whitepaper cloud egovernance imaginea
DESCRIPTION
This paper presents a holistic approach to see how Cloud computing can come in handy for a better governance. Gov2.0 is all about adoption of best in class technology to help citizens better, Cloud is the way to go.TRANSCRIPT
imaginea white paper
Copyright ©2009, Imaginea Inc. Imaginea is a Pramati business. All trade marks and names belong to their respective owners.
Cloud and E-GovernanceCloud Computing provides a great opportunity for governments
across the globe, to provide reliable E-Governance quickly, at lower
costs. Cloud computing features like application virtualization,
end-to-end service management, instant deployment and ease of
maintenance are catalysts that jumpstart application deployment
on the Cloud. With proper planning, execution, training and good
management, the Cloud infrastructure can greatly reduce overall
costs for government departments maintaining and managing
E-Services for E-Governance, and help in efficiently utilizing the tax
payer’s money.
ReddyRaja A, Imaginea and
Vasudeva Varma, IIIT- Hyderabad
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 2
Executive Summary 4E-Governance Applications 5Reference Architecture – Typical E-Governance Applications 6Cloud Computing Characteristics 7Considerations for building Cloud based E-Governance applications 7Cloud Taxonomy 8
Cloud Service Management 9Data Center Operations 10Cloud Layers 11
Cloud Architecture for E-Governance 12IaaS: Infrastructure as a Service 12PaaS: Platform as a Service 13SaaS: Software as a Service 14
Cloud Eco System – Public, Private and Hybrid Clouds 15Benefits of the Cloud 16
Reduced TCO 16Scaling on Demand 16Database Scaling 18Business Intelligence and Analytics 18Disaster Recovery 19
Cloud Migration Strategy 20Organization Structure and Data Center Processes 21Access Controls 21People, Processes and Technology 21
Cloud Risks 21Standards of Compliance in Cloud computing industry 22
SAS 70 22HIPAA 23Sarbanes-Oxley Act 24
Summary and Conclusions 24
Contents
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 3
Appendix A – Challenges in E-Governance 25Data Scaling 25Auditing and Logging 25Rolling out new Instances, Replication and Migration 25Disaster Recovery 25Performance and Scalability 26Reporting and Intelligence (Better Governance) 26Policy management 26Systems Integration and Legacy software 26Going Green 27
Appendix B – FAQ about Cloud Computing 28How does one build a private cloud? 28How Secure is the data on the Cloud? 28Can we leverage existing data centers to build cloud? 28Can I have my application SaaS enabled? 28What is multi-tenancy? 28How can I use public cloud for e-governance? 28
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 4Executive Summary
This white paper describes the role of Cloud
computing standards and architectures in framing
a good E-Governance strategy. Governments
can realize the potential benefits of Information
Technology when providing e-services, more quickly.
E-Services deliver cost-effective services that drive the
growth of the economy and government productivity.
Cloud Computing provides a great opportunity for
enabling reliable E-Governance quickly at lower
costs. Cloud computing features like application
virtualization, end-to-end service management,
instant deployment and ease of maintenance are
catalysts, that jumpstart application deployment on
the Cloud. The paper recommends taking to a Cloud
infrastructure step-by-step, rather than going in for
a one step, big-bang approach. All consolidated data
centers already use some of the features of the
Cloud, and hence, realizing e-governance through
the Cloud Computing would involve extending the
use by current data centers of some of the tools
and technologies to manage resources better. The
strategy for E-governance would involve building a
Private Cloud with public interfaces that can scale and
provide the required agility and flexibility.
The biggest benefit of the Cloud is that it helps
consolidate all data centers and optimize resource
utilization, reducing support and maintenance
costs by more than half, without compromising on
performance, availability and reliability of applications.
A unified e-government infrastructure, based on
Cloud and SOA architectures is required one that
paves the way for sharing of information and
workflow between agencies, and which enables the
delivery of seamless services to the public. Cloud
architectures allow rapid deployment of turn-key
test environments, with little or no customization.
No one should be deluded by the complexity and
scale of services and hurdles to be overcome when
implementing such a large scale program in the
context of e-governance in India. Cloud migration
can be attempted step-by-step, by piloting some
applications. The experience and knowledge gained
would help establish a solid infrastructure for
e-governance. Technology merely gives us tools,
but it is the people and process aspects that must
be understood well, and hence standard procedures
and policies to maintain the Cloud infrastructure are
a must. With proper planning, execution, training
and good management, the Cloud can greatly
reduce overall costs and help in efficient and better
utilization of the tax payer’s money.
Some baby steps have already been taken in
providing E-Governance services, and it is time
for the big leap. The Cloud can truly become
the backbone for providing services, for the
government.
SAS70, HIPPA and SOX offer standards of
compliance to IT infrastructure. These compliances
provide a solid foundation for the future. Cloud
computing can start with these compliance standards
and refine them as it evolves.
In rest of the document we discuss Cloud
Taxonomy, Cloud Layers and benefits of using the
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 5Cloud. A section is also devoted to implementing
Cloud in steps for E-Governance.
