• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Whitepaper Cloud Egovernance Imaginea

Whitepaper Cloud Egovernance Imaginea



This paper presents a holistic approach to see how Cloud computing can come in handy for a better governance. Gov2.0 is all about adoption of best in class technology to help citizens better, Cloud is ...

This paper presents a holistic approach to see how Cloud computing can come in handy for a better governance. Gov2.0 is all about adoption of best in class technology to help citizens better, Cloud is the way to go.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Whitepaper Cloud Egovernance Imaginea Whitepaper Cloud Egovernance Imaginea Document Transcript

    • imaginea white paper Cloud and E-Governance Cloud Computing provides a great opportunity for governments across the globe, to provide reliable E-Governance quickly, at lower costs. Cloud computing features like application virtualization, end-to-end service management, instant deployment and ease of maintenance are catalysts that jumpstart application deployment on the Cloud. With proper planning, execution, training and good management, the Cloud infrastructure can greatly reduce overall costs for government departments maintaining and managing E-Services for E-Governance, and help in efficiently utilizing the tax payer’s money. ReddyRaja A, Imaginea and Vasudeva Varma, IIIT- Hyderabad Copyright ©2009, Imaginea Inc. Imaginea is a Pramati business. All trade marks and names belong to their respective owners.
    • WHITE PAPER CLOUD AND E-GOVERNANCE 2 Contents Executive Summary 4 E-Governance Applications 5 Reference Architecture – Typical E-Governance Applications 6 Cloud Computing Characteristics 7 Considerations for building Cloud based E-Governance applications 7 Cloud Taxonomy 8 Cloud Service Management 9 Data Center Operations 10 Cloud Layers 11 Cloud Architecture for E-Governance 12 IaaS: Infrastructure as a Service 12 PaaS: Platform as a Service 13 SaaS: Software as a Service 14 Cloud Eco System – Public, Private and Hybrid Clouds 15 Benefits of the Cloud 16 Reduced TCO 16 Scaling on Demand 16 Database Scaling 18 Business Intelligence and Analytics 18 Disaster Recovery 19 Cloud Migration Strategy 20 Organization Structure and Data Center Processes 21 Access Controls 21 People, Processes and Technology 21 Cloud Risks 21 Standards of Compliance in Cloud computing industry 22 SAS 70 22 HIPAA 23 Sarbanes-Oxley Act 24 Summary and Conclusions 24 imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 3 Appendix A – Challenges in E-Governance 25 Data Scaling 25 Auditing and Logging 25 Rolling out new Instances, Replication and Migration 25 Disaster Recovery 25 Performance and Scalability 26 Reporting and Intelligence (Better Governance) 26 Policy management 26 Systems Integration and Legacy software 26 Going Green 27 Appendix B – FAQ about Cloud Computing 28 How does one build a private cloud? 28 How Secure is the data on the Cloud? 28 Can we leverage existing data centers to build cloud? 28 Can I have my application SaaS enabled? 28 What is multi-tenancy? 28 How can I use public cloud for e-governance? 28 imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 4 Executive Summary paves the way for sharing of information and This white paper describes the role of Cloud workflow between agencies, and which enables the computing standards and architectures in framing delivery of seamless services to the public. Cloud a good E-Governance strategy. Governments architectures allow rapid deployment of turn-key can realize the potential benefits of Information test environments, with little or no customization. Technology when providing e-services, more quickly. No one should be deluded by the complexity and E-Services deliver cost-effective services that drive the scale of services and hurdles to be overcome when growth of the economy and government productivity. implementing such a large scale program in the Cloud Computing provides a great opportunity for context of e-governance in India. Cloud migration enabling reliable E-Governance quickly at lower can be attempted step-by-step, by piloting some costs. Cloud computing features like application applications. The experience and knowledge gained virtualization, end-to-end service management, would help establish a solid infrastructure for instant deployment and ease of maintenance are e-governance. Technology merely gives us tools, catalysts, that jumpstart application deployment on but it is the people and process aspects that must the Cloud. The paper recommends taking to a Cloud be understood well, and hence standard procedures infrastructure step-by-step, rather than going in for and policies to maintain the Cloud infrastructure are a one step, big-bang approach. All consolidated data a must. With proper planning, execution, training centers already use some of the features of the and good management, the Cloud can greatly Cloud, and hence, realizing e-governance through reduce overall costs and help in efficient and better the Cloud Computing would involve extending the utilization of the tax payer’s money. use by current data centers of some of the tools Some baby steps have already been taken in and technologies to manage resources better. The providing E-Governance services, and it is time strategy for E-governance would involve building a for the big leap. The Cloud can truly become Private Cloud with public interfaces that can scale and the backbone for providing services, for the provide the required agility and flexibility. government. The biggest benefit of the Cloud is that it helps SAS70, HIPPA and SOX offer standards of consolidate all data centers and optimize resource compliance to IT infrastructure. These compliances utilization, reducing support and maintenance provide a solid foundation for the future. Cloud costs by more than half, without compromising on computing can start with these compliance standards performance, availability and reliability of applications. and refine them as it evolves. A unified e-government infrastructure, based on In rest of the document we discuss Cloud Cloud and SOA architectures is required one that Taxonomy, Cloud Layers and benefits of using the imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 5 Cloud. A section is also devoted to implementing • E-Taxation: E-taxation offers an easy and Cloud in steps for E-Governance. efficient way for individuals and businesses to pay taxes. E-Governance Applications • Land Records: Managing land records, The Government is the primary provider of all registrations, transfers, surveys and geographic these applications, giving its citizens, employees, maps. state owned enterprises and others, access