unicorn d1.1 v14unicorn-project.eu/wp-content/uploads/2018/04/360874990... · 2018. 4. 30. ·...
TRANSCRIPT
UNICORNhasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchand
innovationprogrammeundergrantagreementNo731846
StakeholdersRequirementsAnalysisDeliverableD1.1
Editor DemetrisTrihinas Reviewers ManosPapoutsakis(FORTH)
FenaretiLampathaki(Suite5) Date 30June2017 Classification Public
!
D1.1StakeholdersRequirementsAnalysis
2
ContributingAuthor # VersionHistoryName Partner Description
DemetrisTrihinas UCY 1 TableofContents(ToC),documentpurposeandpartnercontributionassignment
AthanasiosTryfonos UCY 2 BackgroundandTerminologysectioninitialcontentmerged,relationtootherWPsadded
ZachariasGeorgiou UCY 3 Contentformethodologyfollowedtoderiverequirements
GeorgePallis UCY 4 Updatedmethodologyandbackgroundsection,surveyfirstresults
MariosD.Dikaiakos UCY 5 Initialnon-functionalrequirementssection,updatedmethodologywithindustryfindings
SpirosAlexakis CAS 6
Minorimprovementstoterminology,refinedindustryfindingsinmethodology,initiallistofsystemrequirementsandkeyfindingsfrominterviewprocess
JuliaVuong CAS 7
Updateduserroles,updatedfunctionalrequirementsaftermergingcommentsreceived,updatedmethodologyandbackground
FenaretiLampathaki Suite5 8
Updatednon-functionalrequirementsandmergedcommentsreferringtosurveykeyfindings,mergedsecuritycontenttobackground
SotirisKoussouris Suite5 9Updatedfunctionalrequirements,addeddataprivacyprotectionmentiontosurveymethodology,mergedsecuritytobackground,
SpirosKoussouris Suite5 10Mergedcommentsonuserroles,conclusionandmergedcommentsonnon-functionalrequirements,conclusion
PanagiotisGouvas Ubitech 11Updatedintroduction,mergedcommentsonmappingoffunctionalrequirementstouserroles
GiannisLedakis Ubitech 12Mergedcommentsonmarketanalysisscheme,executivesummaryandintroduction
ManosPapoutsakis FORTH 13Mergedcommentsonstakeholdersanalysis,functionalrequirementsandfigurenumbering
Bernhardkoelmel Steinbeis 14 Finalversion
D1.1StakeholdersRequirementsAnalysis
3
TableofContents
1 EXECUTIVESUMMARY 7
2 INTRODUCTION 8
2.1 DocumentPurposeandScope 102.2 DocumentRelationshipwithotherProjectWorkPackages 102.3 DocumentStructure 11
3 BACKGROUNDANDTERMINOLOGY 12
3.1 ProgrammableInfrastructure 123.2 Multi-CloudOfferings 133.3 Micro-services 143.4 Containerization 153.5 DevOps–ContinuousIntegrationandDelivery 183.6 Annotation-BasedProgramming 203.7 SecurityEnforcementandDataPrivacyPreserving 21
4 METHODOLOGYFOLLOWEDTODERIVEUNICORNSYSTEMREQUIREMENTS 24
4.1 KeyFindingsfromindustrystudies 27
5 UNICORNSTAKEHOLDERIDENTIFICATION 30
5.1 StakeholdersandTargetAudience 305.2 UserRoles 315.3 Marketpositioning 33
6 REQUIREMENTANALYSISSCHEME 47
6.1 IntervieweeProfile 476.2 UnicornSurveyandInterviewStudyKeyFindings 48
7 UNICORNSYSTEMREQUIREMENTS 64
7.1 FunctionalRequirements 647.2 Non-FunctionalRequirements 76
8 CONCLUSIONS 87
9 REFERENCES 89
10 ANNEX 95
10.1 IdentifiedUnicornFunctionalRequirements 95
D1.1StakeholdersRequirementsAnalysis
4
10.2 DisseminatedQuestionnaire 95
D1.1StakeholdersRequirementsAnalysis
5
ListofFiguresFigure1:UnicornVision 9Figure2:DeliverableRelationshipwithotherTasksandWorkPackages 11Figure3:MonolithicLegacyEnterpriseArchitecturevsMicro-serviceArchitectureApproach 14Figure4:HypervisorvsContainer-basedVirtualization 16Figure5:DockerRelationtoLinuxContainerNotion 16Figure6:CoreOSHostandRelationtoDockerContainers 17Figure7:UnikernelRelationtoVMsandContainers 18Figure8:ContinuousIntegrations,ContinuousDeliveryandContinuousDeploymentSteps 19Figure9:IndicativeExampleofAnnotationDeclarationinJava 21Figure 10: High-Level Abstract Methodology to Derive Unicorn System Requirements and Relevant Key
Technologies 24Figure11:UnicornMarketPositioning 34Figure12:OrganisationOperatingBusinessDomainsasIdentifiedbyInterviewees 48Figure13:NumberofEmployeesinITdepartment 48Figure14:IntervieweeRoleinOrganisation 49Figure15:UsageofAnnotation-basedProgrammingParadigmbyInterviewees 49Figure16:PopularProgrammingFrameworksUsedbyInterviewees 50Figure17:UsageofCollaborationToolsAmongEmployeesofOrganisation 50Figure18:PopularityofCI/CDFrameworksEmbracedbySurveyedOrganisations 51Figure19:ChallengesPreventingFullAdoptionofCI/CDPipeline 51Figure20:CloudIDEEmbracementbyInterviewedOrganisations 52Figure21:PopularreasonspreventingCloudIDEadoptionfromrespondersnotusingCloudIDEs 52Figure22:Micro-serviceArchitectureAdoptionbyInterviewedOrganisations 53Figure23:ContainerizedSolutionAdoptionbyInterviewedOrganisations 54Figure24:ContainerizedSolutionAdoptionChallengesasIdentifiedbyInterviewedOrganisations 54Figure25:ContainerizedSolutionsthathavebeenadoptedbythoseusingorconsideringcontainerization55Figure26:Multi-CloudDeploymentModelAdoptionbyIntervieweeOrganisations 55Figure27:PopularCloudProviders 56Figure28:Multi-CloudAdoptionChallenges 57Figure29:MonitoringLevelTargetsasRespondedbyInterviewedOrganisations 57Figure30:MonitoringToolTypeAdoptionbyInterviewedOrganisations 58Figure31:MonitoringChallengesFacedbytheInterviewedOrganisations 58Figure32:ElasticScalingAdoption 59Figure33ElasticScalingType 59Figure34:ElasticitytoolsusedbyorganizationshaveadoptedelasticscalingaspartoftheirALM 60Figure35:ElasticScalingAdoptionChallenges 60Figure36:StageofApplicationLifecycleatwhichSecurityisConsideredbyInterviewedOrganisations 61Figure37:SecurityMechanismsAdoptedbyInterviewedOrganisations(#1) 62Figure38:SecurityMechanismsAdoptedbyInterviewedOrganisations(#2) 62Figure39:SecurityMechanismsAdoptedbyInterviewedOrganisations(#3) 63Figure40:Non-TechnicalQualityAspectsasOrganisedbyISO/IEC25010:2011 77
D1.1StakeholdersRequirementsAnalysis
6
ListofTablesTable1:IndustryStudiesandPointsofInterestRelevanttoUnicorn 27
Table2:UnicornActors 31
Table3:MarketPlayersAnalysis–BriefOverview 36
Table4:MarketPlayersAnalysis–DevOpsSupportandHighlightFeatures 38
Table5:MarketPlayersAnalysis–Perspectives 43
Table6:OrganisationsParticipatedinInterviewProcess 47
Table7:FunctionalRequirementsRelationtoUserRole 74
D1.1StakeholdersRequirementsAnalysis
7
1 ExecutiveSummaryThemainobjectiveoftheUnicornprojectistodeliveraunifiedplatformthatwillfacilitateSMEsandStartups
todevelop, deploy andmanage secure-by-design andelastic-by-design cloudapplications and services, that
follow themicro-servicearchitecturalparadigm,onmulti-cloudprogrammableexecutionenvironments.The
platform will allow software developers to tackle data privacy constraints and restrictions through the
applicationofvariousprivacypoliciesandwilleasetheresourcemonitoringprocess.Inthisrespect,Deliverable
D1.1 - Stakeholders Requirements Analysis, hereafter simply referred to as D1.1, provides a clear set of
guidelinesthatwillguidethepartnersthroughthetechnicalactivitiesoftheUnicornproject.Theguidelinesthat
will drive the project technical activities, are expressed in the form of functional and non-functional
requirementsthatwillassistinshapingthefinalframeworkthatfulfilsthevisionandobjectivesoftheproject.
The work in this deliverable begins by presenting an agreed background and terminology of innovative
technological concepts such as the programmable infrastructure, multi-cloud offerings, micro-services,
containerization,DevOps,annotationbasedprogrammingandvarioussecurityenforcementmechanisms.This
terminologywillconsistentlybeusedthroughoutallfuturetechnicaldeliverablesastheseconceptsformthe
basictechnologicalpillarsonwhichtheimplementationoftheUnicornprojectwillbebasedon.
Furthermore, the methodology that was used to derive the functional and non-functional requirements is
presented. In the beginning of this agile methodology the partners analysed industry reports, surveys and
practicesinordertoidentifytheUnicornstakeholdersandpotentialuserrolesonwhichthefunctionalsystem
requirementswillbemappedon.Basedonthisanalysisoftheindustry,aninterviewquestionnairewasdesigned
toidentifythekeytechnologiesuptakenbytheSMEandStartupeco-systeminEurope,aswellastheemerging
technologiesthatarewithintheirinterestsbutcannotbesuccessfullyintegrateintotheirsoftwarestackyetdue
todifferentchallengestheyarefacing.
Lastly,theanalysisoftheinterviewresponseshascontributedindecidingandclarifyingasetoffunctionaland
non-functional system requirements that can be assigned to the identified user roles that are involved in
differentstagesoftheapplicationlifecycle.
D1.1StakeholdersRequirementsAnalysis
8
2 IntroductionCloudcomputingshiftsITspendingtoapay-as-you-gomodel,wheresimilartoutilitybilling,youonlypayforwhatyouuseandonlywhenyouuseit[1].CloudcomputinghasrevolutionizedtheITindustrytothepointwhere
anyperson,withevenbasictechnicalskills,canaccessandobtain,viatheinternet,ondemandvastandscalable
computingresourcesatlowcost[2].ForSmallandMediumEnterprises(SMEs)andtoday’sStartups,thiswell-
established argument is sound. Cloud computing eliminates the capital expense of buying hardware and
diminishescostsforconfiguring,runningandmaintainingon-sitecomputinginfrastructuresofanysize.Thus,it
isnowcheaperandeasiertoinnovate,enablingbusinessestodramaticallylowertheircostofoperations,and
byextension lowercostofstartingabusiness—independentbusinessessharetheircollective infrastructure
costsviathecloud—andthusspurringentrepreneurship[3].Therefore,itisnowonderwhySMEsandStartups
aremigratingcoreservicesandproductsoftheirbusinesstothecloud.Arecentstudyshowsthat,inthisdigital
economy,morethan37%ofSMEshaveembracedthecloudtorunpartsoftheirbusiness,whileprojections
showthatby2020thisnumberwillgrowandreach80%[4].
Whileopportunitiesforinnovationareriperthanever,SMEsandStartupswithalimitednumberofdevelopers,
whichideallyshouldbefocusedoncoreproductdevelopment,arefoundconstantlyinneedoftacklingsecurity,
complianceandcodevulnerabilitiesbydesigningsoftwaresecuritymechanismstopreventdatabreachesand
ensurecustomerprivacy.Arecentstudyfoundthat62%ofdatabreachesimpactingSMEsaccountedforaloss
ofmorethan50%oftheircustomerbase[4].Hence,asdatacontinuestomigratetothecloud,thecostofbadsecuritywill only continue to rise. Theother inhibitor that remains a consistentbarrier to cloudadoption is
vendor lock-in, which iswhere an organization fears becoming beholden to an individual cloud vendor [5].
However,while vendor lock-in remains the second inhibitorpreventing cloudadoption concernshavebeen
droppingrecentlydueto interoperability initiatives toestablishopenAPIsand libraries forcloudaccessand
deployment[6],[7]alongwithtopologyspecificationsandstandards[8],[9].ArecentstudybyRightScale(2017)
[10], reveals that SMEs use, on average, up to 6 different clouds (including private clouds) to achieve their
business objectswith the hybrid cloud establishing itself as themost popular deploymentmodel for SMEs.
Nonetheless,while thecloudpromises toautomateapplicationand infrastructuremanagement,multi-clouddeployments raise the complexity of monitoring, managing and effectively projecting cost budgets of theirservicesandcoreproductsdistributedacrossmultiplecloudswithunbearableengineeringrequiredtoovercomethesechallengesinordertocopeandnotperish.
Furthermore,resourcescaling(dubbedaselasticity)introducesanotherchallengethatmustbetackledaswell.
Elasticityisoneofthemost-hypedfeaturesofcloudcomputingandis,from2014,drivingcloudadoption[11].
Albeit,therealitydoesn'tnecessarilymeasureuptocloudproviders'promises[12].Websitetrafficfromsudden
userdemandcanexploderapidly,andtheneedforimmediatescalabilitytoaddressdemandscomeswithmany
obstacles. Cloud providers offering auto-scaling (e.g., AWS), automatically provision virtual instances when
high/low user-defined thresholds are violated [13]. However, auto-scaling is challenging, especially when
determiningwhetheranalertisissuedduetoaspikeindemandofanapplication,orwhethersomethingisa
malfunctionofthesystem[14].Adenialofservice(DDoS)attackorsimilarissuecouldinitiallyappeartobean
increase indemand,andamechanismthatautomaticallyscales, inresponse,maynotbeagoodthing.Fastscalingcould,infact,endupbeingdetrimentalresultinginunwantedcharges[15].
D1.1StakeholdersRequirementsAnalysis
9
Figure1:UnicornVision
Nowadays,anumberofcloudapplicationmanagementframeworksclaimtoaddresstheabovechallengesby
facilitating the design and deployment of cloud applications and services. Some of these frameworks are
proprietary[16][17],lockingtheiruserstospecificproviders,whileothersaregeneric[18][19][20]allowing
managementofapplicationsondifferentinfrastructureswithadaptersforpopularcloudofferingproviders.A
common denominator in all aforementioned frameworks is that none provides the ability to manage the
lifecycleofacloudservicedistributedacrossmultipleavailabilityzonesand/orcloudsites.Inturn,noframeworkcurrentlytacklesdataprotectionprivacyconstraintsandrestrictionsduetonationalandEUdirectivesfordatamovementacrossapplicationtiers,availabilityregionsormultiplecloudsites.Also,elastictechniquesarenotwellsupportedtodealwithmulti-dimensionalelasticpropertiescoveringresources,costsandquality[21].Most
importantly,thesetoolstacklethechallengesofmanagingcloudapplicationsafterapplicationdevelopment.
Thisresultsoftentomoreiterationsintheapplicationdevelopmentcycleifpolicydefinitionforelasticity,securityand privacy deployment constraints for different cloud providers is not foreseen at the development phase,delayingtime-to-marketandimpactingnegativelySMEsandStartupscomprisedofsmalldevelopmentteams.
Asaresult,newcategoriesoftoolsandsolutionsareneededtosupportchallengesholdingbackSMEgrowth.
Therefore, the concept of the Unicorn project is to deliver a platform that facilitates the deployment oftrustworthyapplicationsandservicescreatingamoreentrepreneurialICTecosystem.Specifically,theUnicorn
platformtargets,butisnotlimitedto,SMEandStartupdevelopmentteamsthatfollowagileandcontinuous
softwaredeliveryprinciplestoimprovesoftwaredesignonacontinuousbasisand,thus,increaseproductivity.
Hence,Unicornwillsimplifythedesign,deploymentandmanagementofsecureandelastic–bydesign–multi-
cloudservicesbyprovidingsoftwaredevelopmentteamswithacloudIDEplug-inandsoftwaredesignlibrariestoreducedevelopmenttimeofcloudapplications.Thiswillenablesoftwaredeveloperstodesignanddevelop
secureandreactiveapplicationsthroughtheirIDE,hencerightwheretheywritetheircode,thatincorporatesa
setofsoftwarecodeannotations,validationandpackagingtoolsforsecurity,privacyprotection,monitoringandelasticitypolicydefinitionattheplatform,application,componentandevencodesegmentlevelwithouthaving
to manually perform resource mappings and bindings. To circumvent the burdensome installation and
integrationprocess,theUnicornplatformwillenablecontinuousorchestrationandautomaticoptimizationofportableanddynamiccloudservicesrunningonvirtual instancesormicro-executioncontainersforincreasedsecurity, data protection privacy, and vast resource (de-)allocation. Once the software team has finished
developmentandarereadytodeploytheirapplication,thedeploymenttoolofthecloudIDEpluginwillbundle
applicationcode,third-partylibrariesandUnicornannotatedpoliciesandevenallowuserstosearchforrequired
OSlibrariesandruntimesoftwarestacksastheUnicorndevelopmentparadigmsupportsthenotionofmicro-
executioncontainerenvironments.Specifically,containerizedenvironmentsareparticularlyrelevanttomicro-
servicesandthedevelopingconceptof“immutableinfrastructure”wherecloudofferingsservedfromvirtual
instancesaretreatedasdisposableartefactsandcanberegularlyre-provisionedsolelyfromversion-controlled
code.Whatismore,thesupportfromtheUnicornplatformtosoftwaredevelopmentteamsdoesnotstopat
applicationdeployment.Toeliminatesecuritythreats,theUnicornplatformwillprovidecontinuousrisk,cost
andvulnerabilityassessment.Inotherwords,byusingUnicornsoftwareteamsfocusoncoreapplicationfeature
D1.1StakeholdersRequirementsAnalysis
10
developmentlogic,notthescale,monitoringandsecurityissueswhicharehandledinthebackgroundbythe
Unicornplatformensuringinteroperabilityacrossmultipleanddifferentclouds.Thisreducessoftwarerelease
timeandprovidesapowerful tool forSMEs that followagileandcontinuoussoftwaredeliveryprinciples to
improvesoftwaredesignandcontinuousproductivityimprovement.
2.1 DocumentPurposeandScopeThepurposeofthisdocumentistoprovideacomprehensivefoundationdescribingthebasicsetofdesignand
implementation guidelines thatwill start and guide the development of the IT components comprising the
Unicornplatform.Inrespecttothis,DeliverableD1.1aimstoidentifythestakeholdersoftheUnicornecosystem
andderiveclearandbasicdescriptionsofthesystemrequirementsafteranalysingandprioritizingtheneedsof
the industry and the Unicorn Projects’ Stakeholders. This is achieved by designing an online survey and
performingpersonalinterviewswithcarefullyselectedprojectStakeholderswithinandbeyondtheconsortium
inordertoprobetheICTneedsoftheEUSMEandStartupeco-system.Thus,requirementsaremeanttodrive
thedesignanddevelopmentprocessastheycomprisetheconstraintsthataretohelptheUnicornecosystem
andplatformtobestmatchtheprojectvisionandsatisfythe identifiedtechnologicalchallengesandmarket
gaps. Requirements show the functional and non-functional aspects for the Unicorn project and are an
importantinputtotheverificationandvalidationprocess,sincetestsandevaluationKPIsshouldtracebackto
specificrequirements.Tothisend,functionalrequirementsrepresentthelistoffunctionalpropertiesthatneed
to be implemented and finally supported within the context of the Unicorn ecosystem and platform. This
includesallbehaviouralaspectsofthesystemcomponents,aswellasthetoolsandapplications.Ontheother
hand,non-functionalrequirementswillconcernperformance,scalability,securityandprivacyaspects.
2.2 DocumentRelationshipwithotherProjectWorkPackagesWiththeidentificationofthetargetedstakeholdersandthedocumentationofthebasicfunctionalandnon-
functionaltechnicalrequirements,thisdeliverable(D1.1),willbeusedasanagreeduponinstructionsetguiding
thedevelopmentoftheITcomponentsthatmustbedeliveredbytheUnicornProject.Hence,D1.1(Stakeholders
Requirements Analysis) marks the completion of Task 1.1 “Requirements Analysis and Stakeholders’
Identification”.Figure2depictsthedirectand indirectrelationshipofthedeliverabletotheotherTasksand
WorkPackages(WPs).Thedefinitionofsystem-widerequirementsandthekeytechnologyfindingsidentified
byfollowingtheroadmap(describedinChapter4)forprobingtheEUSMEandStartupeco-system,willdrive
the documentation of the Unicorn reference architecture (D1.2). In particular, the Unicorn reference
architectureiscornerstonefortheprojectasfunctionalandnon-functionalrequirementsaredirectlymapped
towell-definedsystementities,thusguidingthetechnicalworkofWP2-WP5.Ontheotherhand,withtheclear
definitionoftheprojectandtheprioritizationofrequirementstomatchtheneedsoftheuse-cases(D1.2),the
workinWP6“Demonstration”canbeginasplanned.
D1.1StakeholdersRequirementsAnalysis
11
Figure2:DeliverableRelationshipwithotherTasksandWorkPackages
2.3 DocumentStructureTheremainderofthisdeliverableisstructuredasfollows:Chapter3introducesadescriptiveBackgroundand
TerminologysynopsisreferringtothekeyconceptsrelatedtothenotionofProgrammableInfrastructure.This
synopsiswillbeusedasareferenceglossarythroughouttheUnicornprojectdeliverablesandinteractionswith
projectStakeholders.Chapter4presentsacomprehensivedescriptionofthemethodologyfollowedtoderive
SystemRequirementsfortheUnicornprojectbydesigninganonlinesurveyandperformingpersonalinterviews
withcarefullyselectedprojectStakeholders inordertoprobetheICTneedsoftheEUSMEandStartupeco-
system.Inrelationtothis,Chapter5documentstheidentifiedprojectStakeholdersandtargetaudience,while
it also goes one step further by describing the list of the platform User Roles. Chapter 6 introduces the
RequirementsAnalysisSchemewhichdocumentsthekeyfindingsderivedfromthedisseminatedonlinesurvey
andtheconductedpersonalinterviewswhichhelpedtheconsortiumcompilethelistofsystemrequirements,
introducedinChapter7.Thelistoffunctionalandnon-functionrequirementsalongwiththeUnicorneco-system
userroleswillbeobeyedthroughoutfutureprojectdeliverablesandwillserveasguidelinesforthetechnical
worktobeperformedtoderivetheUnicornplatform.Finally,Chapter8concludesthisdeliverable.
D1.1StakeholdersRequirementsAnalysis
12
3 BackgroundandTerminologyBeforeproceedingwiththestakeholderidentificationandtherequirementcollectionandanalysisprocess,itis
importanttoidentifyandelaborateonthekeyconceptsdrivingtheinnovativetechnologicalaxesoftheUnicorn
project.The terminologydetermined in this sectionwillworkasa referenceguideacrossall futureUnicorn
technicaldeliverables.
3.1 ProgrammableInfrastructureProgrammable infrastructure is the IT concept of applying methods and tooling established in software
developmentontothemanagementof IT infrastructure.This includes,but isnot limitedto,automation,on-demandresource(de-)provisioning,serviceintegrationanddelivery,APIversioning,dataaccess,immutabilityandagiledevelopment[22].
Whatismore,thenotionof“programmability”canbeviewedandexaminedfromtwodifferentperspectives
[23].Inparticular,fromadeveloperperspective,“programmability”isthemeanstocreatetheproperexecution
environment independently of theunderlyingphysical resources. Thus, there is a needof bothoverarching
resourceabstractionsatthedesign/developmentstageandconvenientAPIsatrun-time,inordertoimplement
anapplicationinanenvironment-agnosticwayandtodynamicallytailorittotheactual(andusuallychanging)
context.Tothisdirection,theProgrammableInfrastructureprovidesdeveloperswithacommonandsinglepoint
ofaccesstoallresources,hidingphysicalissueslikeresourcenature,faults,maintenanceoperations,andsoon.
Ontheotherhand,fromaninfrastructureofferingproviderperspective,“programmability”mostlyreferstothe
concernsoftheproviderwithoperationandmaintenanceof (usually) largepoolsofresources. Inparticular,
infrastructure providers are in need of handy tools to deal with typical management tasks like insertion,
replacement,removal,upgrade,restorationandconfigurationwithminimalservicedisruptionanddowntimes.