E-Governance Applications
The Government is the primary provider of all
these applications, giving its citizens, employees,
state owned enterprises and others, access to
such applications. E-Governance aims to provide
reliable services to all stakeholders, round-the-clock,
with acceptable levels of performance. There are
many E-Governance applications. Some common
E-Governance applications are listed here for
brevity:
E-proc urement: Automation of purchase and •sale of supplies and services over the Internet
for the Government and various governmental
bodies.
HRMS: Government can configure payroll and •benefit systems, create and manage training
systems and even track performance reviews.
HRMS can eliminate the need for paper work,
thus helping the government in its go green
initiatives.
E-Police: Providing easy access to information •by making queries across databases of police-
stations across zones and states, for efficient
policing. This increases safety mechanisms and
helps provide better services too.
E-Court: E-Court facilitates integration of •different courts, improves scheduling of cases
and effective exchange of information between
stake holders.
E-Taxation: E-taxation offers an easy and •efficient way for individuals and businesses to
pay taxes.
Land Records: Managing land records, •registrations, transfers, surveys and geographic
maps.
Revenue Management: Managing revenue •sources and spending
Contract Management: Tenders, contract •management and such other applications.
In this context, using the Cloud as a back bone
infrastructure for hosting these applications becomes
important.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 6Reference Architecture – Typical E-Governance Applications
Fig 1.0 A typical E-Governance Application Architecture
A typical E-Governance application architecture, as
shown in Fig 1.0, has the following layers:
Front End: This is the UI layer, with which 1.users interact. This layer can be accessed
from a variety of devices like a mobile
phone, a home PC, or a kiosk. While Web
2.0 technologies provide rich user interfaces,
they could limit cross-browser compatibility.
Middle-Tier: This is the layer where all 2.the business objects, their interactions and
processes exist. This layer computes the
business logic.
Backend Systems: Backend systems contain 3.all the data. These are the resources that
need to be protected and hence, we see
most commonly a firewall that closes all the
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 7ports except the database ports. This layer
needs utmost protection from hackers to
avoid data theft, misuse etc.
The biggest benefit of this architecture comes from
the virtualization of these layers. The layers, when
they operate, can be moved around to provide fault
tolerance and high availability, and the ability to scale
horizontally.
Most E-Governance applications can be designed using
the above stack. The actual technical stack does not
really matter. The technology could be based on J2EE
or .Net architecture or LAMP. But the basic principles
of application design would remain the same.
All the E-government applications may not fit into
this architecture but nevertheless, this would be
the reference architecture for most E-Governance
applications.
Cloud Computing Characteristics
There are various definitions of Cloud computing. All
the definitions describe the following characteristics:
Infrastructure costs will be OPEX (operational 1.expenditure) and no CAPEX (Capital
Expenditure). This essentially amounts
to providing and hardware infrastructure
to various departments of governments
instantaneously with ease. The departments
do not have to bother about procuring
hardware and software resources, allowing
them to focus on the services they provide.
Pay-as-you-go basis and resources are 2.available dynamically and immediately. This
characteristic helps the Government
in efficient utilization of hardware and
software. They do not have plan, or bother
about over-provisioned resources, as they
likely to get resources whenever required.
The resources are geographically located at 3.different places. This characteristic helps the
government do better disaster planning.
Cloud computing allows for abstraction 4.of hardware and software. This allows for
procurement of hardware and software
resource from multiple vendors without
vendor lock-in.
The resources scale easily and can be safely 5.assumed to have infinite capacity.
Considerations for building Cloud based
E-Governance applications
The following are important considerations while
building cloud based applications:
High Availability: Applications deployed are 1.inherently high available without incurring
too much on infrastructure costs. This
feature is extremely useful in disaster
recovery and planning.
Dynamic scalability: The resources can scale 2.immediately and are available on demand.
Low latency across all layers of Web 3.Application like Front end, middle layer and
database layer, as shown in Fig 1.0. Scaling
the DB is the most challenging aspect of
designing the application.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 8 Cloud Taxonomy
An overview of the Cloud Taxonomy is shown in
Figure 2.0. A brief description of Cloud Taxonomy
is given below:
Fig 2.0 Cloud Taxonomy
Physical Resources: These are blade servers, •SAN and switches. Typically, the equipment
would be the latest. There could be issues of
compatibility, vendor lock-in, hardware life cycle
management, and so on.
Virtualized Resources: Resources that are assigned •to services. These resources need not be bound
to one physical resource, and can be moved from
one physical resource to the other. For example,
an application running on virtual machine can be
moved from one physical machine to other physical
machine without the user being aware of it.
Platform Services: These consist of re-usable •platform services. Middleware, integration and
security services top the list. These services form
a standard, reusable software library that can be
used across all e-governance applications.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 9Application Services: The Layer where •application services are virtualized. This is
also termed as a SaaS Layer, and is described
in the next section. The application service
customization can be configured and deployed.
Additionally, applications can be shared using
multi-tenant architecture, with multiple tenants
sharing the same instance.
Service Life Cycle management: This layer •provides most of the operational services for
deploying and provisioning applications. Images
are snapshots of operating system and/or
application software running in virtual machines.
By dealing with images, the Cloud virtually
makes them highly available and fault tolerant
applications.
End-user management: Request management, •service catalog, design build services, SLA
monitoring and other functions like billing etc
provide end-user management services.
Operations Management: Day-to-Day •operations of the cloud computing structure.
