, scalable on-demand infrastructure andsecurity. The combination of hybrid cloudwith traditional infrastructure may be a vi-able solution for most of the companies. How-ever, hybrid clouds introduce the complexityof determining how to distribute applicationsacross both a public and private cloud. If thedata amount is small, or the application isstateless, a hybrid cloud can be much moresuccessful than if a large amount of data mustbe transferred into a public cloud for a smallamount of processing.

In summary, enterprises need to build a strat-egy that leverages all four options mentionedabove. The virtual private networks help to isolatethe computing resources, thereby extending theexisting IT resources of enterprises; this is calledVirtual Private Clouds that help to optimize thebusiness service deployment. Table 3 describesthe general summary of requirements of clouddeployment models.

2.2.2 Security

Usually security is the focal concern in terms ofdata, infrastructure and virtualization. In a surveyconducted by IDC13 (2009), almost 75% of ITexecutives reported that security was their pri-mary concern, followed by performance and re-liability, i.e. how enterprise data is safeguardedin a shared environment. It is today widely ac-cepted that cloud introduces new security risks[8, 34]. Corporate information is not only a com-petitive asset, but it often contains informationof customers, consumers and employees that, inthe wrong hands, could create a civil liability andpossibly criminal charges.

In Cloud Computing, a data center holds theinformation that would more traditionally havebeen stored on the end-user’s computer. This

13IDC, http://www.idc.com/.

Architectural Requirements for Cloud Computing Systems 15

Tab

le3

Sum

mar

yof

clou

dde

ploy

men

tmod

els

and

the

corr

espo

ndin

gre

quir

emen

ts

Par

amet

ers

Cos

tM

igra

tion

Clie

ntba

seSe

curi

tyC

ontr

olov

erL

egal

issu

es

Dep

loym

entm

odel

sth

eus

eof

clou

dre

sour

ces

Pri

vate

clou

dE

xpen

sive

Stan

dard

AP

Iis

need

edL

arge

ente

rpri

ses

and

Hig

hH

igh

betw

een

publ

ic,p

riva

teco

rpor

atio

nsan

dhy

brid

clou

dP

ublic

clou

dL

ess

expe

nsiv

eth

anSt

anda

rdA

PI

tom

ake

data

Lar

geas

wel

las

SME

s–

Low

,mor

ech

ance

sof

Low

Nat

iona

lbou

ndar

ypr

ivat

ecl

oud

mov

emen

tsea

mle

ssm

alic

ious

acti

viti

essu

chfo

rda

tast

orag

eD

DoS

atta

cks

–T

rust

edvi

rtua

ldat

ace

nter

isre

quir

edC

omm

unit

ycl

oud

Rel

ativ

ely

chea

per

Stan

dard

AP

Iis

need

edSm

allS

ME

sL

owL

owth

anot

her

thre

eto

mig

rate

data

wit

hin

clou

dm

odel

ssp

ecif

icco

mm

unit

yH

ybri

dcl

oud

Cos

tsav

ings

Stan

dard

AP

Ito

mak

eda

taM

ulti

ple

inte

rnal

and/

orA

pplic

atio

nco

mpa

tibi

lity

Hig

hN

atio

nalb

ound

ary

mov

emen

tsea

mle

ssex

tern

alpr

ovid

ers

issu

esfo

rda

tast

orag

e raises concerns regarding user privacy protection,since the users do not “own” their data. Also,the move to centralized services may affect theprivacy and security of users’ interactions. Secu-rity threats may happen in resource provisioningand during distributed execution of user appli-cations. Also, new threats are likely to emerge.For instance, hackers can use the virtualized in-frastructure as a launching pad for new attacks.Cloud services should preserve the integrity ofdata and the privacy of users. In this context,new data protection mechanisms to secure dataprivacy, resource security, and content copyrightsshould be investigated along with the traditionalones.

To this end, the authorization managementand control in Web 2.0 are considered importantand critical. Authorization can be course-grainedwithin an enterprise. Private clouds will needgranular authorization (such as role-based con-trols) that can be persistent throughout the data’slifecycle. Authentication may be multi-factor au-thentication with one-time password technology,federation within and across enterprises, or risk-based authentication that measures behavior his-tory, current context etc. Federated-type sin-gle sign-on models based on SAML (SecurityAssertion Markup Language) protocol [56] andOpenID14 are positioned to manage the authenti-cation issues between users and cloud applicationproviders. The user identity is also important inthe growth of sensitive data and confidential rela-tionships online [76].

2.2.3 Cloudonomics

The Economics of Cloud Computing is calledCloudonomics [75]. The enterprises will have achoice of cloud vendors based on their pric-ing, and billing systems for pay-per-use model.The problem with Cloud Computing is the lackof cost based transparency. It is actually verydifficult to quantify the cost benefits of usingtraditional infrastructure versus using a remoteservice providers (Amazon EC2, GoGrid etc). Forexample, cost of buying a cluster assuming that

14OpenID Foundation, http://openid.net/.

16 B.P. Rimal et al.

runs 24*7 for 5 years versus cost of same numberof hours on cloud infrastructure.

The emergence and popularity of Cloud Com-puting does not necessarily mean that it is thebest solution for any enterprises from the eco-nomic perspective. It might be the best alterna-tive at some point in enterprise’s lifetime andunder specific market conditions. To understandthe economy of Cloud Computing, we recall thebasic premises of clouds:

• they provide true on-demand services, by mul-tiplexing demand into a common pool of dy-namically allocated resources,

• (large) cloud providers operate at a scalemuch greater than even the largest privateenterprises,

• whereas enterprises’ private data centers tryto reduce cost via consolidation and con-centration, the clouds exploit geographicdispersion.