Tothisdirection,ahighdegreeofautomationisdesirable,throughprogrammaticrecoursetoself-*capabilities
(self-tuning,self-configuration,self-diagnosis,self-healing).
Cloud computing adheres to the notion of Programmable Infrastructure by providing users with (virtual)
resourcesondemand,accordingtotheirneeds,andbymetaphoricallyblurringtherealphysicalinfrastructure
(baremetal)insideanopaque“cloud”[24].Thekindofresourcesexposedbycloudsdependsuponthespecific
service model; they are infrastructural elements like (virtual) hosts, storage space, network devices
(Infrastructure-as-a-Servicemodel, IaaS),computingplatforms includingtheOperatingSystemandarunning
environment (Platform-as-a-Servicemodel, PaaS), or application software like databases, web servers,mail
servers(Software-as-a-Servicemodel).InUnicorn,wemainlytargettheIaaSmodel,since,orchestration-wise,
itgivesdevelopersthebroadestcontrolonthecloudexecutionenvironmentfortheirapplications.However,
the Unicorn project also targets providing the appropriate tooling sets to developer teams to ease cloud
applicationdevelopment,securityenforcement,andlifecyclemanagementandthereforewhilenottargeting
persePaaSofferings,itresemblesaPaaSservice,orbetter,aDevOps-as-a-Service.
Inthefollowing,wepresentanoverviewofthekeyconceptsrelatedbothtotheUnicornprojectandthenotion
of Programmable Infrastructure. Although the following approachesmay adhere to different architectures,
frameworks and implementations (State-of-the-Art will be thoroughly documented in D1.2), they are
interrelatedandtheirsynergytowardsafullyprogrammableinfrastructureismoreandmoreevidentintoday’s
platforms.
D1.1StakeholdersRequirementsAnalysis
13
3.2 Multi-CloudOfferingsToachievetheircloudgoals,businessleadersareincreasinglychoosingtoworkwithmultiplecloudofferings
and/orcloudproviders [25].Adominantfactor is that leadingcloudprovidersareconstantly innovatingand
introducing new technologies to better their services, so an enterprise with a multi-cloud solution can be
proactive in themarket,electing toconsistentlyemploy thebest servicesandvalue, fromanygivenservice
provider,atanygivencircumstances.ArecentstudybyIDC[26],predictsthat86%ofenterpriseswillrequirea
multi-cloud strategy to support their business goals within the next two years, while other studies (e.g.,
RightScale’sStateoftheCloudyearlytrends[10],[27])revealthatthehybridcloudisdominatingtheinterests
ofmorethan70%ofITrelatedorganisations[28].However,whilethetermshybrid-clouds,multi-cloudsorevenfederated-clouds are used in studies across the industry as interchangeable terms, only when specifically
questioninginterviewees(ataskperformedbyUnicornasdocumentedinChapters4and6)itisrevealedthat
organisationsoftenrefertodifferentclouddeploymentmodelswhenusingtheaforementionedterms.
Therefore,inwhatfollowsweclarifydifferent(multi-)clouddeploymentmodelsevolvingaroundthenotionof
usingmorethanonecloudofferingsand/orcloudserviceproviders.
• MC1–CloudBursting: Thismodel allows forworkloads tomove between private and public cloud
offerings as computing needs dynamically change [29]. Specifically, organisations benefit from the
scalabilityofpubliccloudsfordemandingcomputeoperations,otherwiselimitedbytheinfrastructural
resources of the organisation, while also leveraging the security provided by their private cloud
infrastructurebynotexposing,atalltimes,protectedandsensitivedata.Furthermore,organisations
canbenefitbythereducedaccesstimeandlatencyofdataexchangeinsideaprivatecloud.
• MC2–OneCloudProviderMultipleAvailabilityZones:Thismodelsupportstheuseofonlyonecloud
providerorcloudofferingstype,albeitmultipleavailabilityzones,regionsand/orcloudsitesareused,
todeployorganisationservicesoncloudofferings[30].Forinstance,anorganisationmayselecttooffer
itsservicesclosertoconsumersbyselectingappropriateavailabilityzones(e.g.,AWSoffersEUofferings
viaIrelandandFrankfurtzones)oritmaydeployloosely-coupledservicesacrossmultiplecloudsitesbut
allusingthesamecloudofferingstype(e.g.,Openstack,VMware).Thelatterisacasehighlyrelevantto
the health sectorwhere health institution data (e.g., clinic patient health records), for security and
privacyreasons,areprotected,andused,behindprivateclouddeploymentsbutcanstillbeaccessed
afterobtainedauthorizationfromotherinter-connectedhealthinstitutions.
• MC3 – Multiple Cloud Providers Heterogeneous Offerings: This model supports the ability of
organisations to route their workload to respected providers that better suit particular tasks of a
service’soperations (e.g.,datastorage,processing) [25].For instance,anorganizationmayconclude
thattoachievecertaincostreductionbenefitsforitscloudcomputingbillage,itscloudstorageneeds
wouldbebest shifted toAmazonWebServices (AWS)while itsdataprocessingneeds forparticular
(offline)tasks(e.g.,imageprocessing)mightbebetterservicedbyutilizingMicrosoft’sAzuremachine
learningdatapipeline.
• MC4–MultipleCloudProvidersHomogeneousOfferings:Thismodelallowstheuseofhomogeneous
offerings (e.g., sameorsimilarVMtypes foradeployedservice) frommultiplecloudproviders (e.g.,
AWS,GoogleComputeEngine)tosupportcontinuousavailabilityofanorganization’sservices[31].With
thismodel,organisationsbenefitbyallowingoperationstocarryon,despitetheeventofcloudprovider
downtimeascloudresourceacquisition isdistributedamongtheselectedcloudserviceproviders. In
particular,thismodelalsoallowsforloadtobebalancedacrossproviders,whilereducedaccesstime
D1.1StakeholdersRequirementsAnalysis
14
andlatencyfor intra-dataexchangeisachievedfortheofferings insidetheboundariesofeachcloud
provider.
3.3 Micro-servicesTheevolvementofnewsoftwaredevelopmentparadigmsisfollowingtheneedfordevelopmentofapplications
thatadheretothenotionsofmodularity,distribution,scalability,elasticityandfault-tolerance [32].Amicro-
servicearchitecturalapproachisconsideredastheresultingsetthatarisesfromthedecompositionofasingle
applicationintosmallerpieces(services)thattendtorunasindependentprocessesandhavetheabilitytointer-
communicateusuallyusinglightweightandstatelesscommunicationmechanisms(e.g.,RESTfulAPIsoverHTTP)
[33].These(micro-)servicesarebuiltaroundbusinesscapabilitiesandareindependentlydeployablebyfully
automateddeploymentmachinery.For(micro-)services,thereisabareminimumofcentralizedmanagement
and such servicesmay bewritten in different programming languages and even use different data storage
technologies[34].
Figure3:MonolithicLegacyEnterpriseArchitecturevsMicro-serviceArchitectureApproach
Tounderstandthelogicbehindamicro-servicearchitecturalapproachitisusefultocompareittoamonolithicapproach(Figure3)whereasingleexecutablehoststheentirefunctionallogicofanapplication,suchasinthe
caseofawebservicehandlingHTTPrequestswhileresponsibleforexecutingdomainlogic,databaseaccess,
andHTMLviewpopulation.Hence,alllogicforhandlingwebrequestsrunswithinasingleprocess.However,
thisapproachfeaturesanumberofdisadvantages,oftenreferredtoasmonolithinhibitors[35].Inparticular,featureroll-outsandsoftwarecodechangesarealwaystiedtogether–evenasinglechangemadetoasmall
codesegmentoftheapplication,requirestheentiremonolithtoberebuiltandre-deployed.Overtime,andas
thesoftwarestackexpands,itbecomesevidentthatagoodmodularstructureishardtokeep,makingitdifficult
totracksoftwarecodechangesthatoughttoonlyaffectonemodulewithinthatmodule.Most importantly,
resourcecapacityprovisioningforthesoftwarestackrequiresscalingtheentireapplicationratherthanonlythe
specificservicesinrealneedofadditionalresources.
In contrast to monoliths, micro-services are decomposed into services organised around discrete businesscapabilities.TheboundariesbetweentheseunitsareusuallycomprisedoffunctionalAPIsthatexposethecorecapabilities of each service. Large systems are then composed of many (micro-) services, whereby
communicationbetweenmicro-servicesisacentralingredient.Forinstance,suchisthecaseofamazon.com1,
1https://www.amazon.com/
D1.1StakeholdersRequirementsAnalysis
15
wherethedifferentaspectsof theire-commerceplatform—recommendations,shoppingcart, invoicingand
inventorymanagement—aresplitintodiscrete,scalableandindependent(micro-)services[36].Insteadofall
beingpartofoneenormousmonolith,eachbusinesscapabilityisaself-containedservicewithawell-defined
interface.Theadvantageofthisisthatseparateteamsareeachresponsiblefordifferentaspectsoftheservice
allowing the team and software core to develop, test, handle failures and scale independently. In turn,continuousdeliveryispossibleassmallunitsareeasiertodeployandmanagetheirentirelifecycle.
Finally,decentralizeddatamanagementishighlyevidentwhereeachservicedealingwithaspecificfunctionof
thebusinessprocessmaymanageitsowndatabase,eitherdifferentinstancesofthesamedatabasetechnology
or entirely different database systems, so as to optimize data storage, processing and acquisition to the
heterogeneousneedsand scaleof eachbusiness function.As statedbyA.Cockcroft,whooversawNetflix’s
transition from amonolithic DVD-rental company to amicro-service architecture comprised ofmany small
teamsworkingtogethertostreamcontenttomillionsofusers,amicro-servicewithcorrectlyboundedcontextisself-containedforthepurposesofsoftwaredevelopment[37].Therefore,onecanunderstandandupdatethemicro-service’scodewithoutknowinganythingabouttheinternalsofitspeers,becausethemicro-servicesand
itspeers interact strictly throughAPIsand therefore there isnoneed for sharingorexposing (with security
threats lurking) data structures, database schemata, or other internal representations of objects. Thus, the
commonlyunderstood“contract”betweenmicro-servicesisthattheirAPIsarestableandforwardcompatible.
3.4 ContainerizationResourcevirtualization,ingeneral,consistsofanintermediatesoftwarelevelontopofphysicalresources(bare
metal)andtheoperatingsystem,providingabstractionsformultiplevirtualresources(e.g.,compute,memory,
storage,etc.),oftenbundledtogetheranddenotedasvirtualmachines(VMs)orvirtualinstances.VMscanalso
beseenasisolatedexecutioncontexts[38].Inparticular,VMsrequirefullguestoperatingsystemsinaddition
tobinariesandvariouslibrariesthatarenecessaryfortheapplicationstorun,whichtranslatesintolargeisolated
filesthatstoretheirentirefile-systemonthehostmachine[39],[40].EachVMisrunontopofahypervisor,
whichisaspecialisedsoftwareonthehostoperatingsystemthatisresponsiblefortheoperationoftheVMand
themanagementoftheresourcesneededfromthehostmachine.Today,hypervisor-basedvirtualizationisthe
mostpopularmethodofresourcevirtualizationandthemainrepresentativesofthespecifiedtechnologycan
be considered the XEN [41], VMWare [42] and KVM [43]. Although security concerns have been addressed
throughisolation,securitylimitationsstillexist,mainlyduetonumerousvulnerabilitiesmaskedindependencies
ofthedeployedapplicationstothird-partybinariesandlibraries[44].
On the other hand, containerization is a virtualization method, for deploying and running distributed
applicationswithout the need to launch entire VMs. In particular, containerization (Figure 4) allows virtual
instancestoshareasinglehostoperatingsystemandrelevantbinaries,dependenciesand/or(virtual)drivers,
inasecurebutalsoportableandinteroperableway[45].Applicationcontainersholdcomponentssuchasfiles,
environmentalvariables,andlibrariesrequiredtorunthedesiredsoftware.Becausecontainersdonothavethe
overheadofanentireguestoperatingsystemrequiredbyVMstooperate,theirsizeissmallerthanVMswhich
makesthemeasiertomigrate,fastertoboot,requirelessmemoryandasaresult, it ispossibletorunmanymorecontainersonthesameinfrastructureratherthanVMs[46].Inturn,applicationdevelopmentwiththeuse
ofcontainers isperfectforamicro-serviceapproachasunderthismodel,complexapplicationsaresplit into
discreteandmodularunitswheree.g.,adatabasebackendmightruninonecontainerwhilethefront-endruns
inaseparateone.Hence,containersreducethecomplexityofmanagingandupdatingtheapplicationbecause
D1.1StakeholdersRequirementsAnalysis
16
aproblemorchangerelatedtoonepartoftheapplicationdoesnotrequireanoverhauloftheapplicationasa
whole[47].
Figure4:HypervisorvsContainer-basedVirtualization
Sincecontainerssharetheoperatingsystemkernel,theisolationprovidedcomparedtothehypervisor-based
virtualizationisweaker,neverthelessitseemsfromtheuserperspective,thateachcontainerexecutesasingle
stand-aloneOS. Isolation in container-based virtualization can be achieved through kernel namespaces and
ControlGroups(cgroups)[48][49].Namespaces,isafeatureoftheLinuxkernelthatallowsdifferentprocesses
tohavedifferentviewsonthesystem,whilecgroups,anotherfeatureoftheLinuxkernel,manageand limit
resourceaccessforprocessaccessgroupsthroughlimitenforcement.Inorderforacontainerizedimagetorun,
it isrequiredthataspecializedsoftwaretobepresentontopoftheoperatingsystem,theContainerEngine
whichutilizestheLinuxkernelmechanisms(LXC)describedabove[50].ThemostpopularContainerEngineis
DockerwhichisbuiltbasedontheLXCtechniques[51].
Figure5:DockerRelationtoLinuxContainerNotion
Docker is the leading container platform with the ability to package and run containerized applications. It
providesacompletetoolset tomanagethe lifecycleofcontainers, fromdevelopmentphasetodeployment.
Docker streamlines thedevelopment lifecyclebyallowingdevelopers towork in standardizedenvironments
D1.1StakeholdersRequirementsAnalysis
17
usinglocalcontainersandallowsforhighlyportableworkloads.ItiswritteninGoandtakesadvantageofseveral
featuresoftheLinuxkerneltodeliveritsfunctionalitysuchasnamespacesandcgroups.However,asDocker's
technology is based on LXC, containers do not run an independent version of the OS kernel. Instead, all
containersonagivenhostrununderthesamekernel,withonlyapplicationresourcesisolatedpercontainer.
Thisallowsforacertaindegreeofisolation(thoughnotasisolatedasafullVM)withalowerresourceoverhead
but leaving an attacking surface for exposed vulnerabilities in the central OS daemonmanaging co-located
containers[52].Toimproveisolationbyprovidingsecurecontainerization,andstilladheretothelinuxkernel
principles, CoreOSwas designed to alleviate and improvemanyof the flaws inherent inDocker's containermodel[53].Inparticular,CoreOS(Figure6)featuresaread-onlylinuxrootfswithonlyetcbeingwritable.In
turn,ascontainersareisolated,evenco-locatedones,andtoreacheachothercommunicationishandledovertheIPnetworkwhilenetworkconfigurationsareexchangedoveretcd.
Figure6:CoreOSHostandRelationtoDockerContainers
For the deployment and orchestration of containers, frameworks such as Docker Swarm [54], Google’sKubernetes[55]andFleet[56]instantiateandcoordinatetheinteractionsbetweencontainersacrossacluster.Therefore,containerorchestrationtoolscanbebroadlydefinedasprovidinganenterprise-levelframeworkfor
integratingandmanagingcontainersatscale.Suchtoolsaimtosimplifycontainermanagementandprovidea
frameworknotonlyfordefininginitialcontainerdeploymentbutalsoformanagingmultiplecontainersasone
entity, for purposes of availability, scaling, and networking, while the underlying CoreOS provides strong
isolationtotheaboveDockerexecutionenvironment.Hencethecontainersolutionstackpresentsitselfasideal
for micro-service architectures [32], as micro-services are indeed built in this manner: a number of thin
containers,eachwithaminimalsetofprocesses,interactoverwell-defined(software)networkinterfaces.Thus,
for micro-services different containers are prepared for each of the components comprising the cloud
applicationwhichisidealtodeployadistributed,multi-componentsystemusingthemicro-servicesarchitecture,
abletoscalebothhorizontallyandverticallythedifferentapplications.
Inturn,unikernelsarespecializedvirtualmachineimagescompiledfromthemodularstackofapplicationcode,
systemlibrariesandconfigurationwhichadheretoboththeprinciplesofcontainerizedexecutionenvironments
and programmable infrastructure [57]. Specifically, unikernels are specialized single-purpose images
disentanglingapplicationsfromtheunderlyingoperatingsystemasOSfunctionalityisdecomposedintomodular
and “pluggable” libraries (similar to CoreOS). Developers select, from a modular stack, the minimal set of
libraries(e.g.,network,blockdevices),whichcorrespondtotheOSconstructsrequiredfortheirapplicationto
D1.1StakeholdersRequirementsAnalysis
18
run. These libraries are then compiled with the application’s code, to build sealed and fixed-purpose
containerized environmentswhich run directly on the hypervisorwithout an interveningOS, as depicted in
Figure7.Therefore,alongwiththebenefitsofcontainerization,whichincludes:(i)shortboottimes(fewsecond
range) [58], (ii) small images sizes (fewMBs) [59] [60]and (iii) fierce security [61];unikernelsexhibit strong
isolationguaranteesduetohypervisor-basedexecution,livemigrationandrobustSLAs[62].Thesebenefitsare
particularlyrelevanttomicro-servicesandthedevelopingconceptofimmutableinfrastructurewhereVMsare
treated as disposable artefacts and can be regularly re-provisioned solely from version-controlled code.
ModifyingsuchVMsdirectlyisnotpermitted:allchangesmustbemadetothesourcecodeitself.
Figure7:UnikernelRelationtoVMsandContainers
3.5 DevOps–ContinuousIntegrationandDeliveryRecent surveys ([63], [64]) have shown that DevOps is rapidly growing especially in the enterprise and the
demandofpeoplewithDevOpsskills is increasing.AccordingtoAmazon[65],DevOps is thecombinationof
cultural philosophies, practices, and tools that increases anorganization’s ability todeliver applications and
services at high velocity. Under the DevOps paradigm, there is no more a distinct separation between
developmentandoperationsteams.Theseteamscanbemergedintoasingleteam,inwhichoperationsand
development engineers participate together in the entire service lifecycle, from design through the
development process to production support. Enterprises and organizations gain huge benefits [66] from
adopting DevOps practices. Such benefits include: (i) improved collaboration between the various teams
(developersandoperations)ofanorganization;(ii)highvelocityandefficiencyonnewdeployments;(iii)reliable
application updates and infrastructure changes; (iv) improved security by using compliance policies and
configurationmanagement techniques; and (v) rapid deliverywhich increases the pace of new releases by
adoptingcontinuousintegrationandcontinuousdeliverypractices
D1.1StakeholdersRequirementsAnalysis
19
Figure8:ContinuousIntegrations,ContinuousDeliveryandContinuousDeploymentSteps
ContinuousIntegration(CI)andContinuousDelivery(CD)aresoftwaredevelopmentpracticesthatautomate
thesoftwarereleaseprocess,frombuildtodeploy.Morespecifically,CI[67]isasoftwaredevelopmentpractice
wheremembersofateamintegratetheirworkfrequently(usuallydaily)intoacentralsoftwarerepository(e.g.
git, svn). Each integration is verified by an automated build (including tests) to detect integration errors as
quicklyaspossible,whichallowsteamstodelivercohesivesoftwaremorerapidly.Continuousintegrationmost
oftenreferstothebuildorintegrationstageofthesoftwarereleaseprocessandentailsbothanautomation
component(e.g.aCIorbuildservice)andaculturalcomponent(e.g.learningtointegratefrequently).Thekey
goalsofcontinuousintegrationaretofindandaddresssoftwarebugsquicker,improvesoftwarequality,and
reducethetimerequiredtovalidateandreleasenewsoftwareupdates.CDisthesoftwaredevelopmentpractice
inwhichteamsareconstantlyproducingnewsoftwarereleases(includingnewfeatures,configurationchanges,
bug fixesandexperiments) inshortcyclesandensurethat itcanbereliably releasedatanytime[68].With
continuousdelivery,everycodechangeisbuilt,tested,andthenpushedtoanon-productiontestingorstaging
environment. The final decision to deploy to a live production environment is triggered by the developer
whereasincontinuousdeploymentthislaststepisautomatic.
TofurtherassistDevOpsengineers,especiallyinthedevelopmentphase,tocollaborateunderbetterconditions
andtobetterpromoteCI/CDpractices,anewcategoryoftools,theCloudIDE,isontheriseoverthepastfew
years [69]. Simply stated, a Cloud IDE is, usually, a browser-based IDE that allows real-time collaborative
software development via portableworking environments (workspaces) deployed on the cloud. They allow
access from anywhere using Internet Access (or even can provide access to a local setup), with minimal
configuration needed. Cloud IDE’s provide support to all major software repositories thus promoting
collaboration and CI practices. Most of the state-of-the-art Cloud IDE’s working environments are usually
containerizedallowingtheusertocustomizethecontainerimagesaccordingtoitsneeds(e.g.EclipseCHE[70],
SAPHana[71]).Moreover,CloudIDEscanconnecttovariouscloudproviders,makingiteasierforDevOpsto
deploytheirapplicationsremotely.
Finally,oneofthemostchallengingtasksofaDevOpsengineer,particularlyinthecloudarea,isthedevelopment
ofelasticapplications,abletoefficientlyadapttheirresourcesaccordingtotheirneeds.Elasticityisdefinedasthedegreetowhichasystemisabletoadapttoworkloadchangesbyprovisioningandde-provisioningresources
inanautonomicmanner,suchthatateachpointintimetheavailableresourcesmatchthecurrentdemandas
closely as possible [1]. It is used to avoid inadequate provision of resources and degradation of system
performance while achieving cost reduction [72], making this service fundamental for cloud performance.
Nowadays,themostcloudprovidersandthird-partytoolsofferanautomatedwaytoscaleresourcesbygiving
D1.1StakeholdersRequirementsAnalysis
20
theabilitytothedevelopertodefinetheoptimalpoliciesforhisapplicationprovisioning.Horizontalscalingis
thescalingmethodofchoiceformanycloudsystemssinceitprovidesawayofscalingtheapplicationtomeet
itsdemands inanuninterruptibleway.Horizontal scaling requires from theapplication to supportawayof
cloning itself, inorder tobedeployed inanothervirtual container tosupportpartof thedemand.Although
vertical scalingseemssimpler since itonly requires increasing resourcesof thevirtual containerhosting the
application, in fact it isnotappropriate to supportapplication’suninterruptibleoperationsincemostof the
operatingsystemsdoesnotsupporton-the-flychanges(withoutrebooting)ontheavailableresources(e.g.CPU
ormemory)ofarunninginstance.Thus,horizontalscalingismostlypreferredincloudsystems.
Auto-scalingtechniquesaredistinguishedtoreactiveandproactive(orpredictive)[1].Reactivetechniquesrefer
tothosemethodsthatreacttothecurrentsystemand/orapplicationstatewhichstatesaredecidedfromthe
latestvaluesofmonitoredvariables.Proactive(orpredictive)techniquesattempttoscaleresourcesinadvance
ofdemandbypredictingthelatter.Reactivetechniquesmayproveinefficienttosupportuninterruptibleatall
timesoperationoftheapplicationespeciallywhenthereisasuddendemandburst.Thisisduetothefactthat
acquiring new resources and instantiating a new execution environment (virtual container) requires a non-
negligibletimeinterval.Ontheotherhand,proactivetechniquesaremorepromising;however, intheworst
casetheymaymisstopredictdemandandactasareactivetechniquewith,possible,additionalcostsoccurring
formiss-predictions.Thus,auto-scaling isasignificantchallenge,asabadperformingauto-scalingtechnique
may lead to problems such as under-provisioning; the application does not have enough resources, over-
provisioning; the application reserves more resources than the ones really needed, and oscillation; scaling
actionsarecarriedouttooquickly,fortheapplicationtoseetheimpactofthescalingaction[31].