Procedures and policies, deployment
considerations and use of catalog if images are
considered for consumption etc.
Cloud Service Management
A service management system provides the visibility,
control and automation needed for efficient Cloud
delivery in both public and private implementations.
Cloud Service management involves the following
basic services:
Simplified user interaction with IT: A user •friendly self-service interface accelerates time
to value. The service catalog enables standards
which drive consistent service delivery
and provides enhanced transparency and
accountability. Applications can be chosen from
a service catalog and deployed within minutes.
After sufficient testing and customization,
service management tools can be used to create
a production instance with required backup
services. All of this can happen in no time
compared to a month required for deployment
in traditional architectures. Service catalogs can
cater to various services from provisioning an
individual server, to automatic provisioning of a
three-tier E-Governance application.
Provisioning enables policies that lower cost: •Automated provisioning and de-provisioning
speeds up service delivery. The provisioning of
policies allows release and reuse of assets. Its
centralized identity and access control policies
provides fast and affordable adherence to
security compliance.
Increased system administrator productivity: •The productivity increase is attributed to its
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 10move from management silos to a service
management system.
Improved service delivery to the citizens •in their constituencies: Provides improved
informational services to citizens.
Automates virtual infrastructure for peak •performance: Virtual infrastructures accelerate
provisioning time by 50 to 70%. They help
manage virtual machines from a central.
Data Center Operations
Data center operations form the crucial part of •the Cloud management. Operations can pan
multiple data centers. Data center operations
should include monitoring the health of various
services for performance, availability and
security, apart from others.
The following diagram in Figure 3.0 depicts a •summary of operations on the Cloud. Data
Cloud and Service Level Agreements
Top players promise 99.95% of availability for the
infrastructure they provide. The same tools that
are used for monitoring and enforcing of SLAs in
the data center can be used for the Cloud. For a
Cloud, SLAs offer additional benefit in the form
of a feedback to the system to scale up or scale
down resources.
Fig 3.0 Data Center Operations
center operations must be carried with set of
procedures and policies to secure resources
from hacking for denial of service attacks and
data theft.
location and monitor the performance of •these machines and their hosts. It is possible
to migrate applications live, from one virtual
host to the other. They also enable dynamic,
policy-based allocation of IT resources with
automated load balancing, and eliminate
repetitive configuration and maintenance tasks.
Service catalog, end-user management: The •service catalog lists all the services offered by
the Cloud. It could be infrastructure services or
application services. The Cloud infrastructure
must also offer design and build services optimized
for the Cloud. End-user management deals with
managing user expectations, be it an individual
customer, or a small and medium business.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 11Cloud Layers
Cloud computing is divided into three layers based on
the type of services each layer provides. Each layer
provides independent services across these layers.
IaaS provides network, storage and CPU on •demand. The infrastructure should provide
backup and restore facilities that can be used by
the services.
PaaS offers certain platforms as services. A •Queue Service for a payment gateway needs
Queuing infrastructure. This infrastructure
is provided to the applications as part of the
Cloud. Applications could use this service as
part of their solution.
SaaS offers service virtualization. SaaS services •are pre-built services that can be deployed on
demand. SaaS shows a peep into the future
for major E-governance projects. A typical
Fig 4.0 Cloud Computing Layers
e-governance application setup can come
down to few days compared to weeks and
months of application deployment effort using
SaaS Services.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 12
IaaS: Infrastructure as a Service
Some typical IaaS services provided by a Cloud are shown in Figure 5.0, below.
Fig 5.0 IaaS in the Cloud
Servers: Virtual Servers can be dynamically •allocated on pay-per-use basis from the
Cloud. There could be a choice of operating
systems. Currently, Linux (different flavors)
and Windows are preferred operating systems
on the Cloud. Different vendors provide
virtualization of servers over physical servers.
Some of them are VMware, Citrix.
Network: The Cloud provides networks on-•demand. Configuring networks dynamically, as
per requirement, is challenging. Virtual interfaces,
switches provide increased level of fault tolerance
and better management of bandwidth.
Storage: Storage required for the applications is •allocated on demand. Typically this is provided by
the Storage Area Network. SAN is an essential
Cloud Architecture for E-Governance
The section deals with elements of the Cloud which are useful for deployment on the Cloud.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 13part of the Cloud and provides storage
services. SAN can be built using iSCSI or
Fiber Channel devices.
E-governance applicability: Servers could be
allocated on demand for E-Governance applications.
Customized virtual machines with in-built security
and pre configured tools can be standardized for
typical class of E-Governance applications. This helps
reduce maintenance efforts, and troubleshooting
becomes easy. Some of the salient features that can
be leveraged from the Cloud are:
• Ondemandprovisioningof virtualservers
• Pre-configured,customizedvirtualmachines
• Storageondemand
• Snapshotsof virtualmachinesandapps
managed by the Cloud
• Instantlyrestorationof snapshots
• Effortlessreplicationandmigrationof
applications, which helps in disaster recovery
• Provisioningof virtualserversthroughweb
services API helps applications request servers
and storage on demand
PaaS: Platform as a Service
Platform as a service provides the following features:
• Middleware:MiddlewaresoftwarelikeJ2EE
or .Net containers (comes with Windows)
can be made available on demand. These
middleware can be provisioned for deploying
applications in a few minutes.