to such applications. E-Governance aims to provide • Revenue Management: Managing revenue reliable services to all stakeholders, round-the-clock, sources and spending with acceptable levels of performance. There are • Contract Management: Tenders, contract many E-Governance applications. Some common management and such other applications. E-Governance applications are listed here for In this context, using the Cloud as a back bone brevity: infrastructure for hosting these applications becomes • E-proc urement: Automation of purchase and important. sale of supplies and services over the Internet for the Government and various governmental bodies. • HRMS: Government can configure payroll and benefit systems, create and manage training systems and even track performance reviews. HRMS can eliminate the need for paper work, thus helping the government in its go green initiatives. • E-Police: Providing easy access to information by making queries across databases of police- stations across zones and states, for efficient policing. This increases safety mechanisms and helps provide better services too. • E-Court: E-Court facilitates integration of different courts, improves scheduling of cases and effective exchange of information between stake holders. imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 6 Reference Architecture – Typical E-Governance Applications Fig 1.0 A typical E-Governance Application Architecture A typical E-Governance application architecture, as 2. Middle-Tier: This is the layer where all shown in Fig 1.0, has the following layers: the business objects, their interactions and processes exist. This layer computes the 1. Front End: This is the UI layer, with which business logic. users interact. This layer can be accessed from a variety of devices like a mobile 3. Backend Systems: Backend systems contain phone, a home PC, or a kiosk. While Web all the data. These are the resources that 2.0 technologies provide rich user interfaces, need to be protected and hence, we see they could limit cross-browser compatibility. most commonly a firewall that closes all the imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 7 ports except the database ports. This layer characteristic helps the Government needs utmost protection from hackers to in efficient utilization of hardware and avoid data theft, misuse etc. software. They do not have plan, or bother about over-provisioned resources, as they The biggest benefit of this architecture comes from likely to get resources whenever required. the virtualization of these layers. The layers, when they operate, can be moved around to provide fault 3. The resources are geographically located at tolerance and high availability, and the ability to scale different places. This characteristic helps the horizontally. government do better disaster planning. Most E-Governance applications can be designed using 4. Cloud computing allows for abstraction the above stack. The actual technical stack does not of hardware and software. This allows for really matter. The technology could be based on J2EE procurement of hardware and software or .Net architecture or LAMP. But the basic principles resource from multiple vendors without of application design would remain the same. vendor lock-in. All the E-government applications may not fit into 5. The resources scale easily and can be safely this architecture but nevertheless, this would be assumed to have infinite capacity. the reference architecture for most E-Governance applications. Considerations for building Cloud based E-Governance applications Cloud Computing Characteristics The following are important considerations while There are various definitions of Cloud computing. All building cloud based applications: the definitions describe the following characteristics: 1. High Availability: Applications deployed are 1. Infrastructure costs will be OPEX (operational inherently high available without incurring expenditure) and no CAPEX (Capital too much on infrastructure costs. This Expenditure). This essentially amounts feature is extremely useful in disaster to providing and hardware infrastructure recovery and planning. to various departments of governments 2. Dynamic scalability: The resources can scale instantaneously with ease. The departments immediately and are available on demand. do not have to bother about procuring 3. Low latency across all layers of Web hardware and software resources, allowing Application like Front end, middle layer and them to focus on the services they provide. database layer, as shown in Fig 1.0. Scaling 2. Pay-as-you-go basis and resources are the DB is the most challenging aspect of available dynamically and immediately. This designing the application. imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 8 Cloud Taxonomy • Virtualized Resources: Resources that are assigned An overview of the Cloud Taxonomy is shown in to services. These resources need not be bound Figure 2.0. A brief description of Cloud Taxonomy to one physical resource, and can be moved from is given below: one physical resource to the other. For example, an application running on virtual machine can be moved from one physical machine to other physical machine without the user being aware of it. Fig 2.0 Cloud Taxonomy • Physical Resources: These are blade servers, • Platform Services: These consist of re-usable SAN and switches. Typically, the equipment platform services. Middleware, integration and would be the latest. There could be issues of security services top the list. These services form compatibility, vendor lock-in, hardware life cycle a standard, reusable software library that can be management, and so on. used across all e-governance applications. imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 9 • Application Services: The Layer where Cloud Service Management application services are virtualized. This is A service management system provides the visibility, also termed as a SaaS Layer, and is described control and automation needed for efficient Cloud in the next section. The application service delivery in both public and private implementations. customization can be configured and deployed. Cloud Service management involves the following Additionally, applications can be shared using basic services: multi-tenant architecture, with multiple tenants • Simplified user interaction with IT: A user sharing the same instance. friendly self-service interface accelerates time • Service Life Cycle management: This layer to value. The service catalog enables standards provides most of the operational services for which drive consistent service delivery deploying and provisioning applications. Images and provides enhanced transparency