unicorn d1.1 resubmit vfinalunicorn-project.eu/wp-content/uploads/2018/04/... · d1.1 stakeholders...
TRANSCRIPT
UNICORNhasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchand
innovationprogrammeundergrantagreementNo731846
StakeholdersRequirementsAnalysisDeliverableD1.1
Editor DemetrisTrihinas
AthanasiosTryfonos Reviewers ManosPapoutsakis(FORTH)
SotirisKoussouris(Suite5) Date 30October2018(v1.1) Classification Public
!
D1.1StakeholdersRequirementsAnalysis
2
ContributingAuthor # VersionHistoryName Partner Description
DemetrisTrihinas UCY 1 TableofContents(ToC),documentpurposeandpartnercontributionassignment
AthanasiosTryfonos UCY 2 BackgroundandTerminologysectioninitialcontentmerged,relationtootherWPsadded
ZachariasGeorgiou UCY 3 Contentformethodologyfollowedtoderiverequirements
GeorgePallis UCY 4 Updatedmethodologyandbackgroundsection,surveyfirstresults
MariosD.Dikaiakos UCY 5 Initialnon-functionalrequirementssection,updatedmethodologywithindustryfindings
SpirosAlexakis CAS 6
Minorimprovementstoterminology,refinedindustryfindingsinmethodology,initiallistofsystemrequirementsandkeyfindingsfrominterviewprocess
JuliaVuong CAS 7
Updateduserroles,updatedfunctionalrequirementsaftermergingcommentsreceived,updatedmethodologyandbackground
FenaretiLampathaki Suite5 8
Updatednon-functionalrequirementsandmergedcommentsreferringtosurveykeyfindings,mergedsecuritycontenttobackground
SotirisKoussouris Suite5 9Updatedfunctionalrequirements,addeddataprivacyprotectionmentiontosurveymethodology,mergedsecuritytobackground,
SpirosKoussouris Suite5 10Mergedcommentsonuserroles,conclusionandmergedcommentsonnon-functionalrequirements,conclusion
PanagiotisGouvas Ubitech 11Updatedintroduction,mergedcommentsonmappingoffunctionalrequirementstouserroles
GiannisLedakis Ubitech 12Mergedcommentsonmarketanalysisscheme,executivesummaryandintroduction
ManosPapoutsakis FORTH 13Mergedcommentsonstakeholdersanalysis,functionalrequirementsandfigurenumbering
BernhardKoelmel Steinbeis 14 FinalversionResubmissionVersionDemetrisTrihinas,AthanasiosTryfonos,GeorgePallis,SotirisKoussouris,SpirosAlexakis,JuliaVuong,GiannisLedakis,BernhardKoelmel,ManosPapoutsakis,PanagiotisGouvas
15
Updatedstakeholdersanalysis,definedbusinessmetrics,indepthtargetaudiencepresentation,updatedfunctionalrequirements(v1.01–v1.04)
16 Finalversionforresubmission(v1.1)
D1.1StakeholdersRequirementsAnalysis
3
ResubmissionChangeLog
• Chapter 5 has been updated to include the Stakeholders relevant to theUnicorn platform and this
Chapter also includes the main offerings of the Unicorn platform and challenges faced by the
Stakeholders.TheUnicornplatformuserrolesandtargetaudiencehavebeenmovedtoChapters8and
7,respectively.
• Chapter7hasbeenaddedtoexplicitlydescribetheaudiencestargetedbytheUnicornplatform.This
Chapter also includes a comprehensive list of business metrics which Stakeholders should use to
evaluatethebenefitsofutilizingtheUnicornplatform.
• TheSystemFunctionalandNon-FunctionalRequirementshavebeenmovedtoChapter8(previously
Chapter 7) and have been updated to take into consideration private cloud platforms and legacy
applications.
• Chapter4,theMethodologytoderivedtheSystemRequirementsandStakeholders,hasbeenupdated
toalsoincludethederificationoftheUnicorntargetaudienceandbusinessmetrics.
• Chapters1,2,5and9havebeenupdatedaccordinglytobeconsistentwiththenewcontent.
D1.1StakeholdersRequirementsAnalysis
4
TableofContents
1 EXECUTIVESUMMARY 8
2 INTRODUCTION 9
2.1 DocumentPurposeandScope 112.2 DocumentRelationshipwithotherProjectWorkPackages 112.3 DocumentStructure 12
3 BACKGROUNDANDTERMINOLOGY 13
3.1 ProgrammableInfrastructure 133.2 Multi-CloudOfferings 143.3 Micro-services 153.4 Containerization 163.5 DevOps–ContinuousIntegrationandDelivery 193.6 Annotation-BasedProgramming 213.7 SecurityEnforcementandDataPrivacyPreserving 22
4 METHODOLOGYFOLLOWEDTODERIVEUNICORNSYSTEMREQUIREMENTS 25
4.1 KeyFindingsfromindustrystudies 28
5 UNICORNSTAKEHOLDERIDENTIFICATIONANDMARKETPOSITIONING 31
5.1 TheStakeholdersfortheUnicornPlatform 315.2 Marketpositioning 32
6 REQUIREMENTANALYSISSCHEME 46
6.1 IntervieweeProfile 466.2 UnicornSurveyandInterviewStudyKeyFindings 47
6.2.1 UnclearDistinctionBetweenSoftwareProgrammerandDevOpsEngineerinStartups 476.2.2 ProgrammingFrameworksareIncreasingAnnotation-BasedProgrammingParadigmAdoption486.2.3 CollaborationToolsarenowIndustryStandardPracticeswhileContinuousIntegrationandDeliveryToolAdoptionisFacingSeriousChallenges 496.2.4 CloudIDE’sareBecomingPopularbutforLarge(r)DevelopmentTeams 506.2.5 Micro-serviceArchitecturalApproachisBecomingaCloudTrendEspeciallyintheIoTandSaaSdomains 526.2.6 ContainerizedSolutionsareFollowingMicro-serviceAdoptionTrends 526.2.7 Multi-CloudDeploymentModelAdoptionandChallenges 546.2.8 CloudMonitoringAdoptionandChallenges 566.2.9 ElasticScalingAdoptionandChallenges 586.2.10WhenisSecurityConsideredintheLifecycleofanApplication 60
D1.1StakeholdersRequirementsAnalysis
5
6.2.11 CloudSecurityEnforcementandPrivacyPreservationChallenges 60
7 UNICORNTARGETAUDIENCEANDBUSINESSMETRICS 63
7.1 TargetAudienceProfile 637.2 BusinessMetrics 64
8 UNICORNSYSTEMREQUIREMENTS 66
8.1 UserRoles 668.2 FunctionalRequirements 678.3 Non-FunctionalRequirements 79
9 CONCLUSIONS 90
10 REFERENCES 92
11 ANNEX 98
11.1 IdentifiedUnicornFunctionalRequirements 9811.2 DisseminatedQuestionnaire 98
D1.1StakeholdersRequirementsAnalysis
6
ListofFiguresFigure1:UnicornVision 10Figure2:DeliverableRelationshipwithotherTasksandWorkPackages 12Figure3:MonolithicLegacyEnterpriseArchitecturevsMicro-serviceArchitectureApproach 15Figure4:HypervisorvsContainer-basedVirtualization 17Figure5:DockerRelationtoLinuxContainerNotion 17Figure6:CoreOSHostandRelationtoDockerContainers 18Figure7:UnikernelRelationtoVMsandContainers 19Figure8:ContinuousIntegrations,ContinuousDeliveryandContinuousDeploymentSteps 20Figure9:IndicativeExampleofAnnotationDeclarationinJava 22Figure 10: High-Level Abstract Methodology to Derive Unicorn System Requirements and Relevant Key
Technologies 25Figure11:UnicornMarketPositioning 33Figure12:OrganisationOperatingBusinessDomainsasIdentifiedbyInterviewees 47Figure13:NumberofEmployeesinITdepartment 47Figure14:IntervieweeRoleinOrganisation 48Figure15:UsageofAnnotation-basedProgrammingParadigmbyInterviewees 48Figure16:PopularProgrammingFrameworksUsedbyInterviewees 49Figure17:UsageofCollaborationToolsAmongEmployeesofOrganisation 49Figure18:PopularityofCI/CDFrameworksEmbracedbySurveyedOrganisations 50Figure19:ChallengesPreventingFullAdoptionofCI/CDPipeline 50Figure20:CloudIDEEmbracementbyInterviewedOrganisations 51Figure21:PopularreasonspreventingCloudIDEadoptionfromrespondersnotusingCloudIDEs 51Figure22:Micro-serviceArchitectureAdoptionbyInterviewedOrganisations 52Figure23:ContainerizedSolutionAdoptionbyInterviewedOrganisations 53Figure24:ContainerizedSolutionAdoptionChallengesasIdentifiedbyInterviewedOrganisations 53Figure25:ContainerizedSolutionsthathavebeenadoptedbythoseusingorconsideringcontainerization54Figure26:Multi-CloudDeploymentModelAdoptionbyIntervieweeOrganisations 54Figure27:PopularCloudProviders 55Figure28:Multi-CloudAdoptionChallenges 56Figure29:MonitoringLevelTargetsasRespondedbyInterviewedOrganisations 56Figure30:MonitoringToolTypeAdoptionbyInterviewedOrganisations 57Figure31:MonitoringChallengesFacedbytheInterviewedOrganisations 57Figure32:ElasticScalingAdoption 58Figure33ElasticScalingType 58Figure34:ElasticitytoolsusedbyorganizationshaveadoptedelasticscalingaspartoftheirALM 59Figure35:ElasticScalingAdoptionChallenges 59Figure36:StageofApplicationLifecycleatwhichSecurityisConsideredbyInterviewedOrganisations 60Figure37:SecurityMechanismsAdoptedbyInterviewedOrganisations(#1) 61Figure38:SecurityMechanismsAdoptedbyInterviewedOrganisations(#2) 61Figure39:SecurityMechanismsAdoptedbyInterviewedOrganisations(#3) 62Figure40:UnicornVisionTowardsTargetAudienceProfiles 63Figure41:Non-TechnicalQualityAspectsasOrganisedbyISO/IEC25010:2011 80
D1.1StakeholdersRequirementsAnalysis
7
ListofTablesTable1:IndustryStudiesandPointsofInterestRelevanttoUnicorn 28Table2:MarketPlayersAnalysis–BriefOverview 35Table3:MarketPlayersAnalysis–DevOpsSupportandHighlightFeatures 37Table4:MarketPlayersAnalysis–Perspectives 42Table5:OrganisationsParticipatedinInterviewProcess 46Table6:Unicorn’sBusinessMetrics 64Table7:Unicorn’sOfferingsandBusinessMetrics 65Table8:UnicornActors 66Table9:FunctionalRequirementsRelationtoUserRole 77
D1.1StakeholdersRequirementsAnalysis
8
1 ExecutiveSummaryThemainobjectiveoftheUnicornprojectistodeliveraunifiedplatformthatwillfacilitateSMEsandStartups
todevelop, deploy andmanage secure-by-design andelastic-by-design cloudapplications and services, that
follow themicro-servicearchitecturalparadigm,onmulti-cloudprogrammableexecutionenvironments.The
platform will allow software developers to tackle data privacy constraints and restrictions through the
applicationofvariousprivacypoliciesandwilleasetheresourcemonitoringprocess.Inthisrespect,Deliverable
D1.1-StakeholdersRequirementsAnalysis,hereaftersimplyreferredtoasD1.1,providesadescriptionofthe
audience targetedbyUnicornanddefines a clear setof guidelines thatwill guide thepartners through the
technical activities of theUnicorn project. The guidelines thatwill drive the project technical activities, are
expressed in the form of functional and non-functional requirements that will assist in shaping the final
frameworkthatfulfilsthevisionandobjectivesoftheproject.
The work in this deliverable begins by presenting an agreed background and terminology of innovative
technological concepts such as the programmable infrastructure, multi-cloud offerings, micro-services,
containerization,DevOps,annotationbasedprogrammingandvarioussecurityenforcementmechanisms.This
terminologywillconsistentlybeusedthroughoutallfuturetechnicaldeliverablesastheseconceptsformthe
basictechnologicalpillarsonwhichtheimplementationoftheUnicornprojectwillbebasedon.
Furthermore, the methodology that was used to derive the functional and non-functional requirements is
presented. In the beginning of this agile methodology the partners analysed industry reports, surveys and
practicesinordertoidentifytheUnicornstakeholdersandpotentialuserrolesonwhichthefunctionalsystem
requirementswillbemappedon.Basedonthisanalysisoftheindustry,aninterviewquestionnairewasdesigned
toidentifythekeytechnologiesuptakenbytheSMEandStartupeco-systeminEurope,aswellastheemerging
technologiesthatarewithintheirinterestsbutcannotbesuccessfullyintegrateintotheirsoftwarestackyetdue
todifferentchallengestheyarefacing.
OneofthemostcriticalcontributionsofthisdeliverableisthedefinitionoftheprofilesoftheUnicorntarget
audienceandthebenefitsstemmingfromtheUnicornofferingstowardsthoseaudiences.Specifically,Unicorn
targetsDevOpsEngineersandSoftwareProgrammersemployedinSMEsandStartupsthatfallintooneofthe
followingcategories:i)smallandmedium-sizedindependentvendorswhocurrentlyofferon-premisebusiness
applicationsandwishtooffertheseapplicationsinthefutureusingthe"as-a-servicemodel",ii)start-upswho
intendstodevelopanddeploynewsecureandelasticservicesandiii)SMEsthatalreadyoffertheirservicesas
cloudsolutionsandwanttobenefitfromthecorefunctionalityoftheUnicornPlatform.Whatismore,D1.1
definesasetofbusinessmetricsinordertomeasurethebenefitsofUnicornutilizationfromdifferentbusiness
perspectives. These metrics are then mapped to offerings and features that Unicorn brings to the cloud
applicationlifecyclemanagement.
Lastly,wenotethattheanalysisoftheinterviewresponseshascontributedindecidingandclarifyingboththe
projecttargetaudienceandthesetoffunctionalandnon-functionalsystemrequirementsthatcanbeassigned
totheidentifieduserrolesthatareinvolvedindifferentstagesoftheapplicationlifecycle.
D1.1StakeholdersRequirementsAnalysis
9
2 IntroductionCloudcomputingshiftsITspendingtoapay-as-you-gomodel,wheresimilartoutilitybilling,youonlypayforwhatyouuseandonlywhenyouuseit[1].CloudcomputinghasrevolutionizedtheITindustrytothepointwhere
anyperson,withevenbasictechnicalskills,canaccessandobtain,viatheinternet,ondemandvastandscalable
computingresourcesatlowcost[2].ForSmallandMediumEnterprises(SMEs)andtoday’sStartups,thiswell-
established argument is sound. Cloud computing eliminates the capital expense of buying hardware and
diminishescostsforconfiguring,runningandmaintainingon-sitecomputinginfrastructuresofanysize.Thus,it
isnowcheaperandeasiertoinnovate,enablingbusinessestodramaticallylowertheircostofoperations,and
byextension lowercostofstartingabusiness—independentbusinessessharetheircollective infrastructure
costsviathecloud—andthusspurringentrepreneurship[3].Therefore,itisnowonderwhySMEsandStartups
aremigratingcoreservicesandproductsoftheirbusinesstothecloud.Arecentstudyshowsthat,inthisdigital
economy,morethan37%ofSMEshaveembracedthecloudtorunpartsoftheirbusiness,whileprojections
showthatby2020thisnumberwillgrowandreach80%[4].
Whileopportunitiesforinnovationareriperthanever,SMEsandStartupswithalimitednumberofdevelopers,
whichideallyshouldbefocusedoncoreproductdevelopment,arefoundconstantlyinneedoftacklingsecurity,
complianceandcodevulnerabilitiesbydesigningsoftwaresecuritymechanismstopreventdatabreachesand
ensurecustomerprivacy.Arecentstudyfoundthat62%ofdatabreachesimpactingSMEsaccountedforaloss
ofmorethan50%oftheircustomerbase[4].Hence,asdatacontinuestomigratetothecloud,thecostofbadsecuritywill only continue to rise. Theother inhibitor that remains a consistentbarrier to cloudadoption is
vendor lock-in, which iswhere an organization fears becoming beholden to an individual cloud vendor [5].
However,while vendor lock-in remains the second inhibitorpreventing cloudadoption concernshavebeen
droppingrecentlydueto interoperability initiatives toestablishopenAPIsand libraries forcloudaccessand
deployment[6],[7]alongwithtopologyspecificationsandstandards[8],[9].ArecentstudybyRightScale(2017)
[10], reveals that SMEs use, on average, up to 6 different clouds (including private clouds) to achieve their
business objectswith the hybrid cloud establishing itself as themost popular deploymentmodel for SMEs.
Nonetheless,while thecloudpromises toautomateapplicationand infrastructuremanagement,multi-clouddeployments raise the complexity of monitoring, managing and effectively projecting cost budgets of theirservicesandcoreproductsdistributedacrossmultiplecloudswithunbearableengineeringrequiredtoovercomethesechallengesinordertocopeandnotperish.
Furthermore,resourcescaling(dubbedaselasticity)introducesanotherchallengethatmustbetackledaswell.
Elasticityisoneofthemost-hypedfeaturesofcloudcomputingandis,from2014,drivingcloudadoption[11].
Albeit,therealitydoesn'tnecessarilymeasureuptocloudproviders'promises[12].Websitetrafficfromsudden
userdemandcanexploderapidly,andtheneedforimmediatescalabilitytoaddressdemandscomeswithmany
obstacles. Cloud providers offering auto-scaling (e.g., AWS), automatically provision virtual instances when
high/low user-defined thresholds are violated [13]. However, auto-scaling is challenging, especially when
determiningwhetheranalertisissuedduetoaspikeindemandofanapplication,orwhethersomethingisa
malfunctionofthesystem[14].Adenialofservice(DDoS)attackorsimilarissuecouldinitiallyappeartobean
increase indemand,andamechanismthatautomaticallyscales, inresponse,maynotbeagoodthing.Fastscalingcould,infact,endupbeingdetrimentalresultinginunwantedcharges[15].
D1.1StakeholdersRequirementsAnalysis
10
Figure1:UnicornVision
Nowadays,anumberofcloudapplicationmanagementframeworksclaimtoaddresstheabovechallengesby
facilitating the design and deployment of cloud applications and services. Some of these frameworks are
proprietary[16][17],lockingtheiruserstospecificproviders,whileothersaregeneric[18][19][20]allowing
managementofapplicationsondifferentinfrastructureswithadaptersforpopularcloudofferingproviders.A
common denominator in all aforementioned frameworks is that none provides the ability to manage the
lifecycleofacloudservicedistributedacrossmultipleavailabilityzonesand/orcloudsites.Inturn,noframeworkcurrentlytacklesdataprotectionprivacyconstraintsandrestrictionsduetonationalandEUdirectivesfordatamovementacrossapplicationtiers,availabilityregionsormultiplecloudsites.Also,elastictechniquesarenotwellsupportedtodealwithmulti-dimensionalelasticpropertiescoveringresources,costsandquality[21].Most
importantly,thesetoolstacklethechallengesofmanagingcloudapplicationsafterapplicationdevelopment.
Thisresultsoftentomoreiterationsintheapplicationdevelopmentcycleifpolicydefinitionforelasticity,securityand privacy deployment constraints for different cloud providers is not foreseen at the development phase,delayingtime-to-marketandimpactingnegativelySMEsandStartupscomprisedofsmalldevelopmentteams.