3.6 Annotation-BasedProgrammingModern programming languages (e.g., java, C#, python) offer an extremely useful mechanism named
“annotations” that can be exploited for several purposes. Annotations are a form of metadata providing
informationandinstructionsthatarenotpartoftheapplicationitself[73].Annotationsdonotdirectlyaffect
programsemantics,buttheydoaffectthewaysoftwarecodeistreatedbytoolsandlibraries,whichcaninturn
affectthesemanticsoftherunningsoftware.Annotationscanbereadfromsourcefiles,binaryfiles(e.g.,class
files),orreflectivelyatruntime.Theyprovidecompilersandbuildengineswithuseful informationandhints
(e.g.,suppresswarnings),andallowcodeinjectionatcompilationordeploymenttimeforruntimeprocessing
decisions(e.g.,addloggers,providehandlerstocountmethodaccesses,etc.).
Fromthesoftwareengineerperspective,annotationscanbepracticallyseenasaspecialinterfacewhichmay
beaccompaniedbyseveralconstraints,suchasthepartofthecodethatcanbeannotatedorthepartofthe
codethatwillprocesstheannotations.AnindicativeexampleinJavaispresentedinFigure9,whichdefinesanannotationdenotedasTest,thatwillbeusedtoannotateJavamethods.Thescope(javamethods)oftheTest
annotation is defined via another annotation @Target(ElementType.METHOD) while the annotation
@Retention(RetentionPolicy.RUNTIME)indicatesthattheTestannotation(andotherannotationsof
thesametype)willberetainedbytheVMsoastobeparsedreflectivelyatrun-time[74].
D1.1StakeholdersRequirementsAnalysis
21
Figure9:IndicativeExampleofAnnotationDeclarationinJava
AnnotationsarewidelyusedbynumerousframeworkssuchastheSpringFramework[75]andeachframework
selects one handling technique in order to process annotations. In general, there are three strategies for
annotations’handling:
• Sourcecodegeneration:Thisannotationprocessingoptionworksbyreadingtheinitialsourcecodeandgeneratingeithernewsourcecodeormodifyingexistingcode,andnon-sourcecode(e.g.,configfiles,
documentation).The(code)generatorstypicallyrelyoncontainerorotherprogrammingconventions
and work with any retention policy. Indicative frameworks that belong to this category are the
AnnotationProcessingTool(APT)[76]andXDoclet[77].
• Bytecode transformation: Annotation handlers of this form parse binary and/or executable files
containing annotations and emit modified binaries and/or newly generated executables. They also
generatenon-binaryartifacts(e.g.,configfiles).Bytecodetransformerscanruneitheroffline(compile
time),atload-time,ordynamicallyatrun-time.InJava,theyworkwithclassorruntimeretentionpolicy
(asshowninFigure9).IndicativebytecodetransformerexamplesincludeAspectJ[78]andSpring[75].
• Runtimereflection:Annotationhandlersofthisformusereflectiontoprogrammaticallyinspectdata
objectsatruntime.Ittypicallyreliesonthecontainerorotherprogrammingconventionandrequires
runtimeretentionpolicy.ThemostprominenttestingframeworkslikeJUnit[79]useruntimereflection
forprocessingtheannotations.
3.7 SecurityEnforcementandDataPrivacyPreservingData security has consistently been a major issue in information technology. In the cloud computing
environment,itbecomesparticularlyseriousbecausethedataislocatedindifferentplacesandevenallaround
globe.Theincreasingnumberofconnecteddevicesandthehugeamountofsoftwarethatisbeingdeveloped
on a daily basis will continue to generate and introduce new attack vectors and exploit opportunities for
malicioushackers.Datasecurityandprivacyprotectionarethetwomainfactorsofuser'sconcernsaboutthe
cloudtechnology.Forthisreason,theissueofcontinuouscloudandapplicationsecurityenforcementmustbe
tackled, while enabling data protection privacy mechanisms at the cloud/hypervisor layer due to the co-
existenceofmultipleusersandserviceswithinthesamehosts.
Data security is commonly referred to as the confidentiality, availability, and integrity of data. Securityenforcementmechanismsareinplacetoensuredataisnotbeingusedoraccessedbyunauthorizedindividualsor parties. In addition, thosemechanisms ensure that the data is accurate, reliable and availablewhen an
authorizedpartyneedsit.
Tothisdirection,onesecurityenforcementmechanismthat iswidelyusedisthe IntrusionDetectionSystem
(IDS).An IDS is a software component that automates themethodofmonitoringeventswithina computer
systemornetworkandanalysingthemforsignsofpossibleviolationsorthreatsofviolatingcomputersecurity
policies,acceptableusepolicies,orstandardsecuritypractices.Suchsystemscanalsoattempttostoppossible
D1.1StakeholdersRequirementsAnalysis
22
incidents (IDPS - IntrusionDetection and Prevention System). Information gathering, logging, detection and
preventionareamongthecapabilitiesofferedbyIDSs.Asfarasthedetectioncapabilitiesisconcerned,most
IDSsuseacombinationofsignature-baseddetection,anomaly-baseddetection,andstatefulprotocolanalysis
techniquestoperformin-depthanalysisoftheavailabledata.
An IDS in the hypervisor or container level is able tomonitor all available network interfaces used by the
executionenvironmentofthesystem.Theproducedlogsarestoredlocallyandfeedadatabase.Inturn,anhttp
servercanrepresentthosedatatoawebinterface.IDSsrequiresignificantresourcesintermsofcomputation
capacityneededtoprocessapacketandtheamountofmemoryneededtostorethesecurityruleset.Awayto
speed-up this inspection process is to take advantage of GPUs. Their low design cost, the highly parallel
computationandthefactthattheyareusuallyunderutilized,especially inhostsusedfor intrusiondetection
purposes,makes them suitable for use as an extra low-cost coprocessor for time-consuming problems, like
patternmatching.TherehavebeenmanyworkstryingtouseGPUcapabilitiesinordertoimprovethecurrent
stateofIDSandIPSsystems[80]–[83].
Encryptionisanothersecuritymechanismwhichisintendedtoprotecttheconfidentialityofdigitaldatastored
oncomputersystemsor transmittedvia the Internetorcomputernetworks.Encryption is theconversionof
electronic data, often referred to as plaintext, into another form, the ciphertext, by applying an encryption
algorithmandselectinganencryptionkey.Encryptionalgorithmsaredividedintotwomaincategories:
i) Symmetricii) Asymmetric
Symmetric-keyciphersusethesamekey,orsecret,forencryptinganddecryptingamessageorfile.Themost
widelyusedsymmetric-keycipherisAES[84],whichwascreatedtoprotectgovernmentclassifiedinformation.
Symmetric-keyencryptionismuchfasterthanasymmetricencryption,butthesendermustexchangethekey
used to encrypt the data with the recipient before he or she can decrypt it. This requirement to securely
distributeandmanagelargenumbersofkeysmeansmostcryptographicprocessesuseasymmetricalgorithm
toefficientlyencryptdata,butuseanasymmetricalgorithmtoexchangethesecretkey.
Ontheotherhand,Asymmetriccryptography,alsoknownaspublic-keycryptography,usestwodifferentbutmathematicallylinkedkeys,onepublicandoneprivate.Thepublickeycanbesharedwitheveryone,whereas
theprivatekeymustbekeptsecret.RSA[85]isthemostwidelyusedasymmetricalgorithm,partlybecauseboth
thepublicandtheprivatekeyscanencryptamessage;theoppositekeyfromtheoneusedtoencryptamessage
isusedtodecryptit.Thisattributeprovidesamethodofassuringnotonlyconfidentiality,butalsotheintegrity,
authenticity and non-reputability of electronic communications and data at rest through the use of digital
signatures.
Anothercrucialsecuritymechanismthatisusedtoprotectagainstpotentialsecuritythreatsisbyperforming
Risk andVulnerabilityAssessments.Vulnerability assessment is theprocessof identifying, quantifying, and
prioritizing(orranking)thevulnerabilities inasystem.Vulnerabilityassessmenthasmanythings incommon
withriskassessment.Assessmentsaretypicallyperformedaccordingtothefollowingsteps:
i) Catalogingassetsandcapabilities(resources)inasystem.
ii) Assigningquantifiablevalue(oratleastrankorder)andimportancetothoseresources
iii) Identifyingthevulnerabilitiesorpotentialthreatstoeachresource
D1.1StakeholdersRequirementsAnalysis
23
iv) Mitigatingoreliminatingthemostseriousvulnerabilitiesforthemostvaluableresources
Althoughdataprivacyanddatasecurityareoftenusedassynonyms,theysharemoreofasymbiotictypeof
relationship.Dataprivacyissuitablydefinedastheappropriateuseofdata.Dataprivacypreservingmechanisms
areinplacetoensurethatthedatashouldbeusedaccordingtotheagreedpurposes.Makingsurealldatais
private and being used properly can be a near-impossible task that involves multiple layers of security.
Fortunately,withtherightpeople,processandtechnology,datasecuritypolicythroughcontinualmonitoring
andvisibilityintoeveryaccesspointcanbesupported.
Privacypreservingmechanismsofferasetofhighlevelruling,whichallowallinterestedstakeholderstodefine
thetypeandscopeofdataprotectionconstraintstopreventdataaccessfromunauthorizedentitiesandrestrict
datamovementbetweenapplicationservices,countriesorgeographic/legalregions(e.g.,theEU),availability
regionsand/ormultiplecloudsitestoadheretonationaland/orEUdatarestrictiondirectives.Suchmechanisms
offer a safety net against data processing of data,which inmany occasions, are processed in unknowingly
remotedatacentersacrossborderswithsecuritybreachesbreakinglegalactcomplianceduetounsecuredata
movementlurkinginthebackground.
D1.1StakeholdersRequirementsAnalysis
24
4 MethodologyFollowedtoDeriveUnicornSystemRequirementsDerivingsystemrequirements isthecornerstoneactivityofanysuccessfulproject. Itplaysakeyroleforthe
successfulscoping,defining,estimatingandmanagingofaprojectrightfromthestart.Successfulrequirements
collectionistypicallyuniqueineveryprojectandcircumstances,butitalsocanleadtomanyadvantages.For
instance, itcanaccommodatebetterresourcemanagement,systemanalysis,design, improvedquality inthe
productdelivered,andminimizetheriskfordelaysandoverruns.Themethodologyselectedandusedforthe
Unicornprojectisanagilemethodology,whichinprincipleisiterativewhilesomeofthebasicprinciplesitrelies
onpromoteunderstandingbetweenthebusiness,technicalandscientificneedsofaprojectbylayingoutclear
expectationsatthebeginningandateachmilestone(softwarerelease)achievedbytheproject[86].Theagile
methodologybuildsonincreasedcommunication,throughouttheprojectanditfairlydeliverstherequirements
earlierthantraditional,waterfallapproachesforsoftwaredevelopment.
Therequirementsare iteratively improvedateachnewmilestoneandarekeptup-to-date in thebacklogto
influenceinparallelseveraloftheactivitiesintheproject(e.g.,development,testing,newtechnologyuptaking).
TheaimistobringtogetherthetechnicalandresearchpartnersoftheUnicornproject,andmakethemaware
from the start of the importantbusiness aspects identifiedby its respected stakeholders. Themethodology
promotes understanding of the partners’ different views, consolidates opinions and defines what Unicorn
should do. This enables collection and elicitation of concrete high-level requirements, promoting
communication,alignment,consensusandactivebusinessuserandcustomerinvolvementtomeetthegoals
andneedsoftheproject.
In the followingparagraphsadescriptionof theagileand taskdrivenmethodology followedby theUnicorn
consortiumisprovided.Thismethodologyaimstoidentifykeystakeholdersfortheproject,derivetheUnicorn
systemrequirementsandstirthepartnerstothetechnologiesdominatingtheinterestsofitsstakeholderssoas
toguidethetechnicalworkthatwillfollowafterdesigningtheUnicornreferencearchitecture(D1.2).Figure10
depictsahigh-levelandabstractoverviewofthemethodologyprocess.
Figure10:High-LevelAbstractMethodologytoDeriveUnicornSystemRequirementsandRelevantKeyTechnologies
Thefirsttaskofthemethodologyfollowedinvolvedidentifyingandclearlydefiningthestakeholdersandtarget
audienceoftheUnicornplatformwhilealsoprovidinganupdatedmarketpositioningoftheUnicorneco-system
towardsthecontinuouslyevolvingcloudmarket.AcomprehensivedescriptionofthistaskisfoundinChapter5.
Importantoutcomesofthistaskfortherequirementscollectionprocess,isaconcisedescriptionofthetargeted
stakeholders,derivingaglossaryofkeytechnologytermsthatareunderstandablebyUnicornstakeholdersand
D1.1StakeholdersRequirementsAnalysis
25
definingacomprehensivelistofuserrolesfortheUnicornplatform.ThestakeholdersaretheonestheUnicorn
productwillbedevelopedforandwillbeusedbytheiremployeesandmanagementstaff,therefore,acommon
terminology/glossaryofthekeytechnologiescomprisingtheUnicornplatformwasdefinedandagreeduponby
allpartnersandisprovidedinChapter3.Thisterminologywillbeusedasareferenceguideacrossallfuture
deliverablesandinteractionwithUnicornstakeholders.
ThenexttaskinvolvedtrawlingtheICTindustryresearchandtechnologyleaders’websitesforglobalmarket
and technology reports (e.g.,Gartner, IDC),bestpractices from ICTvisionaries,and thebibliography forkey
technologies(e.g.,cloudplatforms,containersolutions)andrequirements(e.g.,cloudcredentialmanagement),
relevanttotheUnicornidentifiedstakeholdersandtargetaudience.Thisprocessismeanttoactasastarting
point for themarket requirements collection, but not as a comprehensive list of detailed technologies and
requirementsparticularlyrelevanttotheUnicornproject. Inaddition, itwasconsideredvitaltovalidatethis
initial listofcollectedrequirementsincollaborationwiththeindustrialpartnersandpractitionersinorderto
increasethelikelihoodofthewidespreadindustryadoptionoftheresultsproducedbytheUnicornproject.A
summaryofkeyfindingsandpointsofinterestfromtheICTindustryreportsrelevanttotheUnicornprojectare
listedinSection4.1thatfollows.
To this end, an online questionnaire and interviewprocesswas developed to probe the EU ICT industry to
provide,validateandprioritizefine-grainedsystemfunctionalandnon-functionalrequirementsrelevanttothe
Unicornplatform(note:AllquestionscomprisingthequestionnairecanbefoundinAnnexI).Thisisimportant
as inseveralcloudreports (e.g.,Gartner’sMagicQuadrant,Rightscale’sStateof theCloudreport) thereare
statementssuchas“elasticscalingandperformancemonitoringaredrivingcloudadoption”,however,atthe
same time, “elasticity andmonitoring” are also consideredmajor challenges across businesses of all types
withouthighlightingwhatthe“elasticityandmonitoring”keymarketfeaturesareandwhatthechallengesstill
inneedtobeaddressedare. In turn,whilesecurity isoftenstatedassomethingcompanieshighly take into
consideration, often offering high standards and guarantees to their customers, security and data privacy
protectionarealsotoponthelistforcloudchallenges.Atthispoint,oneisleftwondering,whichenforcement
mechanismsareappliedforsecurityanddataprivacyprotectionandwhicharestillconsideredaschallenges.
Onadifferentlevel,asintroducedinChapter2,whilethetermshybrid-clouds,multi-cloudsorevenfederated-
clouds are used in studies across the industry as interchangeable terms, onlywhen specifically questioning
stakeholders (a task performed by Unicorn) it is revealed that organisations often refer to different cloud
deploymentmodelswhenusingtheaforementionedterms.
Therefore,theinterviewprocesswasdesignedtostudystatementsandclarifygeneralizationssuchastheones
mentionedabove.Theinterviewprocessisalsobeneficialforidentifyingthekeytechnologiesuptakenbythe
SMEandStartupeco-systeminEurope,aswellastheemergingtechnologiesthatarewithintheirinterestsbut
cannot be successfully integrated into their software stack yet due to different challenges they are facing.
Specifically, the interview process targeted obtaining insights to more than just key technology concepts
dominatingtheinterestsoftheUnicornstakeholders.Forinstance,containerizationissomethingthatisseento
beofinterestforstakeholders.However,aretherecommongo-tosolutionsforthestakeholdersorarethere
anymixturesofsolutionsutilized?ThesequestionsareofinterestfortheprojectandwillhelpshapetheUnicorn
referencearchitectureandbusinessmodelthatwillbedocumentedinD1.2andD6.1respectively.Inparticular,
theinterviewprocesswasheldaftertheonlinequestionnairewascompletedandwasrefinedeachtimetobest
adapttothe intervieweeprofilebasedonthegivenanswerstoobtaingreateranddeeper insights fromthe
interviewees. The intervieweeswere carefully selected by the consortium to span across different industry
D1.1StakeholdersRequirementsAnalysis
26
domainsrelevanttoUnicornandincluded:(i)4StartupsfromtheCINCUBATORStartupHub;(ii)2SMEmembers
fromtheCyberForumdigitalalliance;(iii)the4Unicornpilotsservicingasplatformdemonstrators;and(iv)10
interviewees from EU-based organisations of various size (large enterprises, SMEs, Startups) not affiliated
directlyorindirectlywiththeUnicornproject.Acomprehensivedescriptionofthequestionnaire,theinterview
processandthekeyfindingsderivedfromthisprocess,canbefoundinChapter6.
Atthispoint,itisimportanttomentionthatallintervieweeswereexplicitlynotifiedthattheinformationgiven
bytheintervieweeinthedurationoftheinterviewprocesswillbekeptconfidential,theinterviewee’spersonal
detailswillnotberevealed,andtheprocessingofallanswerswillbeconductedinananonymousmanner,in
compliance with European Union's data privacy laws, solely for the purpose of deriving the technical
requirementsfortheUnicornproject.Forthesereasons,individualintervieweeanswerswillnotberevealedin
thisDeliverable.
Having obtained all completed questionnaires and interviews, the next two tasks involved cross-examining,
correlating,analysingandelaboratingontheresultsinordertomaptheobtainedkeyfindingstoalistofsystem
functional and non-functional requirements (Chapter 7). In addition, this procedure helped us to better
understand thegoals andexpectationsof theusers and stakeholders in amarket like theone thatUnicorn
wishestotarget.Thisprocesshasgreatlycontributedtotheprojectasitallowsustohaveamoreconcisepictureof the key technologies to uptake (e.g., which cloud platforms and containerized solutions are used by ourstakeholders)inthespanoftheprojectandderivetheUnicornreferencearchitectureinD1.2.Basedonthedeepinsightsobtainedfromtheinterviews,wemanagedtodefineasetofuser-andsystem-perspectivetechnical
requirementsthatpavethewayforthedesignanddevelopmentoftheUnicornplatform.Furthermore,wealso
provideadescriptionofeveryrolethatwewillconsiderthroughouttheprojectandhoweachroleisconnected
withthefunctionalrequirementsoftheproject.Prioritizingtheobtainedrequirementswasrequiredinorder
forthelonglistofrequirementsdrivenbytheindustrytoreflecttheparticularneedsemergingfromtheUnicorn
demonstratoruse-cases.Wenotethatinordertoreducerepetition,therequirementprioritizationbasedon
thedemonstrators and the key technologies targetedby theprojectwill be introduced inD1.2whereeach
demonstratorandtechnologywillbedescribedandjustifiedindetail,referringtotheuse-casesrelevantand
theexpectedKPIswhichwillbeachievedbyutilizingtheUnicornplatform.
D1.1StakeholdersRequirementsAnalysis
27
4.1 KeyFindingsfromindustrystudies
Table1:IndustryStudiesandPointsofInterestRelevanttoUnicorn
StudyorReport PointsofInterestandKeyFindings
RightScale2016StateoftheCloudReport[87]
1060respondents
34%Developers
55%ITOperations
61%US,19%EU
• Hybrid-cloudadoptionisdominatingICTindustryinterests(71%-up
from58%in2015)
• Challengesforadoptinghybrid-clouddeploymentmodelincludelack
ofresources/expertiseandmanagingmulti-cloudofferings
• DevOpsgrowthandspecificallycontainersolutionadoptionisonthe
rise.Particularly,Dockerismentionedwhichishighlyadoptedby
enterprises(Dockermarketsharemorethandoubledcomparedto
2015)
• GreatestinterestincontainerizedsolutionsisseeninEuropeantech
companies
RightScale2017StateoftheCloudReport[27]
1002respondents
61%US,20%EU
• Hybrid-cloudadoptionnumbersareevenstrongerin2017(78%)
• Cloudcomputingtopchallengesforadoptersnowinclude(other
thansecurityandmulti-clouddeployments):managingcosts,
monitoringandgovernance,improvingperformanceandcompliance
• Challengesforadoptingcontainerizedsolutionsinclude:lackof
experience,security,maturity,monitoringandresource
orchestration
Gartner2016:MagicQuadrantIaaSCloudSolutions[88]
Gartner2016:MagicQuadrantPaaSCloudSolutionsandContainerizedEnvironments[89]
• Studyreportsnotablecloudprovidingsolutionsincludingmarket
leaders,visionaries,challengersandnicheplayers.
• Distinctionofrecommendedcloudserviceprovidersperbusiness
relatedoperation
• Vendorstrengthsandchallengeswhere,evenforAWS(theonly
notableforitsauto-scalingsolution),elasticscalingfeaturessevere
challengesandgrowthpotentialthatcandriveto-and-away
businessestospecificcloudofferingproviders
• TheIaaScloudmarkethasclearleaders,however,thePaaSand
containermarketsareconsideredbattlefieldsalthoughDocker
seemstobeobtainingaclearadvantageinthecontainersolution
field
D1.1StakeholdersRequirementsAnalysis
28
Veracode2016:SecureDevelopmentSurvey[90]
351respondents
230US,121EU
• Sensitivedataexposureistheprimeconcernforallcompanies
• Securityanddataprivacyprotectionchallengesforcloud
applicationsdevelopedbylargeenterprises,SMEsandStartups
• Mostorganizationswant(butnotalwaysable)toincorporate
securityearlierinthesoftwarelifecycle(requirement,development
phase)ratherafterdevelopmentortestingphase
• ReporthighlightsthatDevOpsisprovidingmoreopportunitiesto
integratesecurityanddataprivacyprotectionmentioningsecurity
methodsenforcedbySMEsandStartupsincludingdynamictesting,
webfirewallsandruntimeapplicationprotectioninproduction.
• Mostsignificantchallenge:runtimesoftwarevulnerabilityand
systemmalwaredetection
VisionMobile2017:Stateofthedevelopernation[91]
21,200+Developers
• Amazonistheleaderpubliccloudprovider,regardlessofthetarget
audienceandcompanysize,followedbyAzurecloudforprivate
clouddeployments
• SMEsusepubliccloudprovidersmorethanlargeenterprises
• Highlightsthepopularprogramminglanguagesandframeworksused
indifferentbusinessdomains(machinelearning,AR/VR,front-end
development,backenddevelopment,etc.)
