RailCloud First Policy_Draft for Circulation_Ver 0.0 1 | P a g e

DRAFT FOR COMMENTS

Annexure-I

Sub: Rail Cloud First policy for Indian Railways.

Ref: 1. Govt of India’s GI Cloud (Meghraj) strategic Direction

paper.

2. Govt of India’s ‘Software Development & Re-Engineering

Guidelines for Cloud Ready Applications’

3. Govt of India’s ‘Policy on Adoption of Open Source Software.’

Ministry of Railways has decided to establish a RailCloud.

The same has been inaugurated by Hon’ble Minister of Railways on

12.07.17.

Cloud Computing, an emerging new technology for

deployment of ICT, is the delivery of on-demand computing

resources (e.g. servers, storage, network, applications and services)

over the internet, with reduced infrastructure costs, agility to scale

up/down, faster deployment of applications, ease in integration of

applications, better security, pay-only-for-use model. The Policy

features of Railway’s Cloud policy are proposed as:

1. RailCloud First approach: Consistent with GoI policy of ‘Cloud-

by-Default’, Indian Railway shall follow Cloud Computing as the

default ICT deployment strategy as ‘RailCloud First’ for ICT

Applications. The exception of this policy shall be in rare

circumstances when an alternative ICT deployment strategy is

essentially required for the special requirement of Railways. The

proposal for such exception shall be sent to Railway Board, for

consideration after approval by the GM of Zonal Railways /PU.

2. RailCloud System: The RailCloud system shall be built with open

APIs with an open scale out architecture. The cloud system

architecture should support horizontal scaling when required, thus

allowing to make incremental capital investments when required.

The system should support lights out scenarios by allowing non-

intrusive monitoring of solution components for better

manageability and proactive maintenance. Whenever options are

available, open source frameworks/components shall be used

instead of proprietary frameworks/components to avoid vendor

lock-in and high operation and maintenance costs.

RailCloud First Policy_Draft for Circulation_Ver 0.0 2 | P a g e

The RailCloud shall be deployed as Hybrid Cloud Model which

will also use the existing data centres resources (e.g. servers,

storage, network, etc, with suitable changes) and will gradually

develop service capabilities as- IaaS (Infrastructure as a Service),

PaaS (Plateform as a Service) and SaaS (Software as a Service).

3. Application Development and cloud enablement: New IT

applications shall be cloud native, open standard-based,

technology-independent and open API based architectures to

deploy on RailCloud. Also, all new applications shall use Open

Source Software (OSS) in all e-Governance systems as a preferred

option.

4. Migration of Application to Cloud: Migration of data and

applications to the cloud will enhance the availability, agility and

functionality of the application and improve the interoperability

with other applications. The existing applications are to be

migrated to the cloud progressively. For this, application-centric

approach shall be made by proper mapping of the existing

application and its associated server hardware with due

consideration to financial aspects and technical parameters and

thereafter roadmap shall be made to migrate. There are five well

established approaches to migrate traditional applications to the

cloud, these include: REHOST on Infrastructure as a Service

(IaaS), REFACTOR for Platform as a Service (PaaS), REVISE for

IaaS or PaaS , REBUILD on PaaS & REPLACE with Software as

a Service (SaaS) as detailed in the Ref. 2. In process of application

migration, adequate testing of the Cloud environment needs to be

performed, before existing (in-premise) application is

decommissioned.

5. Application and Data ownership, Intellectual Property Rights: Application ownership and IPR after hosting on RailCloud, shall

remain with the original Application owning agency. The

application owner agency shall have right on access, retrieval,

modification and deletion of the data and shall define the policies

and processes of data access. Secured access to be given to Admin

of the Application for maintenance and upgradation.

6. Security: The Info-Security will be the shared responsibility of

RailCloud managing Agency so that the Applications uploaded

/run are secure on the Cloud, and the Application Developing &

Managing/uploading agency for making the application secure and

resilient, to Run on the RailCloud, by implementing necessary

security Controls, Role-Based Authentication and suitable

encryption of Data as per the latest standards.

RailCloud First Policy_Draft for Circulation_Ver 0.0 3 | P a g e

The RailCloud managing Agency will get the Cloud audited

annually and application managing agency will get the application

audited annually, from CERT-In approved agency. The audit of

application may be carried out by RailCloud managing agency

when mutually agreed.

7. Uploading of an Application to Cloud: The Application & Data

Owning directorate or the Zonal Railway/PU to which Application

& Data belongs, will send the proposal for uploading the

application to OneICT Cell, which is the nodal cell for the same.

Once approved, the same would be uploaded.

8. Service Level Agreements (SLAs): The performance of the Rail-

Cloud will be defined by SLAs including parameters for up-

time/down-time, Security and Penalties. Both the agencies shall

agree on the minimum SLAs, based on the criticality of the

application.

9. The stakeholders shall follow the Govt of India’s Cloud and IT

security policies as issued from time to time.

Enclosure (soft link):

1. Government of India’s GI Cloud (Meghraj) Strategic Direction

Paper

http://meity.gov.in/writereaddata/files/GI-

Cloud%20Strategic%20Direction%20Report%281%29_0.pdf

2. Govt of India’s policy on Software Development & Re-

Engineering Guidelines for Cloud Ready Applications

http://meity.gov.in/sites/upload_files/dit/files/Application_Develop

ment_Re-Engineering_Guidelines.pdf

3. Govt of India’s policy on ‘Policy on Adoption of Open Source

Software’

http://meity.gov.in/sites/upload_files/dit/files/policy_on_

adoption_of_oss.pdf