• LoadBalancer:Applicationsneedtoscaleon
demand and/or as per the planned traffic.
This requirement demands that applications
have to be clustered in a proper way.
• E-governanceapplicationinfrastructure:
Application stack can be standardized and
delivered consistently for various applications.
This eases delivery of patches and saves cost
in support and maintenance. The application
infrastructure service could include:
Database Services•
Work flow services•
Queuing Services•
Security Services•
Integration Services•
Backup Services•
E-governance applicability: The PaaS layer,
also referred to as the Platform Services in the
Cloud Taxonomy shown in fig 2.0, is the most
important for E-Governance. E-Governance requires
standardization of platform and application stack.
The same platform can be deployed again and again
without much effort. The benefits of this service are:
Availability of a pre-configured and •customized application stack
Deployment for development and production •made possible in a consistent manner
Patch deliveries becomes easy and uniform •across the platform
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 14Reduced maintenance and support•
Knowledge of stack eases development time •and effort, thereby reducing overall costs in
development and maintenance of enhanced
or new software for delivery
SaaS: Software as a Service
Software as a Service is an important paradigm
that helps reduce the total cost of ownership.
Software as a service facilitates easy deployment and
maintenance of services, by standardizing services.
SaaS services vary, based on how they share the
database infrastructure:
Isolated database, different source code for •each service and different instances
Isolated database, same source code, different •instances for each application
Isolated database, share the same instance•
Shared database, the same, shared instance•
The economic results of a shared approach •against an isolated approach over time, is
shown below. As observed, with the
shared approach, the initial cost is
greater as compared to the isolated
model. Over a period of time, the
shared model reduces the total cost of
ownership.
E-governance applicability: E-Governance
applications require a SaaS model for
consistent delivery of applications.
E-Governance could use all these types of
models based on the requirements of an
application. With SaaS, pre-customized
applications can be delivered instantly in a
matter of days. Good security patterns should
be given importance in a shared model for
enhanced safety and data isolation.
Pre-configured and customized •application services
Faster deployment of application •service instances
Sharing of application reduces overall •cost of ownership.
Fig 6.0 Cost savings with Shared Model
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 15Cloud Eco System – Public, Private and Hybrid Clouds
The key components of a Cloud are the systems
for virtual infrastructure management, and for
automated provisioning from a pool of resources
meeting requirements. At the core of the Virtual
Management Infrastructure is the Hypervisor
technology, which allows virtualization of physical
servers into virtual machines. The biggest benefit
of virtualization is movement of machines without
worrying about where they are located.
Over time, an Eco system of Cloud providers
has started offering different types of services. A
growing number of IT companies are devising their
strategy around Cloud resources, spending little or no
capital to manage their own IT infrastructures.
The Eco system was built around Public Clouds –
commercial Cloud providers who offer a publicly
accessible remote interface to create and manage virtual
machine instances within their proprietary infrastructure.
Private Cloud- Open Source Cloud Computing and
other tools that allow organizations to build their
own IaaS Clouds using their internal infrastructure.
The primary aim of these Private Clouds is not to sell
Cloud Computing Resources such as CPU, Storage
and Network, but to provide a flexible and agile
Fig 7.0 Cloud ECO System- Public, Private and Hybrid
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 16infrastructure to run service workloads within
their administrative domain. Private Clouds can
supplement their infrastructure with computing
capacity from external Public Clouds. A Private/
Hybrid Cloud can allow remote access to
its resources over the internet using remote
interfaces, such as web services interfaces used
in Amazon EC2.
E-Governance applicability: A Private Cloud
exposed to users with Public Cloud interfaces
will be appropriate for E-governance use. The
aim of such an approach would be providing
agile and flexible resource management, along
with maximum server utilization. The current
data centers of E-governance applications can
be architected to become Private/Hybrid
Cloud, with resources managed using the
Cloud interface, but within the Private Cloud.
Data centers with virtualized infrastructure
management would become Private Clouds. The
challenge would be to manage the finite number
of resources efficiently. In order to satisfy service
level agreements, requests for resources have
to be prioritized, queued, deployed and even
rejected, and hence good management solutions
have to be built around Private/Hybrid clouds.
• CanreduceITlaborcostsby50%in
configuration, operations, management
and monitoring
• Canimprovecapitalutilizationby75%,
significantly reducing license costs
• Reduceprovisioningcycletimesfromweeks
to minutes
• CanreduceenduserITsupportcostsbyup
to 40%
Fig 8.0 Governments can significantly
reduce costs using the Cloud infrastructure
as against traditional IT infrastructures.
Scaling on Demand
The three tier application architecture that was
discussed earlier is inherently scalable. However,
scaling involves deployment and configuration of
hardware and software. Doing this manually is a
huge task and could takes weeks to months. One
also needs to take into account planned downtime.
It is because of these reasons; applications are
Benefits of the Cloud
Reduced TCO
A simple graph showing the cost advantages of
Cloud over traditional infrastructure is shown below.
The Cloud infrastructure:
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 17
Fig 9.0 Automatic scaling-up in a Cloud
sized for their peak traffic. For example, Tax filing
applications are sized for their peak load, even though
the traffic will be high only three months of tax season.