LightBend2016:Cloud,Container&Micro-services[92]
2151JVMdevelopersaround
theglobe
• Micro-servicesareadoptedby55%ofrespondentDevOpsteams
• DevOpsteamsareembracingmicro-servicesbecauseofincreased
security,improvedresourcemanagementand(elastic)scaling
• Micro-service“laggards”arelargeenterprises
• Toolsneededtoeasemicro-servicedeliveryincludeAPI
management,serviceorchestration,monitoring,andcontinuous
delivery
• PortabilityisconsideredbyDevOpsahugebarriertoovercome
whenbuildingcloudapps
DZone2017:"DevOps:ContinuousDeliveryandAutomation"
497respondents
30%US,45%EU,25%Other
GitLab:2016GlobalDeveloperReport[93]
362StartupandEnterpriseCTOs
• 1outof4SMEshavededicatedDevOpsteamincontrasttothelarge
enterpriseswitha1outof2ratio
• 67%ofDevOpsteamsusingmicro-servicessomehowcomparedto
27%inpreviousyear
• 51%ofDevOpsteamsusecontainerizedsolutionscomparedto25%
inpreviousyear
• PreventingDevOpsteamsfromadoptingacontinuousdelivery
pipelineareconsidered:lackofexperience,unifiedenvironment
toolsformanagementandmonitoring
• Developersusegitforsourcecontrolonadailybasis(92%)while
continuousintegrationisadopted,atsomelevel,by77%of
questionedorganisationsandapplicationmonitoringisconsidered
asveryimportantby67%
D1.1StakeholdersRequirementsAnalysis
29
RebelLabs:2016DevelopmentandProductivityReportandJavaLandscape[94]
2040respondents
RebelLabs:2017ProgrammingtheWebReport[95]
2000Respondents
StackOverflow:2016DeveloperReport[96]56003developers
StackOverflow:2017DeveloperReport[97]64000developers
• TheEclipseIDEisthemostpopularIDEamongdevelopersforover5
yearsnowandisusedexclusivelyby48%ofquestioneddevelopers,
withthepercentagegrowingto55%whenusedwithotherIDEs
(IntelliJIDEA,NetBeans,SpringToolSuite)
• ThereisashiftamongdevelopersfromdesktopIDEstocloudIDEs
withthemostnotablecloudIDEsbeingEclipseChe,SAPHanaand
Cloud9
• Micro-serviceadoptionisparticularlyhighforsmallbusinesseswhile
largeenterprisesaremorehesitant
• 68%ofmicro-serviceadoptersclaimthatmicro-servicesmake
developer’sjobeasier
• Reportdenotesthemostpopularprogramminglanguagesper
businessoperationdomain
• Annotationprogrammingparadigmisdominatinginterestsofjava
andpythondevelopersparticularlyduetothepopularityofSpring
andDjangoframeworkswhichprovidedataabstractions
• RebelLabs2017istheonlyreportdenotingthego-toframeworksfor
micro-servicedevelopmentinjava(Spring,Play)
D1.1StakeholdersRequirementsAnalysis
30
5 UnicornStakeholderIdentification
5.1 StakeholdersandTargetAudienceSmallandmediumenterprises(SME)playaveryimportantroleinEuropeaneconomy.Statisticsshowthatat
present,SMEs(includingstart-ups)amountto99%oftheorganisations,provide60%ofthetotalproduction
value and about 40% of the profit [98]. Moreover, SMEs offer 75% of the jobs. SME contributions to the
innovation system include not only R&D based new products and services, but also improved designs and
processesandtheadoptionofnewtechnologies.
Butatthesametime,theprocessofsupportingofEuropeanSMEslagsbehindduetomarketandeconomic
factors,suchasintensemarketcompetition,demandatrophy,resourcecosts,hightaxesandlowinvestment.
StrategiestoenhancethecompetitivenessofinnovativeICTSMEsshouldtakeintoaccountthat:
• New information and communication technologies facilitate global reach and help reduce the
disadvantageofscaleeconomieswhichsmallfirmsfaceinallaspectsofbusiness.
• Flexible specialisation has proven to be a particularly successful model of industrial organisation:
throughcloseco-operationwithotherfirmsSMEscantakeadvantageofknowledgeexternalitiesand
rapidlyrespondtomarketchanges.
• Usage of cloud development environments lowers the need for administration skills and frees the
companytoconcentrateontheircorebusiness.Whiletoday’sinstallationsareoftenlocal,itisonlya
matteroftimebeforedevelopmentenvironmentsaremigratedtoCloudplatforms.
• Cloud provides a perfect relationship between user demand and price – it is elastic. Fees increase
incrementallyasusersusemorefunctionalities.
Atthesametime,currentcloudenvironmentshavesignificantweaknessesandthereforeincreasethecritical
viewoncloudtransition.Mainbarriersforclouddevelopmentareoutlinedasfollows:
• Complex and costly development process: Developing new SaaS solutions or redeveloping existing
solutionsforthecloudonexistingPaaSisacomplexandverycostlyprojectmakingitoftenprohibitive
especiallyforSMEs.
• Highdependencyoncloudinfrastructureprovider:Thefearofasocalledvendorlock-inisoneofthe
majorbarrierstocloudserviceadoption.Customerscannoteasilymovetoacompetitor’sservice.
• Security Concerns: Deploying confidential information and critical IT resources in the cloud raises
concernsaboutvulnerability toattack,especiallybecauseof theanonymous,multi-tenantnatureof
cloudcomputing.
• DataPrivacy:Regulationofdataprivacypresentstheadditionalthreatofsignificantlegalandfinancial
consequencesifdataconfidentialityisbreached,orifcloudprovidersinadvertentlymoveregulateddata
acrossnationalorEuropeanborders.ACSOOnlinesurvey[99]foundthatthetopfivesecurityorprivacy
related concerns for cloud were all related to ubiquitous data access, regulatory compliance and
managingaccesstothedataandtheapplications.
Unicorn’sscopelieswithinthecoreofstrengtheninginnovationcapacity,anddevelopinginnovationsthatmeet
theneedsofEuropeanICTSMEsandstart-ups.Theprojectaspirestobringtogetherallstakeholdersinvolvedin
thevaluechainofdevelopingCloudsoftwareservices,and,activelyinvolveexternalSMEsandstartupsthrough
D1.1StakeholdersRequirementsAnalysis
31
validation subcontracts. The project aims in delivering a set of innovative concepts, tools and services, for
making the European ICT and software engineering SMEsmore competitive, increasing their scientific and
technologicalpotential.
UnicornspecifictargetaudiencecomprisesITserviceproviders,who,accordingtoDigitalSMEAlliance,count
over 750,000 SMEs in Europe. These SMEs are eager in increasing their market share of the huge Cloud
Computingmarket,worthover$131billion,asNorthAmericatakeshomemorethanhalfoftheglobalrevenues.
Wearetargetingthefollowingthreeaudiencecategories:
• SmallandmediumsizedIndependentSoftwareVendors(ISVs):whocurrentlyofferonpremisebusiness
applicationsbut,inthefuture,wanttoofferthese“asaservice”.
• Startups:whointendtodeployown,newservices,withaneedfordevelopinganddeployingsecureand
elasticapplications.
• SMEs already offering SaaS solutions: Unicorn features will allow them to concentrate on core
functionalityandre-useparticularknowledge,insteadofspendingeffortsforscaling,monitoringand
securityissues.
Concluding,UnicornwillcontributetoallthreeEUDigitalSingleMarket(DSM)pillars,namelytothe“Access”
pillar by lowering the barrier for SME’s to develop advance cloud services, to the “Environment” pillar by
supporting the creation of a trusted cloud environment for European SMEs and finally to the “Economy&
Society”pillarbyofferingasolutionthatwillimproveinteroperability,willcontributetostandardsandwillallow
ICTSMEstoconcentrateontheircorecompetenciesandgrow.
5.2 UserRolesTable2introducestheidentifieduserrolesfortheUnicorneco-system.Fromthistable,weobservethatthe
Unicorneco-systeminvolvesmanyroleswithdiverseresponsibilities.Someoftheseresponsibilitiesmayoverlap
amongusersoftheplatformwhich,atfirst,mayseemtoleadtomisleadinginterpretationofuserroleduties.
However,aswewillseeinthenextChapter,inDevOpsteams,thesilverliningbetweenrolesinthedevelopment
teamarequiteblurwithteammembersoftenuptakingresponsibilitiesspreadacrossdifferentuserroles(e.g.,
aCloudApplicationDevelopermayalsobeinchargeofTestingortheApplicationAdministratormayalsobea
Developeraswell).
InthefollowingTable,theActorterminologyanddescriptionsaredesignedtoclarifyandsummarizeeachactor’s
roles.
Table2:UnicornActors
Actor Description
CloudApplicationOwner
Thepersonprovidingthevisionfortheapplicationasaproject,gatheringandprioritizing
user requirementsandoverseeing thebusinessaspectsofdeployedapplications (e.g.
businessdelivery,functioningandservicesoftheapplication)inaccordancewithvarious
criteria(e.g.costminimizationandpolicydefinitionlikelegalconstraints)
D1.1StakeholdersRequirementsAnalysis
32
DevOpsTeam Development, operation and testing of cloud applications, including the roles: Cloud
Application Product Manager, Cloud Application Developer, Cloud Application
AdministratorandCloudApplicationTester.
CloudApplicationProductManager
Thepersondefiningthecloudapplicationarchitectureandimplementationplanbased
on the Cloud Application Owner’s requirements. This person is also responsible for
packagingthecloudapplicationandenrichingthedeploymentassemblywithruntime
enforcementpolicies for theplaceholdersdefined via codeannotationsby theCloud
ApplicationDeveloper.
CloudApplicationDeveloper
The person that develops a cloud application by using the Unicorn-compliant code
annotation libraries in order to run on a Unicorn-compliant (multi-) cloud execution
environment.
CloudApplicationAdministrator
The person responsible for deploying and managing the lifecycle of developed and
Unicorn-compliantcloudapplications.Thispersonensurestheapplicationrunsreliably
andefficientlywhilerespectingthedefinedbusinessorotherincentivesintheformof
policiesandconstraints.
CloudApplicationTester
ThepersonresponsibleforthequalityassuranceandtestingofaCloudApplication.The
CloudApplicationTesterperformsdeploymentassemblyvalidation(atbusinessand
technicallevel).
CloudApplicationEndUser
ThepersonusingthedeployedUnicorn-compliantcloudapplication.
UnicornAdministrator
The person responsible formanaging andmaintaining theUnicorn ecosystem,which
includesinfrastructure,varioussoftwareandarchitecturalcomponentse.g.CoreContext
Model,codeannotationlibrariesandEnablersinterpretingandenforcinggivenpolicies
andconstraints.
UnicornDeveloper The person that creates Unicorn related (software) components for compliant Cloud
Providers and/or DevOps Engineers such as e.g.Monitoring Probes, code annotation
libraries,servicesutilizingtheUnicornAPI
CloudProvider Organization or service provider that provides cloud offerings in the form of
programmableinfrastructureaccordingtoaservice-levelagreement.TheCloudProvider
isalsoresponsibletooperatetheCloudExecutionEnvironmentsthatwillhostentirely
orpartiallyUnicorn-compliantCloudApplications.
D1.1StakeholdersRequirementsAnalysis
33
Finally,wenotethat,asitcanbeobservedinChapter7,someoftheActorspresentedintheprevioustablemay
not be assigned to any functional requirements (e.g., CloudApplication EndUser), however their existence
contributesintohavingamorecompletedescriptionoftheoverallsystem.
5.3 MarketpositioningOverthepastyears,theworldwidecloudmarkethasevolvedandisexpectedtoenteraperiodofstabilisation
withprojectionsofgrowthof18%in2017tototal$246.8billion,upfrom$209.2billionin2016,accordingto
Gartner[100].Thehighestgrowthwillcomefromcloudsysteminfrastructureservices(IaaS),whichisprojected
togrow36.8%in2017toreach$34.6billion,eveniftheIaaScloudmarkethasclearleadersinAWSandMicrosoft
assuggestedbytheGartner’smagicquadrantforCloudInfrastructureasaServiceworldwidein2016[101].
TheCloudApplicationInfrastructureServices(PaaS)arealsoexpectedtoincreasefrom$8,851millionin2017
to$14,798millionby2020whileCloudManagementandSecurityServicesfollowasimilargrowthrate,from
$8,768millionto$14,004million,respectively[102].AccordingtoKPMG,Platform-as-a-Service(PaaS)adoption
ispredictedtobethefastest-growingsectorofcloudplatforms,growingfrom32%in2017to56%adoptionin
2020[103].Theapplicationcontainersegmentalsoreachedarobust$762million in2016and is forecastto
growata40%compoundrateoverthenextfouryearsto$2.7billion[104],suggestinganimpressiveadoption
growthforatechnologythatwasonlyrecentlybroughttothemarket.
Inparallel,DevOpsisaleadingsoftwareengineeringtrend,representingtheshiftfromtraditionalphased,large-
scale delivery models to an agile, continuous continuous delivery mind-set, enabled by better integrating
developmentandoperationsteamswithinITandemployingmoreautomatedprocesses.TheDevOpsandMicro-
serviceeco-systemmarketisbroadlyexpectedtogrowgloballyatarobustCAGR16%between2017and2022,
reaching $10 billion by 2021 [105]. In practice, though, coding and deploying reliable, loosely coupled,
production-gradeapplicationsbasedonmicro-servicesremainschallengingandevenfrustratingforsoftware
teams who need to account for service discovery, load balancing, fault tolerance, end-to-end monitoring,
dynamicroutingforfeatureexperimentation,complianceandsecurity.
Today,anumberofindustrialplayershavehitthemarketwithclouddevelopersolutionsregardingContainers,
UnikernelsandMicro-services(orDevOpsinabroadersense)asdepictedinthefollowingfigure.
D1.1StakeholdersRequirementsAnalysis
34
Figure11:UnicornMarketPositioning
Inbrief,fromthecontainerstechnologyperspective,theopensourceDockerispracticallyleadingthemarket
and isoftencharacterizedasan“almost”de factocontainerstandard (alsoevident inour interviewprocess
results)thathasgainedmostpublictractionduetoitssimplicityandflexibilityinallowingdeveloperstowrap
theirsoftwareinacontainerthatprovidesacompletelypredictableruntimeenvironment.Otherexamplesfor
container technologies are: CoreOS’ rkt (Rocket) or Cloud Foundry’s Garden / Warden. A recent survey
conductedbyCloudFoundry[106]thoughlistedsignificantcontainerchallengeslikecontainermanagement,
monitoringandpersistencestoragethatmayhinderfurthermarketpenetrationwhilecontainerpersistenceis
in fact acknowledged as a barrier in advancing to stateful containers that are appropriate for production
environments.
Fromtheunikernelperspective,althoughtheconceptisquiteold(since1980’s),anumberofecosystemprojects
supportingthedevelopmentanduseofunikernelshaveemergedinthecloudcomputingageallowingforthe
creationofminimal,bespokeunikerneloperatingsystemsinmanydifferentwaysformanydifferentapplications
onmany different hardware platforms. Some systems (like Rumprun) are language-agnostic, and provide a
platformforanyapplicationcodebasedontherequests itmakesof theoperatingsystemwhileothers (like
MirageOS andHaLVM) leveragehigh-level languages and a runtime to provide anAPI for operating system
D1.1StakeholdersRequirementsAnalysis
35
functionality. OSv and the Xen hypervisor have gained significant attention yet they also impose certain
limitationstoapplicationsaspiringforaunikernelcompilation(e.g.nomultipleprocessesonasinglemachine,
work as single user, need for provision for internal diagnostics when it comes to debugging). Overall, the
unikernelmarketremainsinaratherembryoticstatuswithmostsolutionsstillundergoingtheirexperimental
phaseswhile it isexpected tobeaffectedby the futureevolutionofcontainers (e.g.Docker'sacquisitionof
UnikernelSystems).
Withregardtomicro-services,althoughthediscussionaboutmicro-servicesarchitecturesstartedin2014,the
actual widespread implementation was initiated by Netflix which open sourced plenty of frameworks for
implementingmicro-services[107].Infact,theriseofcontainersandthebroaderacceptanceofwebprotocols,
suchasHTTP, JSONandREST,has resulted inbringingbackserviceorientation tocontemporaryapplication
development and is driving the micro-services momentum. In May 2017, two significant industry-driven
initiativesonthemicro-servicesandDevOpsworldwereannounced:Istio,anopentechnologybyGoogle,IBM
andLyfttostreamlinethemanagementandsecurityofmicro-servicesthroughanintegratedservicemesh,and
OpenShift.io, a free, online development environment by Red Hat optimized for creating cloud-native,
container-basedapplications andautomating theentire applicationpipelineenabling companies tobecome
moreDevOpsdrivenandagile.Inthiscontext,itneedstobenotedthattheroleoforchestrators,aswellasof
continuous integration / continuous delivery solutions, is also instrumental for effective micro-services
managementanddeployment.Kubernetes,anopen-sourceplatformforautomatingdeployment,scaling,and
operations of application containers across clusters of hosts, providing a container-centric infrastructure, is
acknowledgedasa leader incontainerorchestrationandmanagement, followedbyotherplatformssuchas
DockerDatacenter,ApacheMesos,andCloudFoundry,thatalsorunandorchestratemicro-services.
In more detail, in the following tables, 9 developer platforms (namely Docker, IncludeOS, Istio, linkerd,
MirageOS,OpenShift.io,OSv,Rumprun,Rkt)havebeenselected,takingintoaccounttheirrelevancetoUnicorn
and thedegree towhich their features represent theircategory,andhavebeen furtheranalysed.Note: the
informationprovidedinthetablesisbasedontheofficialdocumentationprovidedineachplatform’swebsite
andGitHubatthetimeperiodwhenthisdeliverablewaswritten(May2017).
D1.1StakeholdersRequirementsAnalysis
36
Table3:MarketPlayersAnalysis–BriefOverview
Platform Category ShortDescription SupportedLanguages SupportedPlatforms
Docker[108] Containers Dockerisacontainerplatform,packaginganapplicationandits
dependencies inavirtualcontainer inordertoenableflexibility
andportabilityonwhere theapplicationcan run, tobuildagile
software delivery pipelines (allowing for shipping new features
faster andmore securely) and to manage apps side-by-side in
isolatedcontainerstogetbettercomputedensity.
All Ubuntu, Debian, Red Hat
EnterpriseLinux,CentOS,Fedora,
Oracle Linux, SUSE Linux
Enterprise Server, Microsoft
Windows Server 2016, Microsoft
Windows 10, macOS, Microsoft
Azure,AmazonWebServices
IncludeOS[109] Unikernels IncludeOS isan includable,minimalunikerneloperating system
for C++ services running in the cloud, providing a bootloader,
standardlibrariesandthebuild-anddeploymentsystemonwhich
torunservices.
C++ Linux, Microsoft Windows and
AppleOSX
Istio[110] DevOps –
Microservices
Istio is an open platform to connect, manage, and secure
microservices, providing an easy way to create a network of
deployed services with load balancing, service-to-service
authentication,andmonitoring,withoutrequiringanychangesin
servicecode.
Allforappdevelopment Platform-independentbutservice
deployment only on Kubernetes
(v1.5orgreater)atthemoment-
other environments will be
supportedinfutureversions.
Linkerd[111] DevOps –
Microservices
Linkerd is a transparent proxy that adds service discovery,
routing, failure handling, and visibility to modern software
applications.
All All
MirageOS Unikernels MirageOSisalibraryoperatingsystemthatconstructsunikernels
for secure, high-performance network applications across a
varietyofcloudcomputingandmobileplatforms.
Base unikernel language:
OCaml
x86_64 or armel Linux host to
compileXenkernel.
FreeBSD,OpenBSDorMacOSXfor
theuserlevelversion.
OpenShift.io[112] DevOps -
Microservices
OpenShift.io is a Kubernetes-based container management
platform that provides developerswith the tools they need to
build cloud-native, container-based apps, including team
collaboration services, agile planning, developer workspace
management,anIDEforcodingandtesting,aswellasmonitoring
andcontinuousintegrationanddeliveryservices.
All Linux
D1.1StakeholdersRequirementsAnalysis
37
Platform Category ShortDescription SupportedLanguages SupportedPlatforms
OSv Unikernels OSvisanewopen-sourceoperatingsystemforvirtual-machines
fromCloudiusSystems.OSvwasdesignedfromthegroundupto
executea singleapplicationon topofahypervisor, resulting in
superiorperformanceandeffortlessmanagement.
JVM languages (Java,
JRuby, Scala, Groovy,
Clojure,JavaScript),Ruby
Built on 64-bit x86 Linux
distribution
Rumprun[113] Unikernels Rumprun is a production-ready unikernel that uses the drivers
offered by rump kernels, adds a libc and an application
environmentontop,andprovidesatoolchainwithwhichtobuild
existingPOSIX-yapplicationsasRumprununikernels.
C, C++, Erlang, Go, Java,
Javascript (node.js),
Python,RubyandRust.
hw/x86+x64andXen/x86+x64
Rkt[114] Containers CoreOS’ rkt is CLI for running application containers on Linux,
designedtobesecure,composable,andstandards-based.
Allforappdevelopment-
Command line
environment for
container construction
(nocustomDSL)
Linux
D1.1StakeholdersRequirementsAnalysis
38
Table4:MarketPlayersAnalysis–DevOpsSupportandHighlightFeatures
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Docker Completedeveloper
toolkitforcreating
containerizedapps
(build,testandrun
multi-containerapps).
DockerComposefor
development,testing,
andstaging
environments,aswellas
CIworkflows.
DeployinDockerCloud,
AWS,Azure,Digital
Ocean,Packet,
SoftLayer.
Universalpackaging,
portabilitytoany
machinerunning
Docker.
DockerComposefor
orchestration–also
runningKubernetes,
Mesos,AmazonECS,
GoogleContainer
Engine.
DockerMachinefor
provisioningand
managingyour
Dockerizedhosts.
Securebydefault:
MutualTLS,certificate
rotation,imagesigning
andcontainerisolation
DockerSwarm:manual
scalingandbuilt-in
swarmclustering.
Softwaredefined
networkingconnects
containerstogether,
intelligentlyroutesand
loadbalancestraffic.
DockerStore
distributingfreeand
paidimagesfrom
variouspublishers.
AnumberofDocker
certifiedplugins.
IncludeOS Notaddressed. KVM,VirtualBoxand
VMWaresupportwith
fullvirtualization,using
x86hardware
virtualization-Runon
anyx86hardware
platform.
Notaddressed. Increasedsecurityby
defaultinunikernels.
Notsupported. -
Istio Conversionofdisparate
microservicesintoan
integratedservice
mesh.
Dynamicrequest
routingforA/Btesting.
Deploymentof
microserviceswithout
worryingaboutservice
discovery.
Provisionforcanary
deployments.
Fine-grainedcontrolof
trafficbehaviourwith
richroutingrules,fault
tolerance,andfault
injection.
Policychangesaremade
byconfiguringthe
mesh.
Extendedversionofthe
Envoyproxytomediate
allinboundand
outboundtrafficforall
servicesintheservice
mesh.Automaticzone-
awareloadbalancing
andfailoverfor
HTTP/1.1,HTTP/2,
gRPC,andTCPtraffic.
Trafficencryption,
service-to-service
authenticationand
strongidentity
assertionsbetween
servicesinacluster
basedonpolicies.
Vulnerabilitychecksofa
networkanddetection
ofunusualpatterns
(causedbymalwareand
bots).
Apluggablepolicylayer
andconfigurationAPI
supportingaccess
controls,ratelimitsand
quotas.
-
D1.1StakeholdersRequirementsAnalysis
39
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Mixerforenforcing
accesscontroland
usagepoliciesacross
theservicemeshand
collectingtelemetry
datafromtheEnvoy
proxyandother
services.
Fleet-wideVisibility:
Automaticmetrics,logs
andtracesforalltraffic
withinacluster,
includingclusteringress
andegress.
Keyandcertificate
distributioninIstioAuth
isbasedonKubernetes
secrets.
Nosupportfor
authorizationatthe
moment.
linkerd Notapplicable. linkerdrunsasa
separatestandalone
proxy:Applications
typicallyuselinkerdby
runninginstancesin
knownlocations,and
proxyingcallsthrough
theseinstances—i.e.,
ratherthanconnecting
todestinationsdirectly,
servicesconnecttotheir
correspondinglinkerd
instances,andtreat
theseinstancesasif
theywerethe
destinationservices.
Aconsistent,uniform
layerofinstrumentation
andcontrolacross
services:linkerdapplies
routingrules,
communicateswith
existingservice
discoverymechanisms,
balancesrequesttraffic
usingreal-time
performance,reducing
taillatenciesacrossthe
application,and
providesdynamic,
scoped,logicalrouting
rules,enablingblue-
greendeployments,
Notapplicable. Handlestensof
thousandsofrequests
persecondperinstance
withminimallatency
overhead.Scales
horizontallywithease.
-
D1.1StakeholdersRequirementsAnalysis
40
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
staging,canarying,
failover.
MirageOS Solo5isthe"baselayer"
torunanddebug
MirageOSunikernels.
Allsourcecode
dependenciesofthe
inputapplicationare
explicitlytracked,
includingallthelibraries
requiredtoimplement
kernelfunctionality.
RunsunderXenand
KVMhypervisors,and
lightweighthypervisors
likeBSD'sbhyve.
DeployinAmazonEC2
andGoogleCompute
Engine.
Potentialtospecifya
versionorrangeof
versionsforapackage
dependency.
Supportforlogging
only.
Increasedsecurityby
defaultinunikernels.
Seamlessscalingofdata
structuresthrough
Irmin,alibraryfor
designingGit-like
distributeddatabases,
withbuilt-inbranching,
snapshoting,reverting
andauditing
capabilities.
