Strategic Provision of Cloud Computing Services
Read this article. Review the introduction to cloud computing and take notes on the aim and purpose of cloud computing. Then read the remainder of the article to become familiar with cloud-based services.
Keep in mind that cloud-based services can adapt or grow to meet the needs of the user. Service providers can deliver hardware and software based on organization needs. One benefit is that there is no need for organizations to own or allocate resources toward Information Technology (IT) staff.
Service Provisioning Requirements
There are several types of service provisioning from which we can make need-based selections, as discussed below.
Agility and Availability
Agility is one of the great advantages of cloud computing, which enables an organization to expand and change its resources quickly without much expenditure. Agility in SMI is measured as a rate-of-change metric, showing how quickly new capabilities are integrated into IT as needed by the business. When considering a cloud service's agility, organisations want to understand whether the service is elastic, portable, adaptable, and flexible. A virtualised optical network is proposed as a key to implementing increased agility and flexibility in a cloud computing environment by providing any-to-any connectivity with the appropriate optical bandwidth at the appropriate time. Jinno and Tsukishima proposed a concept for a virtualised optical network (VON), which is achieved through virtualization in the optical domain as a key to implementing increased agility and flexibility in a cloud computing environment by providing any-to-any connectivity with the appropriate optical bandwidth at the appropriate time.
Hirzalla explored their impact on business agility and software development by sharing best practices and lessons learned through an interactive session that offers insights from previous field engagements. More specifically, they addressed how to realize business agility requirements through the potential synergies between SOA and cloud computing. The concept of business agility originates from the manufacturing industry in the 1980s. In contrast to other concepts such as flexibility, agility refers to the ability of a firm to adapt swiftly to changing environments. Thus, business agility can be defined as the ability to sense and respond to opportunities and threats in an efficient, effective, and timely manner. Consequently, agility is crucial for firms, especially in volatile environments, to stay competitive. In this regard, IT plays an important role in sensing and responding capabilities. Peng et al. proposed a framework for resource provisioning in the cloud through network vitalization. It delivers optimized resources, on-demand scalability, and flexible future CSPs based on the concept of an IaaS framework and IP network virtualisation.
Pricing
The SLA resource allocator acts as the interface between the data centre/CSP and external users/brokers. It supports SLA-oriented resource management. After receiving a service request, the service request examiner and admission control mechanism interpret the submitted request in terms of QoS requirements and ensure resource availability. Then, it requests VMs for resources and determines the allocated VMs. The charges for the service request are determined by the pricing mechanism based on submission time, pricing rates, or the availability of resources. The actual usage of resources is tracked by the accounting mechanism. In addition, the VM monitor tracks the availability of VMs, the dispatcher begins the execution, and the service request monitor mechanism tracks the execution progress of the service requests.
Rosenthal et al. express the concern that some users have had unpleasant surprises regarding the costs associated with the unexpectedly heavy use of cloud resources and expecting some cloud vendors to offer suitable throttling services. A remarkable increase of cloud computing service offerings has enabled technologies for service composition, by developing efficient pricing models to foster the resource allocation process and evaluate the services used. Weinhardt et al. present a multidimensional procurement auction for composite services: a model for service value networks based on a graph structure where a path is allocated by the auction mechanism through a network containing price and configurations of the offerings.
Saure et al. proposed a reservation system with finite computing resources over an infinite horizon, where a set of incumbent users submit reservation requests for computing resources ahead of time. The multinomial logit (MNL) framework is used to model customer substitution behavior by adjusting the resource prices in tokens per unit of time and per computing resource. A class of pricing policies called time-of-use (ToU) is considered, and a simple and intuitive algorithm is proposed to formulate the problem. The evaluation showed that the optimal ToU policy outperforms single pricing strategies for customer satisfaction by 3–8%, on average. Teng and Magoulès propose a new resource pricing and allocation policy where users can predict the future resource price while satisfying budget and deadline constraints. By using game theory, the resource price gradually converges to an equilibrium state based on dynamic games where the users can receive a Nash equilibrium allocation proportion without the other competitors' bidding information. The experiments were implemented in a CloudSim simulation.