and are snapshots of operating system and/or accountability. Applications can be chosen from application software running in virtual machines. a service catalog and deployed within minutes. By dealing with images, the Cloud virtually After sufficient testing and customization, makes them highly available and fault tolerant service management tools can be used to create applications. a production instance with required backup services. All of this can happen in no time • End-user management: Request management, compared to a month required for deployment service catalog, design build services, SLA in traditional architectures. Service catalogs can monitoring and other functions like billing etc cater to various services from provisioning an provide end-user management services. individual server, to automatic provisioning of a • Operations Management: Day-to-Day three-tier E-Governance application. operations of the cloud computing structure. • Provisioning enables policies that lower cost: Procedures and policies, deployment Automated provisioning and de-provisioning considerations and use of catalog if images are speeds up service delivery. The provisioning of considered for consumption etc. policies allows release and reuse of assets. Its centralized identity and access control policies provides fast and affordable adherence to security compliance. • Increased system administrator productivity: The productivity increase is attributed to its imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 10 move from management silos to a service center operations must be carried with set of management system. procedures and policies to secure resources from hacking for denial of service attacks and • Improved service delivery to the citizens data theft. in their constituencies: Provides improved informational services to citizens. • location and monitor the performance of these machines and their hosts. It is possible • Automates virtual infrastructure for peak to migrate applications live, from one virtual performance: Virtual infrastructures accelerate host to the other. They also enable dynamic, provisioning time by 50 to 70%. They help policy-based allocation of IT resources with manage virtual machines from a central. automated load balancing, and eliminate repetitive configuration and maintenance tasks. Data Center Operations • Service catalog, end-user management: The service catalog lists all the services offered by the Cloud. It could be infrastructure services or application services. The Cloud infrastructure must also offer design and build services optimized for the Cloud. End-user management deals with managing user expectations, be it an individual customer, or a small and medium business. Cloud and Service Level Agreements Top players promise 99.95% of availability for the Fig 3.0 Data Center Operations infrastructure they provide. The same tools that • Data center operations form the crucial part of are used for monitoring and enforcing of SLAs in the Cloud management. Operations can pan the data center can be used for the Cloud. For a multiple data centers. Data center operations Cloud, SLAs offer additional benefit in the form should include monitoring the health of various of a feedback to the system to scale up or scale services for performance, availability and down resources. security, apart from others. • The following diagram in Figure 3.0 depicts a summary of operations on the Cloud. Data imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 11 Cloud Layers • SaaS offers service virtualization. SaaS services Cloud computing is divided into three layers based on are pre-built services that can be deployed on the type of services each layer provides. Each layer demand. SaaS shows a peep into the future provides independent services across these layers. for major E-governance projects. A typical • IaaS provides network, storage and CPU on e-governance application setup can come demand. The infrastructure should provide down to few days compared to weeks and backup and restore facilities that can be used by months of application deployment effort using the services. SaaS Services. • PaaS offers certain platforms as services. A Queue Service for a payment gateway needs Queuing infrastructure. This infrastructure is provided to the applications as part of the Cloud. Applications could use this service as part of their solution. Fig 4.0 Cloud Computing Layers imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 12 Cloud Architecture for E-Governance The section deals with elements of the Cloud which are useful for deployment on the Cloud. IaaS: Infrastructure as a Service Some typical IaaS services provided by a Cloud are shown in Figure 5.0, below. Fig 5.0 IaaS in the Cloud • Servers: Virtual Servers can be dynamically • Network: The Cloud provides networks on- allocated on pay-per-use basis from the demand. Configuring networks dynamically, as Cloud. There could be a choice of operating per requirement, is challenging. Virtual interfaces, systems. Currently, Linux (different flavors) switches provide increased level of fault tolerance and Windows are preferred operating systems and better management of bandwidth. on the Cloud. Different vendors provide • Storage: Storage required for the applications is virtualization of servers over physical servers. allocated on demand. Typically this is provided by Some of them are VMware, Citrix. the Storage Area Network. SAN is an essential imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 13 part of the Cloud and provides storage • Load Balancer: Applications need to scale on services. SAN can be built using iSCSI or demand and/or as per the planned traffic. Fiber Channel devices. This requirement demands that applications have to be clustered in a proper way. E-governance applicability: Servers could be allocated on demand for E-Governance applications. • E-governance application infrastructure: Customized virtual machines with in-built security Application stack can be standardized and and pre configured tools can be standardized for delivered consistently for various applications. typical class of E-Governance applications. This helps This eases delivery of patches and saves cost reduce maintenance efforts, and troubleshooting in support and maintenance. The application becomes easy. Some of the salient features that can infrastructure service could include: be leveraged from the Cloud are: • Database Services • On demand provisioning of virtual servers • Work flow services • Pre-configured, customized virtual machines • Queuing Services • Storage on demand • Security Services • Snapshots of virtual machines and apps • Integration Services managed by the Cloud • Backup Services • Instantly restoration of snapshots E-governance applicability: The PaaS layer, • Effortless replication and migration of also referred to as the Platform Services in the applications, which helps in disaster recovery Cloud Taxonomy shown in fig 2.0, is the most • Provisioning of virtual servers through web important for E-Governance. E-Governance requires services API helps applications request servers standardization of platform and application stack. and storage on demand The same platform can be deployed again and again without much effort. The benefits of this service are: PaaS: Platform as a Service Platform as a service provides the following features: • Availability of a pre-configured and customized application stack • Middleware: Middleware software like J2EE or .Net containers (comes with Windows) • Deployment for development and production can be made available on demand. These made possible in a consistent manner middleware can be provisioned for deploying • Patch deliveries becomes easy and uniform applications in a few minutes. across the platform imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 14 • Reduced maintenance and support shown below. As observed, with the shared approach, the initial cost is • Knowledge of stack eases development time greater as compared to the isolated and effort, thereby reducing overall costs in model. Over a period of time, the development and maintenance of enhanced shared model reduces the total cost of or new software for delivery ownership. SaaS: Software as a Service Software as a Service is an important paradigm E-governance applicability: E-Governance that helps reduce the total cost of ownership. applications require a SaaS model for Software as a service facilitates easy deployment and consistent delivery of applications. maintenance of services, by standardizing services. E-Governance could use all these types of SaaS services vary, based on how they share the models based on the requirements of an database infrastructure: application. With SaaS, pre-customized applications can be delivered instantly in a • Isolated database, different source code for matter of days. Good security patterns should each service and different instances be given importance in a shared model for enhanced safety and data isolation. • Pre-configured and customized application services • Faster deployment of application service instances • Sharing of application reduces overall cost of ownership. Fig 6.0 Cost savings with Shared Model • Isolated database, same source code, different instances for each application • Isolated database, share the same instance • Shared database, the same, shared instance • The economic results of a shared approach against an isolated approach over time, is imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 15 Cloud Eco System – Public, Private and Hybrid strategy around Cloud resources, spending little or no Clouds capital to manage their own IT infrastructures. The key components of a Cloud are the systems The Eco system was built around Public Clouds – for virtual infrastructure management, and for commercial Cloud providers who offer a publicly automated provisioning from a pool of resources accessible remote interface to create and manage virtual meeting requirements. At the core of the Virtual machine instances within their proprietary infrastructure. Management Infrastructure is the Hypervisor technology, which allows virtualization of physical Fig 7.0 Cloud ECO System- Public, Private and Hybrid servers into virtual machines. The biggest benefit Private Cloud- Open Source Cloud Computing and of virtualization is movement of machines without other tools that allow organizations to build their worrying about where they are located. own IaaS Clouds using their internal infrastructure. The primary aim of these Private Clouds is not to sell Over time, an Eco system of Cloud providers Cloud Computing Resources such as CPU, Storage has started offering different types of services. A and Network, but to provide a flexible and agile growing number of IT companies are devising their imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 16 infrastructure to run service workloads within • Can reduce IT labor costs by 50% in their administrative domain. Private Clouds can configuration, operations, management supplement their infrastructure with computing and monitoring capacity from external Public Clouds. A Private/ • Can improve capital utilization by 75%, Hybrid Cloud can allow remote access to significantly reducing license costs its resources over the internet using remote interfaces, such as web services interfaces used in Amazon EC2. E-Governance applicability: A Private Cloud exposed to users with Public Cloud interfaces will be appropriate for E-governance use. The aim of such an approach would be providing agile and flexible resource management, along with maximum server utilization. The current data centers of E-governance applications can Fig 8.0 Governments can significantly be architected to become Private/Hybrid reduce costs using the Cloud infrastructure Cloud, with resources managed using the as against traditional IT infrastructures. Cloud interface, but within the Private Cloud. Data centers with virtualized infrastructure • Reduce provisioning cycle times from weeks management would become Private Clouds. The to minutes challenge would be to manage the finite number of resources efficiently. In order to satisfy service • Can reduce end user IT support costs by up level agreements, requests for resources have to 40% to be prioritized, queued, deployed and even rejected, and hence good management solutions Scaling on Demand have to be built around Private/Hybrid clouds. The three tier application architecture that was discussed earlier is inherently scalable. However, scaling involves deployment and configuration of Benefits of the Cloud hardware and software. Doing this manually is a huge task and could takes weeks to months. One Reduced TCO also needs to take into account planned downtime. A simple graph showing the cost advantages of It is because of these reasons; applications are Cloud over traditional infrastructure is shown below. The Cloud infrastructure: imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 17 sized for their peak traffic. For example, Tax filing touch peak loads during tax-filing season, and during applications are sized for their peak load, even though other times the application would be underutilized. the traffic will be high only three months of tax season. This reduces the overall utilization. The Cloud will allow the applications to size according The Cloud help resources to be utilized to 70% to