Asaresult,newcategoriesoftoolsandsolutionsareneededtosupportchallengesholdingbackSMEgrowth.
Therefore, the concept of the Unicorn project is to deliver a platform that facilitates the deployment oftrustworthyapplicationsandservicescreatingamoreentrepreneurialICTecosystem.Specifically,theUnicorn
platformtargets,butisnotlimitedto,SMEandStartupdevelopmentteamsthatfollowagileandcontinuous
softwaredeliveryprinciplestoimprovesoftwaredesignonacontinuousbasisand,thus,increaseproductivity.
Hence,Unicornwillsimplifythedesign,deploymentandmanagementofsecureandelastic–bydesign–multi-
cloudservicesbyprovidingsoftwaredevelopmentteamswithacloudIDEplug-inandsoftwaredesignlibrariestoreducedevelopmenttimeofcloudapplications.Thiswillenablesoftwaredeveloperstodesignanddevelop
secureandreactiveapplicationsthroughtheirIDE,hencerightwheretheywritetheircode,thatincorporatesa
setofsoftwarecodeannotations,validationandpackagingtoolsforsecurity,privacyprotection,monitoringandelasticitypolicydefinitionattheplatform,application,componentandevencodesegmentlevelwithouthaving
to manually perform resource mappings and bindings. To circumvent the burdensome installation and
integrationprocess,theUnicornplatformwillenablecontinuousorchestrationandautomaticoptimizationofportableanddynamiccloudservicesrunningonvirtual instancesormicro-executioncontainersforincreasedsecurity, data protection privacy, and vast resource (de-)allocation. Once the software team has finished
developmentandarereadytodeploytheirapplication,thedeploymenttoolofthecloudIDEpluginwillbundle
applicationcode,third-partylibrariesandUnicornannotatedpoliciesandevenallowuserstosearchforrequired
OSlibrariesandruntimesoftwarestacksastheUnicorndevelopmentparadigmsupportsthenotionofmicro-
executioncontainerenvironments.Specifically,containerizedenvironmentsareparticularlyrelevanttomicro-
servicesandthedevelopingconceptof“immutableinfrastructure”wherecloudofferingsservedfromvirtual
instancesaretreatedasdisposableartefactsandcanberegularlyre-provisionedsolelyfromversion-controlled
code.Whatismore,thesupportfromtheUnicornplatformtosoftwaredevelopmentteamsdoesnotstopat
applicationdeployment.Toeliminatesecuritythreats,theUnicornplatformwillprovidecontinuousrisk,cost
andvulnerabilityassessment.Inotherwords,byusingUnicornsoftwareteamsfocusoncoreapplicationfeature
D1.1StakeholdersRequirementsAnalysis
11
developmentlogic,notthescale,monitoringandsecurityissueswhicharehandledinthebackgroundbythe
Unicornplatformensuringinteroperabilityacrossmultipleanddifferentclouds.Thisreducessoftwarerelease
timeandprovidesapowerful tool forSMEs that followagileandcontinuoussoftwaredeliveryprinciples to
improvesoftwaredesignandcontinuousproductivityimprovement.
2.1 DocumentPurposeandScopeThepurposeofthisdocumentistoprovideacomprehensivefoundationdescribingthebasicsetofdesignand
implementation guidelines thatwill start and guide the development of the IT components comprising the
Unicornplatform.Inrespecttothis,DeliverableD1.1aimstoidentifythestakeholdersoftheUnicornecosystem
andderiveclearandbasicdescriptionsofthesystemrequirementsafteranalysingandprioritizingtheneedsof
the industry and the Unicorn Projects’ Stakeholders. This is achieved by designing an online survey and
performingpersonalinterviewswithcarefullyselectedprojectStakeholderswithinandbeyondtheconsortium
inordertoprobetheICTneedsoftheEUSMEandStartupeco-system.Thus,requirementsaremeanttodrive
thedesignanddevelopmentprocessastheycomprisetheconstraintsthataretohelptheUnicornecosystem
andplatformtobestmatchtheprojectvisionandsatisfythe identifiedtechnologicalchallengesandmarket
gaps. Requirements show the functional and non-functional aspects for the Unicorn project and are an
importantinputtotheverificationandvalidationprocess,sincetestsandevaluationKPIsshouldtracebackto
specificrequirements.Tothisend,functionalrequirementsrepresentthelistoffunctionalpropertiesthatneed
to be implemented and finally supported within the context of the Unicorn ecosystem and platform. This
includesallbehaviouralaspectsofthesystemcomponents,aswellasthetoolsandapplications.Ontheother
hand,non-functionalrequirementswillconcernperformance,scalability,securityandprivacyaspects.
2.2 DocumentRelationshipwithotherProjectWorkPackagesWiththeidentificationofthetargetedstakeholdersandthedocumentationofthebasicfunctionalandnon-
functionaltechnicalrequirements,thisdeliverable(D1.1),willbeusedasanagreeduponinstructionsetguiding
thedevelopmentoftheITcomponentsthatmustbedeliveredbytheUnicornProject.Hence,D1.1(Stakeholders
Requirements Analysis) marks the completion of Task 1.1 “Requirements Analysis and Stakeholders’
Identification”.Figure2depictsthedirectand indirectrelationshipofthedeliverabletotheotherTasksand
WorkPackages(WPs).Thedefinitionofsystem-widerequirementsandthekeytechnologyfindingsidentified
byfollowingtheroadmap(describedinChapter4)forprobingtheEUSMEandStartupeco-system,willdrive
the documentation of the Unicorn reference architecture (D1.2). In particular, the Unicorn reference
architectureiscornerstonefortheprojectasfunctionalandnon-functionalrequirementsaredirectlymapped
towell-definedsystementities,thusguidingthetechnicalworkofWP2-WP5.Ontheotherhand,withtheclear
definitionoftheprojectandtheprioritizationofrequirementstomatchtheneedsoftheuse-cases(D1.2),the
workinWP6“Demonstration”canbeginasplanned.Finally,thecommunicationanddisseminationstrategyof
theproject(WP7)naturallyalignsintermsofthetargetaudienceandstakeholdersderivedinthisdeliverable.
D1.1StakeholdersRequirementsAnalysis
12
Figure2:DeliverableRelationshipwithotherTasksandWorkPackages
2.3 DocumentStructureTheremainderofthisdeliverableisstructuredasfollows:Chapter3introducesadescriptiveBackgroundand
TerminologysynopsisreferringtothekeyconceptsrelatedtothenotionofProgrammableInfrastructure.This
synopsiswillbeusedasareferenceglossarythroughouttheUnicornprojectdeliverablesandinteractionswith
projectStakeholders.Chapter4presentsacomprehensivedescriptionofthemethodologyfollowedtoderive
SystemRequirementsfortheUnicornprojectbydesigninganonlinesurveyandperformingpersonalinterviews
withcarefullyselectedprojectStakeholders inordertoprobetheICTneedsoftheEUSMEandStartupeco-
system. In relation to this, Chapter 5 documents Stakeholder analysis scheme. Chapter 6 introduces the
RequirementsAnalysisSchemewhichdocumentsthekeyfindingsderivedfromthedisseminatedonlinesurvey
andtheconductedpersonalinterviewswhichhelpedtheconsortiumcompilethelistofsystemrequirements.
Havingperformedthesurveyanalysis,Chapter7 introducesan in-depthdescriptionof theUnicornplatform
targetaudiences,whilethelistoffunctionalandnon-functionrequirementsalongwiththeUnicorneco-system
userrolesthatwillbeobeyedthroughoutfutureprojectdeliverablesandwillserveasguidelinesforthetechnical
worktobeperformedtoderivetheUnicornplatform,isintroducedinChapter8.Finally,Chapter9concludes
thisdeliverableandoutlinestheworkthatwillfollow.
D1.1StakeholdersRequirementsAnalysis
13
3 BackgroundandTerminologyBeforeproceedingwiththestakeholderidentificationandtherequirementcollectionandanalysisprocess,itis
importanttoidentifyandelaborateonthekeyconceptsdrivingtheinnovativetechnologicalaxesoftheUnicorn
project.The terminologydetermined in this sectionwillworkasa referenceguideacrossall futureUnicorn
technicaldeliverables.
3.1 ProgrammableInfrastructureProgrammable infrastructure is the IT concept of applying methods and tooling established in software
developmentontothemanagementof IT infrastructure.This includes,but isnot limitedto,automation,on-demandresource(de-)provisioning,serviceintegrationanddelivery,APIversioning,dataaccess,immutabilityandagiledevelopment[22].
Whatismore,thenotionof“programmability”canbeviewedandexaminedfromtwodifferentperspectives
[23].Inparticular,fromadeveloperperspective,“programmability”isthemeanstocreatetheproperexecution
environment independently of theunderlyingphysical resources. Thus, there is a needof bothoverarching
resourceabstractionsatthedesign/developmentstageandconvenientAPIsatrun-time,inordertoimplement
anapplicationinanenvironment-agnosticwayandtodynamicallytailorittotheactual(andusuallychanging)
context.Tothisdirection,theProgrammableInfrastructureprovidesdeveloperswithacommonandsinglepoint
ofaccesstoallresources,hidingphysicalissueslikeresourcenature,faults,maintenanceoperations,andsoon.
Ontheotherhand,fromaninfrastructureofferingproviderperspective,“programmability”mostlyreferstothe
concernsoftheproviderwithoperationandmaintenanceof (usually) largepoolsofresources. Inparticular,
infrastructure providers are in need of handy tools to deal with typical management tasks like insertion,
replacement,removal,upgrade,restorationandconfigurationwithminimalservicedisruptionanddowntimes.
Tothisdirection,ahighdegreeofautomationisdesirable,throughprogrammaticrecoursetoself-*capabilities
(self-tuning,self-configuration,self-diagnosis,self-healing).
Cloud computing adheres to the notion of Programmable Infrastructure by providing users with (virtual)
resourcesondemand,accordingtotheirneeds,andbymetaphoricallyblurringtherealphysicalinfrastructure
(baremetal)insideanopaque“cloud”[24].Thekindofresourcesexposedbycloudsdependsuponthespecific
service model; they are infrastructural elements like (virtual) hosts, storage space, network devices
(Infrastructure-as-a-Servicemodel, IaaS),computingplatforms includingtheOperatingSystemandarunning
environment (Platform-as-a-Servicemodel, PaaS), or application software like databases, web servers,mail
servers(Software-as-a-Servicemodel).InUnicorn,wemainlytargettheIaaSmodel,since,orchestration-wise,
itgivesdevelopersthebroadestcontrolonthecloudexecutionenvironmentfortheirapplications.However,
the Unicorn project also targets providing the appropriate tooling sets to developer teams to ease cloud
applicationdevelopment,securityenforcement,andlifecyclemanagementandthereforewhilenottargeting
persePaaSofferings,itresemblesaPaaSservice,orbetter,aDevOps-as-a-Service.
Inthefollowing,wepresentanoverviewofthekeyconceptsrelatedbothtotheUnicornprojectandthenotion
of Programmable Infrastructure. Although the following approachesmay adhere to different architectures,
frameworks and implementations (State-of-the-Art will be thoroughly documented in D1.2), they are
interrelatedandtheirsynergytowardsafullyprogrammableinfrastructureismoreandmoreevidentintoday’s
platforms.
D1.1StakeholdersRequirementsAnalysis
14
3.2 Multi-CloudOfferingsToachievetheircloudgoals,businessleadersareincreasinglychoosingtoworkwithmultiplecloudofferings
and/orcloudproviders [25].Adominantfactor is that leadingcloudprovidersareconstantly innovatingand
introducing new technologies to better their services, so an enterprise with a multi-cloud solution can be
proactive in themarket,electing toconsistentlyemploy thebest servicesandvalue, fromanygivenservice
provider,atanygivencircumstances.ArecentstudybyIDC[26],predictsthat86%ofenterpriseswillrequirea
multi-cloud strategy to support their business goals within the next two years, while other studies (e.g.,
RightScale’sStateoftheCloudyearlytrends[10],[27])revealthatthehybridcloudisdominatingtheinterests
ofmorethan70%ofITrelatedorganisations[28].However,whilethetermshybrid-clouds,multi-cloudsorevenfederated-clouds are used in studies across the industry as interchangeable terms, only when specifically
questioninginterviewees(ataskperformedbyUnicornasdocumentedinChapters4and6)itisrevealedthat
organisationsoftenrefertodifferentclouddeploymentmodelswhenusingtheaforementionedterms.
Therefore,inwhatfollowsweclarifydifferent(multi-)clouddeploymentmodelsevolvingaroundthenotionof
usingmorethanonecloudofferingsand/orcloudserviceproviders.
• MC1–CloudBursting: Thismodel allows forworkloads tomove between private and public cloud
offerings as computing needs dynamically change [29]. Specifically, organisations benefit from the
scalabilityofpubliccloudsfordemandingcomputeoperations,otherwiselimitedbytheinfrastructural
resources of the organisation, while also leveraging the security provided by their private cloud
infrastructurebynotexposing,atalltimes,protectedandsensitivedata.Furthermore,organisations
canbenefitbythereducedaccesstimeandlatencyofdataexchangeinsideaprivatecloud.
• MC2–OneCloudProviderMultipleAvailabilityZones:Thismodelsupportstheuseofonlyonecloud
providerorcloudofferingstype,albeitmultipleavailabilityzones,regionsand/orcloudsitesareused,
todeployorganisationservicesoncloudofferings[30].Forinstance,anorganisationmayselecttooffer
itsservicesclosertoconsumersbyselectingappropriateavailabilityzones(e.g.,AWSoffersEUofferings
viaIrelandandFrankfurtzones)oritmaydeployloosely-coupledservicesacrossmultiplecloudsitesbut
allusingthesamecloudofferingstype(e.g.,Openstack,VMware).Thelatterisacasehighlyrelevantto
the health sectorwhere health institution data (e.g., clinic patient health records), for security and
privacyreasons,areprotected,andused,behindprivateclouddeploymentsbutcanstillbeaccessed
afterobtainedauthorizationfromotherinter-connectedhealthinstitutions.
• MC3 – Multiple Cloud Providers Heterogeneous Offerings: This model supports the ability of
organisations to route their workload to respected providers that better suit particular tasks of a
service’soperations (e.g.,datastorage,processing) [25].For instance,anorganizationmayconclude
thattoachievecertaincostreductionbenefitsforitscloudcomputingbillage,itscloudstorageneeds
wouldbebest shifted toAmazonWebServices (AWS)while itsdataprocessingneeds forparticular
(offline)tasks(e.g.,imageprocessing)mightbebetterservicedbyutilizingMicrosoft’sAzuremachine
learningdatapipeline.
• MC4–MultipleCloudProvidersHomogeneousOfferings:Thismodelallowstheuseofhomogeneous
offerings (e.g., sameorsimilarVMtypes foradeployedservice) frommultiplecloudproviders (e.g.,
AWS,GoogleComputeEngine)tosupportcontinuousavailabilityofanorganization’sservices[31].With
thismodel,organisationsbenefitbyallowingoperationstocarryon,despitetheeventofcloudprovider
downtimeascloudresourceacquisition isdistributedamongtheselectedcloudserviceproviders. In
particular,thismodelalsoallowsforloadtobebalancedacrossproviders,whilereducedaccesstime
D1.1StakeholdersRequirementsAnalysis
15
andlatencyfor intra-dataexchangeisachievedfortheofferings insidetheboundariesofeachcloud
provider.
3.3 Micro-servicesTheevolvementofnewsoftwaredevelopmentparadigmsisfollowingtheneedfordevelopmentofapplications
thatadheretothenotionsofmodularity,distribution,scalability,elasticityandfault-tolerance [32].Amicro-
servicearchitecturalapproachisconsideredastheresultingsetthatarisesfromthedecompositionofasingle
applicationintosmallerpieces(services)thattendtorunasindependentprocessesandhavetheabilitytointer-
communicateusuallyusinglightweightandstatelesscommunicationmechanisms(e.g.,RESTfulAPIsoverHTTP)
[33].These(micro-)servicesarebuiltaroundbusinesscapabilitiesandareindependentlydeployablebyfully
automateddeploymentmachinery.For(micro-)services,thereisabareminimumofcentralizedmanagement
and such servicesmay bewritten in different programming languages and even use different data storage
technologies[34].
Figure3:MonolithicLegacyEnterpriseArchitecturevsMicro-serviceArchitectureApproach
Tounderstandthelogicbehindamicro-servicearchitecturalapproachitisusefultocompareittoamonolithicapproach(Figure3)whereasingleexecutablehoststheentirefunctionallogicofanapplication,suchasinthe
caseofawebservicehandlingHTTPrequestswhileresponsibleforexecutingdomainlogic,databaseaccess,
andHTMLviewpopulation.Hence,alllogicforhandlingwebrequestsrunswithinasingleprocess.However,
thisapproachfeaturesanumberofdisadvantages,oftenreferredtoasmonolithinhibitors[35].Inparticular,featureroll-outsandsoftwarecodechangesarealwaystiedtogether–evenasinglechangemadetoasmall
codesegmentoftheapplication,requirestheentiremonolithtoberebuiltandre-deployed.Overtime,andas
thesoftwarestackexpands,itbecomesevidentthatagoodmodularstructureishardtokeep,makingitdifficult
totracksoftwarecodechangesthatoughttoonlyaffectonemodulewithinthatmodule.Most importantly,
resourcecapacityprovisioningforthesoftwarestackrequiresscalingtheentireapplicationratherthanonlythe
specificservicesinrealneedofadditionalresources.
In contrast to monoliths, micro-services are decomposed into services organised around discrete businesscapabilities.TheboundariesbetweentheseunitsareusuallycomprisedoffunctionalAPIsthatexposethecorecapabilities of each service. Large systems are then composed of many (micro-) services, whereby
communicationbetweenmicro-servicesisacentralingredient.Forinstance,suchisthecaseofamazon.com1,
1https://www.amazon.com/
D1.1StakeholdersRequirementsAnalysis
16
wherethedifferentaspectsof theire-commerceplatform—recommendations,shoppingcart, invoicingand
inventorymanagement—aresplitintodiscrete,scalableandindependent(micro-)services[36].Insteadofall
beingpartofoneenormousmonolith,eachbusinesscapabilityisaself-containedservicewithawell-defined
interface.Theadvantageofthisisthatseparateteamsareeachresponsiblefordifferentaspectsoftheservice
allowing the team and software core to develop, test, handle failures and scale independently. In turn,continuousdeliveryispossibleassmallunitsareeasiertodeployandmanagetheirentirelifecycle.
Finally,decentralizeddatamanagementishighlyevidentwhereeachservicedealingwithaspecificfunctionof
thebusinessprocessmaymanageitsowndatabase,eitherdifferentinstancesofthesamedatabasetechnology
or entirely different database systems, so as to optimize data storage, processing and acquisition to the
heterogeneousneedsand scaleof eachbusiness function.As statedbyA.Cockcroft,whooversawNetflix’s
transition from amonolithic DVD-rental company to amicro-service architecture comprised ofmany small
teamsworkingtogethertostreamcontenttomillionsofusers,amicro-servicewithcorrectlyboundedcontextisself-containedforthepurposesofsoftwaredevelopment[37].Therefore,onecanunderstandandupdatethemicro-service’scodewithoutknowinganythingabouttheinternalsofitspeers,becausethemicro-servicesand
itspeers interact strictly throughAPIsand therefore there isnoneed for sharingorexposing (with security
threats lurking) data structures, database schemata, or other internal representations of objects. Thus, the
commonlyunderstood“contract”betweenmicro-servicesisthattheirAPIsarestableandforwardcompatible.