In cloud computing, resources are provisioned by reservation and on-demand plans. However, a reservation plan is cheaper than an on-demand plan. Due to the uncertainty of the customer's future demands, it is difficult to minimize costs. To address this problem, Chaisiri et al. proposed an optimal cloud resource provisioning (OCRP) algorithm using a stochastic programming model. The OCRP algorithm provisions the computing resources for multiple provisioning stages based on the demand and price uncertainty. By using a deterministic equivalent formulation, sample-average approximation, and Benders' decomposition, the OCRP algorithm can successfully minimize the total cost of resource provisioning in cloud computing environments. Samimi and Patel presented a comparative review of grid and cloud computing economic and pricing models using tariffs and charging. They considered several factors, such as regulations, tax laws, service level agreements, and return on investments, and reviewed the latest economic and pricing models for grid and cloud computing.
The current pricing scheme for cloud computing has significant constraints. Spot instance, the first deployed auction-style pricing model of Amazon EC2, cannot handle untruthful bidding in resource allocation. Hence, addressed the problem of cloud resource pricing by proposing a suite of computationally efficient and truthful auction-style pricing mechanisms. The proposed algorithms can increase revenue by achieving truthfulness without collusion or (\(t\), \(p\)) -truthfulness tolerating a collusion group of size \(t\) with a probability of at least \(p\). Sharma et al. designed and simulated a cloud resources pricing model using financial option theory where the cloud resources are treated as real assets. Then, using the financial model, the cloud resources are priced. The compounded Moore's law is applied to handle the pricing of resources at the required QoS, which can then manage a realistic cloud pricing problem. Recently, cloud computing has emerged as a model in support of "everything-as-a-service". Motivated by this idea, proposed a personalised pricing strategy for cloud computing, which is defined as pricing as a service (PraaS). This method efficiently meets the demands of the customer and simultaneously maximises the revenue of the providers. The experimental results show that this pricing method is appropriate for the on-demand use of cloud resources and guarantees more revenue for the cloud providers. Li et al. combined the computing and resource swarm algorithms to evaluate the resource price adjustment by the cloud bank model. The pricing strategy includes two important models: the initial price model (IPM) and the resource swarm algorithm price adjustment model (RSAPAM). Hence, resources will reach the most reasonable price over time. Ren and van der Schaar proposed a joint optimization of scheduling and pricing decisions for delay-tolerant batch maximize to maximize the service provider's long-term profit. Dynamic setting and provably efficient dynamic scheduling and pricing (Dyn-SP) algorithms are developed without the necessity of predicting future information. The results indicate higher average revenue with the same average queuing delay.
Security and Trust
Research interest has therefore arisen in developing software engineering techniques to support systems based on the cloud, to enable software engineers to identify security and privacy requirements and to select a suitable cloud service provider based on such requirements. Mouratidis et al. propose a novel framework to support the elicitation of security and privacy requirements and the selection of a cloud service provider. It incorporates a modelling language and provides a structured process that supports elicitation of security and privacy requirements and the selection of a cloud provider based on the service provider's satisfaction of the related security and privacy concerns. This framework illuminates the organisational context by identifying goals, actors, tasks, resources, and plans to identify and analyse the privacy constraints, security and privacy goals, threats, and vulnerabilities relevant to a cloud based system.
Dasgupta and Rahman present a cloud security insurance framework to estimate the coverage of different cloud services. For cloud security insurance, security coverage is important and relevant, as the cost of deploying special protection, detection, and response tools varies and requires well-organised coverage estimation. Hence, an intelligent search and optimization technique for determining the appropriate combination of tools to provide multilevel defence for cloud services is necessary. A framework is developed for calculating security coverage focusing on the security techniques and solution tools of different cloud services. A Java software program named MEGHAND is developed to implement and test this insurance security model and tested for different cloud security models. This framework reports the cloud security coverage problem for risk analysis and for developing insurance models for the cloud. This coverage estimator (MEGHNAD) is primarily useful for cloud insurance providers in meeting customer security expectations while satisfying all service requirements. The cloud provider, however, must use the recommended security products from a multivendor and mix them seamlessly for the desired security coverage. Rigorous risk assessments are needed to ensure the map of policies and procedures. The genetic algorithm optimizing method used in MEGHNAD is scalable to accommodate tool-specific configuration settings, required standards, and compliances for a fine-grained coverage estimate. Arias-Cabarcos et al. introduce a federated identity management (FIM), identified by researchers and experts as a vital security enabler for implantation of cloud computing. However, the current frameworks are limited by the complexity of the dynamic federation between interclouds. A key requirement is trust management to foster collaboration and analyse the FIM process. A set of new metrics is defined to allow the novel form of risk measurements. A generic hierarchical risk aggregation system and cloud-based service provisioning are mentioned as contributions. A set of risk metrics is derived that can serve as an aggregation model for risk calculation. The AHP method is used for independent analysis.