RresultisanOCaml
moduleforhandling
computationresultsand
errorsinanexplicitand
declarativemanner
withoutresortingto
exceptions
OpenShift.io Anonlinedevelopment
environmentfor
planninganddeveloping
hybridcloudservices
withprioritizable
backlogsandkanban
boardsaswellas
coding,editing,and
debuggingtoolsbuilton
EclipseChe.
Integratedand
automatedCI/CD
pipelines.
Automaticallycreate
containerized
development
environmentswiththe
workspacemanagement
capabilitiesofEclipse
Che,andusing
OpenShiftOnline,a
managed,multi-tenant
offeringofRedHat
OpenShift.
Integrationofthe
JenkinsPipelineplugins
toallowingdevelopers
toassembletheirbuild
pipeline.Pipeline
definitionsarewritten
usingaGroovyDSL.
OpenShift.ioAnalytics
appliesmachine
learningalgorithms
basedontheusage
patternofcomponents.
Thedataisgathered
fromvariouspublicdata
sourcessuchasGithub,
MavenandNPMalong
withourowninternal
OpenShiftdata.
Detectionofvulnerable
packages(indirectly
throughanalytics).
ContainerHealthIndex
thatinspectsandgrades
allofRedHat’sown
containerproducts,as
wellasthosefromits
ISVpartners,toensure
theyaresecureand
stable.
Notaddressed RedHatOpenShift
ApplicationRuntimes,
pre-builtcontainerized
runtimefoundationsfor
microservicesthat
includesupportfor
Node.js,EclipseVert.x,
WildFlySwarmand
others.
D1.1StakeholdersRequirementsAnalysis
41
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Automaticallycreate
Linuxcontainerbased
environmentswithout
theneedtoinstall
anythinglocallyordeal
withdockercommands
andKubernetes
configuration(orYAML)
files.
OSv Rapidlybuildingand
runninganapplication
onOSvthrough
Capstan.
Runsunderhupervisors:
KVMandXen(fully),
VirtualBoxandVMWare
(experimental).Deploy
inAmazonEC2(fully
functional),Google
ComputeEngine
(experimental).
Packagingandrunning
anapplicationonOSv
throughCapstan.
OSvRESTAPItosimplify
management.
In-browserdashboard
providingliveupdates
andincludingOSbasics
suchasmemoryusage
andCPUload,
Tracepointsforall
systemandapplication
functionality,JMX
endpoints(usingthe
JolokiaJMX-over-REST
connector),
Application-specific
metrics,whichcanbe
addedbythe
applicationdeveloper
Increasedsecurityby
defaultinunikernels.
Cloud-initmechanism
providingper-instance
configuration
parameterstoanOSv
VMatboottime.
-
Rumprun Rumprundoesnotbuild
atoolchain,butcreates
wrappersarounda
toolchainthedeveloper
supplies.
Runsunderhypervisors
(KVMandXen),andon
baremetal.Rumprun
canbeusedwithor
withoutaPOSIX'y
interface.
Verylimitedmonitoring
throughremotesyslog.
Increasedsecurityby
defaultinunikernels.
N.A. -
D1.1StakeholdersRequirementsAnalysis
42
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Rumpkernels
essentiallyprovidea
driverkitproviding
easy-to-integrate
drivers,withthesetof
driversvaryingper
driverkitandusingthe
NetBSDanykernel
architecturetoprovide
unmodifiedNetBSD
kerneldrivers.
Rkt Acommandlineutility,
acbuild,tobuildand
modifycontainer
images,intendedto
provideanimagebuild
workflowindependent
ofspecificformats
(currentlyitsupports
ACI,OCI).
Applydifferent
configurations(like
isolationparameters)at
bothpod-levelandat
themoregranularper-
applicationlevel.
Supportfortwokindsof
pod(coreexecutionunit
ofrkt)runtime
environments:an
immutablepodruntime
environment,anda
new,experimental
mutablepodruntime
environment.
Clusterorchestration
andmanagement
throughcontainer
orchestrationengine
Fleet(anopen-source
clusterscheduler
designedtotreata
groupofmachinesas
thoughtheysharedan
initsystem),tobe
replacedbyKubernetes
inJanuary2018.
rktisdevelopedwitha
principleof"secure-by-
default",andincludesa
numberofimportant
securityfeatureslike
supportforSELinux,
TPMmeasurement,and
runningappcontainers
inhardware-isolated
VMs.
Notaddressed. -
D1.1StakeholdersRequirementsAnalysis
43
Table5:MarketPlayersAnalysis–Perspectives
Platform Performance Integrationwith3rd
partyservices
CommunityAdoption Maturity Pricingmodel
Comments
Docker High [115], [116] (with
Czipri noting that in
certain experiments,
Docker spent a lot less
CPU time being nearly
equivalent with bare-
metal)
Extensible through
open APIs, plugins
anddrivers
High – 40% market share
growth from March 2016
until March 2017 [Source:
Datadog]
Medium Docker Community
Edition:Free
Docker Enterprise
Edition: from $750
pernodeperyear
Significant learning curve.
Differences on how it runs on
differenthostmachines.
Complete and explanatory
documentation.
IncludeOS High (Extremely small
disk- and memory
footprint,Veryfastboot
time: <0.3 seconds
according to
benchmarks[117])
N.A. Low(41contributorsand187
forksinGitHubrepositoryas
of May 29th, 2017) [Source:
GitHub]
Low - v0.8 released
inJune2016
Open source under
Apache2.0licence
Adequatedocumentation
Istio Not officially assessed
yet – Beta version
planned to track
performance testing,
benchmark/comparison,
performance regression
[118]
Extending Envoy
proxyfromLyft
Kubernetes
Calico-ongoing
Medium - Support of key
industry players & strong
community interest (22
contributors and 147 forks
on GitHub repository as of
June 14th, 2017) [Source:
GitHub]
Low – v0.10
released in May
2017
Open source under
Apache2.0licence
Explanatory introduction and
documentation
linkerd Medium[119] Docker-compose,
DC/OS, Mesos,
Kubernetes
Low(43contributorsand198
forksonGitHubrepositoryas
of June 14th, 2017) [Source:
GitHub]
Medium – v1.1.0
released in June
2017
Open source under
Apache2.0licence
Complete and explanatory
documentation.
MirageOS High[120],[121] ModularOS
libraries,whichcan
beswitchedwhen
needed.
Low(34contributorsand122
forks on mirage/mirage
GitHubrepositoryasofMay
29th,2017)[Source:GitHub]
Medium – v3.0
releasedinFebruary
2017
Open source under
ISC License (with
some exceptions
released under
LGPLv2)
Adequatedocumentation.
D1.1StakeholdersRequirementsAnalysis
44
Platform Performance Integrationwith3rd
partyservices
CommunityAdoption Maturity Pricingmodel
Comments
OpenShift.io Not officially assessed
yet
fabric8, Jenkins,
Eclipse Che,
OpenJDK, PCP,
WildFly Swarm,
Eclipse Vert.x,
Spring Boot,
OpenShift
Kubernetes
Low(12contributorsand23
forksonGitHubrepositoryas
of June 14th, 2017) [Source:
GitHub]
Low – announced
andlaunchedinMay
2017, developer
preview available
uponrequest
Open source (exact
license not
announcedyet)
Minimal documentation at the
moment.
OSv High (A typical Capstan
image is only 12-20MB
larger than the
application,andadds~3
seconds to the build
time, according to the
official website and
third-party evaluations
conducted)
Jolokia JMX-via-
JSON-REST
connector,
NewRelic
Low(87contributorsand458
forks on GitHub as of May
29th,2017)[Source:GitHub]
Low – currently on
betaversion
Open source,
distributed under
the 3-clause BSD
license
-
Rumprun High[122] Workinprogress.
TravisCI integration
fornewreleases.
Low(16contributorsand75
forks on
rumpkernel/rumprun
GitHubrepositoryasofMay
29th,2017)[Source:GitHub]
Low – still on
experimentalphase
Open source,
distributed under a
2-clauseBSDlicense
-
D1.1StakeholdersRequirementsAnalysis
45
Platform Performance Integrationwith3rd
partyservices
CommunityAdoption Maturity Pricingmodel
Comments
Rkt Medium (especially
when it comes to
containerstartuptimein
comparison to Docker
[123])
init systems (like
systemd,upstart).
Kubernetes (via
“rktnetes”),Nomad,
Mesos, Mulled,
Quay.io, SELinux,
cAdvisor.
Support for
swappable
executionengines.
Natively run Docker
images.
Medium (185 contributors
and 699 forks on rkt/rkt
GitHubrepositoryasofMay
29th,2017)[Source:GitHub]
Medium Open source under
Apache2.0license
-
D1.1StakeholdersRequirementsAnalysis
46
In a In a largely unchartered and rapidly evolving cloud landscape consisting of DevOps, Containers andUnikernels,UnicornispositionedasanovelDevOpsasaServicewithauniquevaluepropositioninsimplifyingthedesign,deploymentandmanagementofsecureandelasticbydesign,multi-cloudservices.Incontrasttothe existing platforms (that were analysed in the previous paragraphs and typically offer rather targetedsolutions),UnicornwilladdressdifferentDevOpsphases,rangingfromDevelopment,ContinuousIntegration&Testing,andContinuousDeployment&Packaging,toOrchestration,Management&Monitoringinasolidandconsistentmanner.Fromthetechnologywatchandmarketanalysisinitiallyconducted(andthatwillbeongoingthroughouttheproject implementation), IstioandOpenShift.ioaretheplatformsthataredirectlyrelatedtoUnicorn yet, taking into account that theywere only very recently announced, they signify that Unicorn isattunedtotheactualstakeholders’needsintherapidlygrowingcloudDevOpsmarket.
In particular, in respect to micro-services, Unicorn will facilitate the DevOps teams within ICT SMEs (thatrepresentthecoretargetaudienceofUnicorn)inadoptingthemicro-servicearchitecturalparadigmbyprovidinga unifiedweb IDE for development, deployment andmanagement of cloud applications.Going beyond theofferingsoftheexistingplatforms,Unicornputsparticularemphasisonsecurity,scalabilityandelasticitycontrolenabled through policy and constraint definition, as well as through continuous risk and vulnerabilityassessment,andcomplementsitssolutionwithadvancedorchestrationandmonitoringcapabilities.Asfarasthe container and unikernel technologies for cloud application packaging and deployment are concerned,Unicornwillpursue,inordertofacilitateadoption,tosupportpopularcontainerizedexecutionenvironments(e.g.,Docker,CoreOS)andtoorchestratecontainers/unikernelsthatwillbeabletohostcomplexandresourceintensivecloudapplicationsinaminimal,yetpersistent,mannerfortheDevOpsteam,basedonthecontinuouseffortsof theproject toprobe theEU ICT industry for the technologies trulydominating their interestsandneeds.
D1.1StakeholdersRequirementsAnalysis
47
6 RequirementAnalysisSchemeThisChapterdocumentsthekeyfindingsoftheanalysisperformedontheresultsofthedisseminatedonlinesurveyandthepersonalinterviews.
6.1 IntervieweeProfileAltogether20organisationsoperatinginmultipleanddifferentfieldsparticipatedintheinterviewprocessandarelistedinTable6.TheseorganisationsareprimarilybasedintheEuropeanUnionwiththelargerorganisations(e.g., SAP, HP) also spanning their business operations across the globe. Figure 13 depicts the number ofemployeesworkingintheITdepartmentofeachorganisation.Fromthisfigure,weobservethatmostoftheorganisationsinterviewedidentifythemselvesasStartups/SMEsandhavelessthan25employees(65%)intheirITdepartment,while15%haveanumberofemployeesbetween26and50. Inturn,15%oftheinterviewedorganisations identify themselves as large organisations and feature more than 101 employees in their ITdepartment.InordernottolimitthetargetaudienceofUnicorn,theorganisationsinterviewedwerecarefullyselectedsoastooperateinmultipleanddifferentbusinessdomainsandgeographicregions,asshowninTable6andFigure12.
Table6:OrganisationsParticipatedinInterviewProcess
Organisation OrganisationType IntervieweeRole
Country
CASA.G. Pilot Management GermanyCocoon NotRelatedtoUnicorn CTO CyprusCRUKInstitute NotRelatedtoUnicorn ChiefArchitect UnitedKingdomCYTA NotRelatedtoUnicorn System/NetAdmin CyprusFxPro NotRelatedtoUnicorn CTO United Kingdom (operates
globally)EduportalGR NotRelatedtoUnicorn ChiefArchitect GreeceHopu CINCUBATOR CTO SpainHP-Cloud NotRelatedtoUnicorn Programmer US(operatesglobally)Ideas2Life NotRelatedtoUnicorn CTO CyprusLockUp CINCUBATOR CTO SpainNubedianA.G. CyberForum DevOpsEngineer GermanyPointRF NotRelatedtoUnicorn ChiefArchitect Israel(operatesglobally)Proasistech CINCUBATOR Management SpainRedikod Pilot Programmer Sweden/ScandinaviaSAPInnovation NotRelatedtoUnicorn Programmer Germany(operatesglobally)Suite5 Pilot CTO UnitedKingdomSwiftflats CINCUBATOR Programmer SpainTursofthealth NotRelatedtoUnicorn ChiefArchitect Turkey/GreeceUbitech Pilot Programmer GreeceYellowmapA.G. CyberForum DevOpsEngineer Germany/Austria/Switzerland
D1.1StakeholdersRequirementsAnalysis
48
Figure12:OrganisationOperatingBusinessDomainsasIdentifiedbyInterviewees
6.2 UnicornSurveyandInterviewStudyKeyFindingsThefollowingsubsectionsdocumentthekeyfindingsoftheUnicornsurveyandinterviewstudy.
Figure13:NumberofEmployeesinITdepartment
6.2.1 UnclearDistinctionBetweenSoftwareProgrammerandDevOpsEngineerinStartupsFromtheinterviewprocess,itwasrevealedthatthereisanuncleardistinctioninthesilverliningbetweentherole(s)ofaSoftwareProgrammerandDevOpsengineer,especiallyfororganisationsidentifyingthemselvesasStartupswithlessthan25employees.Inparticular,programmersare(usually)tightlyinvolvedinthesoftwaredeliverycycle,uptaking,managementtaskssuchasdesigningsecurityenforcementandmonitoringpolicies,and (virtual) infrastructure provisioning and configuration. When asked, programmers identified security
enforcementandelasticresourcescalingasthemainchallengestheyfaceduetolackofexperienceandtimeto
learnrelatedtechnologiesandmethodologies.ThesefindingsconfirmthedeveloperproductivityreportsfromDZone(2017)andRebelLabs(2016).
Telecommunications,Mobile/WebDevelopment
D1.1StakeholdersRequirementsAnalysis
49
Figure14:IntervieweeRoleinOrganisation
6.2.2 ProgrammingFrameworksareIncreasingAnnotation-BasedProgrammingParadigmAdoptionThe majority (80%) of the interview respondents mention that they have adopted annotation-basedprogramming of some sort.When asked during the interview process, interviewees denote that other thangeneratingsourcecodedocumentation,codeannotationsarewidelyusedforsourcecodeprojectconfiguration,
data and APImodelling, logging,monitoring and testing. In particular, annotations aremostly used by theprogrammersoforganisations thathaveadoptedpopularprogramming frameworks, suchasSpring for Java(55%), Node.js for Javascript (25%) and Django for Python (25%). The popularity of the Spring frameworkconfirmstheRebelLabs(2017)developmentreport,whichemphasisesonmicro-serviceframeworkadoptionforjava.
Figure15:UsageofAnnotation-basedProgrammingParadigmbyInterviewees
D1.1StakeholdersRequirementsAnalysis
50
Figure16:PopularProgrammingFrameworksUsedbyInterviewees
6.2.3 CollaborationToolsarenowIndustryStandardPracticeswhileContinuousIntegrationandDeliveryToolAdoptionisFacingSeriousChallenges
Almost all interview respondents (95%)mention that the employees of their organisation use at least onecollaboration tool. In particular, all positive respondentsmention that a collaboration tool for source codeversioncontrol isalwaysused(mainlygit),whilemorethan70%ofsoftwaredevelopmentteamsalsouseatleastonecollaborativetoolforcommunication(e.g.,Slack,Skype)andtaskmanagement(e.g.,Pivotaltracking,Trello,Team).
Figure17:UsageofCollaborationToolsAmongEmployeesofOrganisation
Basedon the results of our survey, 60%of the respondents’ state that they are currently using continuousintegrationtoolsintheirapplicationdevelopmentcycle.Thisnumberisslightlylowerthanthepercentagesinstudies such as GitLab’s developer report (2016).Moreover, Apache Jenkins (55%) was noted as themostpopularCItoolofchoice,althoughalmostoneoutofthreerespondentsarecurrentlynotusinganyCI/CDtool.Interestinglywhenpersonallyquestioned,theserespondentsusuallystatethatlacktime(50%)andlackofskills(45%),ispreventingthemfromfullyadoptingaCI/CDpipeline.Ontheotherhand,respondentswithexperienceinutilizingCI/CDtools,mentionthatthemostchallengingaspectsoffullyembracingaCI/CDsoftwaredelivery
Android,iOS
D1.1StakeholdersRequirementsAnalysis
51
pipelineisthelackofaunifiedtool(55%)andextremedifficultiesfoundinenvironmentsetupand,inparticular,
integratinginthecycleautomatedtechnologies(40%)suchasresourcescaling,runtimesecurityenforcement
andtesting.
Figure18:PopularityofCI/CDFrameworksEmbracedbySurveyedOrganisations
Figure19:ChallengesPreventingFullAdoptionofCI/CDPipeline
6.2.4 CloudIDE’sareBecomingPopularbutforLarge(r)DevelopmentTeamsOur survey highlights that the transition from traditional desktop IDEs to Cloud IDEs has already started.Particularly,45%ofoursurveyrespondentsstatethattheyarecurrentlyusingaCloudIDEforcloudapplicationdevelopment. We note that this number is rather high when comparing to StackOverflow (2016, 2017)developer reports placing general adoption around 15%. However, we note that our survey targets cloudapplicationdevelopmentwhereCloudIDEsprevail.Also,fromtheresultsofoursurveyitisrevealedthatthemostpopularCloudIDEsareEclipseChe(40%),SAPHana(20%)andCloud9(15%).Moreover,whendiscussing
D1.1StakeholdersRequirementsAnalysis
52
withtheinterviewedITprofessionals,itisrevealedthatorganisationscomprisedoflargerdevelopmentteams
(>11 IT employees) are more keen in adopting Cloud IDE’s as they combine development with CI/CD tool
integrationforautomation,collaboration,softwaredeliveryandcommunication,whichareabsolutenecessities.
Figure20:CloudIDEEmbracementbyInterviewedOrganisations
Ontheotherhand,themajorityofthosenotadoptingaCloudIDEfordevelopmentstatethattheyarehappyusingtheirdesktopIDE(82%)andthattheydonotforeseeintheimmediatefuturethetransitioningtoaCloudIDE.Anothernotablepercentage (30%)also reports thatperformance related issuesalsopreventCloud IDEadoption.Thefirstclaimwasaparticulardiscussionpointwith intervieweesfromorganisations identifiedasStartupsandcomprisedofsmalldevelopmentteams.Tobetterunderstandthis,weaskedaboutthesoftwaredevelopmentprocess,whereitwasrevealedthatasingledeveloperinsuchteamsisusuallyinchargeofthecoding of an entire project, or developers are in charge or specific tasks (e.g., front-end, back-end) andintegrationoftaskshappensattheendofadevelopmentcycle,thus,limiting,atthemoment,theneedofacloudIDE.
Figure21:PopularreasonspreventingCloudIDEadoptionfromrespondersnotusingCloudIDEs
Performancerelatedissues
D1.1StakeholdersRequirementsAnalysis
53
6.2.5 Micro-service Architectural Approach is Becoming a Cloud Trend Especially in the IoT and SaaSdomains
Micro-services are currently used in productionby 40%of our respondents,while another 30% is currentlyexperimentingforultimatelyproductiondeployment.ThesenumbersconfirmDZone’s(2017)andLightbend’s(2016)DevOpsreports.Interestingly,organisationsadoptingmicro-servicesinproductionhaveoriginsfromtheIoTandSaaSdomainswhiletheorganisationsexperimentingoriginatefromthebusinessanalyticsand(location)recommendation services sector. Moreover, from the above organisations, the micro-service architecturalpatternisusedfordata-serving(100%),businesslogic(83%)andthefront-end(66%).Ontheotherhand,only10%oftheintervieweesmentionedthatmicro-servicesarenotofinterestwiththeresponsescomingfromthetelecomandeducationalbusinessdomain.
Figure22:Micro-serviceArchitectureAdoptionbyInterviewedOrganisations
6.2.6 ContainerizedSolutionsareFollowingMicro-serviceAdoptionTrendsWiththeincreaseintheinterestformicro-servicesarchitecturalpatterns,interviewedorganisationsalsoseemto be utilizing containerized solutions for application deploymentwith 20%of the respondents stating thatcurrentlytheyarerunningcontainerizedapplicationsinproduction,whileanother35%isseriouslyplanningandexperimenting to ultimately use this technology in production. Similarly, to micro-services, these numbersconfirm DZone’s (2017) and Lightbend’s (2016) DevOps reports. Also, when questioned, only 36% of therespondents’ state that their entire application deployment is containerized. The rest (64%), reveal thatcontainers are utilized only for the dynamic, scalable and stateless service part comprising their application
deployment,thusadoptingamixtureof(virtualized)solutionsfortheircloudexecutionenvironments.
D1.1StakeholdersRequirementsAnalysis
54
Figure23:ContainerizedSolutionAdoptionbyInterviewedOrganisations
Interestingly,itisacknowledgedthatthecontainerdomainintroducesanumberofchallengesfordevelopers.In particular, interviewees with experience in deploying containerized applications mention that, the topchallengesinthecontainerdomaininclude:performanceandapplicationmonitoring(55%),serviceorchestration
(50%),databaseaccess(45%),lackofexperience(45%)andauto-scaling(40%).Thesechallengesconfirmstudiesfrom RightScale (2017) and DZone (2017), and are highly relevant to the Unicorn project. What is more,challengesrelatedtoreducingcontainersecuritythreatssuchasstripingcontainersfromattackinginterfaces
(35%),secureresourceacquisition(30%),fastboottimes(25%)andreducingimagesizes(20%)arealsorelevant
totheadvancementofunikernelsandconsequentlytotheUnicornproject.Finally,itmustbenotedthatalmostall organisations (92%) have adopted, at some point, Docker as the containerized technology for theirapplications,with other preferred containerized solutions such as Kubernetes (33%) and Swarm (25%) alsotightly coupled to Docker for clustermanagementwhen containers are deployed in production. Therefore,DockerisatechnologythatmustbetargetedbyUnicornforcontainerizedcloudexecutionenvironmentsasitsstakeholders,eitherlargeorsmallinsize,identifyDockerastheirtechnologyofchoice.
Figure24:ContainerizedSolutionAdoptionChallengesasIdentifiedbyInterviewedOrganisations
D1.1StakeholdersRequirementsAnalysis
55
Figure25:ContainerizedSolutionsthathavebeenadoptedbythoseusingorconsideringcontainerization
6.2.7 Multi-CloudDeploymentModelAdoptionandChallengesOursurveyisinlinewithGartner’sMagicQuadrant(2016)reportswhichrevealthatthetopcloudproviderisAmazonWebservices(AWS),followedbyMicrosoftAzureandOpenstack,whicharethemostprominentcloudsolutionsforprivatecloudinfrastructuraldeployments.However,moreinterestinglyisthat25%ofoursurveyrespondents are currently following a multi-cloud deployment approach while another 25% is alsoexperimentingandplanningtodoso.ThesenumberaresignificantlylowerthanreportsfromRightScale(2017)whichputthepercentageoforganisationsadoptinghybrid-cloudover70%.However,onemustnotforgetthatintheStartupeco-system,companiesstartsmalladoptingonecloudproviderandthenexperimentastheyscale,and20%ofourrespondentsalsostatetheyareplayingaroundwithmulti-clouddeployments.Ontheotherhand,thosewhoarenotplanningtoadoptamulti-cloudapproachstatethatthisisduetosignificantsecurityreasonsformovingdataacrosscloudregionsorarehappywithjustusingonecloudprovider.