3.4 ContainerizationResourcevirtualization,ingeneral,consistsofanintermediatesoftwarelevelontopofphysicalresources(bare
metal)andtheoperatingsystem,providingabstractionsformultiplevirtualresources(e.g.,compute,memory,
storage,etc.),oftenbundledtogetheranddenotedasvirtualmachines(VMs)orvirtualinstances.VMscanalso
beseenasisolatedexecutioncontexts[38].Inparticular,VMsrequirefullguestoperatingsystemsinaddition
tobinariesandvariouslibrariesthatarenecessaryfortheapplicationstorun,whichtranslatesintolargeisolated
filesthatstoretheirentirefile-systemonthehostmachine[39],[40].EachVMisrunontopofahypervisor,
whichisaspecialisedsoftwareonthehostoperatingsystemthatisresponsiblefortheoperationoftheVMand
themanagementoftheresourcesneededfromthehostmachine.Today,hypervisor-basedvirtualizationisthe
mostpopularmethodofresourcevirtualizationandthemainrepresentativesofthespecifiedtechnologycan
be considered the XEN [41], VMWare [42] and KVM [43]. Although security concerns have been addressed
throughisolation,securitylimitationsstillexist,mainlyduetonumerousvulnerabilitiesmaskedindependencies
ofthedeployedapplicationstothird-partybinariesandlibraries[44].
On the other hand, containerization is a virtualization method, for deploying and running distributed
applicationswithout the need to launch entire VMs. In particular, containerization (Figure 4) allows virtual
instancestoshareasinglehostoperatingsystemandrelevantbinaries,dependenciesand/or(virtual)drivers,
inasecurebutalsoportableandinteroperableway[45].Applicationcontainersholdcomponentssuchasfiles,
environmentalvariables,andlibrariesrequiredtorunthedesiredsoftware.Becausecontainersdonothavethe
overheadofanentireguestoperatingsystemrequiredbyVMstooperate,theirsizeissmallerthanVMswhich
makesthemeasiertomigrate,fastertoboot,requirelessmemoryandasaresult, it ispossibletorunmanymorecontainersonthesameinfrastructureratherthanVMs[46].Inturn,applicationdevelopmentwiththeuse
ofcontainers isperfectforamicro-serviceapproachasunderthismodel,complexapplicationsaresplit into
discreteandmodularunitswheree.g.,adatabasebackendmightruninonecontainerwhilethefront-endruns
inaseparateone.Hence,containersreducethecomplexityofmanagingandupdatingtheapplicationbecause
D1.1StakeholdersRequirementsAnalysis
17
aproblemorchangerelatedtoonepartoftheapplicationdoesnotrequireanoverhauloftheapplicationasa
whole[47].
Figure4:HypervisorvsContainer-basedVirtualization
Sincecontainerssharetheoperatingsystemkernel,theisolationprovidedcomparedtothehypervisor-based
virtualizationisweaker,neverthelessitseemsfromtheuserperspective,thateachcontainerexecutesasingle
stand-aloneOS. Isolation in container-based virtualization can be achieved through kernel namespaces and
ControlGroups(cgroups)[48][49].Namespaces,isafeatureoftheLinuxkernelthatallowsdifferentprocesses
tohavedifferentviewsonthesystem,whilecgroups,anotherfeatureoftheLinuxkernel,manageand limit
resourceaccessforprocessaccessgroupsthroughlimitenforcement.Inorderforacontainerizedimagetorun,
it isrequiredthataspecializedsoftwaretobepresentontopoftheoperatingsystem,theContainerEngine
whichutilizestheLinuxkernelmechanisms(LXC)describedabove[50].ThemostpopularContainerEngineis
DockerwhichisbuiltbasedontheLXCtechniques[51].
Figure5:DockerRelationtoLinuxContainerNotion
Docker is the leading container platform with the ability to package and run containerized applications. It
providesacompletetoolset tomanagethe lifecycleofcontainers, fromdevelopmentphasetodeployment.
Docker streamlines thedevelopment lifecyclebyallowingdevelopers towork in standardizedenvironments
D1.1StakeholdersRequirementsAnalysis
18
usinglocalcontainersandallowsforhighlyportableworkloads.ItiswritteninGoandtakesadvantageofseveral
featuresoftheLinuxkerneltodeliveritsfunctionalitysuchasnamespacesandcgroups.However,asDocker's
technology is based on LXC, containers do not run an independent version of the OS kernel. Instead, all
containersonagivenhostrununderthesamekernel,withonlyapplicationresourcesisolatedpercontainer.
Thisallowsforacertaindegreeofisolation(thoughnotasisolatedasafullVM)withalowerresourceoverhead
but leaving an attacking surface for exposed vulnerabilities in the central OS daemonmanaging co-located
containers[52].Toimproveisolationbyprovidingsecurecontainerization,andstilladheretothelinuxkernel
principles, CoreOSwas designed to alleviate and improvemanyof the flaws inherent inDocker's containermodel[53].Inparticular,CoreOS(Figure6)featuresaread-onlylinuxrootfswithonlyetcbeingwritable.In
turn,ascontainersareisolated,evenco-locatedones,andtoreacheachothercommunicationishandledovertheIPnetworkwhilenetworkconfigurationsareexchangedoveretcd.
Figure6:CoreOSHostandRelationtoDockerContainers
For the deployment and orchestration of containers, frameworks such as Docker Swarm [54], Google’sKubernetes[55]andFleet[56]instantiateandcoordinatetheinteractionsbetweencontainersacrossacluster.Therefore,containerorchestrationtoolscanbebroadlydefinedasprovidinganenterprise-levelframeworkfor
integratingandmanagingcontainersatscale.Suchtoolsaimtosimplifycontainermanagementandprovidea
frameworknotonlyfordefininginitialcontainerdeploymentbutalsoformanagingmultiplecontainersasone
entity, for purposes of availability, scaling, and networking, while the underlying CoreOS provides strong
isolationtotheaboveDockerexecutionenvironment.Hencethecontainersolutionstackpresentsitselfasideal
for micro-service architectures [32], as micro-services are indeed built in this manner: a number of thin
containers,eachwithaminimalsetofprocesses,interactoverwell-defined(software)networkinterfaces.Thus,
for micro-services different containers are prepared for each of the components comprising the cloud
applicationwhichisidealtodeployadistributed,multi-componentsystemusingthemicro-servicesarchitecture,
abletoscalebothhorizontallyandverticallythedifferentapplications.
Inturn,unikernelsarespecializedvirtualmachineimagescompiledfromthemodularstackofapplicationcode,
systemlibrariesandconfigurationwhichadheretoboththeprinciplesofcontainerizedexecutionenvironments
and programmable infrastructure [57]. Specifically, unikernels are specialized single-purpose images
disentanglingapplicationsfromtheunderlyingoperatingsystemasOSfunctionalityisdecomposedintomodular
and “pluggable” libraries (similar to CoreOS). Developers select, from a modular stack, the minimal set of
libraries(e.g.,network,blockdevices),whichcorrespondtotheOSconstructsrequiredfortheirapplicationto
D1.1StakeholdersRequirementsAnalysis
19
run. These libraries are then compiled with the application’s code, to build sealed and fixed-purpose
containerized environmentswhich run directly on the hypervisorwithout an interveningOS, as depicted in
Figure7.Therefore,alongwiththebenefitsofcontainerization,whichincludes:(i)shortboottimes(fewsecond
range) [58], (ii) small images sizes (fewMBs) [59] [60]and (iii) fierce security [61];unikernelsexhibit strong
isolationguaranteesduetohypervisor-basedexecution,livemigrationandrobustSLAs[62].Thesebenefitsare
particularlyrelevanttomicro-servicesandthedevelopingconceptofimmutableinfrastructurewhereVMsare
treated as disposable artefacts and can be regularly re-provisioned solely from version-controlled code.
ModifyingsuchVMsdirectlyisnotpermitted:allchangesmustbemadetothesourcecodeitself.
Figure7:UnikernelRelationtoVMsandContainers
3.5 DevOps–ContinuousIntegrationandDeliveryRecent surveys ([63], [64]) have shown that DevOps is rapidly growing especially in the enterprise and the
demandofpeoplewithDevOpsskills is increasing.AccordingtoAmazon[65],DevOps is thecombinationof
cultural philosophies, practices, and tools that increases anorganization’s ability todeliver applications and
services at high velocity. Under the DevOps paradigm, there is no more a distinct separation between
developmentandoperationsteams.Theseteamscanbemergedintoasingleteam,inwhichoperationsand
development engineers participate together in the entire service lifecycle, from design through the
development process to production support. Enterprises and organizations gain huge benefits [66] from
adopting DevOps practices. Such benefits include: (i) improved collaboration between the various teams
(developersandoperations)ofanorganization;(ii)highvelocityandefficiencyonnewdeployments;(iii)reliable
application updates and infrastructure changes; (iv) improved security by using compliance policies and
configurationmanagement techniques; and (v) rapid deliverywhich increases the pace of new releases by
adoptingcontinuousintegrationandcontinuousdeliverypractices
D1.1StakeholdersRequirementsAnalysis
20
Figure8:ContinuousIntegrations,ContinuousDeliveryandContinuousDeploymentSteps
ContinuousIntegration(CI)andContinuousDelivery(CD)aresoftwaredevelopmentpracticesthatautomate
thesoftwarereleaseprocess,frombuildtodeploy.Morespecifically,CI[67]isasoftwaredevelopmentpractice
wheremembersofateamintegratetheirworkfrequently(usuallydaily)intoacentralsoftwarerepository(e.g.
git, svn). Each integration is verified by an automated build (including tests) to detect integration errors as
quicklyaspossible,whichallowsteamstodelivercohesivesoftwaremorerapidly.Continuousintegrationmost
oftenreferstothebuildorintegrationstageofthesoftwarereleaseprocessandentailsbothanautomation
component(e.g.aCIorbuildservice)andaculturalcomponent(e.g.learningtointegratefrequently).Thekey
goalsofcontinuousintegrationaretofindandaddresssoftwarebugsquicker,improvesoftwarequality,and
reducethetimerequiredtovalidateandreleasenewsoftwareupdates.CDisthesoftwaredevelopmentpractice
inwhichteamsareconstantlyproducingnewsoftwarereleases(includingnewfeatures,configurationchanges,
bug fixesandexperiments) inshortcyclesandensurethat itcanbereliably releasedatanytime[68].With
continuousdelivery,everycodechangeisbuilt,tested,andthenpushedtoanon-productiontestingorstaging
environment. The final decision to deploy to a live production environment is triggered by the developer
whereasincontinuousdeploymentthislaststepisautomatic.
TofurtherassistDevOpsengineers,especiallyinthedevelopmentphase,tocollaborateunderbetterconditions
andtobetterpromoteCI/CDpractices,anewcategoryoftools,theCloudIDE,isontheriseoverthepastfew
years [69]. Simply stated, a Cloud IDE is, usually, a browser-based IDE that allows real-time collaborative
software development via portableworking environments (workspaces) deployed on the cloud. They allow
access from anywhere using Internet Access (or even can provide access to a local setup), with minimal
configuration needed. Cloud IDE’s provide support to all major software repositories thus promoting
collaboration and CI practices. Most of the state-of-the-art Cloud IDE’s working environments are usually
containerizedallowingtheusertocustomizethecontainerimagesaccordingtoitsneeds(e.g.EclipseCHE[70],
SAPHana[71]).Moreover,CloudIDEscanconnecttovariouscloudproviders,makingiteasierforDevOpsto
deploytheirapplicationsremotely.
Finally,oneofthemostchallengingtasksofaDevOpsengineer,particularlyinthecloudarea,isthedevelopment
ofelasticapplications,abletoefficientlyadapttheirresourcesaccordingtotheirneeds.Elasticityisdefinedasthedegreetowhichasystemisabletoadapttoworkloadchangesbyprovisioningandde-provisioningresources
inanautonomicmanner,suchthatateachpointintimetheavailableresourcesmatchthecurrentdemandas
closely as possible [1]. It is used to avoid inadequate provision of resources and degradation of system
performance while achieving cost reduction [72], making this service fundamental for cloud performance.
Nowadays,themostcloudprovidersandthird-partytoolsofferanautomatedwaytoscaleresourcesbygiving
D1.1StakeholdersRequirementsAnalysis
21
theabilitytothedevelopertodefinetheoptimalpoliciesforhisapplicationprovisioning.Horizontalscalingis
thescalingmethodofchoiceformanycloudsystemssinceitprovidesawayofscalingtheapplicationtomeet
itsdemands inanuninterruptibleway.Horizontal scaling requires from theapplication to supportawayof
cloning itself, inorder tobedeployed inanothervirtual container tosupportpartof thedemand.Although
vertical scalingseemssimpler since itonly requires increasing resourcesof thevirtual containerhosting the
application, in fact it isnotappropriate to supportapplication’suninterruptibleoperationsincemostof the
operatingsystemsdoesnotsupporton-the-flychanges(withoutrebooting)ontheavailableresources(e.g.CPU
ormemory)ofarunninginstance.Thus,horizontalscalingismostlypreferredincloudsystems.
Auto-scalingtechniquesaredistinguishedtoreactiveandproactive(orpredictive)[1].Reactivetechniquesrefer
tothosemethodsthatreacttothecurrentsystemand/orapplicationstatewhichstatesaredecidedfromthe
latestvaluesofmonitoredvariables.Proactive(orpredictive)techniquesattempttoscaleresourcesinadvance
ofdemandbypredictingthelatter.Reactivetechniquesmayproveinefficienttosupportuninterruptibleatall
timesoperationoftheapplicationespeciallywhenthereisasuddendemandburst.Thisisduetothefactthat
acquiring new resources and instantiating a new execution environment (virtual container) requires a non-
negligibletimeinterval.Ontheotherhand,proactivetechniquesaremorepromising;however, intheworst
casetheymaymisstopredictdemandandactasareactivetechniquewith,possible,additionalcostsoccurring
formiss-predictions.Thus,auto-scaling isasignificantchallenge,asabadperformingauto-scalingtechnique
may lead to problems such as under-provisioning; the application does not have enough resources, over-
provisioning; the application reserves more resources than the ones really needed, and oscillation; scaling
actionsarecarriedouttooquickly,fortheapplicationtoseetheimpactofthescalingaction[31].
3.6 Annotation-BasedProgrammingModern programming languages (e.g., java, C#, python) offer an extremely useful mechanism named
“annotations” that can be exploited for several purposes. Annotations are a form of metadata providing
informationandinstructionsthatarenotpartoftheapplicationitself[73].Annotationsdonotdirectlyaffect
programsemantics,buttheydoaffectthewaysoftwarecodeistreatedbytoolsandlibraries,whichcaninturn
affectthesemanticsoftherunningsoftware.Annotationscanbereadfromsourcefiles,binaryfiles(e.g.,class
files),orreflectivelyatruntime.Theyprovidecompilersandbuildengineswithuseful informationandhints
(e.g.,suppresswarnings),andallowcodeinjectionatcompilationordeploymenttimeforruntimeprocessing
decisions(e.g.,addloggers,providehandlerstocountmethodaccesses,etc.).
Fromthesoftwareengineerperspective,annotationscanbepracticallyseenasaspecialinterfacewhichmay
beaccompaniedbyseveralconstraints,suchasthepartofthecodethatcanbeannotatedorthepartofthe
codethatwillprocesstheannotations.AnindicativeexampleinJavaispresentedinFigure9,whichdefinesanannotationdenotedasTest,thatwillbeusedtoannotateJavamethods.Thescope(javamethods)oftheTest
annotation is defined via another annotation @Target(ElementType.METHOD) while the annotation
@Retention(RetentionPolicy.RUNTIME)indicatesthattheTestannotation(andotherannotationsof
thesametype)willberetainedbytheVMsoastobeparsedreflectivelyatrun-time[74].
D1.1StakeholdersRequirementsAnalysis
22
Figure9:IndicativeExampleofAnnotationDeclarationinJava
AnnotationsarewidelyusedbynumerousframeworkssuchastheSpringFramework[75]andeachframework
selects one handling technique in order to process annotations. In general, there are three strategies for
annotations’handling:
• Sourcecodegeneration:Thisannotationprocessingoptionworksbyreadingtheinitialsourcecodeandgeneratingeithernewsourcecodeormodifyingexistingcode,andnon-sourcecode(e.g.,configfiles,
documentation).The(code)generatorstypicallyrelyoncontainerorotherprogrammingconventions
and work with any retention policy. Indicative frameworks that belong to this category are the
AnnotationProcessingTool(APT)[76]andXDoclet[77].
• Bytecode transformation: Annotation handlers of this form parse binary and/or executable files
containing annotations and emit modified binaries and/or newly generated executables. They also
generatenon-binaryartifacts(e.g.,configfiles).Bytecodetransformerscanruneitheroffline(compile
time),atload-time,ordynamicallyatrun-time.InJava,theyworkwithclassorruntimeretentionpolicy
(asshowninFigure9).IndicativebytecodetransformerexamplesincludeAspectJ[78]andSpring[75].
• Runtimereflection:Annotationhandlersofthisformusereflectiontoprogrammaticallyinspectdata
objectsatruntime.Ittypicallyreliesonthecontainerorotherprogrammingconventionandrequires
runtimeretentionpolicy.ThemostprominenttestingframeworkslikeJUnit[79]useruntimereflection
forprocessingtheannotations.
3.7 SecurityEnforcementandDataPrivacyPreservingData security has consistently been a major issue in information technology. In the cloud computing
environment,itbecomesparticularlyseriousbecausethedataislocatedindifferentplacesandevenallaround
globe.Theincreasingnumberofconnecteddevicesandthehugeamountofsoftwarethatisbeingdeveloped
on a daily basis will continue to generate and introduce new attack vectors and exploit opportunities for
malicioushackers.Datasecurityandprivacyprotectionarethetwomainfactorsofuser'sconcernsaboutthe
cloudtechnology.Forthisreason,theissueofcontinuouscloudandapplicationsecurityenforcementmustbe
tackled, while enabling data protection privacy mechanisms at the cloud/hypervisor layer due to the co-
existenceofmultipleusersandserviceswithinthesamehosts.
Data security is commonly referred to as the confidentiality, availability, and integrity of data. Securityenforcementmechanismsareinplacetoensuredataisnotbeingusedoraccessedbyunauthorizedindividualsor parties. In addition, thosemechanisms ensure that the data is accurate, reliable and availablewhen an
authorizedpartyneedsit.
Tothisdirection,onesecurityenforcementmechanismthat iswidelyusedisthe IntrusionDetectionSystem
(IDS).An IDS is a software component that automates themethodofmonitoringeventswithina computer
systemornetworkandanalysingthemforsignsofpossibleviolationsorthreatsofviolatingcomputersecurity
policies,acceptableusepolicies,orstandardsecuritypractices.Suchsystemscanalsoattempttostoppossible
D1.1StakeholdersRequirementsAnalysis
23
incidents (IDPS - IntrusionDetection and Prevention System). Information gathering, logging, detection and
preventionareamongthecapabilitiesofferedbyIDSs.Asfarasthedetectioncapabilitiesisconcerned,most
IDSsuseacombinationofsignature-baseddetection,anomaly-baseddetection,andstatefulprotocolanalysis
techniquestoperformin-depthanalysisoftheavailabledata.