Based on these observations, Joe Weinman [75]documented the superiority of the clouds usingthe “10 Laws of Cloudonomics”. Herewith, wewill summarize the major points of Cloudonomics,focusing our description around the pay-as-you-go (i.e., usage-based) pricing model employed byCloud Computing.

Contrary to leased, owned or financed services,even in the cases when the cost per unit timeis higher for cloud providers, this cost is amor-tized over the usage (Cloudonomics Law #1)—thecloud user pays for just the resources that a par-ticular computation requires; computations thatrequire additional resources, simply request themfrom the cloud up to the cloud’s overall capacity.Therefore, Cloud Computing does not require up-front investments, and lets user’s access capacityexactly when they need it (Cloudonomics Law #2).

Within the cloud, the laws of probability givethe cloud provider great leverage through statis-tical multiplexing of varying workloads (Cloudo-nomics Law #3), thus enabling him to supporta wide range of peak demands which due tothe multiplexing appear smother (CloudonomicsLaw #4).

The magnitude of the infrastructure of a (large)cloud provider provides tremendous economic ad-vantages, since it can acquire hardware/software

at lower prices (Cloudonomics Law #5), and im-plement parallel processing at a much greaterscale (Cloudonomics Law #6 and #7) even for real-time tasks.

Finally, the ability of the cloud provider toimplement its data centers at geographically dis-persed regions provides unique opportunities forlatency reduction (Cloudonomics Law #8), simi-larly to the Content Distribution Networks thatmove data close to the edge of the Internet,for survivability and availability (CloudonomicsLaw #9), and allow for enterprise “mobility”(Cloudonomics Law #10), since an enterprise’sprivate data center can rarely be build on locationsaway from the enterprise’s geographic basis, eventhough such a decision would be more profitable,e.g., for its users.

2.2.4 Data Governance

Geographical and political issues are the key re-quirements for enterprise cloud. When data beginsto move out of the organizations, it is vulnerableto disclosure, or loss. The act of moving sen-sitive data outside the organizational boundarymay violate national regulations for privacy. InGermany15 passing data across national territorycan be a federal offense [21, 38]. Also in someof the European countries require services andcustomer data be retained within a country’s bor-ders. Governance in the cloud “who and how”is a big challenge for enterprise cloud. There aresome questions that need to be solved before mis-sion critical data and functionality can be movedoutside a controllable environment. How SLAcontrolled and enforced, what will happen if aprovider goes insolvent? Some of the data mightreside in China or India while it is processedin Europe or North America. What will happenif a country changes its laws unexpectedly? Themissing control could easily bring a business downwhen relying on cloud services that do not deliveranymore. This is a serious issue if mission critical

15German data protection law called “InformationelleSelbstbestimmung”.

Architectural Requirements for Cloud Computing Systems 17

data is inaccessible for a longer period. There-fore, many government agencies do not want tomove their mission critical data like defense data,government strategy and certain important policydata.

In a true market-based economy, a client isable to select the provider of the goods s/he needsbased on a combination of factors related to cost,quality etc. This means a user should be able tomove data/programs to another cloud provider, ifthe second provider is more profitable. In otherwords, the cloud users must be protected against“data lock-in”.

One of the central questions here is, which tech-nology and development platform are being usedby your organization? Vendor lock in is one of theimportant considerations for an enterprise. Thereare currently no standardized ways to plug into acloud, and this makes it hard to switch to a newvendor. For example, users can try to move theirMySpace profile and its content to Facebook with-out manually retyping the profiles. Cloud serviceproviders can provide a service for their customerto move data in and out of their systems withouttoo much hassle by adopting open standards. Thiswould be a good chance for providers to competeon openness from the outset.

Currently, due to the lack of interoperabilityamong cloud platforms and the lack of standard-ization efforts, cloud providers cannot guaranteethat a cloud user can move its data/programs toanother cloud provider on demand. Cloud Com-puting would become much more appealing if pro-tection against data lock-in is fully implemented,since it would liberate the users from possiblemonopolies, make them less vulnerable to priceincreases, and increase competition among cloudproviders for offering better quality vs. price ra-tios. Finally, it would also guarantee longevity ofthe cloud users, since they would not be afraid ofcloud providers going out of business.

For the time being, this issue is still unresolved,and the current situation implies that once thecloud users upload their data to the data center,the data is locked-in. This issue is of paramountimportance and, together with the security top-ics, comprise a key factor that will determine theextent to which Cloud Computing will be widelyadopted by the enterprises.

2.2.5 Data Migration

The issue of distributing information to web usersin an efficient and cost-effective manner is a chal-lenging problem, especially, under the increasingrequirements emerging from a variety of mod-ern applications, e.g., voice-over-IP, and stream-ing media. Starting from the early approachesbased on proxy caches, currently, Content Distri-bution Networks (CDNs), e.g., Akamai, have metthese challenges by providing a scalable and cost-effective mechanism for accelerating the deliveryof web content, based on more or less sophisti-cated data migration (outsourcing) policies for thesurrogate servers of a CDN [42].

In the context of Cloud Computing though,such policies are ineffective, since they must col-lectively ensure the following goals:

1. No data loss: The system must ensure witha high probability that data will not be lostpermanently.

2. High availability: Data must be available tousers/owners when they want the data witha reasonably high probability, though someoccasional temporary outages are acceptable.

3. High performance: The system should notperform significantly worse than the currentusual alternatives notably NFS.

4. Scalability: The system must scale to largenumbers of clients, large numbers of storage‘nodes’, large aggregate storage spaces, etc.