The Cloud will allow the applications to size according
to their traffic, and provision resources on demand.
The resources can be scheduled automatically by
monitoring certain quantitative parameters like request
per sec, traffic, overall throughput, average load etc,
to scale up and down. The resources can also be
scheduled manually to meet periodic demands in load.
The Cloud architecture offers tools, using which
applications can scale linearly and even downsize
themselves, when there is no longer a need
for resources. The E-Governance application
architecture proposed earlier scales easily. The
Cloud will help in automatic scaling up or down
based on needs. For example, the infrastructure may
touch peak loads during tax-filing season, and during
other times the application would be underutilized.
This reduces the overall utilization.
The Cloud help resources to be utilized to 70%
their capacity. Cloud provides semantics to allocate
resources on a need basis. A sample use case
showing the addition of new instances on demand is
shown below:
Fig 9.0 above shows that a new Amazon EC2
instance is added based on the monitored load.
The instance is configured and added to the load
balancer to take additional loads. The scaling up or
down can be driven with policy to support wide
variety of policies and configurations.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 18Database Scaling
The Cloud offers multiple options for scaling
databases. Traditionally applications were designed
using RDBMS technology. The databases can be
scaled in a Cloud either by adding additional storage
facilities, or using partitioning technologies.
The databases should be scalable to deal with
large data that is generated and stored over the
years in case of E-Governance applications. Scaling
these applications becomes expensive after the
database reaches a certain size. New classes of
databases using Key Pairs scale well and ensure
that application availability is higher compared to
those using traditional databases. Certain classes of
applications perform better with the new type of
databases that can store data using Key Value pairs.
While Relational Databases ensure the integrity of
data at the lowest level, Cloud databases could be
scaled and can be used for such type of applications.
Cloud databases offer unprecedented level of
scaling without compromising on performance.
Cloud databases must be considered if the foremost
concern is on-demand, high-end scalability – that is,
large scale, distributed scalability, the kind that can’t
be achieved simply by scaling up.
Business Intelligence and Analytics
Even though the commonly used term in the
business context, business intelligence has been used
here, the term here refers to the actual intelligence
about the services of various government functions
and their effectiveness. The huge amount of
data available with the government can be mined
effectively to provide intelligence on what has
worked and what has not.
Distributed Computing technologies like Hadoop
are used for large scale processing. Hadoop along
with Cloud computing can be used to processing
large amount of data. E-Governance requires
business intelligence mined from huge volume of
data. This intelligence can be used to better provide
services to end users.
Fig 10.0 Sample Charts illustrating BI
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 19E-Governance applications might have to mine data and
process large data-sets for generating reports or charts.
The application that does this processing requires higher
number of CPU and storage. The output of these
applications can be used to provide better intelligence
to users of applications that provide services.
Distributed application frameworks like Hadoop can
blend well into Cloud computing architectures that solve
the problem of large data processing. Resources can be
allocated dynamically to these kinds of applications from
a free pool of resources.
Disaster Recovery
Disaster recovery, the process of protecting a data and
IT infrastructure in times of disaster, is typically one
of the more expensive options. It involves maintaining
highly available systems, keeping both the data and
system replicated off-site, and enabling continuous
access to both.
Fig 11.0 Disaster Recovery Mechanisms
The simplest Disaster Recovery plans are to
take regular backups of both programs and
data and store it in multiple locations separated
geographically. These backups can be used to
restore the system at a later point of time. The
second approach is to take a backup of the program
once and of the data at regular intervals, and store
them at different locations. The biggest disadvantage
with this approach is the time taken for recovery.
The Cloud offers tools and technologies that
make disaster recovery simple and easy. The
following picture shows that data and programs
are regularly backed across different data centers.
Each application is replicated across two other
data centers. This is apart from the backups that
happen locally at each data center. The replication
mechanism is made simple with Storage Area
Network technologies where the disks can be
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 20backed up. The latest backups can be located on the
disks and old backups can be copied to tapes.
When a disaster happens, resources on the other
data source can be bought up immediately to provide
high availability. In Cloud, this is simply done by using
the latest snapshot of the application image. The
image can contain the program code, data recovered
from backup and runs. This kind of restoration can
be configured to be instantaneous or can be done
manually. In both cases, the time to bring up an
application in the Cloud would reduce from weeks to
hours of deployment time.
Using the Cloud, advanced disaster recovery
mechanisms can be maintained, where applications in
one data center are automatically backed up in other
data centers. In case of disaster, one simply needs to
deploy the snapshots on a different data center and
enable them for use. Recovery plans and customized
recovery procedures for each application can be
customized in the Cloud architecture.
Cloud Migration Strategy
Migrating to the Cloud has to be carefully thought out
and must be done in little steps rather than with a big
bang. It takes lot of resources, research and successful
proof of concepts before getting it right. Before
migrating to the Cloud, architects and line of business
managers must treat IT as a service and understand
the business benefits of service, and its current and
future architecture.
The following steps are suggested guidelines for
architects and CIOs to migrate to the Cloud:
• CloudCriteria:Comeupwithasimplecriteria
on what kind of applications should move
to the Cloud and why. The architects can
collection information on application usage,
traffic flow, requests per sec, application stack,
architecture etc before making a decision
to move to the Cloud. Information related
application sharing, platform compatibility,
applicability to multiple tenants, scaling up and
down based on load should be considered
before moving the application to Cloud.