An IDS in the hypervisor or container level is able tomonitor all available network interfaces used by the
executionenvironmentofthesystem.Theproducedlogsarestoredlocallyandfeedadatabase.Inturn,anhttp
servercanrepresentthosedatatoawebinterface.IDSsrequiresignificantresourcesintermsofcomputation
capacityneededtoprocessapacketandtheamountofmemoryneededtostorethesecurityruleset.Awayto
speed-up this inspection process is to take advantage of GPUs. Their low design cost, the highly parallel
computationandthefactthattheyareusuallyunderutilized,especially inhostsusedfor intrusiondetection
purposes,makes them suitable for use as an extra low-cost coprocessor for time-consuming problems, like
patternmatching.TherehavebeenmanyworkstryingtouseGPUcapabilitiesinordertoimprovethecurrent
stateofIDSandIPSsystems[80]–[83].
Encryptionisanothersecuritymechanismwhichisintendedtoprotecttheconfidentialityofdigitaldatastored
oncomputersystemsor transmittedvia the Internetorcomputernetworks.Encryption is theconversionof
electronic data, often referred to as plaintext, into another form, the ciphertext, by applying an encryption
algorithmandselectinganencryptionkey.Encryptionalgorithmsaredividedintotwomaincategories:
i) Symmetricii) Asymmetric
Symmetric-keyciphersusethesamekey,orsecret,forencryptinganddecryptingamessageorfile.Themost
widelyusedsymmetric-keycipherisAES[84],whichwascreatedtoprotectgovernmentclassifiedinformation.
Symmetric-keyencryptionismuchfasterthanasymmetricencryption,butthesendermustexchangethekey
used to encrypt the data with the recipient before he or she can decrypt it. This requirement to securely
distributeandmanagelargenumbersofkeysmeansmostcryptographicprocessesuseasymmetricalgorithm
toefficientlyencryptdata,butuseanasymmetricalgorithmtoexchangethesecretkey.
Ontheotherhand,Asymmetriccryptography,alsoknownaspublic-keycryptography,usestwodifferentbutmathematicallylinkedkeys,onepublicandoneprivate.Thepublickeycanbesharedwitheveryone,whereas
theprivatekeymustbekeptsecret.RSA[85]isthemostwidelyusedasymmetricalgorithm,partlybecauseboth
thepublicandtheprivatekeyscanencryptamessage;theoppositekeyfromtheoneusedtoencryptamessage
isusedtodecryptit.Thisattributeprovidesamethodofassuringnotonlyconfidentiality,butalsotheintegrity,
authenticity and non-reputability of electronic communications and data at rest through the use of digital
signatures.
Anothercrucialsecuritymechanismthatisusedtoprotectagainstpotentialsecuritythreatsisbyperforming
Risk andVulnerabilityAssessments.Vulnerability assessment is theprocessof identifying, quantifying, and
prioritizing(orranking)thevulnerabilities inasystem.Vulnerabilityassessmenthasmanythings incommon
withriskassessment.Assessmentsaretypicallyperformedaccordingtothefollowingsteps:
i) Catalogingassetsandcapabilities(resources)inasystem.
ii) Assigningquantifiablevalue(oratleastrankorder)andimportancetothoseresources
iii) Identifyingthevulnerabilitiesorpotentialthreatstoeachresource
D1.1StakeholdersRequirementsAnalysis
24
iv) Mitigatingoreliminatingthemostseriousvulnerabilitiesforthemostvaluableresources
Althoughdataprivacyanddatasecurityareoftenusedassynonyms,theysharemoreofasymbiotictypeof
relationship.Dataprivacyissuitablydefinedastheappropriateuseofdata.Dataprivacypreservingmechanisms
areinplacetoensurethatthedatashouldbeusedaccordingtotheagreedpurposes.Makingsurealldatais
private and being used properly can be a near-impossible task that involves multiple layers of security.
Fortunately,withtherightpeople,processandtechnology,datasecuritypolicythroughcontinualmonitoring
andvisibilityintoeveryaccesspointcanbesupported.
Privacypreservingmechanismsofferasetofhighlevelruling,whichallowallinterestedstakeholderstodefine
thetypeandscopeofdataprotectionconstraintstopreventdataaccessfromunauthorizedentitiesandrestrict
datamovementbetweenapplicationservices,countriesorgeographic/legalregions(e.g.,theEU),availability
regionsand/ormultiplecloudsitestoadheretonationaland/orEUdatarestrictiondirectives.Suchmechanisms
offer a safety net against data processing of data,which inmany occasions, are processed in unknowingly
remotedatacentersacrossborderswithsecuritybreachesbreakinglegalactcomplianceduetounsecuredata
movementlurkinginthebackground.
D1.1StakeholdersRequirementsAnalysis
25
4 MethodologyFollowedtoDeriveUnicornSystemRequirementsDerivingsystemrequirements isthecornerstoneactivityofanysuccessfulproject. Itplaysakeyroleforthe
successfulscoping,defining,estimatingandmanagingofaprojectrightfromthestart.Successfulrequirements
collectionistypicallyuniqueineveryprojectandcircumstances,butitalsocanleadtomanyadvantages.For
instance, itcanaccommodatebetterresourcemanagement,systemanalysis,design, improvedquality inthe
productdelivered,andminimizetheriskfordelaysandoverruns.Themethodologyselectedandusedforthe
Unicornprojectisanagilemethodology,whichinprincipleisiterativewhilesomeofthebasicprinciplesitrelies
onpromoteunderstandingbetweenthebusiness,technicalandscientificneedsofaprojectbylayingoutclear
expectationsatthebeginningandateachmilestone(softwarerelease)achievedbytheproject[86].Theagile
methodologybuildsonincreasedcommunication,throughouttheprojectanditfairlydeliverstherequirements
earlierthantraditional,waterfallapproachesforsoftwaredevelopment.
Therequirementsare iteratively improvedateachnewmilestoneandarekeptup-to-date in thebacklogto
influenceinparallelseveraloftheactivitiesintheproject(e.g.,development,testing,newtechnologyuptaking).
TheaimistobringtogetherthetechnicalandresearchpartnersoftheUnicornproject,andmakethemaware
from the start of the importantbusiness aspects identifiedby its respected stakeholders. Themethodology
promotes understanding of the partners’ different views, consolidates opinions and defines what Unicorn
should do. This enables collection and elicitation of concrete high-level requirements, promoting
communication,alignment,consensusandactivebusinessuserandcustomerinvolvementtomeetthegoals
andneedsoftheproject.
In the followingparagraphsadescriptionof theagileand taskdrivenmethodology followedby theUnicorn
consortiumisprovided.Thismethodologyaimstoidentifykeystakeholdersfortheproject,derivetheUnicorn
systemrequirementsandstirthepartnerstothetechnologiesdominatingtheinterestsofitsstakeholderssoas
toguidethetechnicalworkthatwillfollowafterdesigningtheUnicornreferencearchitecture(D1.2).Figure10
depictsahigh-levelandabstractoverviewofthemethodologyprocess.
Figure10:High-LevelAbstractMethodologytoDeriveUnicornSystemRequirementsandRelevantKeyTechnologies
The first task of themethodology followed involved clearly describing the key stakeholders of theUnicorn
platform while also providing an updated market positioning of the Unicorn eco-system towards the
continuouslyevolvingcloudmarket.AcomprehensivedescriptionofthistaskisfoundinChapter5.Important
outcomes of this task for the requirements collection process, is a concise description of the platform
stakeholdersandderivingaglossaryofkeytechnologytermsthatareunderstandablebyUnicornstakeholders.
D1.1StakeholdersRequirementsAnalysis
26
ThestakeholdersaretheonestheUnicornproductwillbedevelopedforandwillbeusedbytheiremployees
andmanagement staff, therefore, a common terminology/glossary of the key technologies comprising the
UnicornplatformwasdefinedandagreeduponbyallpartnersandisprovidedinChapter3.Thisterminology
willbeusedasareferenceguideacrossallfuturedeliverablesandinteractionwithUnicornstakeholders.
ThenexttaskinvolvedtrawlingtheICTindustryresearchandtechnologyleaders’websitesforglobalmarket
and technology reports (e.g.,Gartner, IDC),bestpractices from ICTvisionaries,and thebibliography forkey
technologies(e.g.,cloudplatforms,containersolutions)andrequirements(e.g.,cloudcredentialmanagement),
relevanttotheUnicornidentifiedstakeholders.Thisprocessismeanttoactasastartingpointforthemarket
requirementscollectionratherthana listofdetailedtechnologiesandrequirementsrelevanttotheUnicorn
project.Inaddition,itwasconsideredvitaltovalidatethisinitiallistofcollectedrequirementsincollaboration
with the industrial partners andpractitioners inorder to increase the likelihoodof thewidespread industry
adoptionoftheresultsproducedbytheUnicornproject.Asummaryofkeyfindingsandpointsofinterestfrom
theICTindustryreportsrelevanttotheUnicornprojectarelistedinSection4.1thatfollows.
Tothisend,anonlinequestionnaireandinterviewprocesswasdevelopedandtailoredspecificallytoprobethe
EU ICT industry to provide, validate and prioritize fine-grained system functional and non-functional
requirementsrelevanttotheUnicornplatform(note:Allquestionscomprisingthequestionnairecanbefound
inAnnexI).Thisisimportantasinseveralcloudreports(e.g.,Gartner’sMagicQuadrant,Rightscale’sStateof
theCloudreport)therearestatementssuchas“elasticscalingandperformancemonitoringaredrivingcloud
adoption”,however,atthesametime,“elasticityandmonitoring”arealsoconsideredmajorchallengesacross
businessesofalltypeswithouthighlightingwhatthe“elasticityandmonitoring”keymarketfeaturesare,and
what the challenges still in need to be addressed are. In turn, while security is often stated as something
companies highly take into consideration, oftenoffering high standards and guarantees to their customers,
security and data privacy protection are also top on the list for cloud challenges. At this point, one is left
wondering,whichenforcementmechanismsareappliedforsecurityanddataprivacyprotectionandwhichare
stillconsideredaschallenges.Onadifferentlevel,asintroducedinChapter2,whilethetermshybrid-clouds,
multi-cloudsorevenfederated-cloudsareusedinstudiesacrosstheindustryas interchangeableterms,only
whenspecificallyquestioningstakeholders(ataskperformedbyUnicornduringthepersonal interviews)it is
revealedthatorganisationsoftenhaveinmindcompletelydifferentclouddeploymentmodelswhenreferring
theaforementionedterms.
Therefore,theinterviewprocesswasdesignedtostudystatementsandclarifygeneralizationssuchastheones
mentionedabove.Theinterviewprocessisalsobeneficialforidentifyingthekeytechnologiesuptakenbythe
SMEandStartupeco-systeminEurope,aswellastheemergingtechnologiesthatarewithintheirinterestsbut
cannot be successfully integrated into their software stack yet due to different challenges they are facing.
Specifically,theinterviewprocesstargetedobtainingdeeperinsightstomorethanjustkeytechnologyconcepts
dominatingtheinterestsoftheUnicornstakeholders.Forinstance,containerizationissomethingthatisseento
beofinterestforstakeholders.However,aretherecommongo-tosolutionsforthestakeholdersorarethere
anymixturesofsolutionsutilized?ThesequestionsareofinterestfortheprojectandwillhelpshapetheUnicorn
referencearchitectureandbusinessmodelthatwillbedocumentedinD1.2andD6.1respectively.Inparticular,
theinterviewprocesswasheldaftertheonlinequestionnairewascompletedandwasrefinedeachtimetobest
adapttothe intervieweeprofilebasedonthegivenanswerstoobtaingreateranddeeper insights fromthe
interviewees. The intervieweeswere carefully selected by the consortium to span across different industry
domainsrelevanttoUnicornandincluded:(i)4StartupsfromtheCINCUBATORStartupHub;(ii)2SMEmembers
D1.1StakeholdersRequirementsAnalysis
27
fromtheCyberForumdigitalalliance;(iii)the4Unicornpilotsservicingasplatformdemonstrators;and(iv)10
interviewees from EU-based organisations of various size (large enterprises, SMEs, Startups) not affiliated
directlyorindirectlywiththeUnicornproject.Acomprehensivedescriptionofthequestionnaire,theinterview
processandthekeyfindingsderivedfromthisprocess,canbefoundinChapter6.
Atthispoint,itisimportanttomentionthatallintervieweeswereexplicitlynotifiedthattheinformationgiven
bytheintervieweeinthedurationoftheinterviewprocesswillbekeptconfidential,theinterviewee’spersonal
detailswillnotberevealed,andtheprocessingofallanswerswillbeconductedinananonymousmanner,in
compliance with European Union's data privacy laws, solely for the purpose of deriving the technical
requirementsfortheUnicornproject.Forthesereasons,individualintervieweeanswerswillnotberevealedin
thisDeliverable.
Having obtained all completed questionnaires and interviews, the next tasks involved cross-examining,
correlating,analysingandelaboratingontheresultsinorderto:(i)deriveaconcretedescriptionoftheUnicorn
platformtargetaudienceprofilefromtheinitialidentifiedStakeholders(Chapter7);and(ii)maptheobtained
keyfindingstoalistofsystemfunctionalandnon-functionalrequirementsanddefineacomprehensivelistof
userrolesfortheUnicornplatform(Chapter8).Inaddition,thisprocedurehelpedustobetterunderstandthe
goalsandexpectationsoftheusersandprofileofourtargetaudience inamarket liketheonethatUnicorn
wishestoinfiltrate.Thisprocesshasgreatlycontributedtotheprojectasitallowsustohaveamoreconcisepictureofthekeytechnologiestouptake(e.g.,whichcloudplatformsandcontainerizedsolutionsareusedbyourstakeholders)inthespanoftheprojectandderivetheUnicornreferencearchitectureinD1.2.Basedonthedeep insights obtained from the interviews, we managed to define a set of user- and system-perspective
technical requirements that pave the way for the design and development of the Unicorn platform.
Furthermore,wealsoprovideadescriptionofeveryrolethatwewillconsiderthroughouttheprojectandhow
eachroleisconnectedwiththefunctionalrequirementsoftheproject.
Asafinalstep,clearlydefiningsuitablebusinessmetricandprioritizingtheobtainedrequirementsbasedonthe
relevancetotheproject’spilotsandtargetaudienceisrequired,inorderforthelonglistofrequirementsdriven
bytheindustrytoreflecttheparticularneedsemergingfromtheUnicorndemonstratoruse-cases.However,we
note that in order to reduce repetition,D1.1 documents the list of relevant businessmetrics. Requirement
prioritization based on the Unicorn demonstrators, will introduced in D1.2 where each demonstrator is
describedandjustifiedindetail,referringtotheuse-casesrelevantandtheexpectedKPIswhichwillbeachieved
byutilizingtheUnicornplatform.
D1.1StakeholdersRequirementsAnalysis
28
4.1 KeyFindingsfromindustrystudies
Table1:IndustryStudiesandPointsofInterestRelevanttoUnicorn
StudyorReport PointsofInterestandKeyFindings
RightScale2016StateoftheCloudReport[87]
1060respondents
34%Developers
55%ITOperations
61%US,19%EU
• Hybrid-cloudadoptionisdominatingICTindustryinterests(71%-up
from58%in2015)
• Challengesforadoptinghybrid-clouddeploymentmodelincludelack
ofresources/expertiseandmanagingmulti-cloudofferings
• DevOpsgrowthandspecificallycontainersolutionadoptionisonthe
rise.Particularly,Dockerismentionedwhichishighlyadoptedby
enterprises(Dockermarketsharemorethandoubledcomparedto
2015)
• GreatestinterestincontainerizedsolutionsisseeninEuropeantech
companies
RightScale2017StateoftheCloudReport[27]
1002respondents
61%US,20%EU
• Hybrid-cloudadoptionnumbersareevenstrongerin2017(78%)
• Cloudcomputingtopchallengesforadoptersnowinclude(other
thansecurityandmulti-clouddeployments):managingcosts,
monitoringandgovernance,improvingperformanceandcompliance
• Challengesforadoptingcontainerizedsolutionsinclude:lackof
experience,security,maturity,monitoringandresource
orchestration
Gartner2016:MagicQuadrantIaaSCloudSolutions[88]
Gartner2016:MagicQuadrantPaaSCloudSolutionsandContainerizedEnvironments[89]
• Studyreportsnotablecloudprovidingsolutionsincludingmarket
leaders,visionaries,challengersandnicheplayers.
• Distinctionofrecommendedcloudserviceprovidersperbusiness
relatedoperation
• Vendorstrengthsandchallengeswhere,evenforAWS(theonly
notableforitsauto-scalingsolution),elasticscalingfeaturessevere
challengesandgrowthpotentialthatcandriveto-and-away
businessestospecificcloudofferingproviders
• TheIaaScloudmarkethasclearleaders,however,thePaaSand
containermarketsareconsideredbattlefieldsalthoughDocker
seemstobeobtainingaclearadvantageinthecontainersolution
field
D1.1StakeholdersRequirementsAnalysis
29
Veracode2016:SecureDevelopmentSurvey[90]
351respondents
230US,121EU
• Sensitivedataexposureistheprimeconcernforallcompanies
• Securityanddataprivacyprotectionchallengesforcloud
applicationsdevelopedbylargeenterprises,SMEsandStartups
• Mostorganizationswant(butnotalwaysable)toincorporate
securityearlierinthesoftwarelifecycle(requirement,development
phase)ratherafterdevelopmentortestingphase
• ReporthighlightsthatDevOpsisprovidingmoreopportunitiesto
integratesecurityanddataprivacyprotectionmentioningsecurity
methodsenforcedbySMEsandStartupsincludingdynamictesting,
webfirewallsandruntimeapplicationprotectioninproduction.
• Mostsignificantchallenge:runtimesoftwarevulnerabilityand
systemmalwaredetection
VisionMobile2017:Stateofthedevelopernation[91]
21,200+Developers
• Amazonistheleaderpubliccloudprovider,regardlessofthetarget
audienceandcompanysize,followedbyAzurecloudforprivate
clouddeployments
• SMEsusepubliccloudprovidersmorethanlargeenterprises
• Highlightsthepopularprogramminglanguagesandframeworksused
indifferentbusinessdomains(machinelearning,AR/VR,front-end
development,backenddevelopment,etc.)