5. Cost efficiency: Since there are existing solu-tions to buy large, reliable storage, the systemmust be inexpensive in hardware, softwareand maintenance.

6. Security: The system must be able to matchthe confidentiality, data integrity and autho-rization standards expected by users. This isparticularly challenging given that data willbe stored on the remote machines of cloudproviders.

Apparently, the 4th and 5th items are “by-definition” offered by the cloud infrastructure it-self, since cloud users are not supposed to worryabout the hardware and scalability.

The first three items are extremely significantsince current data centers suffer from failuresdue to overheating, power failures, rack failures,

18 B.P. Rimal et al.

network failures, hard drive failures, networkrewiring and maintenance, and even due to nat-ural disasters (e.g., a tornado may destroy a wholedata center), or due to malicious human behav-ior (DDoS, terrorism). These situations requirefail-over processing and migration for seamlessservices.

To collectively address the first three goals,data replication in the cloud seems the most con-venient approach. Replication presents some fun-damental differences when viewed in the cloudcontext: it must be fully distributed, must be dy-namically adapted the number of replicas to thequery load and the capabilities of the underlyingservers, must be provided different data consis-tency levels (strong, weak, differentiated), andmust be cost-effective, ensuring the highest possi-ble availability for the consumers of the data andalso for the owner of the data.

Although several caching and replication al-gorithms are widely available to address eachgoals individually (or subsets of these goals), noveltechniques are required towards this direction.The relevant cloud literature lacks sophisticatedcaching/replication solutions and only a coupleof recent proposals seem to have understood theimportance of the problem [7, 16]. Process migra-tion is a valuable resource management tool thatrequires continuity of process to keep its processin local stack of data and operations. The majordifficulty lies in providing an efficient method fornaming resources that is entirely independent oftheir location.

2.2.6 Business Process Management (BPM)

Business process management systems provide abusiness structure, security and consistent rulesacross business processes, users, organization andterritory. This classical concept is enhanced inthe context of Cloud-based BPM, as cloud deliv-ers a Business Operating Platform for enterprisessuch as combining SaaS and BPM applications(e.g., customer relationship management (CRM),workforce performance management (WPM), en-terprise resource planning (ERP), e-commerceportals etc.) which helps for the flexibility, deploy-ability and affordability for complex enterpriseapplications. When the enterprises adopt Cloud-

based services or business processes, the returnof investment (ROI) of overall business measure-ment is important. There are still many debatesare on-going about Cloud Computing ROI andthe methodology of its measurement and associ-ated parameters. Cloud Business Artifacts (CBA)project of The Open Group Cloud ComputingWork Group [69] identified the following issues;how to measure

• Pricing and costing of cloud services• Funding approaches to cloud services• Return of Investment (ROI)• Capacity and utilization (called as Key Perfor-

mance Indicators (KPIs))• Total cost of ownership• Risk management• Decision and choices evaluation processes for

cloud services

CBA also describes approaches to measuringthis ROI, absolutely and in comparison with tra-ditional approaches to IT, by giving an overviewof cloud KPIs and metrics. Reusability of businessprocesses can help the enterprises to maximizetheir profits and some of the intelligent/innovativebusiness processes such as situational businessprocesses [24] would be fruitful to drive the busi-ness values.

2.2.7 Third Party Engagement

The involvement of third-party in enterprises canhelp for establishing a robust communication planwith provider landscape, continuity of cloud ser-vice engagements, legal implications (e.g., SLAs,potential intellectual property (copyrights, trade-marks, and patents) infringement issues), cloudaudit, and reporting capabilities etc.

A key requirement to move the on-premise ITsystems to Cloud Computing is the existence ofthe business model. An enterprise should takethe onus of encouraging the supply chain manage-ment (SCM), enterprise resource planning (ERP)and enterprise content management (ECM) pack-age vendors to come-up with a Cloud Licensemodel which takes machine instances to consid-eration. The major problem with offerings likeAmazon EC2 or Google AppEngine is, that en-terprises might get a refund if their SLAs with

Architectural Requirements for Cloud Computing Systems 19

Amazon have been violated, but there is no wayto have stronger contractual bounds with serviceprovider. Therefore, enterprises might have touse smaller, more specialized semi-private cloudofferings, and those again might be more sub-jected to attacks.

2.2.8 Transferable Skills

Transferable skills deals with the technology dis-semination, technical supports, discussion withconsulting expert groups, or of fshore outsourcingthat help for the adaptation and stability of sys-tems/applications. Cloud Computing comes withits own set of management tasks that need tobe executed by the enterprises staff, for examplestaff needs to monitor current computing capac-ity and to increase or decrease it depending onusage, or developers might have to implement anew feature of the system as business processeschange. Before choosing a cloud provider system,the enterprise should have a look at the skill setof their existing workforce to identify those skillsthat are transferable to the new environment inorder to make the transition as fluent as possiblebecause there is a wide variation in maturity ofenterprise cloud software and services.

2.3 User Requirements

Users’ requirements are the third key factor tothe adoption of any cloud system within an en-terprise. Cloud should be trustworthy enough tomigrate critical user data. Users need assurancethat their sensitive data and information are pro-tected from compromise and loss that their datais available when required from anywhere of theworld. For users, the trust issues are a majorconcern to the adoption of the cloud services.Trust-based [34] cloud is therefore an essentialpart to the success of enterprise cloud. Stabil-ity and security can play a vital role to increasethe trust between user and service providers.Cloud-based applications should be architected tobe able to support personalization, localizationand internationalization to make user-friendlyenvironment.