• CloudROI:ROIshouldbeevaluatedfor
short-term and long-term before a set of
applications are migrated to the Cloud.
The points to be considered are hardware
costs, software licensing costs, control
and cost tradeoffs etc. One should ensure
that performance is part of the evaluation.
Applications from others vendors with better
billing models could also be considered before
making the move to the Cloud.
• CloudMigration:Oncetheapplicationto
be moved to the Cloud is determined, its
migration has to be planned. A Proof of
concept would be a good way of checking
this out. Application development and
deployment processes, path updates etc
should be considered while designing the
applications to be moved to the Cloud.
• CloudMaintenance:Oncetheapplicationis
deployed and running, the application has to
be supported and maintained. One should
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 21control and monitor the software and adapt as
the requirements change.
Organization Structure and Data Center Processes
Governance requires strict access controls to manage
access to the Cloud infrastructure. Cloud security can
be classified into three levels:
• PhysicalSecurity:Thephysicalsecurityof the
machines, including theft, terrorist activities etc.
• AccesstoCloudInfrastructuretools:Strictaccess
control restrictions with SAS70 type II audition
certification standards are required.
• Applicationsecurity:Securityof theapplication
hosted. In some cases, the applications hosted
can become the ‘bad guys’ that generate denial of
service attacks and other attacks on the Cloud.
A report from one analyst pointed out that less
than one-third of data centers follow ITIL process
methodologies. According to a research paper, 30%
are working on introducing ITIL initiatives and 9%
are making plans to implement ITIL. There were 20%
merely investigating ITIL and 12% confessed they were
not familiar with it at all.
Access Controls
Access to the host machine has to be completely
protected. No employee must be able to get into to
the host machine at will. They can only access the data
required and any changes must be made using change
control processes. In case of access to the host, the
concept of least privilege and two-factor authentication
needs to be provided.
Controlled access is issued only when required and
revoked when the job is done. This allows strict
control and helps audit changes taking place in the
data center.
People, Processes and Technology
The technology aspect is taken care by the Cloud.
People and processes are the most critical parts in
making E-Governance successful. The data center
processes have to be rigorously worked out and
some of the well known compliances like HIPPA and
SAS 70 audit procedures should be in place. The
security procedures of the data center must have
good access control mechanisms in place and give
access only when needed, and must revoke access
after the job is completed.
Cloud Risks
Cloud technologies have evolved and increasingly
being used in enterprises, education and healthcare.
Cloud computing is used primarily on a pay-as-
you-go basis model by companies that need huge
computing power for short periods of time.
Different Cloud providers follow different APIs and
exchange messages in their systems. There is little
or no Cloud interoperability. For E-governance,
this is not an issue at all, since it is expected to host
all E-Governance applications on a Private Cloud
built exclusively for E-Governance. Technology
is no longer a bottleneck for E-Governance but
complying with various regulatory requirements is
a major stumbling block. The Government should
quickly put in place Accountability Law, Law for
Privacy, Laws against data theft etc for a full fledged
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 22E-Governance using the Cloud.
The overall bandwidth provided by the Cloud for
various applications could be limited because of
its centralized model and sheer size of the center.
Applications that need lots of data transfer have to
be evaluated before being embraced. Technology is
no longer the driving factor. However, compliance,
government regulations and laws to protect the data
are determining the contours of this area.
There are no compliances formulated by the
government for Cloud providers and usage. The
compliance and regulations followed in US could be
adopted for E-Governance in India.
Standards of Compliance in Cloud computing
industry
The standards and compliances for providing Cloud
Computing services are evolving. Today, SAS 70 is
used by Cloud providers as a standard for providing
services to the consumers. Regulations with respect
to the location of the data, various controls in place
to protect the data, proper auditing procedures to
monitor the effectiveness of the controls have to be
in place for using Cloud Computing E-Governance.
Since, we advocate a private cloud for Government,
data protection, security would be a very important
aspect being managed.
SAS 70
Statement on Auditing Standards (SAS) No. 70,
Service Organizations, is a widely recognized auditing
standard developed by the American Institute of
Certified Public Accountants (AICPA). A service
auditor’s examination performed in accordance with
SAS No. 70 (“SAS 70 Audit”) is widely recognized,
because it represents that a service organization
has been through an in-depth audit of their control
objectives and control activities, which often include
controls over information technology and related
processes. In today’s global economy, service
organizations or service providers must demonstrate
that they have adequate controls and safeguards
when they host or process data belonging to their
customers. In addition, the requirements of Section
404 of the Sarbanes-Oxley Act of 2002 make
SAS 70 audit reports even more important to the
process of reporting on the effectiveness of internal
control over financial reporting.
A Type I report describes the service organization’s
description of controls at a specific point in time
(e.g. June 30, 2003). A Type II report not only
includes the service organization’s description of
controls, but also includes detailed testing of the
service organization’s controls over a minimum
six month period (e.g. January 1, 2003 to June 30,
2003). The contents of each type of report are
shown in the following table:
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 23
Report Contents Type I Report Type II Report
1 Independent service auditor’s report (i.e. opinion). Included Included
2 Service organization’s description of controls. Included Included3 Information provided by the independent service
auditor; includes a description of the service audi-
tor’s tests of operating effectiveness and the results
of those tests.