their traffic, and provision resources on demand. their capacity. Cloud provides semantics to allocate The resources can be scheduled automatically by resources on a need basis. A sample use case monitoring certain quantitative parameters like request showing the addition of new instances on demand is per sec, traffic, overall throughput, average load etc, shown below: to scale up and down. The resources can also be scheduled manually to meet periodic demands in load. Fig 9.0 Automatic scaling-up in a Cloud The Cloud architecture offers tools, using which Fig 9.0 above shows that a new Amazon EC2 applications can scale linearly and even downsize instance is added based on the monitored load. themselves, when there is no longer a need The instance is configured and added to the load for resources. The E-Governance application balancer to take additional loads. The scaling up or architecture proposed earlier scales easily. The down can be driven with policy to support wide Cloud will help in automatic scaling up or down variety of policies and configurations. based on needs. For example, the infrastructure may imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 18 Database Scaling effectively to provide intelligence on what has The Cloud offers multiple options for scaling worked and what has not. databases. Traditionally applications were designed Distributed Computing technologies like Hadoop using RDBMS technology. The databases can be are used for large scale processing. Hadoop along scaled in a Cloud either by adding additional storage with Cloud computing can be used to processing facilities, or using partitioning technologies. large amount of data. E-Governance requires The databases should be scalable to deal with business intelligence mined from huge volume of large data that is generated and stored over the data. This intelligence can be used to better provide years in case of E-Governance applications. Scaling services to end users. these applications becomes expensive after the database reaches a certain size. New classes of databases using Key Pairs scale well and ensure that application availability is higher compared to those using traditional databases. Certain classes of applications perform better with the new type of databases that can store data using Key Value pairs. While Relational Databases ensure the integrity of data at the lowest level, Cloud databases could be scaled and can be used for such type of applications. Cloud databases offer unprecedented level of scaling without compromising on performance. Cloud databases must be considered if the foremost concern is on-demand, high-end scalability – that is, large scale, distributed scalability, the kind that can’t be achieved simply by scaling up. Business Intelligence and Analytics Even though the commonly used term in the business context, business intelligence has been used here, the term here refers to the actual intelligence about the services of various government functions and their effectiveness. The huge amount of data available with the government can be mined Fig 10.0 Sample Charts illustrating BI imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 19 E-Governance applications might have to mine data and The simplest Disaster Recovery plans are to process large data-sets for generating reports or charts. take regular backups of both programs and The application that does this processing requires higher data and store it in multiple locations separated number of CPU and storage. The output of these geographically. These backups can be used to applications can be used to provide better intelligence restore the system at a later point of time. The to users of applications that provide services. second approach is to take a backup of the program Distributed application frameworks like Hadoop can once and of the data at regular intervals, and store blend well into Cloud computing architectures that solve them at different locations. The biggest disadvantage the problem of large data processing. Resources can be with this approach is the time taken for recovery. allocated dynamically to these kinds of applications from The Cloud offers tools and technologies that a free pool of resources. make disaster recovery simple and easy. The Disaster Recovery following picture shows that data and programs Disaster recovery, the process of protecting a data and are regularly backed across different data centers. IT infrastructure in times of disaster, is typically one Each application is replicated across two other of the more expensive options. It involves maintaining data centers. This is apart from the backups that highly available systems, keeping both the data and happen locally at each data center. The replication system replicated off-site, and enabling continuous mechanism is made simple with Storage Area access to both. Network technologies where the disks can be Fig 11.0 Disaster Recovery Mechanisms imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 20 backed up. The latest backups can be located on the • Cloud Criteria: Come up with a simple criteria disks and old backups can be copied to tapes. on what kind of applications should move to the Cloud and why. The architects can When a disaster happens, resources on the other collection information on application usage, data source can be bought up immediately to provide traffic flow, requests per sec, application stack, high availability. In Cloud, this is simply done by using architecture etc before making a decision the latest snapshot of the application image. The to move to the Cloud. Information related image can contain the program code, data recovered application sharing, platform compatibility, from backup and runs. This kind of restoration can applicability to multiple tenants, scaling up and be configured to be instantaneous or can be done down based on load should be considered manually. In both cases, the time to bring up an before moving the application to Cloud. application in the Cloud would reduce from weeks to hours of deployment time. • Cloud ROI: ROI should be evaluated for short-term and long-term before a set of Using the Cloud, advanced disaster recovery applications are migrated to the Cloud. mechanisms can be maintained, where applications in The points to be considered are hardware one data center are automatically backed up in other costs, software licensing costs, control data centers. In case of disaster, one simply needs to and cost tradeoffs etc. One should ensure deploy the snapshots on a different data center and that performance is part of the evaluation. enable them for use. Recovery plans and customized Applications from others vendors with better recovery procedures