This section describes user consumption-basedbilling and metering requirements, user centric

privacy requirements, service level agreements,adaptability and learning requirements, and userexperience requirements.

2.3.1 User Consumption-based Billingand Metering

The individual end-user consumption-based bill-ing and metering in cloud systems is simi-lar analogy with the consumption measurementand allocation of costs of water, gas and elec-tricity consumption on a consumption unit ba-sis. Cost management is important for planningand controlling decision. It helps to check theutilized resources versus cost. Cost breakdownanalysis, tracing the utilized activity and adaptivecost management are important considerationsas well. Users always want transparency of con-sumption and billings. What is the frequency ofusage of services? How frequent is the serviceusage? Very frequent usage in fact makes lesseconomic sense to go for cloud a based pay-per-use model. An architect needs to pay special at-tention to provide this visibility while architectingcloud systems. Activity-Based Costing (ABC) [50]is a profiler that the user can use it to under-stand how much their implementation will cost interms of Cloud Computing charges. Such kind ofapplication may be helpful for user to test costtransparency.

2.3.2 User-Centric Privacy

The main consideration regarding Cloud Comput-ing for end users is related to the storage of per-sonal/enterprise sensitive data. Cloud Computingbrings with it the fact that most of the users’ cre-ations, data that the user would regard as his/herpersonal intellectual property, will be stored atmega-data centers located around the world. Inthis environment, privacy becomes a major issue[11]. Therefore, the cloud providers are makingall to efforts to win is the trust of their users;in general, a corporation would not be willing tostore any sensitive data on the cloud. Even thoughthis seems to be an unsolvable problem, there areindications that it can be overcome. First, manyusers have already been exposed to some formof Cloud Computing, mainly in a form of email

20 B.P. Rimal et al.

service (e.g., Gmail) or a Web 2.0 application(Facebook, Myspace etc), without much concernabout privacy. Therefore, users may be used toa level of privacy as they know today. Second,there are currently technologies that can assuredata integrity, confidentiality, and security for theclouds to be trusted. These technologies include:

• data compressing and encrypting at the stor-age level, thus the cloud provider can’t reallyuse the sensitive data,

• virtual LANs, that can offer secure remotecommunications,

• network middleboxes (e.g., firewalls, packet fil-ters), to further failsafe secure communications.

These technologies are quite mature and thereis no technical difficulty per se in providing thesetools for clouds. They will certainly need adjust-ments and improvements in order to be appliedat the huge scale of clouds, but this is somethingthat can be achieved. For example, the Sector [37]provides authentication, authorization, and accesscontrol, and, as measured by the TeraSort bench-mark, is faster than Hadoop, which currentlydoes not have user-level authentication or accesscontrol.

2.3.3 Service Level Agreements (SLAs)

The mutual contract between providers and usersis usually called SLAs, i.e., the ability to deliverthe services according to pre-defines agreements.Currently, many cloud providers offer SLAs, butthese are rather weak on user compensations onoutages. The lists of important architectural issuesare:

• How and who will measure the delivery ofservices?

• How to develop an agreed method of monitor-ing performance?

• What will happen if the provider unable orfails to deliver the services as contract?

• What will be the mechanism to change SLAover time?

• What will be the compensation mechanism ifservice provider violates any elements of theSLA?

Users always want stable and reliable systemservices. Cloud architecture is considered to behighly available, up and running 24 hours by7 days. Many cloud service providers have madehuge investments to make their system as reliableas they can give the scale of their system. Mostcloud vendors today do not provide high avail-ability assurances; this is particularly an issue withenterprise Mashups [43, 62] that need a set ofweb services hosted in various Cloud Computingenvironments and many may stop working at anytime. If a service goes down (refer back to Table 2)for whatever reasons, what can users do? How canusers access their documents stored in the cloud?In such case, the provider may offer to pay a fineto the consumer as compensation.

2.3.4 Adaptability and Learning

Cloud Infrastructure must handle more resources,data, services and users; all of this makes Cloud-based enterprise application/systems more com-plex to control, to keep coherence between ser-vices and resources. The biggest challenge forevery user is to get acquainted with an applica-tion presented by the enterprises when trying todeal with clouds. To this end, users must be em-powered to execute effective controls over theirpersonal information [11]. Cloud Computing isbeing adopted by business leaders and most of theprocesses in Cloud Computing are for sensitivebusiness processes such as online purchases ofproducts or acquisition of services. If the usersdo not fully aware about its usage, they wouldnot be benefited with those services or could evenbe exposed to different types of security attacks.Some of the guidelines are listed below to makelearning and users adaptation in the Cloud-basedapplication/systems:

• identify the suitable approaches based on ob-servation, data recording and users demandto make learning and adaptation environmentto the users so that they can easily use thesystems

• design the applications to meet the goalof reconfiguration, personalization andcustomization

Architectural Requirements for Cloud Computing Systems 21

• intelligent, and interactive demonstrationwould be helpful to aware the users aboutthe usage of application. Artificial intelligenceand semantic techniques are also helpful here.