Optional Included
4 Other information provided by the service organi-
zation (e.g. glossary of terms).
Optional Optional
In a Type I report, the service auditor will express
an opinion on (1) whether the service organization’s
description of its controls presents fairly, in all
material respects, the relevant aspects of the service
organization’s controls that had been placed in
operation as of a specific date, and (2) whether the
controls were suitably designed to achieve specified
control objectives.
In a Type II report, the service auditor will express
an opinion on the same items noted above in a Type
I report, and (3) whether the controls that were
tested were operating with sufficient effectiveness
to provide reasonable, but not absolute, assurance
that the control objectives were achieved during the
period specified.
HIPAA
HIPAA provides national minimum standards to
protect an Individual’s health information. HIPAA
was originally created to streamline healthcare
processes and reduce costs, while ensuring individual
consumer privacy. The U.S department of Health
and Human Services (HHS) manages and enforces
these standards.
HIPAA covers Protected Health Information (PHI),
which is any information regarding an individual’s
physical or mental health, the provision of
healthcare to them, or payment of related services.
PHI includes personal information such as Social
Security Number, name, address, phone number,
medical condition when linked to a patient, and
some type of billing information.
HIPAA’s privacy rule requires that the health
information of individuals is properly protected by
covered entities. Among other requirements, the
privacy rule prohibits entities from transmitting PHI
over open networks or downloading it to public or
remote computers without encryption.
HIPAA’s security rule requires entities to put in
place detailed administrative, physical and technical
safeguards to protect electronic PHI. The covered
entities are required to implement access controls,
encrypt data, and setup back-up and audit controls
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 24for electronic PHI in a manner commensurate with
the associated risk.
Sarbanes-Oxley Act
Sarbanes-Oxley, also called as Sarbox or SOX, is
geared towards accountability of public companies
along with Investor Protection Act, and Corporate
and Auditing Accountability and Responsibility Act.
The act significantly raises criminal penalties for
securities fraud, for destroying, altering or fabricating
records in federal investigations or any scheme or
attempt to defraud shareholders.
As expected, there are criticisms and praises for
SOX. Former Federal Reserve Chairman Alan
Greenspan praised Sarbanes-Oxley act. He felt that
corporate managers should be working on behalf of
shareholders to allocate business resources to their
optimum use.
Other view is that SOX is an unnecessary and costly
government intrusion into corporate management
that place U.S corporations at competitive
disadvantage with foreign firms and bring an overly
complex regulatory environment into US financial
markets.
Summary and Conclusions
The Cloud provides a solid foundation for the
introduction of widespread provision of services to
various stakeholders. Applications designed using
the principles of Service Oriented architecture
and deployed in Cloud architectures will help the
government reduce operating costs and increase
end user satisfaction levels. Cloud architectures
when properly applied to developing E-Governance
applications transforms the nation into an
Information Society. Service level agreements are
the key for the government to measure how well
the services are being performed and provided
by the government. The Cloud helps provide
E-Governance services faster and cheaper thereby
accelerating the adoption and use of Information
technology for e-services. Cloud architectures allow
rapid deployment of turn-key test environments
with little or no customization.
Current data centers are already using the
Cloud in one form or the other. Consolidating
these data centers and applying some of the
Cloud architectures would drastically improve
the utilization of resources and reduce the total
operating costs for these data centers by more
than 50%. Monitoring data centers for traffic and
resource utilization is the key to the adoption of
Cloud Computing architectures for E-Governance.
The E-governance should consider people, process
and technology and come up with comprehensive
processes, standards to be followed when managing
E-Governance infrastructures.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 25Appendix A – Challenges in E-Governance
Data Scaling
The databases should be scalable, to deal
with large data, generated over the years, for
E-Governance applications. Where Relational
Databases ensure the integrity of data at the
lowest level, Cloud databases could be scaled and
can be used for such type of applications.
Cloud databases available for deployment
offer unprecedented level of scaling without
compromising on performance. Cloud databases
must be considered if the foremost concern is
on-demand, high-end scalability – that is, large
scale, distributed scalability, the kind that can’t be
achieved simply by scaling up.
Auditing and Logging
Traceability of any changes to informational content
in the E-Government services is very important.
Corruption in government organizations can be
controlled by using Information Technology services,
by making the providers of the services accountable.
Process audits and security audits must be executed
periodically to ensure system security.
The Cloud can help in analyzing huge volumes of
data and detecting any fraud. It can help in building
and placing defense mechanisms to enhance the
security, thereby making the applications reliable
and available.
Rolling out new Instances, Replication and Mi-gration
Traditionally, applications in E-Governance are built
for government departments and municipalities,
and so these take more time, effort, resources and
budgetary allocations. This is true for all types of
applications. It should be possible to replicate these
to other municipalities, departments or e-courts
whenever needed, as part of E-Governance.
Cloud architectures offer excellent features to
create an instance of application for rolling out to a
new municipality. The Cloud can reduce the time to
deploy new application instances.
Disaster Recovery
Natural disasters like floods, earthquakes, wars and
internal disturbances could not only result in the
loss of data from E-Governance applications, but
these events can also make services unavailable to
people in times of need. Multiple installations in
geographically separated locations with complete
backup and recovery solutions must be provided.