Figure26:Multi-CloudDeploymentModelAdoptionbyIntervieweeOrganisations
Furthermore,bypersonallytalkingwithintervieweestoobtainuserstories,weidentifiedthatdifferentmulti-cloudchallengesarisebasedontheparticulardeploymentstrategyfollowedbyeachorganisation.Thus,insteadofsimplycompilingalistofchallenges,wefurtherinvestigatedwhenandwhereiseachchallengeapplicable.In
D1.1StakeholdersRequirementsAnalysis
56
particular,MC2(onecloudprovidermultipleavailabilityzones), isapopularmulti-clouddeploymentmodel2.For organisations adopting a multi-cloud deployment model resembling MC2 (one cloud provider multiple
availabilityzones)securityreasonsformovingdataacrosscloudsites/regionsandtrust/complianceissuesare
ofextremeconcern.OrganisationsadoptingtheMC2deploymentmodeloriginatemainlyfromGermanyandUK,andoperateinthee-healthorsocialassistancebusinessdomains,wheresuchorganisationsareobligatedtocomplywithstrictdatamovementnationallawspreventingsensitiveclientdatatobehostedoutsidenationalbordersandforthisreasoninter-connectedprivateclouddeploymentsarepreferred.
Figure27:PopularCloudProviders
Ontheotherhand,challengesrelatedtoportability,vendorlockingandalackofunifiedmanagementtools,are
ofextremeconcernfororganisationsthatadoptthepopularMC3andMC4multi-clouddeploymentmodels.Inparticular,thesemodelsmainlyusemultiplecloudproviderstoruntheirservices,targetingloadbalancingandlatency reduction when serving content to clients, and thus, these models are highly relevant tolocation/recommendationbasedservices,SaaScloudsolutionsandIoTapplications.
2Multi-clouddeploymentmodelsaredescribedindetailinSection3.2
D1.1StakeholdersRequirementsAnalysis
57
Figure28:Multi-CloudAdoptionChallenges
6.2.8 CloudMonitoringAdoptionandChallengesMonitoring is employed by all interviewed organisations with monitoring targeting various levels of theapplication lifecycle and execution environment. In particular, respondents usually stated that serviceavailability(80%),APIaccess(60%)andtheunderlyinginfrastructure(55%)aremonitoredbydeployingeitherin-houseorgeneral-purposemonitoringtools.Interestingly,asthemonitoringlevelbecomesmorespecialized
and moves closer to the client side (e.g., application behaviour, client interaction, transactions, etc.),
organisations start to facechallengesasmonitoring toolsmustbeextended, customizedand tailored to the
organisationmonitoringneeds.
Figure29:MonitoringLevelTargetsasRespondedbyInterviewedOrganisations
Ingeneral,multipleanddifferentmonitoringsolutionsareused.Interestingly,allrespondentsstatedthattheymust resort to usingmore than onemonitoring tool for their needswith 70% is dissatisfied by this fact. Inparticular,65-70%oftherespondentsmentioningthattheyusemostly in-housedevelopedmonitoringtoolsand/orgeneralpurposeopen-sourcetools.Ontheotherhand,40%claimtobeusingtoolsofferedbythecloud
D1.1StakeholdersRequirementsAnalysis
58
provider,while35%oftherespondents’mentionthatthird-partymonitoring-as-a-servicetools(e.g.,NewRelic,Datadog)areusedfortheirmonitoringneeds.
Figure30:MonitoringToolTypeAdoptionbyInterviewedOrganisations
Withregardtochallenges,respondentsstatethatthemostprominentneedarisesfromthelackofparameter
tuningbymonitoringtoolstooptimiseperformance,qualityandcost(70%).Inturn,asmultiplemonitoringtoolsmustbeusedbyorganisations,integratingthemintheexecutionenvironmentorfindingamonitoringtoolthatcanbeusedatdifferentandmultiplelevels,isanotherprominentchallenge/needstatedbytheinterviewees(70%). Interestingly, 50% of the interviewees stated that accessing/processing historic monitoring data isanotherimportantchallenge.Alsomonitoringtoolportabilityacrosscloudplatforms(40%),aswellas,providingmulti-cloud monitoring support (40%) are relevant to the project. On the other hand, accessing real-timemonitoringdata(25%)andplottingdata(5%)seemtobecoveredbytheofferedtoolsandarenotconsideredascurrentchallengesinthemonitoringdomain.
Figure31:MonitoringChallengesFacedbytheInterviewedOrganisations
D1.1StakeholdersRequirementsAnalysis
59
6.2.9 ElasticScalingAdoptionandChallengesTheresultsofoursurveyshowthatmostofourrespondents(65%)donotcurrentlyuseelasticscaling,whichcontradictswithpopularcloudsurveysandreportsfromRightScale(2017)andGartner(2016).However,themajorityoftherespondentsofoursurveyareSMEs/Startupswithservicesrecentlyintroducedtothepublic.Thus,althoughtheyarecurrentlynotusingelasticityscalingalmostallofthese(95%)highlightthatelasticityis
needed(95%)butcertainchallengesmustbeovercomefirst,withthemostprominentbeinglackofexperience
ofhowelasticityworks,followedbyhowtoconfiguretheauto-scalingprocessandhowtobudgetconstrainauto-
scaling.
Figure32:ElasticScalingAdoption
Inturn,thosewhoarecurrentlyusingelasticityfortheirapplicationscaling,originatefromtheIoT,SaaScloudsolutions and recommendation/location service offering business domains. Horizontal scaling is the mostpreferablewaytoscaleresourcesformostoftherespondents(71%),andisadoptedmainlyforloadbalancing.Theseorganisationsmostlyadoptthetoolsprovidedbytheircloudprovider(71%)withthesecondpreferredoptionbeingin-housedevelopedtools(57%).Thisisanoppositepicturefrommonitoringwherein-houseandgeneral-purposemonitoringtoolsaremorepreferredoptionsthanthetoolsofferedbythecloudprovider.Thejustificationforthisisthatdevelopinganauto-scalingtoolisextremelychallengingandthereforeresorttousingwhatisofferedbythecloudproviderevenifthisrestrictsdeploymenttoasingleprovider.
Figure33ElasticScalingType
D1.1StakeholdersRequirementsAnalysis
60
Interestingly,themostprominentchallengeinelasticscalingfororganisationsisparametertuningtooptimizetheperformance,costandqualityoftheirservices(65%)whichisrelatedwiththesecondmostchallengingtask,thelackofexperience.RespondentsthatarecurrentlyusingthetoolsprovidedbytheirCloudproviderandeventheonesthathaven’tyetadoptedelasticscaling,statethatconfiguringtheelasticityservicefortheirapplicationneeds,isanon-trivialtaskduetotheinsufficientknowledgetheypossess,therefore,theneedforasimplebutaccurateelasticitycontrolcomestotheforeground.
Figure34:ElasticitytoolsusedbyorganizationshaveadoptedelasticscalingaspartoftheirALM
Anothermajorchallengepreventingcompaniesforadoptingelasticscalingarebudgetconstraints(50%).Usingelasticservicesofferedbycloudproviders,especiallywhentheyarenotconfiguredproperly,theamountspentissignificantlylargerthantheamountearned.Otherchallengesmentionedbyonethirdoftherespondents,areelasticscalingacrossmultiplecloudregionsandprovidersandlackofaunifiedautoscalingenvironment.Thesechallengesaddresstheneedforaunifiedautoscalingtool,abletoorchestrateinstancesacrossmultiplecloudsites,providersandregions.
Figure35:ElasticScalingAdoptionChallenges
D1.1StakeholdersRequirementsAnalysis
61
6.2.10 WhenisSecurityConsideredintheLifecycleofanApplicationFrom the interview process, respondents’ answers to the question “when is security considered in theapplicationlifecycle”,revealthatthereisnonormtowhensecurityistakenintoconsideration.Particularly,35%oftherespondents’statethatsecurityisconsideredattherequirementphase,30%stateattheprogrammingphase, 25% at the design phase, while 10% mention that security is only considered after deploying theapplicationanddetectingwheresecurityisneeded.Atthispoint,anysecurityissuesaredealtwithandare-deploymentisissued.ThesenumbersconfirmthestudyconductedbyVeracode(2016),showingthatthereisnonormforwhentointegratesecurity.Thisisahighlyrelevantrequirementtotheprojectassecuritycannotsimply be assumed that it will be always considered at the requirement or design phase and thereforeintegratingsecurityorcustomizingsecurity,evenatdevelopmentorruntime,whenpermitted,mustbetakenintoconsideration.
Figure36:StageofApplicationLifecycleatwhichSecurityisConsideredbyInterviewedOrganisations
6.2.11 CloudSecurityEnforcementandPrivacyPreservationChallengesRespondents of our interviewprocess state that themajor challenges faced include: vulnerability detection(16/20),datamovementcompliance(15/20),informationflowtracking(14/20)andprivacyprotection(13/20).TheseresultsareinlinewiththefindingsofVeracode(2016),showingthatsensitivedataexposureandruntimesoftware vulnerability are the prime concern of most SMEs and Startups, therefore, they remain openchallenges.Thesechallengesarehighlyrelevantwiththerequirementsoftheproject,pointingouttheneedofa mechanism for data privacy enforcement and continuous vulnerability assessment. On the other hand,challengessuchaswebfirewalling(15/20),SQLinjectionprevention(13/20),staticcodeanalysis(10/20)cross-siteforgery/scripting(9/20)andauthorizationpermissionmanagement(9/20),seemtobeaddressablebymostoftheinterviewedstakeholdersandarelessrelevanttotheproject.
D1.1StakeholdersRequirementsAnalysis
62
Figure37:SecurityMechanismsAdoptedbyInterviewedOrganisations(#1)
Figure38:SecurityMechanismsAdoptedbyInterviewedOrganisations(#2)
D1.1StakeholdersRequirementsAnalysis
63
Figure39:SecurityMechanismsAdoptedbyInterviewedOrganisations(#3)
D1.1StakeholdersRequirementsAnalysis
64
7 UnicornSystemRequirementsIn thisChapterwewillelaborateon thesystemfunctionalandnon-functional requirements for theUnicornplatformandeco-systemthatarederivedbytheresultsoftherequirementcollectionmethodologydescribedinChapters4and5.
7.1 FunctionalRequirementsFunctional requirements represent the list of system properties that need to be implemented and finallysupportedwithinthecontextoftheUnicornecosystemandplatform.Thisincludesallbehaviouralaspectsofthe system components after taking into consideration the identified roles of the Unicorn ecosystem, asdocumentedinSection5.2.Theserequirementsarelogicallygroupedperrole.WehavefollowedaconsistentandstructuredwayofrepresentingtherequirementswhichwillallowustofurtherdefinethedetailedreferencearchitecturefortheUnicornplatformintheforthcomingdeliverabledenotedasD1.2.Inthesection10.1oftheAnnexweprovideatablelistingalltheidentifiedUnicornfunctionalrequirementswhilethefollowinglistingselaborateonthedescriptionofeachrequirement.Table7providesanoverviewofthemappingoffunctionalrequirements touser roles. Finally,wenote that toderive the functional requirements referring to securityenforcement capabilities offered toUnicorn users, a threat analysismodel (asset, threat, vulnerability, andcountermeasure)isrequired.Inordertoreducerepetition,threatanalysisfortheparticularsecurityandprivacyenforcementmechanismsofferedbyUnicornwillbeintroducedintherespecteddeliverable,denotedasD4.1.
ID FR.1
Title Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints
UserRoles CloudApplicationDeveloper
Description The Unicorn platform must provide cloud application developers with design libraries toannotate the source code of their cloud application under development, for monitoring,resourcemanagement, security and data privacy policy and constraint enforcement pointdefinition.AnnotatedpoliciesdependingonthescopesupportedbytheUnicornplatformcanbedefinedatvariousapplicationgranularitylevels(e.g.,entireapplication,particularservice,codesegment).Unicornusersmustbeabletousetheannotatedentitieswithoutanyfurthermodification in the business logic of the under development application. This practicallymeansthatpolicyandconstraintenforcementistotallytransparenttothedeveloperandwilltakeplaceinthecloudexecutioncontainer.Hence,metadataannotations(e.g.,monitoring)relate to respected Unicorn policy-enforcement enablers (e.g., handler collecting theannotatedmonitoringdata)thatwillgenerate/transformsourcecodeatdesigntimeand/orbe“synchronized”atruntimewiththeCoreContextModel(FR.13)uponinstantiationofthecloudexecutionenvironment.
ID FR.2
Title Securelyregisterandmanagecloudprovidercredentials
D1.1StakeholdersRequirementsAnalysis
65
UserRoles CloudApplicationProductManager,CloudApplicationAdmin,UnicornDeveloper
Description The Unicorn platform must provide the means to support cloud provider credentialmanagement by offering secure management and storage of access credentials (e.g.,user/passwordpairings,APIaccesstokens)forUnicornusers.Thispracticallymeansthatusersarenotrequiredtoprovidetheircredentialseachtimeanapplicationdeploymentisinitiatedorwhena request/query formanaging theapplication lifecycle is conducted (including re-deploymentofanupdatedversionofanapplication).
ID FR.3
Title Searchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptions
UserRoles CloudApplicationProductManager
Description Unicornmustexposethroughitsunifieddashboardasearchinterfaceprovidingitsuserswiththe ability to browse for cloud offerings and cloud provider services capabilities, obtainintuitivemetadatadescriptionsandfiltertheresultsto limitthereturnedresultset(s).ThesearchinterfacewillbeprovidedasagraphicalalternativeforusersinsteadofusingdirectlytheUnicornUnifiedAPI(FR.15).
ID FR.4
Title CreationofUnicorn-compliantcloudapplicationdeploymentassembly
UserRoles CloudApplicationProductManager
Description The Unicorn platform must provide its users with a standardized, transparent andinfrastructure-agnosticprocesstocreateandfeedtheUnicornplatformwithadeploymentassemblyfortheapplicationtobedeployed.Unicornadoptsthenotionofadirectedservicegraph, where nodes represent the (micro-) services composing the cloud application andedges represent the relationship(s) and inter-dependencies between services. Nodes aredescribed by a number of attributes denoting resource management parameters (e.g.,requested memory, disk size, network interfaces), monitoring metrics to collect, costconstraintsandelasticscalingpolicies.Inturn,relationshipsandinter-dependenciesdenotethe deployment order and restrictions limiting the security and datamovement betweenservices.Asanumberoftheattributesandparametersdescribingnodesandedgesarealsoavailableascodeannotationpolicies(e.g.,monitoring)attheapplicationdevelopmentphase(FR.1),thesewillbeautomaticallytranslatedandaddedtotheservicegraphdescriptionbyrespectedUnicornenablersinterpretingcodeannotationsbasedontheUnicorncorecontextmodel without any additional user effort (FR.13, FR.14). However, the final deploymentassemblybundlingcodeartifacts,thestandardizeddeploymentdescriptionanddeploymentrequestswillbeautomaticallycreated(noadditionaleffort)onlywhentheuserpackagingtheapplicationdeterminesthatthedevelopedanddescribedapplicationisreadyfordeploymentbytheUnicornplatform.
D1.1StakeholdersRequirementsAnalysis
66
ID FR.5
Title Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironment
UserRoles CloudApplicationAdmin,CloudProvider,UnicornDeveloper
Description The Unicorn platform must provide its users with the means to deploy their compliantapplicationsfromtheUnicorngraphicalinterfaceafterusershavedevelopedtheirapplicationusing theprovideddesign libraries (FR.1)andhavecreatedadeploymentassembly (FR.4).Usersshouldalsobenotifiedofthestatusofthedeployment(success,failed)andinthecaseof a failed deployment, the response should include a descriptive reasoning as to whatproblem occurred. The application deployment is themost critical process and includes anumberofsteps,definedbelow,thatmustbeperformedinorderfortheUnicorn-compliantapplicationtobeoperational:
• Parsedeploymentassembly(FR.4)• Verifyvalidityofdefinedruntimepolicyandconstraintsandassureallannotationscan
be interpreted and handled by the respected Unicorn enablers (e.g., monitoring,securityenforcement)(FR.6)
• Derive(near-)optimalapplicationplacementplan(FR.11)• Basedonplacementplan,instantiateresourcesandservicestoestablishanoperation
(multi-cloud)executionenvironment(FR.16)• Instantiate required Unicorn runtime enablers to enforce runtime policies and
constraintsandverifyoperationstatus(FR.14)Asthisprocessiscriticalandonlyifallstepsaresuccessful,adeploymentmaybeestablished,theentirebootstrappingprocessmustbetransactional.
ID FR.6
Title Deploymentassemblyintegrityvalidation
UserRoles CloudApplicationTester,UnicornDeveloper
Description Before the reservation of underlying programmable infrastructure, the Unicorn platformshouldverifyandvalidate thedeploymentassembly.ThiswillbeperformedbyUnicorn todetectpotentialproblemssuchasunreachableedgesintheservicegraphdescriptionduetoantagonizing policies/constraints which could result to inaccessible nodes or optimizationcriteriaandcirculardependencieswhichleadtoasituationinwhichnovalidevaluationorderexists,becausenoneofthepoliciesinthecyclemaybeorderlyevaluated(FR.4).Thisprocess,while not exhaustive, is an important aspect for Unicorn users and Unicorn componentdevelopers(FR.18),performedatthepre-deploymentphasetodetectifthereisaproblempreventing a successful deployment in order to reduce resource allocation costs ofunsuccessfullargeandcomplexdeployments.
D1.1StakeholdersRequirementsAnalysis
67
ID FR.7
Title Accessapplicationbehaviorandperformancemonitoringdata
UserRoles CloudApplicationAdmin
Description TheUnicornplatformmustprovideitsuserswithaccesstoreal-timeandhistoricalmonitoringdataviatheUnicorngraphicaluserinterface.Themonitoringdataperse(e.g.,responsetime,service availability), the granularity level (e.g., entire application, service part) and theintrusiveness(e.g.,periodicity)atwhichmonitoringdataiscollectedandloggedthroughoutthe entire lifespan of an application should be determined by the user via the provideddeployment assembly compiled based on user’s preferences and his/her annotated code(FR.1).Monitoringannotationsmustallowuserstohandleanddefinecounters,timers,trafficinterceptors and custom metric types to gather resource utilization, application featurebehaviourandperformancefromsingleapplication(micro-)instances,aswellasaggregatedoverviews of metrics across application service tiers and availability regions in order tosuccessfullyassess theperformance,scalabilityandsecurityof theirapplicationseamlesslyacrossmultiplecloudofferingsthroughoneunifiedinterfaceofferedbyUnicorn.
ID FR.8
Title Real-TimenotificationandalertingofsecurityincidentsandQoSguarantees
UserRoles CloudApplicationAdmin
Description TheUnicornplatformmusthavetheabilitytonotifyandalertthroughtheUnicorngraphicaluserinterfaceitsusersofeventsclassifiedeitherby:(i)theplatform’ssecurityenforcementenablers, suchas suspicious incidents (e.g., avulnerabilitydetected);orby themonitoringenableranalyticsprocess,suchaseventsbasedoncertainuser-definedcriteria(e.g.,metricthreshold violation). In turn, the Unicorn platform must detect QoS policy violations onprovisioned services in operational cloud environments and also notify users about theseviolationsinorderforthemtotakeintoconsiderationand,possibly,actupon.
ID FR.9
Title Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanisms
UserRoles CloudApplicationAdmin,CloudProvider
Description Upon the initial placement of an application over a programmable infrastructure, possiblyspanning across multiple cloud provider offerings, the Unicorn platformmust provide themeanstomanagetheoperationalenvironmentinanautonomicmanner.This includesreal-timeadaptionwheretheexecutionenvironmentofanapplicationmaybereconfiguredbasedonconditionsandhigh-levelpolicyconstraintsgivenbytheuserviathedeploymentassemblyandextractedfromtheenablerinterpretingelasticitycodeannotations.Therefore,adaptationcanbetriggeredtowardsthe fulfilmentof theuseroptimizationobjectivesandmayregard
D1.1StakeholdersRequirementsAnalysis
68
scalingaspects(e.g.,vertical/horizontalscaling),adaptationofthequalityofprovidedservices,and/ormonitoringintrusiveness(e.g.,adaptperiodicity).Inordertosupportsuchintelligentfunctionality,asetofdistributedintelligentmechanismsmustbedesignedanddevelopedthatwill be based on various optimization strategies target by the interested users in order tooptimizeresourceallocationacrossmulti-clouddeploymentsforperformance,cost,anddatalocality.
ID FR.10
Title Managetheruntimelifecycleofadeployedcloudapplication
UserRoles CloudApplicationAdmin,UnicornDeveloper
Description TheUnicornplatformmustprovideitsuserswiththeabilitytomanageboththestateandtheruntime aspects of the application as driven by the Unicorn context model through theUnicorngraphicaluserinterface.StatereferstotheresponsibilityoftheUnicornplatformtohandle requests for deployment, undeployment, start, pause, stop and migration of anapplicationtoacloudoffering,andtomakesurethatapplicationsarealwaysinaconsistentstate. To achieve this, the Unicorn platform must maintain an application lifecycle statetransitiongraph,whichdescribes thevalidstate transitions fromonestate toanotherandmust incorporate asynchronous application state transitions for actions that require largetimeframesforcompletion(e.g.,deployment,migration).Ontheotherhand,runtimeaspectsrefertotheUnicorncontextmodel,where,aftertheapplicationinstantiationandduringthesmoothexecutionofanapplication,changesmayberequestedsuchasreconsideringapolicyconstraint(e.g.,restrictingdatamovementfromonegeographicregion).Inthecasewheresuchchangescanbesatisfiedbythecurrentdeployment(thusredeploymentisnotrequired),thentheymustbereflecteddirectlytotheconfigurationoftheUnicornenablershandlingtheruntimecontextoftheaforementionedapplication.
ID FR.11
Title Applicationplacementoverprogrammablecloudexecutionenvironments
UserRoles CloudApplicationDeveloper,CloudApplicationProductManager,CloudApplicationAdmin,UnicornDeveloper
Description TheUnicornplatformmustsupporttheplacementofdeployedapplicationsoveranavailableprogrammable infrastructure which may expand over multiple cloud provider offerings.Application placement may be defined either: (i) manually, by users in their deploymentassembly (e.g., the user specifically defines the resource requirements and offerings toinstantiate);or(ii)constraint-driven,whereplacementisrealizedatdeploymenttimebasedonthehigh-levelpolicyobjectivesgivenbytheuser (e.g., followfairnessplacement takinginto account cost budget, application geo-location, etc.). At this point, high-level userobjectivesmustbetranslatedtolow-levelprimitivesthatcanberealizedthroughappropriatehandling of the operational status of an application’s components by the orchestrationmechanismsoftheUnicornplatformtoachieve(near-)optimalapplicationplacement.Upontheinitialplacement,real-timeadaptionandreconfigurationoftheexecutionenvironment
D1.1StakeholdersRequirementsAnalysis
69
shouldbesupported.Therefore,adaptationcanbetriggeredtowardsthe fulfilmentof theoptimization objectives and may regard scaling aspects (e.g., vertical/horizontal scaling),adaptationofthequalityofprovidedservices,and/ormonitoring intrusiveness(e.g.,adaptperiodicity).
ID FR.12
Title Registerandmanagecloudapplicationowners
UserRoles UnicornAdmin
Description The Unicorn Admin is responsible to approve andmanage (e.g., modify, suspend, revokeaccess)theuserregistrationsintheUnicornplatform(denotedascloudapplicationadmin’s).Therefore,usersmustberegisteredtotheUnicornplatforminordertoobtainaccessto,themaintained and distributed under Unicorn, artifacts (e.g., design libraries) and supportedcloudplatformsforapplicationdeployment.
ID FR.13
Title Managecorecontextmodel
UserRoles UNICORNAdmin
Description TheUnicornplatformmustdesignandmaintainamulti-facetcorecontextmodelthatwillbeused by cloud application developers at design-time when annotating their code and atruntimeduringuser’sapplicationcontextevaluation.TheCoreContextModelwillbeusedbycloudapplicationdevelopersatdesign-timewhenannotatingtheircodeandatruntimeduringuser’sapplicationcontextevaluation.TheContextModelshouldbe,bydefinition,extensiblesince it should allow explicit instantiations and, as a result, the business logic of variouscomponents. The ContextModel should be, by definition, extensible since it should allowexplicitinstantiationsand,asaresult,thebusinesslogicofvariouscomponentsshouldheavilyrelyontheCoreContextModel.Thecreation,deletionandmodificationofthecentralizedCoreContextModel, alongwith versioning (and version deprecation)will be undertaken by theUnicornAdmin.