2.3.5 User Experience (UX)

The notion of UX is to provide the insight into theneeds and behaviors of end-user that can help tomaximize the usability, desirability, and produc-tivity of the applications. UX-driven design anddeployment may be the next step in the evolutionof Cloud Computing. The screens or user inter-faces must be simple, uncluttered, and designedaccording to a workflow or process you expectyour users to follow. For example, in the case ofSaaS application, AJAX based UIs, and SmartClients have an interesting impact on users expe-rience sharing and practice that can help to elabo-rate the scope of software products and services aswell as its business value. On the other hand, cloudapplication and devices evolution such as mobilebrings new opportunities to user involvement andinteraction. Mobile devices have drag and dropfeatures of Gadgets that provides information andfun-like news, pictures, games etc. Furthermore,Human-Computer Interaction, ergonomics, andusability engineering are the some of the impor-tant key requirements to design UX-based cloudapplications. Some of the important considera-tions are listed below, i.e.,

• Identification of most potential services fromusers and business point of view

• analysis of service possibilities, context forthe problem, and describes the rationale be-hind the solution by implementing UX designpatterns

• ensuring that UX involvement from the begin-ning of service/product life-cycle

• incorporation of end-user involvement indesign

• conducting reality demonstration of the ser-vices/applications

In addition, Cloud-based application/systemsshould be easy to use, capable of providingfaster and reliable services, easily scalable, and

customizable to meet the goal of localizationand standardization. They should also ensurethe impact of rich Internet applications (RIAs)such as EyeOS16. For instance, EyeOS 2.0 is theperfect development framework for quick andeasy creation of RIAs that provides effectiveness,usefulness, versatility/appropriateness and com-fortableness environment to the users.

3 Discussion and a Comparative Analysisof the Common Requirements

The Table 4 gives a comparative analysis of the re-quirements discussed in the prior sections. It alsoillustrates the relationships between architecturalrequirements layers and components describedabove.

There are various architectural styles of soft-ware architecture such as client/server, pipe-and-filter, distributed object, event-based integration,virtual machine etc. Table 5 summarizes the map-ping of architectural requirements to the generalarchitectural components.

Furthermore, some of the important issues aregiven below that should be considered while map-ping the requirements to architectural components.

• What kind of architectural components arefrequently made in building dynamic largecloud systems?

• How do architectural components relate to pro-vider’s and enterprise’s system requirements?

• How can we able to extract the genericand reusable model to classify relations be-tween requirements and architectural compo-nents/patterns?

• How do we abstract key architectural as-sessment made in existing cloud applica-tion/systems?

In addition, we have figured out three gen-eral architectural components to couple those ar-chitectural styles such as workf low orchestration,single f low and types of requirements. Workfloworchestration provides the pipe-and-filter archi-tectural styles [5] to manage business, service

16EyeOS, http://www.eyeos.org.

22 B.P. Rimal et al.

Tab

le4

Com

para

tive

anal

ysis

ofth

eco

mm

onre

quir

emen

ts

Par

amet

ers

Secu

rity

Inte

rope

rabi

lity

Dat

am

anag

emen

t,SL

AM

eter

ing

Vir

tual

izat

ion

Use

r-ce

ntri

cD

ata

mig

rati

onR

equi

rem

ents

stor

age

and

proc

essi

ngan

dbi

lling

man

agem

ent

priv

acy

Pro

vide

rC

anbu

ildup

the

Ope

nda

tafo

rmat

,Sh

ould

capa

ble

ofIf

they

offe

rC

anbu

iltup

Can

max

imiz

eC

anbu

ildup

Reg

iona

ldat

are

quir

emen

tstr

usta

mon

gO

pen

AP

Iis

prov

idin

gri

ch99

.99%

ofSL

Ath

etr

ustw

ith

prof

itby

the

trus

tce

nter

iste

nant

sm

ore

help

fulf

orqu

ery

lang

uage

serv

ice,

this

ente

rpri

ses

and

virt

ualiz

ing

easi

lyne

eded

ifth

ere

inte

rope

rabl

eto

allo

wsc

ale-

upm

eans

thei

ren

d-us

ers

byap

plic

atio

n,is

aco

untr

ycl

oud

serv

ices

scal

e-do

wn

serv

ice

ism

ore

offe

ring

effi

cien

tne

twor

k,bo

unda

ries

for

-fle

xibl

ean

dre

liabl

em

eter

ing

and

data

base

,da

tam

igra

tion

elas

tic

stor

age

billi

ngse

rvic

esin

fras

truc

ture

serv

ices

wit

hdu

rabi

lity

isne

eded

Ent

erpr

ise

Org

aniz

atio

nal

Allo

wto

beE

last

icst

orag

e,C

ancl

aim

the

Can

build

upth

eC

anm

axim

ized

Can

build

upP

olit

ical

and

requ

irem

ents

conf

iden

tial

port

edbe

twee

nno

need

tow

orry

char

gefo

rtr

uste

asily

prof

its

the

trus

tle

gali

ssue

sda

taan

dm

issi

oncl

ouds

befo

reab

outs

tora

gese

rvic

eou

tage

betw

een

betw

een

asso

ciat

edcr

itic

alda

tacr

itic

alte

nant

ste

nant

sw

ith

itca

nm

ove

onbu

sine

sscl

oud

ifth

ere

appl

icat

ion

isa

secu

rear

ede

liver

edse

rvic

esfr

omcl

ouds

Use

rsT

rust

yen

viro

nmen

tU

ser

can

take

Can

bebe

nefi

ted

Leg

alag

reem

ent

Tra

nspa

rent

Vir

tual

izat

ion

mak

esU

ser’

spo

into

fC

anm

ove

thei

rre

quir

emen

tsw

illcr

eate

tous

ese

rvic

esfr

omw

ith

on-d

eman

dis

impo

rtan

tm

eter

ing

and

clou

dse

rvic

esvi

ewpr

ivac

yda

tain

thei

rcl

oud

serv

ices

any

prov

ider

stor

age

serv

ice

ifth

ese

rvic

ebi

lling

affe

ctth

ech

eape

r,so

user

sis

the

prim

ary

regi

onal

easi

lyif

the

data

isdo

wn

user

sus

er’s

inte

nsio

nca

nbe

easi

lyco

ncer

nto

data

cent

erpo

rtab

ility

can

clai

mto

use

the

bene

fite

dfr

omit

trus

tser

vice

isea

sy.

refu

nd.

serv

ices

offe

red

prov

ider

s.by

prov

ider

s.