One critical problem is the location of major problems in complex cloud application scenarios; therefore, propose a ranking-based framework named FTCloud for building fault-tolerant cloud applications. Two ranking algorithms are proposed to identify the significant components within the enormous amount of cloud data. Then, they find the best suitable fault-tolerance strategy for each individual component. FTCloud consists of two parts: ranking and optimal fault tolerance selection. A component graph is prepared for component invocations, which then pass through component ranking, where the ranking algorithms are employed. Based on the ranking results, the important components are identified, and the most suitable fault-tolerance strategy is selected. Finally, the ranking of the selected fault-tolerance components returns to the system designer to build authenticated cloud applications. However, the software component graphs used here are limited.
To assess the security risks related to cloud computing platforms, a quantitative risk and impact assessment framework (QUIRC) is presented by Saripalli and Walters. It defines risk as a combination of the probability of a security threat event and its severity, measured as its impact. Here, six key security objectives (SO) are identified for cloud platforms, and the typical attack vectors and events are mapped into these six categories. For assessing security risks, the Wideband Delphi method is proposed to collect the information. The advantage of QUIRC is that it offers fully quantitative and iterative convergence for the dependable comparative assessment of the relative robustness of different cloud provider offerings and approaches. A quantitative framework is presented for analyzing and assessing the risks and impacts to the security of cloud-based software deployments, and the advantages of the approach are elucidated. They introduce methods of risk assessment based on probability and impact and the QUIRC framework. Traditional threat modelling can be related to the QUIRC computations via the identification of threat events. To build more reliable input data for QUIRC analysis based on industry verticals and expert knowledge, a Wideband Delphi method is proposed. A quantitative approach provides vendors, customers, and regulatory work groups with the ability to assess the relative robustness of different cloud vendor offerings and approaches in a defensible manner. Moreover, it helps to alleviate the fear, ambiguity, and uncertainty related to cloud platform security issues by ensuring they will be handled effectively. However, its limitation is that it requires the careful collection of input data for probabilities of events, which requires collective industry SME inputs.
Ouedraogo and Mouratidis highlight the importance of an informed choice of CSP to reduce the exposure to insecurity in a cloud context. A well-defined approach called C.A.RE (complete-auditable-reportable) is proposed, which helps to determine CSP security by assessing its completeness and possible risks and vulnerability for the cloud service customer (CSC). Hence, reliability and availability are two important aspects from a user perspective. DoS, natural disasters, and equipment outages are potential threats against cloud services availability and reliability. The assurance of security is defined as when an entity meets the objective of security. The underpinnings of the C.A.RE approach the need of mutual auditability and multiparty trust consideration. The "complete" phase: this phase concerns accumulating the necessary evidence to comply with and support the alignment between the policies implemented by the CSP and the security requirements of the CSC. These security needs and compliance include regulations, laws, security policies, standards, and best practices. Here, a certification is treated as a badge of security assurance for the CSP, for example, ISO/IEC 270001 certification for a data centre security certificate. The completeness is practically determined by considering the set of security requirements identified by the nature of the relevant CSC application. Then, the security mechanism for a certain provider is mapped and analysed to determine to what extent the security requirements are met. The "auditable" phase and its dependent metrics: this phase supplements the completeness metric. The necessary components of the audit are the coverage, depth, rigor, and independence of the verification. The "reportable" phase: according to the scope of the SLA, the CSP conveys security issues or information in a timely manner to the CSC. The completeness indicates the suitability of the CSP's security concerns to the CSC. The second feature ensures the auditability of the security deployed by the CSP. Finally, reporting provides the security transparency information to the CSC. We present the cloud service requirements in Table 1.