for each application can be billing models could also be considered before customized in the Cloud architecture. making the move to the Cloud. Cloud Migration Strategy • Cloud Migration: Once the application to Migrating to the Cloud has to be carefully thought out be moved to the Cloud is determined, its and must be done in little steps rather than with a big migration has to be planned. A Proof of bang. It takes lot of resources, research and successful concept would be a good way of checking proof of concepts before getting it right. Before this out. Application development and migrating to the Cloud, architects and line of business deployment processes, path updates etc managers must treat IT as a service and understand should be considered while designing the the business benefits of service, and its current and applications to be moved to the Cloud. future architecture. • Cloud Maintenance: Once the application is The following steps are suggested guidelines for deployed and running, the application has to architects and CIOs to migrate to the Cloud: be supported and maintained. One should imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 21 control and monitor the software and adapt as revoked when the job is done. This allows strict the requirements change. control and helps audit changes taking place in the Organization Structure and Data Center Processes data center. Governance requires strict access controls to manage People, Processes and Technology access to the Cloud infrastructure. Cloud security can The technology aspect is taken care by the Cloud. be classified into three levels: People and processes are the most critical parts in • Physical Security: The physical security of the making E-Governance successful. The data center machines, including theft, terrorist activities etc. processes have to be rigorously worked out and some of the well known compliances like HIPPA and • Access to Cloud Infrastructure tools: Strict access SAS 70 audit procedures should be in place. The control restrictions with SAS70 type II audition security procedures of the data center must have certification standards are required. good access control mechanisms in place and give • Application security: Security of the application access only when needed, and must revoke access hosted. In some cases, the applications hosted after the job is completed. can become the ‘bad guys’ that generate denial of service attacks and other attacks on the Cloud. Cloud Risks A report from one analyst pointed out that less Cloud technologies have evolved and increasingly than one-third of data centers follow ITIL process being used in enterprises, education and healthcare. methodologies. According to a research paper, 30% Cloud computing is used primarily on a pay-as- are working on introducing ITIL initiatives and 9% you-go basis model by companies that need huge are making plans to implement ITIL. There were 20% computing power for short periods of time. merely investigating ITIL and 12% confessed they were Different Cloud providers follow different APIs and not familiar with it at all. exchange messages in their systems. There is little Access Controls or no Cloud interoperability. For E-governance, Access to the host machine has to be completely this is not an issue at all, since it is expected to host protected. No employee must be able to get into to all E-Governance applications on a Private Cloud the host machine at will. They can only access the data built exclusively for E-Governance. Technology required and any changes must be made using change is no longer a bottleneck for E-Governance but control processes. In case of access to the host, the complying with various regulatory requirements is concept of least privilege and two-factor authentication a major stumbling block. The Government should needs to be provided. quickly put in place Accountability Law, Law for Privacy, Laws against data theft etc for a full fledged Controlled access is issued only when required and imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 22 E-Governance using the Cloud. auditor’s examination performed in accordance with SAS No. 70 (“SAS 70 Audit”) is widely recognized, The overall bandwidth provided by the Cloud for because it represents that a service organization various applications could be limited because of has been through an in-depth audit of their control its centralized model and sheer size of the center. objectives and control activities, which often include Applications that need lots of data transfer have to controls over information technology and related be evaluated before being embraced. Technology is processes. In today’s global economy, service no longer the driving factor. However, compliance, organizations or service providers must demonstrate government regulations and laws to protect the data that they have adequate controls and safeguards are determining the contours of this area. when they host or process data belonging to their There are no compliances formulated by the customers. In addition, the requirements of Section government for Cloud providers and usage. The 404 of the Sarbanes-Oxley Act of 2002 make compliance and regulations followed in US could be SAS 70 audit reports even more important to the adopted for E-Governance in India. process of reporting on the effectiveness of internal control over financial reporting. Standards of Compliance in Cloud computing A Type I report describes the service organization’s industry description of controls at a specific point in time The standards and compliances for providing Cloud (e.g. June 30, 2003). A Type II report not only Computing services are evolving. Today, SAS 70 is includes the service organization’s description of used by Cloud providers as a standard for providing controls, but also includes detailed testing of the services to the consumers. Regulations with respect service organization’s controls over a minimum to the location of the data, various controls in place six month period (e.g. January 1, 2003 to June 30, to protect the data, proper auditing procedures to 2003). The contents of each type of report are monitor the effectiveness of the controls have to be shown in the following table: in place for using Cloud Computing E-Governance. Since, we advocate a private cloud for Government, data protection, security would be a very important aspect being managed. SAS 70 Statement on Auditing Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A service imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 23 Report Contents Type I Report Type II Report 1 Independent service auditor’s report (i.e. opinion). Included Included 2 Service organization’s description of controls. Included Included 3 Information provided by the independent service Optional Included auditor; includes a description of the service audi- tor’s tests of operating effectiveness and the results of those tests. 