Architectural Requirements for Cloud Computing Systems 23

Table 5 Partial mappingof requirements toarchitectural components

NFR NFR/FR FR

Single flow R5, R6, R8, R11, R12, R13, R7, R18 R1, R4, R10, R14R16, R17, R19, R20, R21

Workflow orchestration R9, R15, R22 R2 R3

Requirements

R1 Service delivery model (SaaS, PaaS, IaaS)R2 Service-centricR3 Data management and storageR4 Virtualization managementR5 Cloud deploymentR6 Fault toleranceR7 SecurityR8 Quality of serviceR9 CloudonomicsR10 Load balancingR11 InteroperabilityR12 ScalabilityR13 Data governanceR14 Data migrationR15 Business process managementR16 Third party engagementR17 Transferable skillsR18 User consumption-based billing and meteringR19 User-centric privacyR20 Service level agreementsR21 Adaptability and learningR22 User experience

and scientific data managements. The functionalrequirements (FRs) deal with the set of opera-tion/functions that the system offers while non-functional requirements (NFRs) refer to the man-ner in such a way those functions are executed.Some of the NFRs need to be captured and an-alyzed from the very early stages of the applica-tion/system development process but NRFs arealways coupled with FRs. The preliminary ideaof dividing functional and non-functional require-ment is to figure out the whole scenario of Cloud-based applications. That could be helpful for ar-chitects to set up the criteria for the solution interms of the operational, and service-level objec-tives in the phase of requirement engineering.

4 Conclusions

Clear understanding of requirements and theirrelationships with respect to architectural choicesis a critical for any enterprise system transforming

the corporate culture into a co-operative businessculture by sharing/reusing business processes withhelp of the cloud services. The biggest challengein Cloud Computing is the lack of a de factostandard or single architectural method, whichcan meet the requirements of an enterprise cloudapproach. In this paper, we explored the architec-tural features of Cloud Computing and classifiedthem according to the requirements of end-users,enterprises that use the cloud as a platform, andcloud providers themselves. We show that severalarchitectural features will play a major role in theadoption of the Cloud Computing paradigm as amainstream commodity in the enterprise world.This paper also provides basic guidelines to soft-ware architects and Cloud Computing applicationdevelopers for creating future architectures.Although the abstract nature of cloud makes itchallenging to analyze the coverage of all re-quirements and architectural components with re-spect to a generic enterprise cloud system, our setof general, and preliminary requirements can be

24 B.P. Rimal et al.

used as the first step towards a more specific setof properties and requirements for the emergingenterprise cloud services.

Acknowledgements The authors would like to thank theanonymous reviewers for their valuable comments whichhelped us to improve the quality of our initial manuscript.This work has been partially supported by the EU FP7-ICT-248657 GEYSERS project.

References

1. Adabala, S., Chadha, V., Chawla, P., Figueiredo, R.,Fortes, J., Krsul, I., Matsunaga, A., Tsugawa, M.,Zhang, J., Zhao, M., Zhu, L., Zhu, X.: From virtualizedresources to virtual computing Grids: the In-VIGOsystem. Future Gener. Comput. Syst. 21(6), 896–909(2005)

2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D.,Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A.,Rabkin, A., Stoica, I., Zaharia, M.: Above theclouds: a Berkeley view of cloud computing. TechnicalReport No. UCB/EECS-2009-28, Electrical Engineer-ing and Computer Sciences, University of California atBerkeley (2009)

3. AWS Service Health Dashboard: Amazon S3 avail-ability event. Available online at http://status.aws.amazon.com/s3-20080720.html (2009). Accessed onMarch 2009

4. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris,T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xenand the art of virtualization. In: Proceedings of theNineteenth ACM Symposium on Operating SystemsPrinciples (2003)

5. Bass, L., Clements, P., Kazman, R.: Software Ar-chitecture in Practice. Addison-Wesley, Reading,Massachusetts (1998)

6. Beckmann, C.: Google App Engine. http://tinyurl.com/l949tp (2008). Accessed on July 2009

7. Bonvin, N., Papaioannou, T.G., Aberer, K.: Dynamiccost-efficient replication in data clouds. In: Proceedingsof the 1st Workshop on Automated Control for Data-centers and Clouds (2009)

8. Brodkin, J.: Gartner: seven cloud-computing securityrisks. Available online at http://tinyurl.com/3okysm(2008). Accessed on March 2009

9. Carr, N.: The Big Switch—Rewiring the World fromEdisson to Google. W. W. Norton (2008)

10. Carr, N.: Rough Type. Available online at http://www.roughtype.com (2010). Accessed on January 2010

11. Cavoukian, A.: Privacy in the Clouds—A WhitePaper on Privacy and Digital Identity: Implications forthe Internet. Information and Privacy Commission ofOntario (2008)

12. Chang, F., Dean, J., Ghemawat, S., Hsieh, W.C., Wal-lach, D.A., Burrows, M., Chandra, T., Fikes, A., Gru-ber, R.E.: Bigtable: a distributed storage system for

structured data. ACM Trans Comput. Syst. 26(2), 1–26(2008)

13. Choudhary, V.: Software as a service: implications forinvestment in software development. In: Proceedingsof the 40th Hawaii International Conference on SystemSciences (2006)