| Requirements | Features | Solving approaches | Attributes | References |
| Agility and availability | Virtualised optical network (VON) | Appropriate optical bandwidth at the appropriate time | Any-to-any connectivity | Jinno and Tsukishima |
| Combining SOA and cloud computing. | An interactive session that offers insights from previous field engagements | Realizing business requirements | Hirzalla | |
| A framework for resource provisioning | Through network virtualisation | Optimised resources, on-demand scalability | Peng et al. | |
| Pricing | Multidimensional procurement auction for composite services | Based on a graph structure | The auction mechanism | Weinhardt et al. |
| Single pricing strategies for customer satisfaction | Multinomial logit (MNL) framework is used | Pricing policies called time-of-use (ToU) | Saure et al. | |
| Resource pricing and allocation policy | Future resource price prediction | Game theory and implemented in CloudSim simulation | Teng and Magoulès | |
| Using tariffs and charging | Regulations, tax laws, and SLA | Pricing models | Samimi and Patel | |
| Joint optimisation of scheduling and pricing decisions | Dynamic scheduling and pricing (Dyn-SP) algorithms | Higher revenue with the same queuing delay | Ren and van der Schaar | |
| Security and trust | Secured cloud service selection | Secured service framework | Software engineering | Mouratidis et al. |
| Insurance models for cloud security | Cloud security insurance framework | MEGHAND | Dasgupta and Rahman | |
| Federated identity management | Hierarchical cloud based risk aggregation system based service provisioning | Risk metrics | Arias-Cabarcos et al. | |
| Ranking based fault tolerant framework | FT cloud model | Ranking with optimal fault tolerance | Zheng et al. | |
| Quantitative risk and impact management | QURIC framework | Wideband Delphi method | Saripalli and Walters | |
| QoS | QoS-based utility optimum service selection | Optimization with minimum requirements | Response time, availability, and throughput | Salama et al. |
| Service selection carried out by CWS tree constriction | FSM, SAW, tree pruning algorithm | Possible execution path | ||
| System model of personalized user support to optimize QoS support. | Algorithm | Trust, response time, price, and platform | Zhao et al. | |
| QoS prediction system (CloudRank) considering past user experience | KRCC and ranking prediction algorithm | Preference of services | Zheng et al. |
Table 1 Requirements of cloud service provisioning requirements.
Quality of Service
As cloud computing is gaining much attention in the last few years, the idea of IT services through Internet on-demand and pay-as-you-go model also changes. Thus, the exponential escalation of such service and selecting the optimal service provider based on quality of service (QoS) become vital. Salama et al. propose the idea of integrated QoS assured utility model to address the problem of cloud service provider selection based on a multidimensional QoS approach, for satisfying the best utilization of consumer requirement. The proposed mathematical model assists decision makers in selecting the optimal cloud service provisioning, incorporating customer's minimum needs, quality of service, and business profitability and performance criteria. Bao and Dou use finite state machine (FSM) to recommend the legal invocation orders of these services and an improved tree-pruning-based algorithm is proposed for creating the web service composition tree (WSCT) for optimal service selection. First, an improved tree-pruning-based algorithm is introduced to construct the composition tree and then the SAW technique is adopted for service selection.
Zhao et al. address four main issues to solve the service selection problems from multiple service providers such as scalability, flexibility, multiple QoS facility, and automatic user preference support. Therefore, service providers should have the high degree of credibility and service quality. Hence, the trust degree implies the reliability or availability level. Again, Zheng et al. introduce a personalized QoS ranking prediction system framework, CloudRank, which requires no extra service invocations for QoS ranking in cloud services. The past users' experiences are exploited for ranking based approach and accumulate and identify the preferences between a pair of services to obtain a ranking service. Chan and Chieu propose a mechanism by evaluating specific performance and QoS attributes based on singular value decomposition (SVD) to select the best service provider for a user application with a set of predefined requirements. A user sends a request for the requirement to execute the application into the cloud service provider mapper which dynamically provides the service provider according to application demands.
Li et al. describe a method to achieve optimization in clouds by supporting the developers to enable runtime optimization employing an optimization algorithm. It maximizes profits in the cloud constrained by QoS and SLAs within the large variety of workloads. Srivastava and Sorenson propose a technique that overcomes the restriction and compares functionally equivalent services on the basis of the customers' perception of the QoS attributes rather than the actual attribute values. Goscinski and Brock propose a framework which provides the application of the resources via web services framework (RVWS) to offer higher level abstraction of clouds in the form of a new technology to service provisioning resource publication, discovery, and selection based on dynamic attributes. Automatic service publishing, selection, and discovery of required services are still one of the research priorities. In addition, this model explores the ways of publication, discovery, selection, and use of cloud resources as services without specialized knowledge by using dynamic and current attributes through web service WSDL documents to help, discover, and select essential services and resources based on user requirements.