This could create other problems if not properly
managed. Disaster recovery procedures must be in
place and practiced from time to time. Applications
and data must be made redundant and should be
available on a short notice so that one can switch
from one data center to the other.
Cloud virtualization technologies allow backups and
restoration. It offers seamless application migration
compared to traditional data centers.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 26Performance and Scalability
The architecture and technology adopted for the
E-Governance initiatives should be scalable and
common across delivery channels. It should meet
the demands of a growing number of citizens.
If implemented, E-Governance portals could be
accessed by the highest number of users who would
be beneficiaries of Information Technology.
With Cloud architectures, scalability is inbuilt.
Typically, E-Governance applications can be scaled
vertically by moving to a more powerful machine
that can offer more memory, cpu, storage. A simpler
solution is to cluster the applications and scale
horizontally by adding resources.
Reporting and Intelligence (Better Governance)
Data center usage (CPU, Storage, Network etc),
peak loads, consumption levels, power usage along
with time are some of the factors that must be
monitored and reported for better utilization of
resources. Planning well can minimize costs. Data
must be profiled in order to obtain better visibility
into various services provided by the government.
The Cloud offers better BI infrastructure compared
to traditional ones because of its sheer size and
capabilities. Cloud Computing offers seamless
integration to technologies like MapReduce
(Hadoop) that fits well into Cloud architectures.
Applications can mine huge volumes of real-time
and historic data to make better decisions when
providing services.
Policy management
E-Governance applications have to adhere to, and
implement policies of the Governments relevant to
citizens. Along with the infrastructure, data center
policies have to be enforced for day-to-day operations.
Cloud architectures help a great deal in
implementing policies in the data center. Policies
with respect to security, application deployment etc
can be formalized and enforced in the data center.
Systems Integration and Legacy software
Applications that are already deployed and are
providing services not only have to be moved to
the Cloud, but must also integrate with applications
deployed in the Cloud. The power of Information
Technology comes from co-relating the data across
applications and passing messages across different
systems to provide faster services to the end users.
Cloud is built on SOA principles and can offer
excellent solutions for integration of various
applications. Also, applications can be easily moved
to the Cloud.
Obsolete Technologies and Migration to New Technologies
Technology migration is the biggest challenge.
Moving to different versions of software, applying
application and security patches is the key to
maintaining a secure data center for E-Governance.
Cloud architecture efficiently enables these kinds
of requirements, by co-existing and co-locating
different versions and releases of the software at the
same time. Once these applications are tested, they
can be migrated to production with ease.
imaginea
WHITE PAPER
CLOUD AND E-GOVERNANCE 27Going Green
More emphasis is given today, than ever before,
on the amount of pollution that data centers
generate. Their power usage, air-conditioning and
electronic wastes create bio-hazards and pollute the
environment.
This could be one of the reasons for moving to
Cloud architecture for governance. Instead of
duplicating these facilities, using the Cloud, one can
offer centralized infrastructure that can be efficiently
used to minimize pollution.
WHITE PAPER
CLOUD AND E-GOVERNANCE
imaginea
Imaginea provides product engineering services to independent software vendors, enterprises and online SaaS businesses looking for reliable technology partner. Services stretch end to end, from interaction design to development, testing and managing clouds. For more information on Imaginea, visit http://www.imaginea.com. Imaginea is a business unit of Pramati Technologies. (www.pramati.com) Contact:[email protected] | 1021, S. Wolfe Road, Suite 275, Sunnyvale, CA 94086 | +1 (408) 435 2700
28Appendix B – FAQ about Cloud Computing
How does one build a private cloud?
Cloud is not a software or hardware set to
be licensed. It has to be built using multiple
technologies, software and hardware resources from
many vendors and by procuring various data center
tools that can help in building the Cloud. Resources
can be purchased off the shelf for a Public Cloud,
but building a Private Cloud is a time consuming and
costly affair.
How Secure is the data on the Cloud?
The data in a Cloud is as secure as it would be in
a private data center. However, there are legal
implications on who controls the data and how
Cloud providers can use it to their advantage without
proper migration strategy across cloud providers.
Can we leverage existing data centers to build cloud?
Yes, with the data center, the Cloud is already in use
and is the best and optimum way to start building
the Cloud. Adding virtualization to resources using
data center tools would make the Data center, a
Cloud computing facility.
Can I have my application SaaS enabled?
It depends on the level of SaaS that needs to be
applied. By default any web based application can
be SaaS enabled. The level of SaaS could be different
based on the need and architecture of the product.
Here are some of the levels:
• Level1:Sameapplicationcodewithdifferent
customization running on different machines
with a dedicated data base.
• Level2:Sameapplicationcode,runningon
different machines with dedicated database
• Level3:Sameapplicationcode,same
instances of middleware and database.
What is multi-tenancy?
Multi-tenancy is the ability of users from different
business entities sharing the same common
infrastructure. The application has to be designed
and architected to enable multi-tenancy into it.
How can I use public cloud for e-governance?
There is no technology barrier. It is more limited
by the legal implications of using the cloud in terms
the data control and location of the data. However,
public cloud can readily be used for non mission
critical applications for e-governance