LightBend2016:Cloud,Container&Micro-services[92]
2151JVMdevelopersaround
theglobe
• Micro-servicesareadoptedby55%ofrespondentDevOpsteams
• DevOpsteamsareembracingmicro-servicesbecauseofincreased
security,improvedresourcemanagementand(elastic)scaling
• Micro-service“laggards”arelargeenterprises
• Toolsneededtoeasemicro-servicedeliveryincludeAPI
management,serviceorchestration,monitoring,andcontinuous
delivery
• PortabilityisconsideredbyDevOpsahugebarriertoovercome
whenbuildingcloudapps
DZone2017:"DevOps:ContinuousDeliveryandAutomation"
497respondents
30%US,45%EU,25%Other
GitLab:2016GlobalDeveloperReport[93]
362StartupandEnterpriseCTOs
• 1outof4SMEshavededicatedDevOpsteamincontrasttothelarge
enterpriseswitha1outof2ratio
• 67%ofDevOpsteamsusingmicro-servicessomehowcomparedto
27%inpreviousyear
• 51%ofDevOpsteamsusecontainerizedsolutionscomparedto25%
inpreviousyear
• PreventingDevOpsteamsfromadoptingacontinuousdelivery
pipelineareconsidered:lackofexperience,unifiedenvironment
toolsformanagementandmonitoring
• Developersusegitforsourcecontrolonadailybasis(92%)while
continuousintegrationisadopted,atsomelevel,by77%of
questionedorganisationsandapplicationmonitoringisconsidered
asveryimportantby67%
D1.1StakeholdersRequirementsAnalysis
30
RebelLabs:2016DevelopmentandProductivityReportandJavaLandscape[94]
2040respondents
RebelLabs:2017ProgrammingtheWebReport[95]
2000Respondents
StackOverflow:2016DeveloperReport[96]56003developers
StackOverflow:2017DeveloperReport[97]64000developers
• TheEclipseIDEisthemostpopularIDEamongdevelopersforover5
yearsnowandisusedexclusivelyby48%ofquestioneddevelopers,
withthepercentagegrowingto55%whenusedwithotherIDEs
(IntelliJIDEA,NetBeans,SpringToolSuite)
• ThereisashiftamongdevelopersfromdesktopIDEstocloudIDEs
withthemostnotablecloudIDEsbeingEclipseChe,SAPHanaand
Cloud9
• Micro-serviceadoptionisparticularlyhighforsmallbusinesseswhile
largeenterprisesaremorehesitant
• 68%ofmicro-serviceadoptersclaimthatmicro-servicesmake
developer’sjobeasier
• Reportdenotesthemostpopularprogramminglanguagesper
businessoperationdomain
• Annotationprogrammingparadigmisdominatinginterestsofjava
andpythondevelopersparticularlyduetothepopularityofSpring
andDjangoframeworkswhichprovidedataabstractions
• RebelLabs2017istheonlyreportdenotingthego-toframeworksfor
micro-servicedevelopmentinjava(Spring,Play)
D1.1StakeholdersRequirementsAnalysis
31
5 UnicornStakeholderIdentificationandMarketPositioningThis chapterprovidesa comprehensivedescriptionof theUnicornPlatformStakeholdersandanup todate
MarketPositioningAnalysis.
5.1 TheStakeholdersfortheUnicornPlatformSmallandmediumenterprises(SME)playaveryimportantroleinEuropeaneconomy.Statisticsshowthatat
present,SMEs(includingstart-ups)amountto99%oftheorganisations,provide60%ofthetotalproduction
value and about 40% of the profit [98]. Moreover, SMEs offer 75% of the jobs. SME contributions to the
innovation system include not only R&D based new products and services, but also improved designs and
processesandtheadoptionofnewtechnologies.
Butatthesametime,theprocessofsupportingofEuropeanSMEslagsbehindduetomarketandeconomic
factors,suchasintensemarketcompetition,demandatrophy,resourcecosts,hightaxesandlowinvestment.
StrategiestoenhancethecompetitivenessofinnovativeICTSMEsshouldtakeintoaccountthat:
• New information and communication technologies facilitate global reach and help reduce the
disadvantageofscaleeconomieswhichsmallfirmsfaceinallaspectsofbusiness.
• Flexible specialisation has proven to be a particularly successful model of industrial organisation:
throughcloseco-operationwithotherfirmsSMEscantakeadvantageofknowledgeexternalitiesand
rapidlyrespondtomarketchanges.
• Usage of cloud development environments lowers the need for administration skills and frees the
companytoconcentrateontheircorebusiness.Whiletoday’sinstallationsareoftenlocal,itisonlya
matteroftimebeforedevelopmentenvironmentsaremigratedtoCloudplatforms.
• Cloud provides a perfect relationship between user demand and price – it is elastic. Fees increase
incrementallyasusersusemorefunctionalities.
Atthesametime,currentcloudenvironmentshavesignificantweaknessesandthereforeincreasethecritical
viewoncloudtransition.BasedonasurveyoftheGermanITassociation,mainbarriersforclouddevelopment
areoutlinedasfollows:
• Complex and costly development process: Developing new SaaS solutions or redeveloping existing
solutionsforthecloudonexistingPaaSisacomplexandverycostlyprojectmakingitoftenprohibitive
especiallyforSMEs.
• Highdependencyoncloudinfrastructureprovider:Thefearofaso-calledvendorlock-inisoneofthe
majorbarrierstocloudserviceadoption.Customerscannoteasilymovetoacompetitor’sservice.
• Security Concerns: Deploying confidential information and critical IT resources in the cloud raises
concernsaboutvulnerability toattack,especiallybecauseof theanonymous,multi-tenantnatureof
cloudcomputing.
• DataPrivacy:Regulationofdataprivacypresentstheadditionalthreatofsignificantlegalandfinancial
consequencesifdataconfidentialityisbreached,orifcloudprovidersinadvertentlymoveregulateddata
acrossnationalorEuropeanborders.ACSOOnlinesurvey[99]foundthatthetopfivesecurityorprivacy
related concerns for cloud were all related to ubiquitous data access, regulatory compliance and
managingaccesstothedataandtheapplications.
D1.1StakeholdersRequirementsAnalysis
32
Unicorn’sscopelieswithinthecoreofstrengtheninginnovationcapacityanddevelopinginnovationsthatmeet
theneedsofEuropeanICTSMEsandstartups.Theprojectaspirestobringtogetherallstakeholdersinvolvedin
thevaluechainofdevelopingCloudsoftwareservices,and,activelyinvolveexternalSMEsandstartupsthrough
validation subcontracts. The project aims in delivering a set of innovative concepts, tools and services, for
making the European ICT and software engineering SMEsmore competitive, increasing their scientific and
technologicalpotential.
Unicorn specific target audience comprises IT serviceproviders,who, according to theDigital SMEAlliance,
countover750,000SMEsinEurope.TheseSMEsareeagerinincreasingtheirmarketshareofthehugeCloud
Computingmarket,worthover$131billion,asNorthAmericatakeshomemorethanhalfoftheglobalrevenues.
Wearetargetingthefollowingthreeaudiencecategories:
• SmallandmediumsizedIndependentSoftwareVendors(ISVs):whocurrentlyofferonpremisebusiness
applicationsbut,inthefuture,wanttooffertheseapplicationsinthecloud“asaservice”.
• Startups: who intend to deploy their own, new services, without the know-how in developing and
deployingsecureandelasticapplications.
• SMEsalreadyofferingtheirservicesascloudsolutions:Unicornfeatureswillallowthemtoconcentrate
oncorefunctionalityandre-useparticularknowledge,insteadofspendingeffortsforscaling,monitoring
andsecurityissues.
Concluding,UnicornwillcontributetoallthreeEUDigitalSingleMarket(DSM)pillars,namelytothe“Access”
pillar by lowering the barrier for SME’s to develop advance cloud services, to the “Environment” pillar by
supporting the creation of a trusted cloud environment for European SMEs and finally to the “Economy&
Society”pillarbyofferingasolutionthatwillimproveinteroperability,willcontributetostandardsandallowICT
SMEstoconcentrateontheircorecompetenciesandgrow.
5.2 MarketpositioningOverthepastyears,theworldwidecloudmarkethasevolvedandisexpectedtoenteraperiodofstabilisation
withprojectionsofgrowthof18%in2017tototal$246.8billion,upfrom$209.2billionin2016,accordingto
Gartner[100].Thehighestgrowthwillcomefromcloudsysteminfrastructureservices(IaaS),whichisprojected
togrow36.8%in2017toreach$34.6billion,eveniftheIaaScloudmarkethasclearleadersinAWSandMicrosoft
assuggestedbytheGartner’smagicquadrantforCloudInfrastructureasaServiceworldwidein2016[101].
TheCloudApplicationInfrastructureServices(PaaS)arealsoexpectedtoincreasefrom$8,851millionin2017
to$14,798millionby2020whileCloudManagementandSecurityServicesfollowasimilargrowthrate,from
$8,768millionto$14,004million,respectively[102].AccordingtoKPMG,Platform-as-a-Service(PaaS)adoption
ispredictedtobethefastest-growingsectorofcloudplatforms,growingfrom32%in2017to56%adoptionin
2020[103].Theapplicationcontainersegmentalsoreachedarobust$762million in2016and is forecastto
growata40%compoundrateoverthenextfouryearsto$2.7billion[104],suggestinganimpressiveadoption
growthforatechnologythatwasonlyrecentlybroughttothemarket.
Inparallel,DevOpsisaleadingsoftwareengineeringtrend,representingtheshiftfromtraditionalphased,large-
scale delivery models to an agile, continuous continuous delivery mind-set, enabled by better integrating
developmentandoperationsteamswithinITandemployingmoreautomatedprocesses.TheDevOpsandMicro-
serviceeco-systemmarketisbroadlyexpectedtogrowgloballyatarobustCAGR16%between2017and2022,
D1.1StakeholdersRequirementsAnalysis
33
reaching $10 billion by 2021 [105]. In practice, though, coding and deploying reliable, loosely coupled,production-gradeapplicationsbasedonmicro-servicesremainschallengingandevenfrustratingforsoftwareteams who need to account for service discovery, load balancing, fault tolerance, end-to-end monitoring,dynamicroutingforfeatureexperimentation,complianceandsecurity.
Today,anumberofindustrialplayershavehitthemarketwithclouddevelopersolutionsregardingContainers,
UnikernelsandMicro-services(orDevOpsinabroadersense)asdepictedinthefollowingfigure.
Figure11:UnicornMarketPositioning
Inbrief,fromthecontainerstechnologyperspective,theopensourceDockerispracticallyleadingthemarket
and isoftencharacterizedasan“almost”de factocontainerstandard (alsoevident inour interviewprocess
results)thathasgainedmostpublictractionduetoitssimplicityandflexibilityinallowingdeveloperstowrap
theirsoftwareinacontainerthatprovidesacompletelypredictableruntimeenvironment.Otherexamplesfor
container technologies are: CoreOS’ rkt (Rocket) or Cloud Foundry’s Garden / Warden. A recent survey
conductedbyCloudFoundry[106]thoughlistedsignificantcontainerchallengeslikecontainermanagement,
monitoringandpersistencestoragethatmayhinderfurthermarketpenetrationwhilecontainerpersistenceis
in fact acknowledged as a barrier in advancing to stateful containers that are appropriate for production
environments.
D1.1StakeholdersRequirementsAnalysis
34
Fromtheunikernelperspective,althoughtheconceptisquiteold(since1980’s),anumberofecosystemprojects
supportingthedevelopmentanduseofunikernelshaveemergedinthecloudcomputingageallowingforthe
creationofminimal,bespokeunikerneloperatingsystemsinmanydifferentwaysformanydifferentapplications
onmany different hardware platforms. Some systems (like Rumprun) are language-agnostic, and provide a
platformforanyapplicationcodebasedontherequests itmakesof theoperatingsystemwhileothers (like
MirageOS andHaLVM) leveragehigh-level languages and a runtime to provide anAPI for operating system
functionality. OSv and the Xen hypervisor have gained significant attention yet they also impose certain
limitationstoapplicationsaspiringforaunikernelcompilation(e.g.nomultipleprocessesonasinglemachine,
work as single user, need for provision for internal diagnostics when it comes to debugging). Overall, the
unikernelmarketremains inaratherembryoticstatus (this isalsoconfirmedbyour interviewprocess)with
mostsolutionsstillundergoingtheirexperimentalphases.However,theneedforunikernelandlibrary-based
operatingsystems isclearlydepicted in thechallenges thatusers face in thecurrentcontainerenvironment
landscape(alsoconfirmedbyourinterviewprocess).
Withregardtomicro-services,althoughthediscussionaboutmicro-servicesarchitecturesstartedin2014,the
actual widespread implementation was initiated by Netflix which open sourced plenty of frameworks for
implementingmicro-services[107].Infact,theriseofcontainersandthebroaderacceptanceofwebprotocols,
suchasHTTP, JSONandREST,has resulted inbringingbackserviceorientation tocontemporaryapplication
development and is driving the micro-services momentum. In May 2017, two significant industry-driven
initiativesonthemicro-servicesandDevOpsworldwereannounced:Istio,anopentechnologybyGoogle,IBM
andLyfttostreamlinethemanagementandsecurityofmicro-servicesthroughanintegratedservicemesh,and
OpenShift.io, a free, online development environment by Red Hat optimized for creating cloud-native,
container-basedapplications andautomating theentire applicationpipelineenabling companies tobecome
moreDevOpsdrivenandagile.Inthiscontext,itneedstobenotedthattheroleoforchestrators,aswellasof
continuous integration / continuous delivery solutions, is also instrumental for effective micro-services
managementanddeployment.Kubernetes,anopen-sourceplatformforautomatingdeployment,scaling,and
operations of application containers across clusters of hosts, providing a container-centric infrastructure, is
acknowledgedasa leader incontainerorchestrationandmanagement, followedbyotherplatformssuchas
DockerDatacenter,ApacheMesos,andCloudFoundry,thatalsorunandorchestratemicro-services.
In more detail, in the following tables, 9 developer platforms (namely Docker, IncludeOS, Istio, linkerd,
MirageOS,OpenShift.io,OSv,Rumprun,Rkt)havebeenselected,takingintoaccounttheirrelevancetoUnicorn
and thedegree towhich their features represent theircategory,andhavebeen furtheranalysed.Note: the
informationprovidedinthetablesisbasedontheofficialdocumentationprovidedineachplatform’swebsite
andGitHubatthetimeperiodwhenthisdeliverablewaswritten(May2017).
D1.1StakeholdersRequirementsAnalysis
35
Table2:MarketPlayersAnalysis–BriefOverview
Platform Category ShortDescription SupportedLanguages SupportedPlatforms
Docker[108] Containers Dockerisacontainerplatform,packaginganapplicationandits
dependencies inavirtualcontainer inordertoenableflexibility
andportabilityonwhere theapplicationcan run, tobuildagile
software delivery pipelines (allowing for shipping new features
faster andmore securely) and to manage apps side-by-side in
isolatedcontainerstogetbettercomputedensity.
All Ubuntu, Debian, Red Hat
EnterpriseLinux,CentOS,Fedora,
Oracle Linux, SUSE Linux
Enterprise Server, Microsoft
Windows Server 2016, Microsoft
Windows 10, macOS, Microsoft
Azure,AmazonWebServices
IncludeOS[109] Unikernels IncludeOS isan includable,minimalunikerneloperating system
for C++ services running in the cloud, providing a bootloader,
standardlibrariesandthebuild-anddeploymentsystemonwhich
torunservices.
C++ Linux, Microsoft Windows and
AppleOSX
Istio[110] DevOps –
Microservices
Istio is an open platform to connect, manage, and secure
microservices, providing an easy way to create a network of
deployed services with load balancing, service-to-service
authentication,andmonitoring,withoutrequiringanychangesin
servicecode.
Allforappdevelopment Platform-independentbutservice
deployment only on Kubernetes
(v1.5orgreater)atthemoment-
other environments will be
supportedinfutureversions.
Linkerd[111] DevOps –
Microservices
Linkerd is a transparent proxy that adds service discovery,
routing, failure handling, and visibility to modern software
applications.
All All
MirageOS Unikernels MirageOSisalibraryoperatingsystemthatconstructsunikernels
for secure, high-performance network applications across a
varietyofcloudcomputingandmobileplatforms.
Base unikernel language:
OCaml
x86_64 or armel Linux host to
compileXenkernel.
FreeBSD,OpenBSDorMacOSXfor
theuserlevelversion.
OpenShift.io[112] DevOps -
Microservices
OpenShift.io is a Kubernetes-based container management
platform that provides developerswith the tools they need to
build cloud-native, container-based apps, including team
collaboration services, agile planning, developer workspace
management,anIDEforcodingandtesting,aswellasmonitoring
andcontinuousintegrationanddeliveryservices.
All Linux
D1.1StakeholdersRequirementsAnalysis
36
Platform Category ShortDescription SupportedLanguages SupportedPlatforms
OSv Unikernels OSvisanewopen-sourceoperatingsystemforvirtual-machines
fromCloudiusSystems.OSvwasdesignedfromthegroundupto
executea singleapplicationon topofahypervisor, resulting in
superiorperformanceandeffortlessmanagement.
JVM languages (Java,
JRuby, Scala, Groovy,
Clojure,JavaScript),Ruby
Built on 64-bit x86 Linux
distribution
Rumprun[113] Unikernels Rumprun is a production-ready unikernel that uses the drivers
offered by rump kernels, adds a libc and an application
environmentontop,andprovidesatoolchainwithwhichtobuild
existingPOSIX-yapplicationsasRumprununikernels.
C, C++, Erlang, Go, Java,
Javascript (node.js),
Python,RubyandRust.
hw/x86+x64andXen/x86+x64
Rkt[114] Containers CoreOS’ rkt is CLI for running application containers on Linux,
designedtobesecure,composable,andstandards-based.
Allforappdevelopment-
Command line
environment for
container construction
(nocustomDSL)
Linux
D1.1StakeholdersRequirementsAnalysis
37
Table3:MarketPlayersAnalysis–DevOpsSupportandHighlightFeatures
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Docker Completedeveloper
toolkitforcreating
containerizedapps
(build,testandrun
multi-containerapps).
DockerComposefor
development,testing,
andstaging
environments,aswellas
CIworkflows.
DeployinDockerCloud,
AWS,Azure,Digital
Ocean,Packet,
SoftLayer.
Universalpackaging,
portabilitytoany
machinerunning
Docker.
DockerComposefor
orchestration–also
runningKubernetes,
Mesos,AmazonECS,
GoogleContainer
Engine.
DockerMachinefor
provisioningand
managingyour
Dockerizedhosts.
Securebydefault:
MutualTLS,certificate
rotation,imagesigning
andcontainerisolation
DockerSwarm:manual
scalingandbuilt-in
swarmclustering.
Softwaredefined
networkingconnects
containerstogether,
intelligentlyroutesand
loadbalancestraffic.
DockerStore
distributingfreeand
paidimagesfrom
variouspublishers.
AnumberofDocker
certifiedplugins.
IncludeOS Notaddressed. KVM,VirtualBoxand
VMWaresupportwith
fullvirtualization,using
x86hardware
virtualization-Runon
anyx86hardware
platform.
Notaddressed. Increasedsecurityby
defaultinunikernels.
Notsupported. -
Istio Conversionofdisparate
microservicesintoan
integratedservice
mesh.
Dynamicrequest
routingforA/Btesting.
Deploymentof
microserviceswithout
worryingaboutservice
discovery.
Provisionforcanary
deployments.
Fine-grainedcontrolof
trafficbehaviourwith
richroutingrules,fault
tolerance,andfault
injection.
Policychangesaremade
byconfiguringthe
mesh.
Extendedversionofthe
Envoyproxytomediate
allinboundand
outboundtrafficforall
servicesintheservice
mesh.Automaticzone-
awareloadbalancing
andfailoverfor
HTTP/1.1,HTTP/2,
gRPC,andTCPtraffic.
Trafficencryption,
service-to-service
authenticationand
strongidentity
assertionsbetween
servicesinacluster
basedonpolicies.
Vulnerabilitychecksofa
networkanddetection
ofunusualpatterns
(causedbymalwareand
bots).
Apluggablepolicylayer
andconfigurationAPI
supportingaccess
controls,ratelimitsand
quotas.
-
D1.1StakeholdersRequirementsAnalysis
38
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Mixerforenforcing
accesscontroland
usagepoliciesacross
theservicemeshand
collectingtelemetry
datafromtheEnvoy
proxyandother
services.
Fleet-wideVisibility:
Automaticmetrics,logs
andtracesforalltraffic
withinacluster,
includingclusteringress
andegress.
Keyandcertificate
distributioninIstioAuth
isbasedonKubernetes
secrets.