ID FR.14
Title RegisterandManageenablersinterpretingUnicorncodeannotations
UserRoles UnicornAdmin
D1.1StakeholdersRequirementsAnalysis
70
Description For theUnicornplatform,anenablerentails andconceptualizes the software componentshosted by the Unicorn orchestration service and/or in the (multi-) cloud executionenvironmentofdeployedcloudapplications;andisabletointerprettheUnicorncorecontextmodel (FR.13). Indicative components include orchestration performing runtime context-evaluation upon deployment and the code annotation enablers which perform policyenforcement such as monitoring, auto-scaling, security enforcement and data privacyprotection.Thesecomponentsshouldbeupdatedwhenthecontextmodeliseitherextendedormodifiedsinceadditionalfunctionalcapabilitiesmustalwaysreflectthenewversionofthecorecontextmodel.Asaresult,itisimportantthattheenablersoftheUnicornplatformaremanagedandmaintainedthroughouttheirlifecycle,withtheentityresponsibleforthistaskbeingtheUnicornAdmin.
ID FR.15
Title UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironments
UserRoles CloudApplicationProductManager,UnicornDeveloper
Description TheUnicornplatformmustexposeanAPIthatwillprovideastandardized,consistentandyetsimplifiedviewoftheunderlyingcloudinfrastructure,ofthe-supportedbyUnicorn-providerenvironments,bymeansofstandardinformation,offeringsmetadataanddatamodels.Thiswill allow forauthorizedentities, includingUnicornsub-components (e.g., intelligentauto-scaling, application placement), to query the Unicorn-compliant cloud providers in atransparentand infrastructureagnosticmanner, forprovidersupportedofferingsandtheirmetadata(e.g.,supportedcontainerflavors,costsetc.)alongwiththecapabilitiessupported(e.g., container memory resizing). One of the main concerns in this task is the level ofgranularity for the abstraction.On one hand, not all the details and characteristics of theresources are necessary for Unicorn. On the other hand, excessive abstraction preventsapplications from over-provisioning unnecessary resources because of hidden resourcegranularitydecompositiondetails.
ID FR.16
Title Resourceandservice(de-)reservationovermulti-cloudexecutionenvironments
UserRoles UnicornDeveloper
Description The Unicorn platformmust provide a standardized and consistent interface providing themeansto(de-)reservetheappropriateresourcesandserviceofferingsrequiredforthe(un-)deploymentoftheconsideredapplication,evenacrossmulti-cloudexecutionenvironments.Thismust includethesetupand(de-)allocationofprogrammable infrastructuralresourcesincluding,butnotlimitedto,computational,storageandnetworkingforthedeploymentofdistributed applications in a scalable, dependable, secure and effective way over virtualenvironments spanning across cloud sites, availability zones and/or regions. In order tosupportmulti-clouddeployments, thechallengesof interactingandsynchronizingresourceadvertisementandallocationfrommultipleandheterogeneouscloudofferingplatformsmust
D1.1StakeholdersRequirementsAnalysis
71
besupported.ThistaskwillbeundertakenbytheUnicornorchestratorandistightlycoupledwiththeUnicornbootstrappingprocessdescribedinFR.5.
ID FR.17
Title Developmentofcodeannotationlibraries
UserRoles UnicornDeveloper
Description Thedevelopment,maintenanceandmodificationofdesignlibrariesprovidedtoUnicorncloudapplication developers for annotating their code withmonitoring, resourcemanagement,security and data privacy enforcement policies and constraints, is a task that will beundertaken by Unicorn developers. This requirement relates to developing respectivemetadata code annotations (e.g., for defining monitoring) and providing the means ofhandlingofcodeannotationinterpretationand“synchronization”oftheapplicationbusinesslogicwiththeCoreContextModel(FR.13).
ID FR.18
Title DevelopmentofenablersinterpretingUnicorncodeannotations
UserRoles UnicornDeveloper
Description For theUnicornplatform, theCoreContextModelentailsdesign-timeusage throughcodeannotationsbycloudapplicationdevelopersandruntimeusage.Inparticular,runtimeusagerefers to the various components that rely their business logic to the model. Indicativecomponentsincludeorchestrationperformingruntimecontext-evaluationupondeploymentand the code annotation enablerswhich perform policy enforcement such asmonitoring,auto-scaling,securityenforcementanddataprivacyprotection.
ID FR.19
Title Registerandmanageprogrammableinfrastructureandserviceofferings
UserRoles CloudProvider
Description Theavailable infrastructural resource and serviceofferingsof a cloudproviderhave toberegisteredtotheUnicornplatformwhichwilladvertiseandmakethemavailablethroughaunifiedresourcemanagementAPI(FR.15).Toachievethis,theUnicornplatformmustprovidea“standardized”interfaceinwhichcloudofferingsareregisteredandmadeavailabletotheplatform in order to ease cloud provider on-boarding as well as updating and managingofferingsandtheirmetadatafromtheprovider-side.Thenotionof“programmability"mustbeservedtoshowthegranularityatwhichresourceswillbeadvertisedsoas toallowthe
D1.1StakeholdersRequirementsAnalysis
72
creationofpropercloudexecutionenvironments:providepreferencesfortheinfrastructurethe code runs on (e.g., virtual hardware like servers, storage and networking) and itsconfigurationincludingadditionalproviderservices(e.g.,customizedstoragesolutions).
ID FR.20
Title Monitorcloudofferingallocationandconsumption
UserRoles CloudProvider
Description Advertised infrastructural resource and service offerings deployed throughUnicornmust bemonitoredatruntimeinordertooffercloudproviderswithintuitiveandhigh-levelinsightsofthecurrentutilizationofcloudofferingsallocatedandconsumedbyUnicornusers.
ID FR.21
Title QoSadvertisingandmanagement
UserRoles CloudProvider
Description Cloud execution environments offer different QoS capabilities and guarantees for theirprovided offerings either these refer to raw access to programmable resources such ascompute memory, storage and network resources or to bundled application executioncontainers,whileguaranteesarealsoavailableforquotamanagement,(prioritized)resourcereservation,trafficshapingandmore.AsQoSguaranteesplayanimportantroleinmulti-cloudenvironmentapplicationplacement(FR.11)andruntimeadaptationdecision-making(FR.9),which favor cloud providers based on advertised QoS parameters, providers should beprovidedwith themeans to alter andmanage the QoS guarantees for the cloud offeringadvertisedthroughtheUnicornplatform.
ID FR.22
Title Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones
UserRoles CloudApplicationDeveloper,CloudApplicationAdmin,UnicornDeveloper
Description The Unicorn platform must provide the means to allow its users to define at variousapplication granularity levels (e.g., entire application, service tier, data object) privacypreservingpolicieswhichrestrictaccesstoexposeduserdata(e.g.,entiredatabase,databasetable, password, SNN, etc.) by describing associations between types of access rulesdependingonthedataobjectsandcircumstancesunderwhichthisaccessshouldbeallowed.The context-aware security model (FR.13) will be used as the background method forannotatingdataaccessobjects(DAO),thusallowingforthedynamicenforcementofpolicy
D1.1StakeholdersRequirementsAnalysis
73
ruleswhentherearenewdataaccessattemptsinordertoencryptdata,protectsensitivedataexposureandrestrictmovementofdatatocloudsites,availabilityzonesorparticulargeo-locationzones(e.g.,outsidetheEU)basedonthedefineduserconstraints.Therefore,duringapplicationruntime,theprivacypreservingenablermustbeabletointerpretannotatedcodebasedonthemappingoftheapplicationbusinesslogictotheCoreContextModel,providetheessentialdecouplingbetweentheaccessdecisionsandthepointsofuse,andfinallygrant,denyandmanageanyincomingdataaccessrequests.
ID FR.23
Title Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
UserRoles CloudApplicationAdmin,CloudProvider
Description TheUnicornplatformmustprovide itsuserswithmechanismscapableofensuring, atanytime, that the trafficexchangedwith the cloudwill notharm the (multi-cloud)applicationexecutionenvironmentwhilepreservingtheprivacyofthedataexposedandmanagedbytheapplication(FR.22).Toachievethis,anIDS(IntrusionDetectionSystem)willbeimplementedat the cloud execution environment level where adaptive network and information flowmonitoringwillbeestablishedatruntimetodetectanyin-boundorout-boundexfiltrationofinformation based on well-known communication channels, information flow patternsobserved through the usage of anomaly detection and pattern recognition algorithms. Asdeploymentsof(micro-)executioncontainersmayberestrictiveinthemeansofresources,theIDSwilladapttheprocessforinformationflowtrackingtorestrictitsruntimeintrusivenessbasedonlow-costapproximateandadaptivemonitoringtechniqueswhileofflineprocessingwillbeboostedperformance-wisebyencompassingGPU-acceleratedtechniques.
ID FR.24
Title Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
UserRoles CloudApplicationAdmin,CloudProvider
Description TheUnicornplatformwillprovideitsuserswiththemechanismstoensurethattheir(multi-)cloud application execution environment behaves, at runtime, as intended, and that thesecurity-enforcementandprivacypreservingpoliciesanddataaccessrulesarenotviolated.Toachievethis,Unicornwillprovidethemeansfortheruntimeassessmentoftheapplicationexecutionenvironmentagainstknownvulnerabilitiesbyperformingsecurityandbenchmarkteststodetectpotentialsecuritythreatsandprivacybreaches.ThelevelofintrusivenessofthetestingperformedbytheUnicornplatformwillbeconfigurablebyusers.Aftertesting,theUnicornplatformwillreportanysuspiciousactivityandthemeasuredriskexposureleveltotheapplicationadministrator(FR.8)inordertoimmediatelytakeactionandpreventsensitivedataleakageandprivacybreaches.
D1.1StakeholdersRequirementsAnalysis
74
Table7:FunctionalRequirementsRelationtoUserRole
UserRole FunctionalRequirements
CloudApplicationDeveloper
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
CloudApplicationProductManager
FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudexecutionenvironmentcloudofferingandcapabilitymetadatadescriptionsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.11Applicationplacementoverprogrammablecloudexecutionenvironments
CloudApplicationTester
FR.6Deploymentassemblyintegrityvalidation
CloudApplicationAdmin
FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
D1.1StakeholdersRequirementsAnalysis
75
FR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
UnicornAdmin FR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotations
UnicornDeveloper
FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6DeploymentassemblyintegrityvalidationFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.22Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones
CloudProvider FR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorcloudofferingallocationandconsumptionFR.21QoSadvertisingandmanagementFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
D1.1StakeholdersRequirementsAnalysis
76
7.2 Non-FunctionalRequirementsNon-functionalrequirementsrelatetothedesiredqualityaspectsthatshouldbesatisfiedbythearchitecturalcomponents of the Unicorn eco-system that, in turn, must satisfy the functional requirements previouslyintroduced.Tothisend, thewidelyaccepted,bythesoftwareandresearchcommunity, ISO/IEC25010:2011software quality assurance model was selected to create a shared conceptualization of the non-technicalattributes[124].ThefundamentalobjectiveoftheISO/IEC25010:2011standard3istoaddresssomeofthewell-knownhumanbiasesthatcanadverselyaffectthedeliveryandperceptionofasoftwaredevelopmentprojectwhileitalsodetermineswhichqualitycharacteristicswillbetakenintoaccountwhenevaluatingthepropertiesofasoftwareproduct.TheISO/IEC25010:2011qualitymodelclassifiessoftwarequalityinastructuredsetofcharacteristicsandsub-characteristics,asfollows:
• Functionalsuitability:Itreferstoasetofattributesthatbearontheexistenceofasetoffunctionsandtheirspecifiedproperties.Thefunctionsarethosethatsatisfystatedorimpliedneeds.Indicativesub-characteristicsinclude:softwarefunctionalcompletenessandfunctionalcorrectness.
• Reliability:Itreferstoasetofattributesthatbearonthecapabilityofsoftwaretomaintainitslevelofperformanceunderstatedconditionsforastatedperiodoftime.Indicativesub-characteristicsinclude:softwarematurity,faulttolerance,recoverabilityandreliabilitycompliance.
• Usability:Itreferstoasetofattributesthatbearontheeffortneededforuse,andontheindividualassessment of such use, by a stated or implied set of users. Indicative sub-characteristics include:understandability,learnability,operability,attractivenessandusabilitycompliance.
• Efficiency:Itreferstoasetofattributesthatbearontherelationshipbetweenthelevelofperformanceof the software and the amount of resources used, under stated conditions. Indicative sub-characteristics include:timebehaviour,resourceutilization, latency,serviceavailabilityandefficiencycompliance.
• Maintainability: It refers to a set of attributes that bear on the effort needed to make specifiedmodifications. Indicative sub-characteristics include: analyzability, changeability, stability, testabilityandmaintainabilitycompliance.
• Portability:Itreferstoasetofattributesthatbearontheabilityofsoftwaretobetransferredfromoneenvironmenttoanother.Indicativesub-characteristicsinclude:adaptability,installability,co-existencewithothersoftware,replaceabilityandportabilitycompliance.
• Security:Itreferstoasetofattributesthatdefinethedegreetowhichaproductorsystemprotectsinformation anddata so that persons or other products or systemshave thedegree of data accessappropriatetotheirtypesandlevelsofauthorization.
• Compatibility: It refers to a set of attributes that define the degree towhich a product, system orcomponentcanexchangeinformationwithotherproducts,systemsorcomponents,and/orperformitsrequiredfunctions,whilesharingthesamehardwareorsoftwareenvironment.
Eachqualitysub-characteristic(e.g.adaptability)isfurtherdividedintoattributes.Anattributeisanentitywhichcanbeverifiedormeasuredinthesoftwareproduct.Attributesarenotdefinedinthestandard,astheyvarybetween different software products. An overviewof the aforementioned characteristics is provided in thefollowingfigure.
3NotethatISO/IEC25010hasreplacedISO/IEC9126
D1.1StakeholdersRequirementsAnalysis
77
Figure40:Non-TechnicalQualityAspectsasOrganisedbyISO/IEC25010:2011
Aftertheselectionofthequalitymodel,thenextstepistoexaminewhichattributesarerelatedtotheUnicorneco-systemandhowdotheymaptofunctionalrequirements.Intheenumeratedlistingsthatfollow,wemakea concretemapping between the core quality model attributes and the functional requirements that theycorrelate to. Inparallel, for eachnon-functional requirement, abrief descriptionof theUnicorneco-systemrelevantcharacteristicsisalsoprovided.
NR.1 FunctionalSuitability
Description This characteristic represents the degree to which a product or system providesfunctionsthatmeetstatedandimpliedneedswhenusedunderspecifiedconditions.Thischaracteristiciscomposedofthefollowingsub-characteristics:
• Functional completeness.Degree towhich thesetof functionscoversall thespecifiedtasksanduserobjectives.
• Functional correctness. Degree to which a product or system provides thecorrectresultswiththeneededdegreeofprecision.
• Functional appropriateness. Degree to which the functions facilitate theaccomplishmentofspecifiedtasksandobjectives.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotations
D1.1StakeholdersRequirementsAnalysis
78
FR.15UnifiedAPIforabstractionandsearchingofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.21QoSadvertisingandmanagement
NR.2 PerformanceEfficiency
Description Thischaracteristicrepresentstheperformancerelativetotheamountofresourcesusedunder stated conditions. This characteristic is composed of the following sub-characteristics:
• Time behaviour. Degree to which the response and processing times andthroughputratesofaproductorsystem,whenperformingitsfunctions,meetrequirements.
• Resourceutilization.Degreetowhichtheamountsandtypesofresourcesusedbyaproductorsystem,whenperformingitsfunctions,meetrequirements.
• Capacity.Degreetowhichthemaximumlimitsofaproductorsystemparametermeetrequirements.
PerformanceunderthecontextofUNICORNreferstotheabilityofthesystemtosupportcollaborative development allowingmultiple users accessing the systemat the sametime.AlsoforUNICORNtobeefficient,theusersneedtoknowatanytimewhattheresourceutilizationofthesystemis. Itshouldalsoprovidefastencryption/decryptiontimesbetweenservicesthatcommunicateanditshouldprovidetheabilitytoeffectivelyusehardwareresourcesofanytype(e.g.,GPUs)forcomplexandresourcedemandingtaskssuchasperforming intenseanalysison informationflowdata inordertodetectpotentialmaliciousbehaviours.
FunctionalRequirements
FR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20Monitorcloudofferingallocationandconsumption
D1.1StakeholdersRequirementsAnalysis
79
FR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
NR.3 Compatibility
Description Degreetowhichaproduct,systemorcomponentcanexchangeinformationwithotherproducts,systemsorcomponents,and/orperformitsrequiredfunctions,whilesharingthe same hardware or software environment. This characteristic is composed of thefollowingsub-characteristics:
• Co-existence. Degree to which a product can perform its required functionsefficiently while sharing a common environment and resources with otherproducts,withoutdetrimentalimpactonanyotherproduct.
• Interoperability. Degree to which two or more systems, products orcomponentscanexchangeinformationandusetheinformationthathasbeenexchanged.
TheUNICORNrun-timecomponentsshouldbe,architectural-wiseandimplementation-wise,closetotheindustry.ForthisreasonUNICORNwillprovidesupporttoanumberofcommonlyusedstandards,standardsyntax,APIs,widelyavailabletools,technologies,methodologiesandbestpractices.Thesystemshouldsupportabstractionswhichwillhidefromdevelopersandtheirapplicationsdetailsregardingthesystemandapplicationinfrastructure. UNICORN will also support uniform service descriptions such as SLAofferingswithclearpoliciesandguidelines.
FunctionalRequirements
FR.1Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints.FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptionsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironments
D1.1StakeholdersRequirementsAnalysis
80
FR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.22Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones.FR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviour.
NR.4 Usability
Description Degreetowhichaproductorsystemcanbeusedbyspecifieduserstoachievespecifiedgoalswith effectiveness, efficiency and satisfaction in a specified context of use. Thischaracteristiciscomposedofthefollowingsub-characteristics:
• Appropriatenessrecognizability.Degreetowhichuserscanrecognizewhetheraproductorsystemisappropriatefortheirneeds.
• Learnability.degreetowhichaproductorsystemcanbeusedbyspecifiedusersto achieve specified goals of learning to use the product or system witheffectiveness,efficiency,freedomfromriskandsatisfactioninaspecifiedcontextofuse.
• Operability.Degreetowhichaproductorsystemhasattributesthatmakeiteasytooperateandcontrol.
• Usererrorprotection.Degreetowhichasystemprotectsusersagainstmakingerrors.
• Userinterfaceaesthetics.Degreetowhichauserinterfaceenablespleasingandsatisfyinginteractionfortheuser.
• Accessibility.Degreetowhichaproductorsystemcanbeusedbypeoplewiththewidestrangeofcharacteristicsandcapabilitiestoachieveaspecifiedgoalinaspecifiedcontextofuse.
Takingintoconsiderationalltheabovecharacteristicsofusability,theUNICORNplatformwillsupportautomaticandseamlessdeploymentmakingitveryeasytouseandlearn.Thedevelopmentplatformandtoolswillbehostedonthecloudandwillbeaccessiblethroughawebbrowser.UNICORNwillhaveallthecontentanduserinterfaceorganizedlogicallyanditwillprovideapresentationinterface(e.g.,menuandnavigation,reporting,usercontrolsetc.)
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2Securelyregisterandmanagecloudprovidercredentials
D1.1StakeholdersRequirementsAnalysis
81
FR.3SearchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptionsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviourandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.12RegisterandmanagecloudapplicationownersFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorresourceandserviceconsumptionFR.21QoSadvertisingandmanagement
NR.5 Reliability
Description Degree towhich a system,productor componentperforms specified functionsunderspecifiedconditionsforaspecifiedperiodoftime.Thischaracteristiciscomposedofthefollowingsub-characteristics:
• Maturity. Degree towhich a system, product or componentmeets needs forreliabilityundernormaloperation.
• Availability.Degreetowhichasystem,productorcomponentisoperationalandaccessiblewhenrequiredforuse.
• Faulttolerance.Degreetowhichasystem,productorcomponentoperatesasintendeddespitethepresenceofhardwareorsoftwarefaults.
• Recoverability.Degreetowhich, intheeventofan interruptionora failure,aproduct or system can recover the data directly affected and re-establish thedesiredstateofthesystem.
D1.1StakeholdersRequirementsAnalysis
82
WithinthecontextofUNICORN,specificmechanismswillbearchitecturallydefinedandimplementedthatguaranteethatanyapplicationcanbesecurelydeployed.
FunctionalRequirements
FR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6DeploymentassemblyintegrityvalidationFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.21QoSadvertisingandmanagement
NR.6 Security
Description Thedegreetowhichaproductorsystemprotectsinformationanddatasothatpersonsorotherproductsorsystemshavethedegreeofdataaccessappropriatetotheirtypesand levels of authorization. This characteristic is composed of the followingsubcharacteristics:
• Confidentiality. Degree to which a product or system ensures that data areaccessibleonlytothoseauthorizedtohaveaccess.
• Integrity. Degree to which a system, product or component preventsunauthorizedaccessto,ormodificationof,computerprogramsordata.
• Non-repudiation.degreetowhichactionsoreventscanbeproventohavetakenplace,sothattheeventsoractionscannotberepudiatedlater.
• Accountability.Degreetowhichtheactionsofanentitycanbetraceduniquelytotheentity.
• Authenticity.Degreetowhichtheidentityofasubjectorresourcecanbeprovedtobetheoneclaimed.
D1.1StakeholdersRequirementsAnalysis
83
One of themajor focal points of UNICORN is to be able to provide to SMEs securityfeatures for their cloudapplications.For that reasonUNICORNwill incorporateauserauthentication and authorization system along with the ability to securely store andmanagevarioususercredentialsandcloudaccesstokens.UNICORNwillprovideasecureend-to-end encrypted communication channel between the various components of aclouddeploymentandtheabilityforDevOpsteamstosecureapplicationdataaccordingtovariouspoliciesandregulations.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2SecurelyregisterandmanagecloudprovidercredentialsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.6DeploymentassemblyintegrityvalidationFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.21QoSadvertisingandmanagementFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviourFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
NR.7 Maintainability
Description This characteristic represents the degree of effectiveness and efficiencywithwhich aproduct or system can bemodified to improve it, correct it or adapt it to changes inenvironment, and in requirements. This characteristic is composed of the followingsubcharacteristics:
• Modularity. Degree to which a system or computer program is composed ofdiscretecomponentssuchthatachangetoonecomponenthasminimalimpactonothercomponents.
D1.1StakeholdersRequirementsAnalysis
84
• Reusability.Degreetowhichanassetcanbeusedinmorethanonesystem,orinbuildingotherassets.
• Analysability.Degreeofeffectivenessandefficiencywithwhichitispossibletoassesstheimpactonaproductorsystemofanintendedchangetooneormoreofitsparts,ortodiagnoseaproductfordeficienciesorcausesoffailures,ortoidentifypartstobemodified.
• Modifiability. Degree to which a product or system can be effectively andefficientlymodifiedwithout introducing defects or degrading existing productquality.
• Testability.Degreeofeffectivenessandefficiencywithwhichtestcriteriacanbeestablishedforasystem,productorcomponentandtestscanbeperformedtodeterminewhetherthosecriteriahavebeenmet.
In order for UNICORN to be easily maintained, all the annotation libraries, the CoreContext Model, and the Cloud Application Enablers that will perform runtime policyenforcementshouldincorporatetheabovementionedfeatures.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2SecurelyregisterandmanagecloudprovidercredentialsFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20Monitorcloudofferingallocationandconsumption
NR.8 Portability
D1.1StakeholdersRequirementsAnalysis
85
Description Degreeofeffectivenessandefficiencywithwhichasystem,productorcomponentcanbetransferredfromonehardware,softwareorotheroperationalorusageenvironmenttoanother.Thischaracteristiciscomposedofthefollowingsubcharacteristics:
• Adaptability.Degreetowhichaproductorsystemcaneffectivelyandefficientlybeadaptedfordifferentorevolvinghardware,softwareorotheroperationalorusageenvironments.
• Installability. Degree of effectiveness and efficiency with which a product orsystem can be successfully installed and/or uninstalled in a specifiedenvironment.