4 Other information provided by the service organi- Optional Optional zation (e.g. glossary of terms). In a Type I report, the service auditor will express and Human Services (HHS) manages and enforces an opinion on (1) whether the service organization’s these standards. description of its controls presents fairly, in all HIPAA covers Protected Health Information (PHI), material respects, the relevant aspects of the service which is any information regarding an individual’s organization’s controls that had been placed in physical or mental health, the provision of operation as of a specific date, and (2) whether the healthcare to them, or payment of related services. controls were suitably designed to achieve specified PHI includes personal information such as Social control objectives. Security Number, name, address, phone number, In a Type II report, the service auditor will express medical condition when linked to a patient, and an opinion on the same items noted above in a Type some type of billing information. I report, and (3) whether the controls that were HIPAA’s privacy rule requires that the health tested were operating with sufficient effectiveness information of individuals is properly protected by to provide reasonable, but not absolute, assurance covered entities. Among other requirements, the that the control objectives were achieved during the privacy rule prohibits entities from transmitting PHI period specified. over open networks or downloading it to public or HIPAA remote computers without encryption. HIPAA provides national minimum standards to HIPAA’s security rule requires entities to put in protect an Individual’s health information. HIPAA place detailed administrative, physical and technical was originally created to streamline healthcare safeguards to protect electronic PHI. The covered processes and reduce costs, while ensuring individual entities are required to implement access controls, consumer privacy. The U.S department of Health encrypt data, and setup back-up and audit controls imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 24 for electronic PHI in a manner commensurate with end user satisfaction levels. Cloud architectures the associated risk. when properly applied to developing E-Governance applications transforms the nation into an Sarbanes-Oxley Act Information Society. Service level agreements are Sarbanes-Oxley, also called as Sarbox or SOX, is the key for the government to measure how well geared towards accountability of public companies the services are being performed and provided along with Investor Protection Act, and Corporate by the government. The Cloud helps provide and Auditing Accountability and Responsibility Act. E-Governance services faster and cheaper thereby The act significantly raises criminal penalties for accelerating the adoption and use of Information securities fraud, for destroying, altering or fabricating technology for e-services. Cloud architectures allow records in federal investigations or any scheme or rapid deployment of turn-key test environments attempt to defraud shareholders. with little or no customization. As expected, there are criticisms and praises for Current data centers are already using the SOX. Former Federal Reserve Chairman Alan Cloud in one form or the other. Consolidating Greenspan praised Sarbanes-Oxley act. He felt that these data centers and applying some of the corporate managers should be working on behalf of Cloud architectures would drastically improve shareholders to allocate business resources to their the utilization of resources and reduce the total optimum use. operating costs for these data centers by more Other view is that SOX is an unnecessary and costly than 50%. Monitoring data centers for traffic and government intrusion into corporate management resource utilization is the key to the adoption of that place U.S corporations at competitive Cloud Computing architectures for E-Governance. disadvantage with foreign firms and bring an overly The E-governance should consider people, process complex regulatory environment into US financial and technology and come up with comprehensive markets. processes, standards to be followed when managing E-Governance infrastructures. Summary and Conclusions The Cloud provides a solid foundation for the introduction of widespread provision of services to various stakeholders. Applications designed using the principles of Service Oriented architecture and deployed in Cloud architectures will help the government reduce operating costs and increase imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 25 Appendix A – Challenges in E-Governance Data Scaling Rolling out new Instances, Replication and Mi- The databases should be scalable, to deal gration with large data, generated over the years, for Traditionally, applications in E-Governance are built E-Governance applications. Where Relational for government departments and municipalities, Databases ensure the integrity of data at the and so these take more time, effort, resources and lowest level, Cloud databases could be scaled and budgetary allocations. This is true for all types of can be used for such type of applications. applications. It should be possible to replicate these to other municipalities, departments or e-courts Cloud databases available for deployment whenever needed, as part of E-Governance. offer unprecedented level of scaling without compromising on performance. Cloud databases Cloud architectures offer excellent features to must be considered if the foremost concern is create an instance of application for rolling out to a on-demand, high-end scalability – that is, large new municipality. The Cloud can reduce the time to scale, distributed scalability, the kind that can’t be deploy new application instances. achieved simply by scaling up. Disaster Recovery Auditing and Logging Natural disasters like floods, earthquakes, wars and Traceability of any changes to informational content internal disturbances could not only result in the in the E-Government services is very important. loss of data from E-Governance applications, but Corruption in government organizations can be these events can also make services unavailable to controlled by using Information Technology services, people in times of need. Multiple installations in by making the providers of the services accountable. geographically separated locations with complete Process audits and security audits must be executed backup and recovery solutions