Nosupportfor
authorizationatthe
moment.
linkerd Notapplicable. linkerdrunsasa
separatestandalone
proxy:Applications
typicallyuselinkerdby
runninginstancesin
knownlocations,and
proxyingcallsthrough
theseinstances—i.e.,
ratherthanconnecting
todestinationsdirectly,
servicesconnecttotheir
correspondinglinkerd
instances,andtreat
theseinstancesasif
theywerethe
destinationservices.
Aconsistent,uniform
layerofinstrumentation
andcontrolacross
services:linkerdapplies
routingrules,
communicateswith
existingservice
discoverymechanisms,
balancesrequesttraffic
usingreal-time
performance,reducing
taillatenciesacrossthe
application,and
providesdynamic,
scoped,logicalrouting
rules,enablingblue-
greendeployments,
Notapplicable. Handlestensof
thousandsofrequests
persecondperinstance
withminimallatency
overhead.Scales
horizontallywithease.
-
D1.1StakeholdersRequirementsAnalysis
39
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
staging,canarying,
failover.
MirageOS Solo5isthe"baselayer"
torunanddebug
MirageOSunikernels.
Allsourcecode
dependenciesofthe
inputapplicationare
explicitlytracked,
includingallthelibraries
requiredtoimplement
kernelfunctionality.
RunsunderXenand
KVMhypervisors,and
lightweighthypervisors
likeBSD'sbhyve.
DeployinAmazonEC2
andGoogleCompute
Engine.
Potentialtospecifya
versionorrangeof
versionsforapackage
dependency.
Supportforlogging
only.
Increasedsecurityby
defaultinunikernels.
Seamlessscalingofdata
structuresthrough
Irmin,alibraryfor
designingGit-like
distributeddatabases,
withbuilt-inbranching,
snapshoting,reverting
andauditing
capabilities.
RresultisanOCaml
moduleforhandling
computationresultsand
errorsinanexplicitand
declarativemanner
withoutresortingto
exceptions
OpenShift.io Anonlinedevelopment
environmentfor
planninganddeveloping
hybridcloudservices
withprioritizable
backlogsandkanban
boardsaswellas
coding,editing,and
debuggingtoolsbuilton
EclipseChe.
Integratedand
automatedCI/CD
pipelines.
Automaticallycreate
containerized
development
environmentswiththe
workspacemanagement
capabilitiesofEclipse
Che,andusing
OpenShiftOnline,a
managed,multi-tenant
offeringofRedHat
OpenShift.
Integrationofthe
JenkinsPipelineplugins
toallowingdevelopers
toassembletheirbuild
pipeline.Pipeline
definitionsarewritten
usingaGroovyDSL.
OpenShift.ioAnalytics
appliesmachine
learningalgorithms
basedontheusage
patternofcomponents.
Thedataisgathered
fromvariouspublicdata
sourcessuchasGithub,
MavenandNPMalong
withourowninternal
OpenShiftdata.
Detectionofvulnerable
packages(indirectly
throughanalytics).
ContainerHealthIndex
thatinspectsandgrades
allofRedHat’sown
containerproducts,as
wellasthosefromits
ISVpartners,toensure
theyaresecureand
stable.
Notaddressed RedHatOpenShift
ApplicationRuntimes,
pre-builtcontainerized
runtimefoundationsfor
microservicesthat
includesupportfor
Node.js,EclipseVert.x,
WildFlySwarmand
others.
D1.1StakeholdersRequirementsAnalysis
40
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Automaticallycreate
Linuxcontainerbased
environmentswithout
theneedtoinstall
anythinglocallyordeal
withdockercommands
andKubernetes
configuration(orYAML)
files.
OSv Rapidlybuildingand
runninganapplication
onOSvthrough
Capstan.
Runsunderhupervisors:
KVMandXen(fully),
VirtualBoxandVMWare
(experimental).Deploy
inAmazonEC2(fully
functional),Google
ComputeEngine
(experimental).
Packagingandrunning
anapplicationonOSv
throughCapstan.
OSvRESTAPItosimplify
management.
In-browserdashboard
providingliveupdates
andincludingOSbasics
suchasmemoryusage
andCPUload,
Tracepointsforall
systemandapplication
functionality,JMX
endpoints(usingthe
JolokiaJMX-over-REST
connector),
Application-specific
metrics,whichcanbe
addedbythe
applicationdeveloper
Increasedsecurityby
defaultinunikernels.
Cloud-initmechanism
providingper-instance
configuration
parameterstoanOSv
VMatboottime.
-
Rumprun Rumprundoesnotbuild
atoolchain,butcreates
wrappersarounda
toolchainthedeveloper
supplies.
Runsunderhypervisors
(KVMandXen),andon
baremetal.Rumprun
canbeusedwithor
withoutaPOSIX'y
interface.
Verylimitedmonitoring
throughremotesyslog.
Increasedsecurityby
defaultinunikernels.
N.A. -
D1.1StakeholdersRequirementsAnalysis
41
Platform
Development
Continuous,Integration
andTesting
Continuous
Deployment&
Packaging
Orchestration,
Management&
Monitoring
SecurityScalability&Elasticity
ControlAdd-ons
Rumpkernels
essentiallyprovidea
driverkitproviding
easy-to-integrate
drivers,withthesetof
driversvaryingper
driverkitandusingthe
NetBSDanykernel
architecturetoprovide
unmodifiedNetBSD
kerneldrivers.
Rkt Acommandlineutility,
acbuild,tobuildand
modifycontainer
images,intendedto
provideanimagebuild
workflowindependent
ofspecificformats
(currentlyitsupports
ACI,OCI).
Applydifferent
configurations(like
isolationparameters)at
bothpod-levelandat
themoregranularper-
applicationlevel.
Supportfortwokindsof
pod(coreexecutionunit
ofrkt)runtime
environments:an
immutablepodruntime
environment,anda
new,experimental
mutablepodruntime
environment.
Clusterorchestration
andmanagement
throughcontainer
orchestrationengine
Fleet(anopen-source
clusterscheduler
designedtotreata
groupofmachinesas
thoughtheysharedan
initsystem),tobe
replacedbyKubernetes
inJanuary2018.
rktisdevelopedwitha
principleof"secure-by-
default",andincludesa
numberofimportant
securityfeatureslike
supportforSELinux,
TPMmeasurement,and
runningappcontainers
inhardware-isolated
VMs.
Notaddressed. -
D1.1StakeholdersRequirementsAnalysis
42
Table4:MarketPlayersAnalysis–Perspectives
Platform Performance Integrationwith3rd
partyservices
CommunityAdoption Maturity Pricingmodel
Comments
Docker High [115], [116] (with
Czipri noting that in
certain experiments,
Docker spent a lot less
CPU time being nearly
equivalent with bare-
metal)
Extensible through
open APIs, plugins
anddrivers
High – 40% market share
growth from March 2016
until March 2017 [Source:
Datadog]
Medium Docker Community
Edition:Free
Docker Enterprise
Edition: from $750
pernodeperyear
Significant learning curve.
Differences on how it runs on
differenthostmachines.
Complete and explanatory
documentation.
IncludeOS High (Extremely small
disk- and memory
footprint,Veryfastboot
time: <0.3 seconds
according to
benchmarks[117])
N.A. Low(41contributorsand187
forksinGitHubrepositoryas
of May 29th, 2017) [Source:
GitHub]
Low - v0.8 released
inJune2016
Open source under
Apache2.0licence
Adequatedocumentation
Istio Not officially assessed
yet – Beta version
planned to track
performance testing,
benchmark/comparison,
performance regression
[118]
Extending Envoy
proxyfromLyft
Kubernetes
Calico-ongoing
Medium - Support of key
industry players & strong
community interest (22
contributors and 147 forks
on GitHub repository as of
June 14th, 2017) [Source:
GitHub]
Low – v0.10
released in May
2017
Open source under
Apache2.0licence
Explanatory introduction and
documentation
linkerd Medium[119] Docker-compose,
DC/OS, Mesos,
Kubernetes
Low(43contributorsand198
forksonGitHubrepositoryas
of June 14th, 2017) [Source:
GitHub]
Medium – v1.1.0
released in June
2017
Open source under
Apache2.0licence
Complete and explanatory
documentation.
MirageOS High[120],[121] ModularOS
libraries,whichcan
beswitchedwhen
needed.
Low(34contributorsand122
forks on mirage/mirage
GitHubrepositoryasofMay
29th,2017)[Source:GitHub]
Medium – v3.0
releasedinFebruary
2017
Open source under
ISC License (with
some exceptions
released under
LGPLv2)
Adequatedocumentation.
D1.1StakeholdersRequirementsAnalysis
43
Platform Performance Integrationwith3rd
partyservices
CommunityAdoption Maturity Pricingmodel
Comments
OpenShift.io Not officially assessed
yet
fabric8, Jenkins,
Eclipse Che,
OpenJDK, PCP,
WildFly Swarm,
Eclipse Vert.x,
Spring Boot,
OpenShift
Kubernetes
Low(12contributorsand23
forksonGitHubrepositoryas
of June 14th, 2017) [Source:
GitHub]
Low – announced
andlaunchedinMay
2017, developer
preview available
uponrequest
Open source (exact
license not
announcedyet)
Minimal documentation at the
moment.
OSv High (A typical Capstan
image is only 12-20MB
larger than the
application,andadds~3
seconds to the build
time, according to the
official website and
third-party evaluations
conducted)
Jolokia JMX-via-
JSON-REST
connector,
NewRelic
Low(87contributorsand458
forks on GitHub as of May
29th,2017)[Source:GitHub]
Low – currently on
betaversion
Open source,
distributed under
the 3-clause BSD
license
-
Rumprun High[122] Workinprogress.
TravisCI integration
fornewreleases.
Low(16contributorsand75
forks on
rumpkernel/rumprun
GitHubrepositoryasofMay
29th,2017)[Source:GitHub]
Low – still on
experimentalphase
Open source,
distributed under a
2-clauseBSDlicense
-
D1.1StakeholdersRequirementsAnalysis
44
Platform Performance Integrationwith3rd
partyservices
CommunityAdoption Maturity Pricingmodel
Comments
Rkt Medium (especially
when it comes to
containerstartuptimein
comparison to Docker
[123])
init systems (like
systemd,upstart).
Kubernetes (via
“rktnetes”),Nomad,
Mesos, Mulled,
Quay.io, SELinux,
cAdvisor.
Support for
swappable
executionengines.
Natively run Docker
images.
Medium (185 contributors
and 699 forks on rkt/rkt
GitHubrepositoryasofMay
29th,2017)[Source:GitHub]
Medium Open source under
Apache2.0license
-
D1.1StakeholdersRequirementsAnalysis
45
InalargelyuncharteredandrapidlyevolvingcloudlandscapeconsistingofDevOps,ContainersandUnikernels,UnicornispositionedasanovelDevOpsasaServicewithauniquevaluepropositioninsimplifyingthedesign,deploymentandmanagementofsecureandelasticbydesign,multi-cloudapplicationsadheringtothemicro-service architectural paradigm. In contrast to the existing platforms (that were analysed in the previousparagraphsandtypicallyofferrathertargetedsolutions),UnicornwilladdressdifferentDevOpsphases,rangingfrom Development, Continuous Integration & Testing, and Continuous Deployment & Packaging, toOrchestration,Management&Monitoringinasolidandconsistentmanner.Fromthetechnologywatchandmarketanalysisinitiallyconducted(andthatwillbeongoingthroughouttheproject’simplementation),IstioandOpenShift.ioaretheplatformsthataredirectlyrelatedtoUnicornyet,takingintoaccountthattheywereonlyveryrecentlyannounced,theysignifythatUnicornisattunedtotheactualstakeholders’needsintherapidlygrowingcloudDevOpsmarket.
Inparticular,inrespecttomicro-services,UnicornwillfacilitatetheDevOpsteamsandSoftwareProgrammerswithinICTSMEsandStartups(thatrepresentthecoretargetaudienceofUnicorn)inadoptingthemicro-servicearchitecturalparadigmbyprovidingaunifiedwebIDEfordevelopment,deploymentandmanagementofcloudapplications.Goingbeyondtheofferingsoftheexistingplatforms,Unicornputsparticularemphasisonsecurity,scalabilityandelasticitycontrolenabledthroughpolicyandconstraintdefinition,aswellasthroughcontinuousriskandvulnerabilityassessment,andcomplementsitssolutionwithadvancedorchestrationandmonitoringcapabilities.Asfarasthecontainerandunikerneltechnologiesforcloudapplicationpackaginganddeploymentareconcerned,Unicornwillpursue,inordertofacilitateadoption,tosupportpopularcontainerizedexecutionenvironments(e.g.,Docker)andtoorchestratecontainerexecutionenvironmentsontopoflibrary-basedandunikernel-likeoperatingsystems(e.g.,CoreOS)thatwillbeabletohostcomplexandresourceintensivecloudapplicationsinaminimal,yetpersistent,mannerfortheDevOpsteam,basedonthecontinuouseffortsoftheprojecttoprobetheEUICTindustryforthetechnologiestrulydominatingtheirinterestsandneeds.
D1.1StakeholdersRequirementsAnalysis
46
6 RequirementAnalysisSchemeThisChapterdocumentsthekeyfindingsoftheanalysisperformedontheresultsofthedisseminatedonlinesurveyandthepersonalinterviews.
6.1 IntervieweeProfileAltogether20organisationsoperatinginmultipleanddifferentfieldsparticipatedintheinterviewprocessandarelistedinTable5.TheseorganisationsareprimarilybasedintheEuropeanUnionwiththelargerorganisations(e.g., SAP, HP) also spanning their business operations across the globe. Figure 13 depicts the number ofemployeesworkingintheITdepartmentofeachorganisation.Fromthisfigure,weobservethatmostoftheorganisationsinterviewedidentifythemselvesasStartups/SMEsandhavelessthan25employees(65%)intheirITdepartment,while15%haveanumberofemployeesbetween26and50. Inturn,15%oftheinterviewedorganisations identify themselves as large organisations and feature more than 101 employees in their ITdepartment.InordernottolimitthetargetaudienceofUnicorn,theorganisationsinterviewedwerecarefullyselectedsoastooperateinmultipleanddifferentbusinessdomainsandgeographicregions,asshowninTable5andFigure12.
Table5:OrganisationsParticipatedinInterviewProcess
Organisation OrganisationType IntervieweeRole
Country
CASA.G. Pilot Management GermanyCocoon NotRelatedtoUnicorn CTO CyprusCRUKInstitute NotRelatedtoUnicorn ChiefArchitect UnitedKingdomCYTA NotRelatedtoUnicorn System/NetAdmin CyprusFxPro NotRelatedtoUnicorn CTO United Kingdom (operates
globally)EduportalGR NotRelatedtoUnicorn ChiefArchitect GreeceHopu CINCUBATOR CTO SpainHP-Cloud NotRelatedtoUnicorn Programmer US(operatesglobally)Ideas2Life NotRelatedtoUnicorn CTO CyprusLockUp CINCUBATOR CTO SpainNubedianA.G. CyberForum DevOpsEngineer GermanyPointRF NotRelatedtoUnicorn ChiefArchitect Israel(operatesglobally)Proasistech CINCUBATOR Management SpainRedikod Pilot Programmer Sweden/ScandinaviaSAPInnovation NotRelatedtoUnicorn Programmer Germany(operatesglobally)Suite5 Pilot CTO UnitedKingdomSwiftflats CINCUBATOR Programmer SpainTursofthealth NotRelatedtoUnicorn ChiefArchitect Turkey/GreeceUbitech Pilot Programmer GreeceYellowmapA.G. CyberForum DevOpsEngineer Germany/Austria/Switzerland
D1.1StakeholdersRequirementsAnalysis
47
Figure12:OrganisationOperatingBusinessDomainsasIdentifiedbyInterviewees
6.2 UnicornSurveyandInterviewStudyKeyFindingsThefollowingsubsectionsdocumentthekeyfindingsoftheUnicornsurveyandinterviewstudy.
Figure13:NumberofEmployeesinITdepartment
6.2.1 UnclearDistinctionBetweenSoftwareProgrammerandDevOpsEngineerinStartupsFromtheinterviewprocess,itwasrevealedthatthereisanuncleardistinctioninthesilverliningbetweentherole(s)ofaSoftwareProgrammerandDevOpsengineer,especiallyfororganisationsidentifyingthemselvesasStartupswithlessthan25employees.Inparticular,programmersare(usually)tightlyinvolvedinthesoftwaredeliverycycle,uptaking,managementtaskssuchasdesigningsecurityenforcementandmonitoringpolicies,and (virtual) infrastructure provisioning and configuration. When asked, programmers identified security
enforcementandelasticresourcescalingasthemainchallengestheyfaceduetolackofexperienceandtimeto
learnrelatedtechnologiesandmethodologies.ThesefindingsconfirmthedeveloperproductivityreportsfromDZone(2017)andRebelLabs(2016).
Telecommunications,Mobile/WebDevelopment
D1.1StakeholdersRequirementsAnalysis
48
Figure14:IntervieweeRoleinOrganisation
6.2.2 ProgrammingFrameworksareIncreasingAnnotation-BasedProgrammingParadigmAdoptionThe majority (80%) of the interview respondents mention that they have adopted annotation-basedprogramming of some sort.When asked during the interview process, interviewees denote that other thangeneratingsourcecodedocumentation,codeannotationsarewidelyusedforsourcecodeprojectconfiguration,
data and APImodelling, logging,monitoring and testing. In particular, annotations aremostly used by theprogrammersoforganisations thathaveadoptedpopularprogramming frameworks, suchasSpring for Java(55%), Node.js for Javascript (25%) and Django for Python (25%). The popularity of the Spring frameworkconfirmstheRebelLabs(2017)developmentreport,whichemphasisesonmicro-serviceframeworkadoptionforjava.
Figure15:UsageofAnnotation-basedProgrammingParadigmbyInterviewees
D1.1StakeholdersRequirementsAnalysis
49
Figure16:PopularProgrammingFrameworksUsedbyInterviewees
6.2.3 CollaborationToolsarenowIndustryStandardPracticeswhileContinuousIntegrationandDeliveryToolAdoptionisFacingSeriousChallenges
Almost all interview respondents (95%)mention that the employees of their organisation use at least onecollaboration tool. In particular, all positive respondentsmention that a collaboration tool for source codeversioncontrol isalwaysused(mainlygit),whilemorethan70%ofsoftwaredevelopmentteamsalsouseatleastonecollaborativetoolforcommunication(e.g.,Slack,Skype)andtaskmanagement(e.g.,Pivotaltracking,Trello,Team).
Figure17:UsageofCollaborationToolsAmongEmployeesofOrganisation
Basedon the results of our survey, 60%of the respondents’ state that they are currently using continuousintegrationtoolsintheirapplicationdevelopmentcycle.Thisnumberisslightlylowerthanthepercentagesinstudies such as GitLab’s developer report (2016).Moreover, Apache Jenkins (55%) was noted as themostpopularCItoolofchoice,althoughalmostoneoutofthreerespondentsarecurrentlynotusinganyCI/CDtool.Interestinglywhenpersonallyquestioned,theserespondentsusuallystatethatlacktime(50%)andlackofskills(45%),ispreventingthemfromfullyadoptingaCI/CDpipeline.Ontheotherhand,respondentswithexperienceinutilizingCI/CDtools,mentionthatthemostchallengingaspectsoffullyembracingaCI/CDsoftwaredelivery
Android,iOS
D1.1StakeholdersRequirementsAnalysis
50
pipelineisthelackofaunifiedtool(55%)andextremedifficultiesfoundinenvironmentsetupand,inparticular,
integratinginthecycleautomatedtechnologies(40%)suchasresourcescaling,runtimesecurityenforcement
andtesting.