• Replaceability. Degree to which a product can replace another specifiedsoftwareproductforthesamepurposeinthesameenvironment.
One of the most important requirements under the context of UNICORN is therequirementofPortability.This requirementrelates to theUNICORNCompliantCloudApplications that should be interoperable and functional in multiple operationalenvironments (multi-cloud environments). To this direction the adoption of variouscommonly used standards (e.g., OASIS TOSCA4) which are infrastructure andenvironmentagnostic.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.21QoSadvertisingandmanagement
4https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca
D1.1StakeholdersRequirementsAnalysis
86
FR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
D1.1StakeholdersRequirementsAnalysis
87
8 ConclusionsThisfinalsectionofthecurrentdeliverable(D1.1)willbeusedasasynopsisofthecontentpresentedinthedocument, which was the outcome of a carefully designedmethodology and research upon industrial andacademicdatacollectedduringtheinitialprojectimplementationactivities.Intherequirementsanalysisphase,whichthisdeliverable(D1.1)ispartof,alogicalprocesshasbeenfollowed,usingtheagilemethodologyinordertoidentifytheUnicornstakeholdersandtargetaudience,deriveacompletesetofUnicornActorsanddefinetheUnicornsystemrequirements.Thestepsofthisprocessinvolvedactivecontributionbyallpartnersandtheresultsofthisanalysisprovidethepillarsonwhichthetechnicalandresearchwork,thatwillfollow(D1.2Unicornreferencearchitecture),willbebased.
ThefirststepofthisprocesswastoidentifythemainUnicornstakeholdersandthetargetaudience.Chapter5of this deliverable (D1.1) depicts the full imageof theones that the final result ofUnicornProject aims at.Moreover,byanalysingthecurrentstateoftheindustry,themarketgapsthattheUnicornprojectwillcontributeto have been identified. Another contribution of D1.1 was the definition of common terminology/glossarypresentedinChapter3thatwillbeusedasareferenceguideacrossallfuturedeliverablesandinteractionwithUnicornstakeholders.Thefinaloutcomeofthefirststepofthemethodologywastheidentificationoftheuserroles for the Unicorn eco-system. Some of the user role responsibilities may overlap among users of theplatform,whichmaycausemisinterpretations,howeverastheanalysisoftheinterviewresultssuggestsinthenextstep,inDevOpsteams,thesilverliningbetweenrolesintheengineeringteamareoftenquiteblur(e.g.,aCloudApplicationDevelopermayalsobeinchargeofTestingortheApplicationAdministratormayalsobeaDeveloper).
ThenextstepofthelogicalprocesswasthedevelopmentoftheinterviewquestionnaireforpotentialUnicorntargetusers and theanalysisof the responseswhichproduced results thatwere inaccordance toallmajorindustry surveys of the field. The analysis of the responses contributed in deciding and clarifying a set offunctionalandnon-functionalsystemrequirementsthatcanbeassignedtotheidentifieduserroles(Chapter7).Inaddition,theinterviewresultshavehighlightedthemainobstaclesanddifficultiesthatITworkersinSMEsarecurrently facing on the cloud environment, such as lack of unified tools for monitoring and elasticity, thedeploymentofapplicationovermulti-cloudenvironmentsandcloudclustermanagement.AnotherinterestingfindingfromtheinterviewprocesswastheprioritizationandrankingofthevarioussecuritythreatsandprivacyissuesthatSMEsarefacing.Thisrankingofthesecurityandprivacythreatscontributed indecidingthecoresecurityfunctionalitythatUnicornwilloffertoitsusers.
Inaddition, the interviewprocessalsoprovidedvaluable informationregardingthetechnologies involvedtorealizevariousaspectsoftheUnicornproject.Micro-servicearchitecturalapproachesaretypicallyincreasinginpopularity among IT workers in the SMEs (some are experimenting, some are partly using amicro-servicearchitecture,somehavefullyembracedthemicro-serviceapproach).Withtheincreaseintheinterestformicro-servicesarchitecturalpatterns,interviewedorganisationsalsoseemtobeutilizingcontainerizedsolutions(e.g.,Docker,Swarm,andKubernetes)forapplicationdeploymentandorchestration.
In the forthcoming steps, based on the outcomes of D1.1, the documentation of the overall architecturedescribing the main components and artefacts of Unicorn, the interconnection scheme and the specificinterfacesforexchangeofinformationamongthemwillbedesignedanddescribedindetailinD1.2.Inadditiontothereferencearchitecture,thesupportedUnicornUseCasesdescribingtheimplementationscenariosofthe
D1.1StakeholdersRequirementsAnalysis
88
mechanismsthatwillbedevelopedwithintheprojectinthedemonstratorswillbeanalysedinordertobeusedasastartingpointfortheresearch/technicalanddemonstration/business-orientedworkpackages.
D1.1StakeholdersRequirementsAnalysis
89
9 References[1] N.R.Herbst,S.Kounev,andR.Reussner,“ElasticityinCloudComputing:WhatItIs,andWhatItIsNot.,”
inICAC,2013,pp.23–27.
[2] N.Loulloudes,C.Sofokleous,D.Trihinas,M.D.Dikaiakos,andG.Pallis,“EnablingInteroperableCloudApplicationManagementthroughanOpenSourceEcosystem,”{IEEE}InternetComput.,vol.19,no.3,pp.54–59,2015.
[3] L.Willcocks,W.Venters,andE.A.Whitley,“CloudinContext:ManagingNewWavesofPower,”inMoving
to the Cloud Corporation:How to face the challenges and harness the potential of cloud computing,London:PalgraveMacmillanUK,2014,pp.1–19.
[4] IntuitInc.,“IntuitStudyShowsHowtheCloudWillTransformSmallBusinessby2020.”2015.
[5] MichaelJ.SKok,“BreakingDowntheBarrierstoCloudAdoption.”2014.
[6] ApacheJClouds,“https://jclouds.apache.org/.”.
[7] ApacheLibClouds,“https://libcloud.apache.org/.”.
[8] OASIS TOSCA Committee, “OASIS Topology and Orchestration Specification for Cloud Applications(TOSCA).”.
[9] OASISCAMPCommittee,“OASISCloudApplicationManagementforPlatforms(CAMP).”.
[10] RackspaceInc.,“StateoftheCloud2016.”2016.
[11] RightscaleInc.,“CloudComputingTrends2015.”2015.
[12] JulieKnudson,“Study:IaaSandCloudChallengesintheEnterprise.”2014.
[13] D.Trihinas,G.Pallis,andM.D.Dikaiakos,“JCatascopia:MonitoringElasticallyAdaptiveApplicationsintheCloud,”inCluster,CloudandGridComputing(CCGrid),201414thIEEE/ACMInternationalSymposium
on,2014,pp.226–235.
[14] D.Trihinas,G.PallisandM.D.Dikaiakos,“MonitoringElasticallyAdaptiveMulti-CloudServices,” IEEETrans.CloudComput.,vol.4,2016.
[15] G.Copiletal.,“Service-OrientedComputing:12thInternationalConference,ICSOC2014,Paris,France,November3-6,2014.Proceedings,”Berlin,Heidelberg:Springer,2014,pp.275–290.
[16] AmazonCloudFormation,“https://aws.amazon.com/cloudformation/.”.
[17] Oracle Virtual Assembly Builder, “http://www.oracle.com/us/products/middleware/exalogic/virtual-assembly-builder/overview/index.html.”.
[18] EclipseIDECommunity,“CloudApplicationManagementFramework(CAMF).”.
[19] JuJufromCanonical,“http://www.ubuntu.com/cloud/juju.”.
[20] ServiceMesh Agility Platform, “http://www.csc.com/cloud/offerings/53410/104965-csc_agility_platform_cloud_management.”.
[21] S.Dustdar,Y.Guo,B.Satzger,andH.-L.Truong,“Principlesofelasticprocesses,”IEEEInternetComput.,no.5,pp.66–71,2011.
D1.1StakeholdersRequirementsAnalysis
90
[22] ProgrammableInfrastructure,“programmableinfrastructure.com.”2017.
[23] P.Gouvas,C.Vassilakis,E.Fotopoulou,andA.Zafeiropoulos,“ANovelReconfigurable-by-DesignHighlyDistributed Applications Development Paradigm over Programmable Infrastructure,” in 2016 28thInternationalTeletrafficCongress(ITC28),2016,vol.2,pp.7–12.
[24] Z.A.Mann,“AllocationofVirtualMachinesinCloudDataCenters&Mdash;ASurveyofProblemModelsandOptimizationAlgorithms,”ACMComput.Surv.,vol.48,no.1,p.11:1--11:34,Aug.2015.
[25] KurtMarkoetal.,“Thebenefitsofamulti-cloudapproach.”.
[26] TonyConnor,IDC,“Thebenefitsofamulti-cloudstrategy.”2016.
[27] RightScale,“StateoftheCloudReport2017,”2017.
[28] Rightscale,“StateoftheCloud2017Trends.”2017.
[29] D.TovarnakandT.Pitner,“Towardsmulti-tenantandinteroperablemonitoringofvirtualmachinesincloud,”inSymbolicandNumericAlgorithmsforScientificComputing(SYNASC),201214thInternational
Symposiumon,2012,pp.436–442.
[30] N.Bassiliades,M.Symeonidis,G.Meditskos,E.Kontopoulos,P.Gouvas,and I.Vlahavas,“ASemanticRecommendationAlgorithmforthePaaSportPlatform-as-a-serviceMarketplace,”ExpertSyst.Appl.,vol.67,no.C,pp.203–227,Jan.2017.
[31] G.Copiletal.,“ADVISE–aframeworkforevaluatingcloudserviceelasticitybehavior,”inService-OrientedComputing,Springer,2014,pp.275–290.
[32] J.Thones,“Microservices,”IEEESoftw.,vol.32,no.1,p.116,Jan.2015.
[33] Lori MacVittie, Micorservices and Microsegmentation,“https://devcentral.f5.com/articles/microservices-versus-microsegmentation.”2015.
[34] Martin Fowler, “Microservices a definition of this new architectural term.” [Online]. Available:https://martinfowler.com/articles/microservices.html.
[35] EricS.Raymond,“TheArtofUNIXProgramming.”2013.
[36] ScottM.Fulton,“WhatLedAmazontoitsOwnMicroservicesArchitecture.”2015.
[37] TonyMauro,“AdoptingMicroservicesatNetflix:LessonsforArchitecturalDesign.”2016.
[38] M.G.Xavier,M.VNeves,F.D.Rossi,T.C.Ferreto,T.Lange,andC.A.F.DeRose,“PerformanceEvaluationof Container-Based Virtualization for High Performance Computing Environments,” in 2013 21stEuromicro InternationalConferenceonParallel,Distributed,andNetwork-BasedProcessing,2013,pp.233–240.
[39] R. Jain and S. Paul, “Network virtualization and software defined networking for cloud computing: asurvey,”IEEECommun.Mag.,vol.51,no.11,pp.24–31,Nov.2013.
[40] J.Sahoo,S.Mohapatra,andR.Lath,“Virtualization:ASurveyonConcepts,TaxonomyandAssociatedSecurityIssues,”in2010SecondInternationalConferenceonComputerandNetworkTechnology,2010,pp.222–226.
[41] XenProject,“http://www.xenproject.org/.”.
D1.1StakeholdersRequirementsAnalysis
91
[42] VMWareVSphereHypervisor,“http://www.vmware.com/products/vsphere-hypervisor.html.”.
[43] KVMHypervisor,“https://www.linux-kvm.org/page/Main_Page.”.
[44] E.Bauman,G.Ayoade,andZ.Lin,“ASurveyonHypervisor-BasedMonitoring:Approaches,Applications,andEvolutions,”ACMComput.Surv.,vol.48,no.1,p.10:1--10:33,Aug.2015.
[45] R.Dua,A.R.Raja, andD.Kakadia, “Virtualization vsContainerization to SupportPaaS,” in2014 IEEEInternationalConferenceonCloudEngineering,2014,pp.610–614.
[46] Nolleetal.,“Continuousintegrationanddeploymentwithcontainers.”2015.
[47] ChrisTozzietal.,“Thebenefitsofcontainerdevelopment.”2015.
[48] E.W.BiedermanandL.Networx,“Multipleinstancesofthegloballinuxnamespaces,”inProceedingsoftheLinuxSymposium,2006,vol.1,pp.101–112.
[49] P.Menageetal.,“C-Groups.”2006.
[50] LXC/LXDLinuxContainers,“https://linuxcontainers.org/.”.
[51] J.Turnbull,TheDockerBook:Containerizationisthenewvirtualization.JamesTurnbull,2014.
[52] DockervsCoreOSRkt,“https://www.upguard.com/articles/docker-vs-coreos.”.
[53] CoreOs,“http://coreos.com/.”
[54] DockerInc.,“DockerCompose.”.
[55] Kubernetes,“http://kubernetes.io/.”.
[56] Fleet,“https://github.com/coreos/fleet.”.
[57] XenProject,“TheUnikernelApproach.”2014.
[58] A.Kivity,D.Laor,G.Costa,andP.Enberg,“OSv—OptimizingtheOperatingSystemforVirtualMachines,”Proc.2014USENIXAnnu.Tech.Conf.,pp.61–72,2014.
[59] MirageOS,“https://mirage.io/.”.
[60] OSv,“http://osv.io/.”.
[61] LarsKurth,“AreCloudOperatingSystemstheNextBigThing?”.
[62] LarsKurth,“HowEarlyAdoptersAreUsingUnikernels-WithandWithoutContainers.”.
[63] DZone,“TheDZoneGuidetoDevOps-ContinuousDeliveryandAutomation,”2016.
[64] R.WEXLER,“theStateofCloudreport,”Weather,vol.27,no.5,pp.211–211,2017.
[65] AWS,“WhatisDevOps?,”https://aws.amazon.com/devops/what-is-devops/.
[66] A.Brown,N.Forsgren,J.Humble,G.Kim,andN.Kersten,“StateofDevopsReport2016,”vol.5,2016.
[67] M.Fowler,“ContinuousIntegration,”2006.
[68] L.Chen,“Continuousdelivery:Hugebenefits,butchallengestoo,”IEEESoftw.,vol.32,no.2,pp.50–54,
D1.1StakeholdersRequirementsAnalysis
92
2015.
[69] StackoverflowCommunity,“DevelopmerReport2016.”.
[70] EclipseCheCloudIDE,“https://eclipse.org/che.”.
[71] SAPHanaCloudIDE,“https://hcp.sap.com/index.html.”.
[72] G.GalanteandL.C.E.DeBona,“Asurveyoncloudcomputingelasticity,”inProceedings-2012IEEE/ACM
5thInternationalConferenceonUtilityandCloudComputing,UCC2012,2012,pp.263–270.
[73] M. Nosal,M. Sulir, and J. Juhar, “Source code annotations as formal languages,” in 2015 FederatedConferenceonComputerScienceandInformationSystems(FedCSIS),2015,pp.953–964.
[74] Y.Golecha,DZone,“HowDoAnnotationsWorkinJava?”.
[75] SpringIOTools,“https://spring.io/tools.”.
[76] AnnotationProcessingTool(APT),“http://docs.oracle.com/javase/7/docs/technotes/guides/apt/.”.
[77] XDocletAnnotations,“http://xdoclet.sourceforge.net/xdoclet/index.html.”.
[78] EclipseAspectJ,“https://eclipse.org/aspectj/.”.
[79] JUnitTesting,“http://junit.org/junit4/.”.
[80] N. Jacob and C. Brodley, “Offloading IDS Computation to the GPU,” in2006 22nd Annual Computer
SecurityApplicationsConference(ACSAC’06),2006,pp.371–380.
[81] L. Marziale, G. G. Richard III, and V. Roussev, “Massive Threading: Using GPUs to Increase thePerformanceofDigitalForensicsTools,”Digit.Investig.,vol.4,pp.73–81,Sep.2007.
[82] G.Vasiliadis,S.Antonatos,M.Polychronakis,E.P.Markatos,andS.Ioannidis,“Gnort:HighPerformanceNetwork Intrusion Detection Using Graphics Processors,” in Proceedings of the 11th InternationalSymposiumonRecentAdvancesinIntrusionDetection,2008,pp.116–134.
[83] G. Vasiliadis, M. Polychronakis, and S. Ioannidis, “MIDeA: A Multi-parallel Intrusion DetectionArchitecture,”inProceedingsofthe18thACMConferenceonComputerandCommunicationsSecurity,2011,pp.297–308.
[84] N.Fips,“AnnouncingtheADVANCEDENCRYPTIONSTANDARD(AES),”Byte,vol.2009,no.12,pp.8–12,2001.
[85] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-keycryptosystems,”Commun.ACM,vol.21,no.2,pp.120–126,1978.
[86] KentBecketal.,“TheAgileManifesto.”2001.
[87] RightScale 2016 State of the Cloud Report, “http://www.rightscale.com/lp/2016-state-of-the-cloud-report.”.
[88] Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,“https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519.”.
[89] Magic Quadrant for Enterprise Application Platform as a Service, Worldwide,
D1.1StakeholdersRequirementsAnalysis
93
“https://www.gartner.com/doc/reprints?id=1-2C8JHBP&ct=150325&st=sb.”.
[90] Veracode Secure Development Survey 2016, “https://info.veracode.com/report-veracode-developer-survey.html.”.
[91] VisionMobile 2017: State of the developer nation, “https://www.visionmobile.com/reports/state-developer-nation-q1-2017.”.
[92] LightBend2016:Cloud,Container&Micro-services,“https://www.slideshare.net/Lightbend/enterprise-development-trends-2016-cloud-container-and-microservices-insights-from-2100-jvm-developers.”.
[93] GitLab:2016GlobalDeveloperReport,“https://about.gitlab.com/2016/11/02/global-developer-survey-2016/.”.
[94] RebelLabs: 2016 Development and Productivity Report and Java Landscape,“http://pages.zeroturnaround.com/RebelLabs-Developer-Productivity-Report-2016.html.”.
[95] RebelLabs:2017ProgrammingtheWebReport,“https://zeroturnaround.com/webframeworksindex/.”.
[96] StackOverflow:2016DeveloperReport,“https://insights.stackoverflow.com/survey/2016.”.
[97] StackOverflow:2017DeveloperReport,“https://insights.stackoverflow.com/survey/2017.”.
[98] Eu Commission, Annual report on European SMEs performance 2016,“http://ec.europa.eu/growth/smes/business-friendly-environment/performance-review-2016_en.”.
[99] SaaS, PaaS, and IaaS: A security checklist for cloud models - CSO Security Report,“http://www.csoonline.com/article/2126885/cloud-security/saas-paas-and-iaas-a-security-checklist-for-cloud-models.html.”.
[100] Gartner,“GartnerSaysWorldwidePublicCloudServicesMarkettoGrow17Percentin2016,”GartnerPressRelease,2017.[Online].Available:http://www.gartner.com/newsroom/id/3616417.
[101] L. Leong, G. Petri, B. Gill, and M. Dorosh, “Magic Quadrant for Cloud Infrastructure as a Service,Worldwide,” Gartner Inc., 2016. [Online]. Available: https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519.
[102] Gartner,“GartnerSaysWorldwidePublicCloudServicesMarkettoGrow18Percentin2017,”GartnerPressRelease,2017.[Online].Available:http://www.gartner.com/newsroom/id/3616417.
[103] KPMG,“Journeytothecloud:ThecreativeCIOAgenda,”2017.
[104] G. Leopold, “Container Market Pegged at $2.7B by 2020,” EnterpiseTech, 2017. [Online]. Available:https://www.enterprisetech.com/2017/01/10/container-market-pegged-2-7b-2020/.
[105] “DevOps & Microservice Ecosystem Market Forecast 2017-2022,”Market Analysis, 2017. [Online].Available:https://www.marketanalysis.com/?p=63.
[106] CloudFoundry,“HopeVersusReality:ContainersIn2016.GlobalPerceptionStudy,”2016.
[107] Netflix,“NetflixOSS.”[Online].Available:https://netflix.github.io/.
[108] Docker,“https://www.docker.com/.”
[109] IncludeOs,“http://www.includeos.org/.”
D1.1StakeholdersRequirementsAnalysis
94
[110] Istio,“https://istio.io/.”
[111] Linkerd,“https://linkerd.io/.”
[112] OpenShift,“https://openshift.io/.”
[113] R.Unikernel,“https://github.com/rumpkernel/rumprun.”
[114] Rkt,“https://coreos.com/rkt.”
[115] E.Pekka,“APerformanceEvaluationofHypervisor,Unikernel,andContainerNetworkI/OVirtualization,”2016.
[116] C.Tamas, “AperformancecomparisonofKVM,Dockerand the IncludeOSUnikernel,”MasterThesis,2016.
[117] A.Bratterud,A.A.Walla,H.Haugerud,P.E.Engelstad,andK.Begnum,“IncludeOS:Aminimal,resourceefficient unikernel for cloud services,” in Proceedings - IEEE 7th International Conference on CloudComputingTechnologyandScience,CloudCom2015,2016,pp.250–257.
[118] I.Github,“https://github.com/istio/istio/issues/369.”
[119] Autoletics, “Performance Benchmarking and Hotspot Analysis of Linkerd – Part 1,” 2017. [Online].Available: https://www.autoletics.com/posts/performance-benchmarking-and-hotspot-analysis-of-linkerd-part-1.
[120] E.E.IanBriggs,MattDay,YuankaiGuo,PeterMarheine,“APerformanceEvaluationofUnikernels,”2015.
[121] A.Madhavapeddyetal., “Unikernels: LibraryOperating Systems for theCloud,”Proc. eighteenth Int.Conf.Archit.SupportProgram.Lang.Oper.Syst.-ASPLOS’13,vol.48,no.4,p.461,2013.
[122] “Performance Test For Unikernels (Rumpkernel And OSv).” [Online]. Available:http://tech.donghao.org/2015/12/23/performance-test-for-unikernels-rumpkernel-and-osv/.
[123] “Docker v/s Rkt Benchmarking: Performance Benchmarks.” [Online]. Available:https://shivammaharshi.wordpress.com/2016/08/16/docker-vs-rkt-benchmarking-performance-benchmarks/.
[124] ISO/IEC25010:2011,“https://www.iso.org/standard/35733.html.”.
D1.1StakeholdersRequirementsAnalysis
95
10 Annex
10.1 IdentifiedUnicornFunctionalRequirements
FR.1 Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints
FR.2 SecurelyregisterandmanagecloudprovidercredentialsFR.3 Search interface forextractingunderlyingprogrammablecloudofferingsandcapabilitymetadata
descriptionsFR.4 CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5 Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6 DeploymentassemblyintegrityvalidationFR.7 AccessapplicationbehaviorandperformancemonitoringdataFR.8 Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9 Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedon
intelligentdecision-makingmechanismsFR.10 ManagetheruntimelifecycleofadeployedcloudapplicationFR.11 ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.12 RegisterandmanagecloudapplicationownersFR.13 ManagethecorecontextmodelFR.14 RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15 UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloud
executionenvironmentsFR.16 Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.17 DevelopmentofcodeannotationlibrariesFR.18 DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19 RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20 MonitorcloudofferingallocationandconsumptionFR.21 QoSadvertisingandmanagementFR.22 Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdata
accessandmovementacrosscloudsitesandavailabilityzonesFR.23 Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,
detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviorFR.24 Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerability
assessment,measurementandpolicycomplianceevaluation
10.2 DisseminatedQuestionnaireInwhat follows is in printable format theUnicornquestionnaire. Theonline versionof thequestionnaire isaccessibleviathefollowinglink:https://goo.gl/forms/a8rH60DmD3qSWXXN2
D1.1StakeholdersRequirementsAnalysis
96
D1.1StakeholdersRequirementsAnalysis
97
D1.1StakeholdersRequirementsAnalysis
98
D1.1StakeholdersRequirementsAnalysis
99
D1.1StakeholdersRequirementsAnalysis
100
D1.1StakeholdersRequirementsAnalysis
101
D1.1StakeholdersRequirementsAnalysis
102
D1.1StakeholdersRequirementsAnalysis
103
D1.1StakeholdersRequirementsAnalysis
104
D1.1StakeholdersRequirementsAnalysis
105
D1.1StakeholdersRequirementsAnalysis
106
D1.1StakeholdersRequirementsAnalysis
107
D1.1StakeholdersRequirementsAnalysis
108
D1.1StakeholdersRequirementsAnalysis
109