must be provided. periodically to ensure system security. This could create other problems if not properly managed. Disaster recovery procedures must be in The Cloud can help in analyzing huge volumes of place and practiced from time to time. Applications data and detecting any fraud. It can help in building and data must be made redundant and should be and placing defense mechanisms to enhance the available on a short notice so that one can switch security, thereby making the applications reliable from one data center to the other. and available. Cloud virtualization technologies allow backups and restoration. It offers seamless application migration compared to traditional data centers. imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 26 Performance and Scalability Policy management The architecture and technology adopted for the E-Governance applications have to adhere to, and E-Governance initiatives should be scalable and implement policies of the Governments relevant to common across delivery channels. It should meet citizens. Along with the infrastructure, data center the demands of a growing number of citizens. policies have to be enforced for day-to-day operations. If implemented, E-Governance portals could be Cloud architectures help a great deal in accessed by the highest number of users who would implementing policies in the data center. Policies be beneficiaries of Information Technology. with respect to security, application deployment etc With Cloud architectures, scalability is inbuilt. can be formalized and enforced in the data center. Typically, E-Governance applications can be scaled Systems Integration and Legacy software vertically by moving to a more powerful machine Applications that are already deployed and are that can offer more memory, cpu, storage. A simpler providing services not only have to be moved to solution is to cluster the applications and scale the Cloud, but must also integrate with applications horizontally by adding resources. deployed in the Cloud. The power of Information Reporting and Intelligence (Better Governance) Technology comes from co-relating the data across Data center usage (CPU, Storage, Network etc), applications and passing messages across different peak loads, consumption levels, power usage along systems to provide faster services to the end users. with time are some of the factors that must be Cloud is built on SOA principles and can offer monitored and reported for better utilization of excellent solutions for integration of various resources. Planning well can minimize costs. Data applications. Also, applications can be easily moved must be profiled in order to obtain better visibility to the Cloud. into various services provided by the government. Obsolete Technologies and Migration to New The Cloud offers better BI infrastructure compared Technologies to traditional ones because of its sheer size and Technology migration is the biggest challenge. capabilities. Cloud Computing offers seamless Moving to different versions of software, applying integration to technologies like MapReduce application and security patches is the key to (Hadoop) that fits well into Cloud architectures. maintaining a secure data center for E-Governance. Applications can mine huge volumes of real-time and historic data to make better decisions when Cloud architecture efficiently enables these kinds providing services. of requirements, by co-existing and co-locating different versions and releases of the software at the same time. Once these applications are tested, they can be migrated to production with ease. imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 27 Going Green This could be one of the reasons for moving to More emphasis is given today, than ever before, Cloud architecture for governance. Instead of on the amount of pollution that data centers duplicating these facilities, using the Cloud, one can generate. Their power usage, air-conditioning and offer centralized infrastructure that can be efficiently electronic wastes create bio-hazards and pollute the used to minimize pollution. environment. imaginea
    • WHITE PAPER CLOUD AND E-GOVERNANCE 28 Appendix B – FAQ about Cloud Computing How does one build a private cloud? applied. By default any web based application can Cloud is not a software or hardware set to be SaaS enabled. The level of SaaS could be different be licensed. It has to be built using multiple based on the need and architecture of the product. technologies, software and hardware resources from Here are some of the levels: many vendors and by procuring various data center • Level 1: Same application code with different tools that can help in building the Cloud. Resources customization running on different machines can be purchased off the shelf for a Public Cloud, with a dedicated data base. but building a Private Cloud is a time consuming and • Level 2: Same application code, running on costly affair. different machines with dedicated database How Secure is the data on the Cloud? • Level 3: Same application code, same The data in a Cloud is as secure as it would be in instances of middleware and database. a private data center. However, there are legal implications on who controls the data and how What is multi-tenancy? Cloud providers can use it to their advantage without Multi-tenancy is the ability of users from different proper migration strategy across cloud providers. business entities sharing the same common Can we leverage existing data centers to infrastructure. The application has to be designed build cloud? and architected to enable multi-tenancy into it. Yes, with the data center, the Cloud is already in use How can I use public cloud for e-governance? and is the best and optimum way to start building There is no technology barrier. It is more limited the Cloud. Adding virtualization to resources using by the legal implications of using the cloud in terms data center tools would make the Data center, a the data control and location of the data. However, Cloud computing facility. public cloud can readily be used for non mission Can I have my application SaaS enabled? critical applications for e-governance It depends on the level of SaaS that needs to be Imaginea provides product engineering services to independent software vendors, enterprises and online SaaS businesses looking for reliable technology partner. Services stretch end to end, from interaction design imaginea to development, testing and managing clouds. For more information on Imaginea, visit http://www.imaginea.com. Imaginea is a business unit of Pramati Technologies. (www.pramati.com) Contact:sales@imaginea.com | 1021, S. Wolfe Road, Suite 275, Sunnyvale, CA 94086 | +1 (408) 435 2700