Figure18:PopularityofCI/CDFrameworksEmbracedbySurveyedOrganisations
Figure19:ChallengesPreventingFullAdoptionofCI/CDPipeline
6.2.4 CloudIDE’sareBecomingPopularbutforLarge(r)DevelopmentTeamsOur survey highlights that the transition from traditional desktop IDEs to Cloud IDEs has already started.Particularly,45%ofoursurveyrespondentsstatethattheyarecurrentlyusingaCloudIDEforcloudapplicationdevelopment. We note that this number is rather high when comparing to StackOverflow (2016, 2017)developer reports placing general adoption around 15%. However, we note that our survey targets cloudapplicationdevelopmentwhereCloudIDEsprevail.Also,fromtheresultsofoursurveyitisrevealedthatthemostpopularCloudIDEsareEclipseChe(40%),SAPHana(20%)andCloud9(15%).Moreover,whendiscussing
D1.1StakeholdersRequirementsAnalysis
51
withtheinterviewedITprofessionals,itisrevealedthatorganisationscomprisedoflargerdevelopmentteams
(>11 IT employees) are more keen in adopting Cloud IDE’s as they combine development with CI/CD tool
integrationforautomation,collaboration,softwaredeliveryandcommunication,whichareabsolutenecessities.
Figure20:CloudIDEEmbracementbyInterviewedOrganisations
Ontheotherhand,themajorityofthosenotadoptingaCloudIDEfordevelopmentstatethattheyarehappyusingtheirdesktopIDE(82%)andthattheydonotforeseeintheimmediatefuturethetransitioningtoaCloudIDE.Anothernotablepercentage (30%)also reports thatperformance related issuesalsopreventCloud IDEadoption.Thefirstclaimwasaparticulardiscussionpointwith intervieweesfromorganisations identifiedasStartupsandcomprisedofsmalldevelopmentteams.Tobetterunderstandthis,weaskedaboutthesoftwaredevelopmentprocess,whereitwasrevealedthatasingledeveloperinsuchteamsisusuallyinchargeofthecoding of an entire project, or developers are in charge or specific tasks (e.g., front-end, back-end) andintegrationoftaskshappensattheendofadevelopmentcycle,thus,limiting,atthemoment,theneedofacloudIDE.
Figure21:PopularreasonspreventingCloudIDEadoptionfromrespondersnotusingCloudIDEs
Performancerelatedissues
D1.1StakeholdersRequirementsAnalysis
52
6.2.5 Micro-service Architectural Approach is Becoming a Cloud Trend Especially in the IoT and SaaSdomains
Micro-services are currently used in productionby 40%of our respondents,while another 30% is currentlyexperimentingforultimatelyproductiondeployment.ThesenumbersconfirmDZone’s(2017)andLightbend’s(2016)DevOpsreports.Interestingly,organisationsadoptingmicro-servicesinproductionhaveoriginsfromtheIoTandSaaSdomainswhiletheorganisationsexperimentingoriginatefromthebusinessanalyticsand(location)recommendation services sector. Moreover, from the above organisations, the micro-service architecturalpatternisusedfordata-serving(100%),businesslogic(83%)andthefront-end(66%).Ontheotherhand,only10%oftheintervieweesmentionedthatmicro-servicesarenotofinterestwiththeresponsescomingfromthetelecomandeducationalbusinessdomain.
Figure22:Micro-serviceArchitectureAdoptionbyInterviewedOrganisations
6.2.6 ContainerizedSolutionsareFollowingMicro-serviceAdoptionTrendsWiththeincreaseintheinterestformicro-servicesarchitecturalpatterns,interviewedorganisationsalsoseemto be utilizing containerized solutions for application deploymentwith 20%of the respondents stating thatcurrentlytheyarerunningcontainerizedapplicationsinproduction,whileanother35%isseriouslyplanningandexperimenting to ultimately use this technology in production. Similarly, to micro-services, these numbersconfirm DZone’s (2017) and Lightbend’s (2016) DevOps reports. Also, when questioned, only 36% of therespondents’ state that their entire application deployment is containerized. The rest (64%), reveal thatcontainers are utilized only for the dynamic, scalable and stateless service part comprising their application
deployment,thusadoptingamixtureof(virtualized)solutionsfortheircloudexecutionenvironments.
D1.1StakeholdersRequirementsAnalysis
53
Figure23:ContainerizedSolutionAdoptionbyInterviewedOrganisations
Interestingly,itisacknowledgedthatthecontainerdomainintroducesanumberofchallengesfordevelopers.In particular, interviewees with experience in deploying containerized applications mention that, the topchallengesinthecontainerdomaininclude:performanceandapplicationmonitoring(55%),serviceorchestration
(50%),databaseaccess(45%),lackofexperience(45%)andauto-scaling(40%).Thesechallengesconfirmstudiesfrom RightScale (2017) and DZone (2017), and are highly relevant to the Unicorn project. What is more,challengesrelatedtoreducingcontainersecuritythreatssuchasstripingcontainersfromattackinginterfaces
(35%),secureresourceacquisition(30%),fastboottimes(25%)andreducingimagesizes(20%)arealsorelevant
totheadvancementofunikernelsandconsequentlytotheUnicornproject.Finally,itmustbenotedthatalmostall organisations (92%) have adopted, at some point, Docker as the containerized technology for theirapplications,with other preferred containerized solutions such as Kubernetes (33%) and Swarm (25%) alsotightly coupled to Docker for clustermanagementwhen containers are deployed in production. Therefore,DockerisatechnologythatmustbetargetedbyUnicornforcontainerizedcloudexecutionenvironmentsasitsstakeholders,eitherlargeorsmallinsize,identifyDockerastheirtechnologyofchoice.
Figure24:ContainerizedSolutionAdoptionChallengesasIdentifiedbyInterviewedOrganisations
D1.1StakeholdersRequirementsAnalysis
54
Figure25:ContainerizedSolutionsthathavebeenadoptedbythoseusingorconsideringcontainerization
6.2.7 Multi-CloudDeploymentModelAdoptionandChallengesOursurveyisinlinewithGartner’sMagicQuadrant(2016)reportswhichrevealthatthetopcloudproviderisAmazonWebservices(AWS),followedbyMicrosoftAzureandOpenstack,whicharethemostprominentcloudsolutionsforprivatecloudinfrastructuraldeployments.However,moreinterestinglyisthat25%ofoursurveyrespondents are currently following a multi-cloud deployment approach while another 25% is alsoexperimentingandplanningtodoso.ThesenumberaresignificantlylowerthanreportsfromRightScale(2017)whichputthepercentageoforganisationsadoptinghybrid-cloudover70%.However,onemustnotforgetthatintheStartupeco-system,companiesstartsmalladoptingonecloudproviderandthenexperimentastheyscale,and20%ofourrespondentsalsostatetheyareplayingaroundwithmulti-clouddeployments.Ontheotherhand,thosewhoarenotplanningtoadoptamulti-cloudapproachstatethatthisisduetosignificantsecurityreasonsformovingdataacrosscloudregionsorarehappywithjustusingonecloudprovider.
Figure26:Multi-CloudDeploymentModelAdoptionbyIntervieweeOrganisations
Furthermore,bypersonallytalkingwithintervieweestoobtainuserstories,weidentifiedthatdifferentmulti-cloudchallengesarisebasedontheparticulardeploymentstrategyfollowedbyeachorganisation.Thus,insteadofsimplycompilingalistofchallenges,wefurtherinvestigatedwhenandwhereiseachchallengeapplicable.In
D1.1StakeholdersRequirementsAnalysis
55
particular,MC2(onecloudprovidermultipleavailabilityzones), isapopularmulti-clouddeploymentmodel2.For organisations adopting a multi-cloud deployment model resembling MC2 (one cloud provider multiple
availabilityzones)securityreasonsformovingdataacrosscloudsites/regionsandtrust/complianceissuesare
ofextremeconcern.OrganisationsadoptingtheMC2deploymentmodeloriginatemainlyfromGermanyandUK,andoperateinthee-healthorsocialassistancebusinessdomains,wheresuchorganisationsareobligatedtocomplywithstrictdatamovementnationallawspreventingsensitiveclientdatatobehostedoutsidenationalbordersandforthisreasoninter-connectedprivateclouddeploymentsarepreferred.
Figure27:PopularCloudProviders
Ontheotherhand,challengesrelatedtoportability,vendorlockingandalackofunifiedmanagementtools,are
ofextremeconcernfororganisationsthatadoptthepopularMC3andMC4multi-clouddeploymentmodels.Inparticular,thesemodelsmainlyusemultiplecloudproviderstoruntheirservices,targetingloadbalancingandlatency reduction when serving content to clients, and thus, these models are highly relevant tolocation/recommendationbasedservices,SaaScloudsolutionsandIoTapplications.
2Multi-clouddeploymentmodelsaredescribedindetailinSection3.2
D1.1StakeholdersRequirementsAnalysis
56
Figure28:Multi-CloudAdoptionChallenges
6.2.8 CloudMonitoringAdoptionandChallengesMonitoring is employed by all interviewed organisations with monitoring targeting various levels of theapplication lifecycle and execution environment. In particular, respondents usually stated that serviceavailability(80%),APIaccess(60%)andtheunderlyinginfrastructure(55%)aremonitoredbydeployingeitherin-houseorgeneral-purposemonitoringtools.Interestingly,asthemonitoringlevelbecomesmorespecialized
and moves closer to the client side (e.g., application behaviour, client interaction, transactions, etc.),
organisations start to facechallengesasmonitoring toolsmustbeextended, customizedand tailored to the
organisationmonitoringneeds.
Figure29:MonitoringLevelTargetsasRespondedbyInterviewedOrganisations
Ingeneral,multipleanddifferentmonitoringsolutionsareused.Interestingly,allrespondentsstatedthattheymust resort to usingmore than onemonitoring tool for their needswith 70% is dissatisfied by this fact. Inparticular,65-70%oftherespondentsmentioningthattheyusemostly in-housedevelopedmonitoringtoolsand/orgeneralpurposeopen-sourcetools.Ontheotherhand,40%claimtobeusingtoolsofferedbythecloud
D1.1StakeholdersRequirementsAnalysis
57
provider,while35%oftherespondents’mentionthatthird-partymonitoring-as-a-servicetools(e.g.,NewRelic,Datadog)areusedfortheirmonitoringneeds.
Figure30:MonitoringToolTypeAdoptionbyInterviewedOrganisations
Withregardtochallenges,respondentsstatethatthemostprominentneedarisesfromthelackofparameter
tuningbymonitoringtoolstooptimiseperformance,qualityandcost(70%).Inturn,asmultiplemonitoringtoolsmustbeusedbyorganisations,integratingthemintheexecutionenvironmentorfindingamonitoringtoolthatcanbeusedatdifferentandmultiplelevels,isanotherprominentchallenge/needstatedbytheinterviewees(70%). Interestingly, 50% of the interviewees stated that accessing/processing historic monitoring data isanotherimportantchallenge.Alsomonitoringtoolportabilityacrosscloudplatforms(40%),aswellas,providingmulti-cloud monitoring support (40%) are relevant to the project. On the other hand, accessing real-timemonitoringdata(25%)andplottingdata(5%)seemtobecoveredbytheofferedtoolsandarenotconsideredascurrentchallengesinthemonitoringdomain.
Figure31:MonitoringChallengesFacedbytheInterviewedOrganisations
D1.1StakeholdersRequirementsAnalysis
58
6.2.9 ElasticScalingAdoptionandChallengesTheresultsofoursurveyshowthatmostofourrespondents(65%)donotcurrentlyuseelasticscaling,whichcontradictswithpopularcloudsurveysandreportsfromRightScale(2017)andGartner(2016).However,themajorityoftherespondentsofoursurveyareSMEs/Startupswithservicesrecentlyintroducedtothepublic.Thus,althoughtheyarecurrentlynotusingelasticityscalingalmostallofthese(95%)highlightthatelasticityis
needed(95%)butcertainchallengesmustbeovercomefirst,withthemostprominentbeinglackofexperience
ofhowelasticityworks,followedbyhowtoconfiguretheauto-scalingprocessandhowtobudgetconstrainauto-
scaling.
Figure32:ElasticScalingAdoption
Inturn,thosewhoarecurrentlyusingelasticityfortheirapplicationscaling,originatefromtheIoT,SaaScloudsolutions and recommendation/location service offering business domains. Horizontal scaling is the mostpreferablewaytoscaleresourcesformostoftherespondents(71%),andisadoptedmainlyforloadbalancing.Theseorganisationsmostlyadoptthetoolsprovidedbytheircloudprovider(71%)withthesecondpreferredoptionbeingin-housedevelopedtools(57%).Thisisanoppositepicturefrommonitoringwherein-houseandgeneral-purposemonitoringtoolsaremorepreferredoptionsthanthetoolsofferedbythecloudprovider.Thejustificationforthisisthatdevelopinganauto-scalingtoolisextremelychallengingandthereforeresorttousingwhatisofferedbythecloudproviderevenifthisrestrictsdeploymenttoasingleprovider.
Figure33ElasticScalingType
D1.1StakeholdersRequirementsAnalysis
59
Interestingly,themostprominentchallengeinelasticscalingfororganisationsisparametertuningtooptimizetheperformance,costandqualityoftheirservices(65%)whichisrelatedwiththesecondmostchallengingtask,thelackofexperience.RespondentsthatarecurrentlyusingthetoolsprovidedbytheirCloudproviderandeventheonesthathaven’tyetadoptedelasticscaling,statethatconfiguringtheelasticityservicefortheirapplicationneeds,isanon-trivialtaskduetotheinsufficientknowledgetheypossess,therefore,theneedforasimplebutaccurateelasticitycontrolcomestotheforeground.
Figure34:ElasticitytoolsusedbyorganizationshaveadoptedelasticscalingaspartoftheirALM
Anothermajorchallengepreventingcompaniesforadoptingelasticscalingarebudgetconstraints(50%).Usingelasticservicesofferedbycloudproviders,especiallywhentheyarenotconfiguredproperly,theamountspentissignificantlylargerthantheamountearned.Otherchallengesmentionedbyonethirdoftherespondents,areelasticscalingacrossmultiplecloudregionsandprovidersandlackofaunifiedautoscalingenvironment.Thesechallengesaddresstheneedforaunifiedautoscalingtool,abletoorchestrateinstancesacrossmultiplecloudsites,providersandregions.
Figure35:ElasticScalingAdoptionChallenges
D1.1StakeholdersRequirementsAnalysis
60
6.2.10 WhenisSecurityConsideredintheLifecycleofanApplicationFrom the interview process, respondents’ answers to the question “when is security considered in theapplicationlifecycle”,revealthatthereisnonormtowhensecurityistakenintoconsideration.Particularly,35%oftherespondents’statethatsecurityisconsideredattherequirementphase,30%stateattheprogrammingphase, 25% at the design phase, while 10% mention that security is only considered after deploying theapplicationanddetectingwheresecurityisneeded.Atthispoint,anysecurityissuesaredealtwithandare-deploymentisissued.ThesenumbersconfirmthestudyconductedbyVeracode(2016),showingthatthereisnonormforwhentointegratesecurity.Thisisahighlyrelevantrequirementtotheprojectassecuritycannotsimply be assumed that it will be always considered at the requirement or design phase and thereforeintegratingsecurityorcustomizingsecurity,evenatdevelopmentorruntime,whenpermitted,mustbetakenintoconsideration.
Figure36:StageofApplicationLifecycleatwhichSecurityisConsideredbyInterviewedOrganisations
6.2.11 CloudSecurityEnforcementandPrivacyPreservationChallengesRespondents of our interviewprocess state that themajor challenges faced include: vulnerability detection(16/20),datamovementcompliance(15/20),informationflowtracking(14/20)andprivacyprotection(13/20).TheseresultsareinlinewiththefindingsofVeracode(2016),showingthatsensitivedataexposureandruntimesoftware vulnerability are the prime concern of most SMEs and Startups, therefore, they remain openchallenges.Thesechallengesarehighlyrelevantwiththerequirementsoftheproject,pointingouttheneedofa mechanism for data privacy enforcement and continuous vulnerability assessment. On the other hand,challengessuchaswebfirewalling(15/20),SQLinjectionprevention(13/20),staticcodeanalysis(10/20)cross-siteforgery/scripting(9/20)andauthorizationpermissionmanagement(9/20),seemtobeaddressablebymostoftheinterviewedstakeholdersandarelessrelevanttotheproject.
D1.1StakeholdersRequirementsAnalysis
61
Figure37:SecurityMechanismsAdoptedbyInterviewedOrganisations(#1)
Figure38:SecurityMechanismsAdoptedbyInterviewedOrganisations(#2)
D1.1StakeholdersRequirementsAnalysis
62
Figure39:SecurityMechanismsAdoptedbyInterviewedOrganisations(#3)
D1.1StakeholdersRequirementsAnalysis
63
7 UnicornTargetAudienceandBusinessMetricsThischapterpresentstheprofileoftheaudiencetargetedbyUnicornalongwithsuitablebusinessmetricsthathavebeenderivedsoastoevaluatethebenefitsofusingUnicorn.
7.1 TargetAudienceProfileAs stated in the Description of action (DoA) of Unicorn, the project addresses small-to-medium Europeansoftwaredevelopingorganisations,currentlycountingintotaltomorethan750,000,whichanimportantpillarfortheEuropeaneconomy.Morespecifically,wearefocusingondevelopersofCloudservices,asthis isthefastestgrowingITsegment.
Oursurveyhasshownthatcontinuousintegrationtools,microservicepatternsandcontainerizedsolutionsforapplicationdeploymentarepromisingandemergingparadigms,alreadyadoptedbymanySME’swhileevenmoreplansforadoptingthesetechniquesinproductioninthenearfuture.Almostallorganisationsparticipatingin the survey have already adopted Docker as the containerized technology for their applications (>90%).Therefore,theUnicornplatformmusttargettheDockercommunitywhich,asof2016,isalsopartoftheOpenContainer Initiative(OCI) inanattempttostandardizethecontainerecosystemand increase itsalreadyvastaudience.Inturn,advancedrespondents,whichalsoconsiderDockerastheirtooloftrade,mentionedthatthemostchallengingaspectsforbothcontainerizeddeploymentsandtheircontinuoussoftwaredeliverypipelinearethelackofaunifiedtoolanddifficultiesencounteredinintegratingautomatedtechnologiesforresourcescaling, monitoring, runtime security enforcement and testing. Towards this, the Unicorn platform canpotentiallyfillthesegapsforDockerizedandOCIdeploymentswhilealsoservicingthedesignneedsofcloud-enabledmicroservices.
Figure40:UnicornVisionTowardsTargetAudienceProfiles
Concluding,UnicorntargetsinnovativesoftwaredevelopingSMEsthatdevelopCloudapplications(“apps”)thatfollow themicroserviceparadigmandare containerized.Unicorn focusesonbothphasesof theapplicationlifecycle: (i) theDesign Time Phase, which denotes the development of the cloud application; and (ii) theRuntimePhase,whichdenotes theexecution,orchestrationandmanagementof thecloudapplicationafterdeploymenttothecloud.Accordingly,Unicornaddressestwocategoriesofusers,SoftwareProgrammersandDevOps engineers,while, for smaller companies, these roles are not clearly distinct, as shown through oursurvey.