14. Clements, P., Northrop, L.M.: Software architecture:an executive overview. Software Engineering Insti-tute, Carnegie Mellon University, Technical ReportCMU/SEI-96-TR-003 (1996)

15. Cruz, A.: Gmail site reliability manager, update inGmail. Available online at http://tinyurl.com/b2vzka(2009). Accessed on March 2009

16. Dash, D., Kantere, V., Ailamaki, A.: An economicmodel for self-tuned cloud caching. In: Proceedings ofthe IEEE International Conference on Data Engineer-ing (2009)

17. David, R.: Cloud computing explained. Available on-line at http://tinyurl.com/qexwau (2009). Retrieved on1 Sept 2009

18. Dean, J., Ghemawat, S.: MapReduce: simplified dataprocessing on large clusters. Commun. ACM 51(1),107–113 (2008)

19. DeWitt, D.J., Robinson, E., Shankar, S., Paulson, E.,Naughton, J., Krioukov, A., Royalty, J.: Clustera: anintegrated computation and data management system.In: Proceedings of the Very Large Databases (2008)

20. Emeneker, W., Stanzione, D.: Dynamic virtual clus-tering. In: IEEE International Conference on ClusterComputing (2007)

21. Federal Data Protection Act, Bundesdatenschutzgesetz(BDSG), http://tinyurl.com/37sf3ly (1990). Accessed 10December 2009

22. Fielding, R.T.: The representational state transfer(REST). Ph.D. Dissertation, Department of Informa-tion and Computer Science, University of California,Irvine. Available online at http://www.ics.uci.edu/∼fielding/pubs/dissertation/top.htm (2000)

23. Figueiredo, R.J., Dinda, P.A., Fortes, A.B.: A case forGrid computing on virtual machines. In: Proceedingsof the 23rd International Conference on DistributedComputing Systems (2003)

24. Fingar, P.: Extreme Competition: Cloud OrientedBusiness Architecture. Business Process Trends (2009)

25. Flouris, M.D., Lachaize, R., Bilas, A.: Violin: a frame-work for extensible block-level storage. In: Knowledgeand Data Management in Grids, CoreGRID series,vol. 3, pp. 83–98. Springer Verlag (2007)

26. Foster, I., Kesselman, C.: Globus ametacomputing in-frastructure toolkit. Int. J. Supercomput. Appl. 11(2),115–128 (1997)

27. Foster, I., Kesselman, C., Tuecke, S.: The anatomyof the Grid: enabling scalable virtual organizations.Int. J. High Perform. Comput. Appl. 15(3), 200–222(2001)

28. Foster, I., Freeman, T., Keahey, K., Scheftner, D.,Sotomayor, B., Zhang, X.: Virtual clusters for Gridcommunities. In: 6th IEEE International Symposiumon Cluster Computing and the Grid (2006)

29. Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud comput-ing cloud computing and Grid computing 360 degree

Architectural Requirements for Cloud Computing Systems 25

compared. In: Grid Computing Environments Work-shop (2008)

30. Fox, A., Gribble, S.D., Chawathe, Y., Brewer, E.A.,Gauthier, P.: Cluster-based scalable network services.In: Proceedings of the Sixteenth ACM Symposium onOperating Systems Principles (1997)

31. Garg, V.K.: Elements of Distributed Computing.Wiley-IEEE Press. ISBN 0471036005 (2002)

32. Gartner Research: Predicts 2009: Cloud ComputingBeckons (2009)

33. Gathering Clouds of XaaS! http://www.ibm.com/developer (2008)

34. Gellman, R.: Privacy in the clouds: risks to privacyand confidentiality from cloud computing. In: WorldPrivacy Forum (2009)

35. Golden, B.: Virtualization for Dummies. Wiley Pub-lishing, Inc. (2008)

36. Graefe, G.: The five-minute rule twenty years later,and how flash memory changes the rules. In: Proceed-ings of the 3rd International Workshop on Data Man-agement on New Hardware (2007)

37. Gu, Y., Grossman, R.L.: Sector and sphere towardssimplified storage and processing of large scale distrib-uted data. Philos. Trans. R. Soc. Lond. A. 367(1897),2429–2445 (2009)

38. Hoeren, T.: The new German data protection act andits compatibility with the European Data ProtectionDirective. J. Comput. Law, Security Review, Elsevier25(4), 318–324 (2009)

39. Irwin, D., Chase, J., Grit, L., Yumerefendi, A., Becker,D., Yocum, K.: Sharing networked resources withbrokered leases. In: USENIX Technical Conference(2006)

40. Jackson, T.: We feel your pain, and we’re sorry. Avail-able online at http://tinyurl.com/58mqho (2008). Ac-cessed on March 2009

41. Kapil Bakshi, K.: Cisco cloud computing-data centerstrategy, architecture, and solutions. Point of ViewWhite Paper for U.S. Public Sector (2009)

42. Katsaros, D., Pallis, G., Stamos, K., Vakali, A.,Sidiropoulos, A., Manolopoulos, Y.: CDNs contentoutsourcing via generalized communities. IEEE Trans.Knowl. Data Eng. 21(1), 137–151 (2009)

43. Kavis, M.: Enterprise mashups—the icing on yourSOA. Available online at http://socialcomputingjournal.com (2008). Accessed on July 2009

44. Keahey, K., Foster, I., Freeman, T., Zhang, X.: Vir-tual workspaces: achieving quality of service and qual-ity of life in the Grid. Sci. Program. J. 13(4), 265–276(2005)

45. Keahey, K., Foster, I., Freeman, T., Zhang, X., Galron,D.: Virtual workspaces in the Grid. In: 11th Interna-tional Euro-Par Conference (2005)

