We would like to present the experience of setting up a cloud offering for the R&E community in the Netherlands. Within SURF we have developed a hybrid cloud solution; combining in-house developed services and services commercially available. The services range from personal storage services to full data center replacements and Infrastructure as a Service. In close collaboration with 6 institutes (i.e. the six sides of a Cube), we have developed a hybrid cloud proposition that allows for optimal flexibility of (virtual) data center capacity under the highest level of trust. This SURFcloud service consist of SURF owned data center facilities and a selection of commercial cloud providers: Microsoft Azure, Amazon, etc.. Using the Cloud Manager Broker the institution is to select a service based on predetermined criteria and functionality: cost, data center location, level of data trust, backup and disaster recover. SURF is adapting its organization and processes to accommodate the transition of the institutions towards the cloud. The resulting cloud sphere and ecosystem is the ultimate stepping stone for the institutes towards the cloud.

1. Harold Teunissen & Michel Wets — SURFnet
From Cubes to Spheres — IAAS Service Delivery

2. SURFnet — The Dutch Internet2 (NREN)
SURFnet, Serving
Higher Education
and Research

3. SURF is the umbrella organization under which all ICT activities
for Higher Education and Research in the Netherlands are
coordinated and delivered
SURF as Umbrella
From Cubes to Spheres — I2TX16 — Miami, FL. — September 2016 3

4. • SURFnet is a National Research and Education Network
(NREN)
• NREN characteristics:
• Primarily for higher education and research
• Not for profit (and not for loss)
• Controlled by the member institutes
• European NRENs collaborate through
GÉANT
• Connecting the individual networks
with another and worldwide
• Participating in projects
The collaboration landscape

5. 160 Institutes with over 1 million users
staff120

6. Almost 30 years in service
• 8,100 miles of dark fiber
• Lightpaths (p-to-p)
• eduroam
• Federated Identity
Management
• Cloud Services
• WiFi as a Service
• Security Services
• Etc.

7. International hub

8. From Cubes to Spheres?

9. From push to pull

10. SURF Cloud Approach
TITELREGIE IN DE CLOUD
I-STRATEGIE VOOR HOGER
ONDERWIJS EN ONDERZOEK
TITELNAAR EEN
ICT-REGIEORGANISATIE
OVER DE TRANSITIE VAN
ICT-ORGANISATIES IN HET
HOGER ONDERWIJS

12. And it never will be the same again…

13. • Elasticity / bursting
• 24/7 support
• Resilience
• Availability IT experts needed
• Datacenters and disaster recovery
So, why they consider using it?

14. • In 2016 approx. 15-20% of all servers run in public cloud, total
revenue of AWS + Azure = US$ 18B
Gartner Cloud Adoption Framework

15. • Cloud Strategy
• Business case
• Understanding organization changes from strategic to
operational level
• Privacy & security,
• Exit strategy
• Cost predictability
• Transparency in service offerings and Terms & Conditions
Challenges

16. • Goal: outsourcing of IaaS and data center activities of 6
universities of applied sciences
• Why?
• Unburden universities by taking over part of their services
• Central procurement delivers better economies of scale
• Requirements
• Improved service levels
• 24/7 monitoring & support
• Competitive pricing
• Stepping stone towards PaaS and SaaS services
• Phase
• General availability on July 1st, 2016
Move towards IaaS — Outsourcing Data Centers

17. SURFcumulus — DIY and Fully Managed

18. Value proposition

19. Basic vs Managed

20. Direct peering with service providers

21. • Single point of entry to cloud providers (private or public)
• Universal management of Virtual Machines across platforms
• Delegation of access control and rights
• Fine grained quota control
• Automatic provisioning / deprovisioning
• Rapport and cost predictions
• Web UI and API
• Close integration with SAML2 and two-factor Auth.
Role of Cloud Management Portal

22. SURFcumulus more than just technology

23. SURFcumulus Managed Roadmap

24. Securing commitment Partners

25. • Project team
• Core team of 16 people from 7 countries
• Total Project team of 51 people from 21 countries
• Totaling 12 FTE
• Europe
• 40 NRENs
• 10,000 institutes
• 50,000,000 end-users!!
• Market interest
• 35 interested providers
GEANT IaaS procurement project: the scale

26. • Focus
• No data egress
• SAML2 support (federated authentication)
• Network Peering (L2 & L3)
• Transparency and cost predictability
• Additional discounts based on total European turnover generated
• Safeguarding the European security and privacy legislation
• Usability
• Open European procurement
• Awarding Framework agreements with all providers meeting requirements
• Allowing all institutions in Europe to use these services without tendering
• Usage through direct award of do further competition
GEANT IaaS Procurement: requirements

27. On March 1st
Amazon Web Services
made an important
announcement
Amazon is waiving data
egress charges on cloud
services for research and
education users.
This is the result of
extensive discussions
between Amazon and
GÉANT.
Amazon Waiver

28. Microsoft Azure Waiver
Azure egress fee waiver for the
academic community
Posted on May 2, 2016
• Based on Microsoft’s extensive experience engaging and working with the academic community, we strongly
believe educational institutions of all types and sizes can benefit from cloud services, for research as well as for
teaching and learning environments. Microsoft also understands the need for academia to better manage costs
when transitioning from traditional licensing to a consumption-based model, and we are always looking for ways
to make the transition to the cloud easier for the community.
• Academic customers constantly worry about unknown costs and their liability under variable financial structures.
One of the concerns we hear most often, is the cost of data egress fees. In order to enable our educational
customers to achieve even more with the cloud, we are excited to announce an Internet egress fee waiver for
qualified customers1 North America, Europe and APAC. This makes moving to the cloud a much more
predictable expense. Even more importantly, it paves the way for researchers to accelerate the pace of the
important work they’re doing
• Azure customers who have an enrollment in Education Solutions (EES) agreement are eligible for this program.
These EES customers don't have to do anything to get this benefit – there is no special contract to sign or
agreement to enter into. Once the benefit becomes active in May we will automatically remove the egress
charges for our EES customers, as long as they make up less than 15% of their total Azure consumption bill.
• Microsoft partnerships: In addition to reducing the cost of moving to the cloud, Microsoft is working with key
National Research and Education Network partners such as Internet2 in the US, and Géant in Europe, to allow
data to flow from our cloud services to our academic customers across this new connection, and to further
strengthen our network. We have been working closely with these organizations along with Jisc in the UK,
SURFnet in the Netherlands and HEAnet in Ireland to provide a superior cloud experience for our customers.

29. Resilient connection 1
At Telecity, Amsterdam
Resilient connection 2
At Harbour Exchange, London
Physical network connection
Implementation and operation
Express Routes

30. • GEANT
• Preparation 2015
• Publication: April 19 2016 116 interested organizations
• Closing of tender: May 24 24 submitted proposals
• Preliminary awarding: July 19
• Signing of Framework contracts October 2016
• Additional steps
• Creating the network peering
• Testing the SAML2 support
• Creating the call of agreement
• Data processor agreement with data classification
• Available through SURFcumulus in Q4 2016
Timeline

31. • Cloud = Mature
• Procurement / privacy / security = Complex
• Collaboration on national level increases expertise and
introduces economies of scale
• Collaboration on European level multiplies
these advantages
• Procurements like these have become so
complex that it is no longer viable to run them
on a institute or NL scale level
Lessons learned