46. Kolakowski, N.: Microsoft’s cloud azure service suffersoutage. Available online at http://tinyurl.com/yhqo5t3(2009). Accessed on April 2009

47. Lee, S.W., Kim, W.: On flash-based DBMSs: issues forarchitectural re-examination. J. Object Technol. 6(8),39–49 (2007)

48. Lee, S.W., Moon, B., Park, C.: Advances in flash mem-ory SSD technology for enterprise database applica-

tions. In: Proceedings of the ACM Conference on theManagement of Data (SIGMOD) (2009)

49. Lim, K., Ranganathan, P., Chang, J., Patel, C., Mudge,T., Reinhardt, S.K.: Server designs for warehouse-computing environments. IEEE Micro 29(1), 41–49(2009)

50. Louth, W.: Metering the cloud: applying activity basedcosting (ABC) from code profiling up to perfor-mance & cost management of cloud computing. In:The International Conference on JAVA Technology(2009)

51. Mayer, M.: This site may harm your computer on everysearch results. Available online at http://tinyurl.com/cd76r3 (2009). Accessed on February 2009

52. Mell, P., Grance, T.: Perspectives on Cloud Comput-ing and Standards. National Institute of Standards andTechnology (NIST), Information Technology Labora-tory (2009)

53. Murphy, M.A., Goasgue, S.: Virtual organization clus-ters self-provisioned clouds on the Grid. Future Gener.Comput. Syst. (Elsevier) 26(8), 1271–1281 (2010)

54. Murphy, M.A., Abraham, L., Fenn, M., Goasguen, S.:Autonomic clouds on the Grid. J. Grid Computing8(1), 1–18 (2010)

55. Nurmi, D., Wolski, R., Grzegorczyk, C., Obertelli, G.,Soman, S., Youseff, L., Zagorodnov, D.: The euca-lyptus open-source cloud-computing system. In: Pro-ceedings of Cloud Computing and its Applications(2008)

56. OASIS: Security services technical committee, SecurityAssertion Markup Language (SAML). 2.0 TechnicalOverview Working Draft (2004)

57. Olston, C., Reed, B., Srivastava, U.: Pig latin: a not-so-foreign language for data processing. In: Proceedingsof the ACM Conference on the Management of Data(2008)

58. Open Platform as a Service: Available online athttp://www.openplatformasaservice.com/ (2009). Ac-cessed on December 2009

59. Pete: App Engine outage today. Available online athttp://tinyurl.com/2atu68l (2008). Accessed on April2009

60. Rings, T., Caryer, G., Gallop, J., Grabowski, J.,Kovacikova, T., Schulz, S., Stokes-Rees, I.: Grid andcloud computing: opportunities for integration with thenext generation network. J. Grid Computing 7(3), 375–393 (2009)

61. Ross, J.W., Westerman, G.: Preparing for utility com-puting: the role of IT architecture and relationshipmanagement. IBM Syst. J. 43(1) (2004)

62. Siebeck, R., Janner, T., Schroth, C., Hoyer, V., Wörndl,W., Urmetzer, F.: Cloud-based enterprise mashup inte-gration services for B2B scenarios. In: 2nd Workshopon Mashups, Enterprise Mashups and LightweightComposition on the Web (MEM 2009) in Conjunctionwith the 18th International World Wide Web Confer-ence (2009)

63. Software & Information Industry Association: Soft-ware as a service: strategic backgrounder (2001)

64. Sotomayor, B., Montero, R.S., Llorente, I.M.,Foster, I: Capacity leasing in cloud systems using the

26 B.P. Rimal et al.

opennebula engine. In: Workshop on CloudComputing and its Applications (2008)

65. Sotomayor, B., Montero, R.S., Llorente, I.M., Foster,I.: Virtual infrastructure management in private andhybrid clouds. IEEE Internet Computing 13(5), 14–22(2009)

66. Stern, A.: Update from Amazon regarding Friday’sS3 downtime. Available online at http://tinyurl.com/2wtwdr7 (2008). Accessed on April 2009

67. The Cloud Computing Interoperability Forum (CCIF):Available online at http://www.cloudforum.org/ (2009).Accessed on March 2009

68. The Open Group, Service Oriented Architecture(SOA): Available online at http://www.opengroup.org/projects/soa/ (2010). Accessed on July 2009

69. The Open Group: Building return on investmentfrom cloud computing. A white paper, cloud busi-ness artifacts project. Cloud Computing Work Group(2010)

70. Tsirogiannis, D., Harizopoulos, S., Shah, M.A., Wiener,J.L., Graefe, G.: Query processing techniques for solid

state drives. In: Proceedings of the ACM Conferenceon the Management of Data (2009)

71. Tubanos, A.: theWHIR.com, FlexiScale suffers 18-houroutage. Available online at http://tinyurl.com/y965dv8(2008). Accessed on January 2009

72. Turner, M., Budgen, D., Brereton, P.: Turning softwareinto a service. Computer 36(10), 38–44 (2003)

73. Vaquero, L.M., Rodero-Merino, L., Caceres, J., Lindner,M.: A break in the clouds towards a cloud definition.ACM SIGCOMM Comput. Commun. Rev. 39(1), 50–55 (2009)

74. Vogels, W.: A word on scalability. Available onlineat http://tinyurl.com/yj2vpus (2006). Accessed on April2009

75. Weinman, J.: The 10 laws of cloudonomics. Availableonline at http://tinyurl.com/5wv9d7 (2008). Accessedon 14 July 2009

76. Working Party on Information Security and Pri-vacy: The role of digital identity management inthe internet economy: a primer for policy makers(2009)