Usersutilizing designlibrariesandcloudIDE
Usersdeployinglegacyormonolithicappsto
thecloud
• Reducecloudapplicationdesign time
• Reduce timetomarket
• Increase securityandprivacy
• Runtimemonitoring,scalabilityandriskassessment
• Continuous lifecyclemanagement
D1.1StakeholdersRequirementsAnalysis
64
Nevertheless,Unicornmayalsosupportthedeploymentoflegacyand“monolithic”cloud-enabledapplicationstobothpublicandprivatecloudinfrastructure,butthesupportedUnicornconstraintsandpoliciesthatcanbedefined(forelasticscaling,monitoringandsecurityenforcement)arelimitedtothescopeoftheruntimephaseduetotheabsenceoftheuseoftheUnicorndesignlibrariesatthedesignphaseoftheapplication.
7.2 BusinessMetricsUnicorncomesasanofferingtotheabove-mentionedtargetaudience,whichcanhavediverseneedsandmaystartfromdifferentpointstowardstheproductionoftheirservicesandproducts,neverthelesstheadvantagesoftheplatformcanprovidebenefitstothosegroupsfromdifferentbusinessperspectives,dependingonhowtheseusersdesign,deployandoperatetheirsystems.
Asinanyparadigmshift,thereisalearningcurveforthetargetaudiencetounderstand,studyandmasterthenewapproachthatissuggestedbyUnicorn(especiallyforaudiencethatalreadyhasadeployedproductwhichneedstoberefactoredbasedontheUnicorn’scontainerisedlogic).Nevertheless,thebusinessbenefitsthatcanberecordedfromtheapplicationof theproject’sofferingsarequitesubstantial lookingtowardsamid-termhorizon.
Thefollowingtableprovidesahigh-levelsetofbusinessmetricswhichdescribeingeneraltermsthebenefitsthatcanberecordedbytheemploymentoftheUnicornplatforminthedesignanddeploymentofcloud-basedsoftwareapplications.ThosemetricsareallmeasurableinquantitativetermsandareinapositiontohighlightareasofcontributionofUnicorntothecommunityofcontainer-basedservicesdevelopment.
Table6:Unicorn’sBusinessMetrics
BusinessMetric Units Description
LeadTime hours How long it takes to go from idea to deliveredsoftware/service
DevelopmentCycleTime minutes How long it takes tomake a change to the softwaresystemanddeliverthatchangeintoproduction.
SecurityIncidents No.ofSecurityIncidents/time Numberofsecurityincidentsrecordedperunitoftime
TimetoDeploy minutes The time it takes to deploy a new instance of theapplication
CloudServiceAvailabilityTimeservicesisup/Total
timePercentageoftimethesystemisupandrunning
CloudinfrastructureCosts €/time TotalCloudInfrastructureCostforrunningtheserviceperunitoftime
CloudServiceProductivity Performance/€ Cloudserviceperformanceperunitofcost
OverprovisioningCost €/time Thecostforreservingadditionalresourcesperunitoftimetosatisfyunrealiseddemand.
User’sQualityofExperience%Perceivedsatisfactionofthecustomer
Distilled out of questionnaires that measurecustomer’ssatisfactionforthequalityoftheservice
Cost-EffectivenessofCloudSecuritySolution
performance/$
The cost atwhicha certain systemperformanceat acertainsecuritylevelisattained.
D1.1StakeholdersRequirementsAnalysis
65
UsageofDAOEncryption #ofDAOSencrypted
NumberofDataAccessObjectsencrypted (unsignedUNICORN’s Privacy-by-Design and EncryptedPersistencyMechanisms)
UsageofContext-Awareprivacy
#ofcontext-aware
authorizationcontrollersadded
Number of application controllers that have beenenhancedwithauthorizationcontrollers(usingPrivacy-by-DesignandEncryptedPersistencyMechanisms)
ThesemetricssteamdirectlyoutoftheofferingsofthedifferentfeaturesthatareprovidedbytheplatformandmaynotallbedirectlyrelevanttoeachSME/startup.
Thefollowingtableprovidesamappingbetweenthesefeatures,theircoreofferingsandthebenefits(measuredasBusinessMetrics)thatthosecan,potentially,bringtoacloudapplication.
Table7:Unicorn’sOfferingsandBusinessMetrics
Features Phase UNICORNOfferings BusinessMetrics
ComplexandCostlydevelopmentprocess
DesignTime
Usage of micro-services paradigmand containerization todescribe theapplicationservicegraphintermsofconstraints and policies to beenforced.
• LeadTime• TimetoDeploy• CloudService
Availability• User’sQualityof
Experience
Runtime
Deployment of the applicationservice graph to a cloud executionenvironment based on the Unicornpolicyandconstraintdescription.
VendorLock-in
DesignTime - • CloudinfrastructureCosts
Runtime
Deployment of the applicationservice graph on multiple differentcloud providers and multi-cloudenvironments
DataPrivacyDesignTime
Annotations for easy encryption ofData Access Objects (DAO).Annotations for the definition ofprivacy restricted actions in theapplication.
• UsageofDAOEncryption
• UsageofContext-Awareprivacy
• User’sQualityofExperienceRuntime Configuringandenforcingtheprivacy
requirements.
SecurityConcerns
DesignTime Combinedholisticsecurityprotection • Cost-EffectivenessofCloudSecuritySolutionRuntime
Riskassessment/intrusion detection reconfiguration,securitystatusreporting
ScalabilityConcerns
DesignTime App-level monitoring metricenablementandconfiguration
• OverprovisioningCost• CloudService
Availability• CloudService
Productivity
Runtime
Elastic scaling policies enablementandconfiguration
D1.1StakeholdersRequirementsAnalysis
66
8 UnicornSystemRequirementsInthisChapterwewillelaborateontheuserrolesoftheUnicornPlatformandthenproceedinlistingsystemfunctionalandnon-functionalrequirementsfortheUnicornplatformandeco-systemthatarederivedbytheresultsoftherequirementcollectionmethodologydescribedandpresentedinChapters4-7.
8.1 UserRolesTable8introducestheidentifieduserrolesfortheUnicorneco-system.Fromthistable,weobservethattheUnicorneco-systeminvolvesmanyroleswithdiverseresponsibilities.Someoftheseresponsibilitiesmayoverlapamongusersoftheplatformwhich,atfirst,mayseemtoleadtoconfusinginterpretationofuserroleduties.However, as we observe in Chapter 6, for small software teams, the silver lining between roles in thedevelopmentteamarequiteblur,withteammembersoftenuptakingresponsibilitiesspreadacrossdifferentuserroles(e.g.,aCloudApplicationDevelopermayalsobeinchargeofTestingortheApplicationAdministratormayalsobeaDeveloperaswell).InthefollowingTable,theActorterminologyanddescriptionsaredesignedtoclarifyandsummarizeeachactor’sroles.
Table8:UnicornActors
Actor Description
CloudApplicationOwner
Thepersonprovidingthevisionfortheapplicationasaproject,gatheringandprioritizinguser requirementsandoverseeing thebusinessaspectsofdeployedapplications (e.g.businessdelivery,functioningandservicesoftheapplication)inaccordancewithvariouscriteria(e.g.costminimizationandpolicydefinitionlikelegalconstraints)
DevOpsTeam Development, operation and testing of cloud applications, including the roles: CloudApplication Product Manager, Cloud Application Developer, Cloud ApplicationAdministratorandCloudApplicationTester.
CloudApplicationProductManager
Thepersondefiningthecloudapplicationarchitectureandimplementationplanbasedon the Cloud Application Owner’s requirements. This person is also responsible forpackagingthecloudapplicationandenrichingthedeploymentassemblywithruntimeenforcementpolicies for theplaceholders defined via code annotationsby theCloudApplicationDeveloper.
CloudApplicationDeveloper
The person that develops a cloud application by using the Unicorn-compliant codeannotation libraries in order to run on a Unicorn-compliant (multi-) cloud executionenvironment.
CloudApplicationAdministrator
The person responsible for deploying and managing the lifecycle of developed andUnicorn-compliantcloudapplications.Thispersonensurestheapplicationrunsreliablyandefficientlywhilerespectingthedefinedbusinessorotherincentivesintheformofpoliciesandconstraints.
D1.1StakeholdersRequirementsAnalysis
67
CloudApplicationTester
ThepersonresponsibleforthequalityassuranceandtestingofaCloudApplication.TheCloudApplicationTesterperformsdeploymentassemblyvalidation(atbusinessandtechnicallevel).
CloudApplicationEndUser
ThepersonusingthedeployedUnicorn-compliantcloudapplication.
UnicornAdministrator
The person responsible formanaging andmaintaining theUnicorn ecosystem,whichincludesinfrastructure,varioussoftwareandarchitecturalcomponentse.g.CoreContextModel,codeannotationlibrariesandEnablersinterpretingandenforcinggivenpoliciesandconstraints.
UnicornDeveloper The person that creates Unicorn related (software) components for compliant CloudProviders and/or DevOps Engineers such as e.g.Monitoring Probes, code annotationlibraries,servicesutilizingtheUnicornAPI
CloudProvider Organization or service provider that provides cloud offerings in the form ofprogrammableinfrastructureaccordingtoaservice-levelagreement.TheCloudProviderisalsoresponsibletooperatetheCloudExecutionEnvironmentsthatwillhostentirelyorpartiallyUnicorn-compliantCloudApplications.
Finally,wenotethat,someoftheActorspresentedintheprevioustablemaynotbeassignedtoanyfunctionalrequirements (e.g., Cloud Application End User), however their existence contributes into having a morecompletedescriptionoftheoverallsystem.
8.2 FunctionalRequirementsFunctional requirements represent the list of system properties that need to be implemented and finallysupportedwithinthecontextoftheUnicornecosystemandplatform.Thisincludesallbehaviouralaspectsofthe system components after taking into consideration the identified roles of the Unicorn ecosystem, asdocumentedinSection8.1.Theserequirementsarelogicallygroupedperrole.WehavefollowedaconsistentandstructuredwayofrepresentingtherequirementswhichwillallowustofurtherdefinethedetailedreferencearchitecturefortheUnicornplatformintheforthcomingdeliverabledenotedasD1.2.IntheAnnexweprovideatable listingall the identifiedUnicornfunctionalrequirementswhilethefollowing listingselaborateonthedescriptionofeachrequirement.Table9providesanoverviewofthemappingoffunctionalrequirementstouser roles. Finally, we note that to derive the functional requirements referring to security enforcementcapabilitiesofferedtoUnicornusers,athreatanalysismodel(asset,threat,vulnerability,andcountermeasure)isrequired. Inordertoreducerepetition,threatanalysisfortheparticularsecurityandprivacyenforcementmechanismsofferedbyUnicornwillbeintroducedintherespecteddeliverable,denotedasD4.1.
D1.1StakeholdersRequirementsAnalysis
68
ID FR.1
Title Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints
UserRoles CloudApplicationDeveloper
Description The Unicorn platform must provide cloud application developers with design libraries toannotate the source code of their cloud application under development, for monitoring,resourcemanagement, security and data privacy policy and constraint enforcement pointdefinition.AnnotatedpoliciesdependingonthescopesupportedbytheUnicornplatformcanbedefinedatvariousapplicationgranularitylevels(e.g.,entireapplication,particularservice,codesegment).Unicornusersmustbeabletousetheannotatedentitieswithoutanyfurthermodification in the business logic of the under development application. This practicallymeansthatpolicyandconstraintenforcementistotallytransparenttothedeveloperandwilltakeplaceinthecloudexecutioncontainer.Hence,metadataannotations(e.g.,monitoring)relate to respected Unicorn policy-enforcement enablers (e.g., handler collecting theannotatedmonitoringdata)thatwillgenerate/transformsourcecodeatdesigntimeand/orbe“synchronized”atruntimewiththeCoreContextModel(FR.13)uponinstantiationofthecloudexecutionenvironment.
ID FR.2
Title Securelyregisterandmanagecloudprovidercredentials
UserRoles CloudApplicationProductManager,CloudApplicationAdmin,UnicornDeveloper
Description TheUnicornplatformmustprovidethemeanstosupportcredentialmanagementforbothpubliccloudsandprivateclouddatacentersthataresupportedbytheUnicornplatform.Assuch, Unicornmust be able to provide themeans for secure credentialmanagement andstorage of access credentials (e.g., user/password pairings, API access tokens) forUnicornusersirrespectiveofthecloudplatform.Thispracticallymeansthatusersarenotrequiredtoprovide their credentials each time an application deployment is initiated or when arequest/queryformanagingtheapplicationlifecycleisconducted(includingre-deploymentofanupdatedversionofanapplication).
ID FR.3
Title Searchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptions
UserRoles CloudApplicationProductManager
Description Unicornmustexposethroughitsunifieddashboardasearchinterfaceprovidingitsuserswiththe ability to browse for cloud offerings and cloud provider services capabilities, obtainintuitivemetadatadescriptionsandfiltertheresultsto limitthereturnedresultset(s).Thesearchinterfacemustreturnandfilterresultsforbothprivateandpubliccloudofferingsthat
D1.1StakeholdersRequirementsAnalysis
69
aresupportedbyUnicornandareaccessibleviatheusers’givencredentials(FR.2).Thesearchinterfacewill be provided as a graphical alternative for users insteadof using directly theUnicornUnifiedAPI(FR.15).
ID FR.4
Title CreationofUnicorn-compliantcloudapplicationdeploymentassembly
UserRoles CloudApplicationProductManager
Description The Unicorn platform must provide its users with a standardized, transparent andinfrastructure-agnosticprocesstocreateandfeedtheUnicornplatformwithadeploymentassemblyfortheapplicationtobedeployed.Unicornadoptsthenotionofadirectedservicegraph, where nodes represent the (micro-) services composing the cloud application andedges represent the relationship(s) and inter-dependencies between services. Nodes aredescribed by a number of attributes denoting resource management parameters (e.g.,requested memory, disk size, network interfaces), monitoring metrics to collect, costconstraintsandelasticscalingpolicies.Inturn,relationshipsandinter-dependenciesdenotethe deployment order and restrictions limiting the security and datamovement betweenservices.Asanumberoftheattributesandparametersdescribingnodesandedgesarealsoavailableascodeannotationpolicies(e.g.,monitoring)attheapplicationdevelopmentphase(FR.1),thesewillbeautomaticallytranslatedandaddedtotheservicegraphdescriptionbyrespectedUnicornenablersinterpretingcodeannotationsbasedontheUnicorncorecontextmodel without any additional user effort (FR.13, FR.14). However, the final deploymentassemblybundlingcodeartifacts,thestandardizeddeploymentdescriptionanddeploymentrequestswillbeautomaticallycreated(noadditionaleffort)onlywhentheuserpackagingtheapplicationdeterminesthatthedevelopedanddescribedapplicationisreadyfordeploymentbytheUnicornplatform.
ID FR.5
Title Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironment
UserRoles CloudApplicationAdmin,CloudProvider,UnicornDeveloper
Description The Unicorn platform must provide its users with the means to deploy their compliantapplicationsfromtheUnicorngraphicalinterfaceafterusershavedevelopedtheirapplicationusing theprovideddesign libraries (FR.1)andhavecreatedadeploymentassembly (FR.4).Usersshouldalsobenotifiedofthestatusofthedeployment(success,failed)andinthecaseof a failed deployment, the response should include a descriptive reasoning as to whatproblem occurred. The application deployment is themost critical process and includes anumberofsteps,definedbelow,thatmustbeperformedinorderfortheUnicorn-compliantapplicationtobeoperational:
• Parsedeploymentassembly(FR.4)
D1.1StakeholdersRequirementsAnalysis
70
• Verifyvalidityofdefinedruntimepolicyandconstraintsandassureallannotationscanbe interpreted and handled by the respected Unicorn enablers (e.g., monitoring,securityenforcement)(FR.6)
• Derive(near-)optimalapplicationplacementplan(FR.11)• Basedonplacementplan,instantiateresourcesandservicestoestablishanoperation
(multi-cloud)executionenvironment(FR.16)• Instantiate required Unicorn runtime enablers to enforce runtime policies and
constraintsandverifyoperationstatus(FR.14)Asthisprocessiscriticalandonlyifallstepsaresuccessful,adeploymentmaybeestablished,theentirebootstrappingprocessmustbetransactional.
ID FR.6
Title Deploymentassemblyintegrityvalidation
UserRoles CloudApplicationTester,UnicornDeveloper
Description Before the reservation of underlying programmable infrastructure, the Unicorn platformshouldverifyandvalidate thedeploymentassembly.ThiswillbeperformedbyUnicorn todetectpotentialproblemssuchasunreachableedgesintheservicegraphdescriptionduetoantagonizing policies/constraints which could result to inaccessible nodes or optimizationcriteriaandcirculardependencieswhichleadtoasituationinwhichnovalidevaluationorderexists,becausenoneofthepoliciesinthecyclemaybeorderlyevaluated(FR.4).Thisprocess,while not exhaustive, is an important aspect for Unicorn users and Unicorn componentdevelopers(FR.18),performedatthepre-deploymentphasetodetectifthereisaproblempreventing a successful deployment in order to reduce resource allocation costs ofunsuccessfullargeandcomplexdeployments.
ID FR.7
Title Accessapplicationbehaviorandperformancemonitoringdata
UserRoles CloudApplicationAdmin
Description TheUnicornplatformmustprovideitsuserswithaccesstoreal-timeandhistoricalmonitoringdataviatheUnicorngraphicaluserinterface.Themonitoringdataperse(e.g.,responsetime,service availability), the granularity level (e.g., entire application, service part) and theintrusiveness(e.g.,periodicity)atwhichmonitoringdataiscollectedandloggedthroughoutthe entire lifespan of an application should be determined by the user via the provideddeployment assembly compiled based on user’s preferences and his/her annotated code(FR.1).Monitoringannotationsmustallowuserstohandleanddefinecounters,timers,trafficinterceptors and custom metric types to gather resource utilization, application featurebehaviourandperformancefromsingleapplication(micro-)instances,aswellasaggregatedoverviews of metrics across application service tiers and availability regions in order tosuccessfullyassess theperformance,scalabilityandsecurityof theirapplicationseamlesslyacrossmultiplecloudofferingsthroughoneunifiedinterfaceofferedbyUnicorn.
D1.1StakeholdersRequirementsAnalysis
71
ID FR.8
Title Real-TimenotificationandalertingofsecurityincidentsandQoSguarantees
UserRoles CloudApplicationAdmin
Description TheUnicornplatformmusthavetheabilitytonotifyandalertthroughtheUnicorngraphicaluserinterfaceitsusersofeventsclassifiedeitherby:(i)theplatform’ssecurityenforcementenablers, suchas suspicious incidents (e.g., avulnerabilitydetected);orby themonitoringenableranalyticsprocess,suchaseventsbasedoncertainuser-definedcriteria(e.g.,metricthreshold violation). In turn, the Unicorn platform must detect QoS policy violations onprovisioned services in operational cloud environments and also notify users about theseviolationsinorderforthemtotakeintoconsiderationand,possibly,actupon.
ID FR.9
Title Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanisms
UserRoles CloudApplicationAdmin,CloudProvider
Description Upon the initial placement of an application over a programmable infrastructure, possiblyspanning across multiple cloud provider offerings, the Unicorn platformmust provide themeanstomanagetheoperationalenvironmentinanautonomicmanner.This includesreal-timeadaptionwheretheexecutionenvironmentofanapplicationmaybereconfiguredbasedonconditionsandhigh-levelpolicyconstraintsgivenbytheuserviathedeploymentassemblyandextractedfromtheenablerinterpretingelasticitycodeannotations.Therefore,adaptationcanbetriggeredtowardsthe fulfilmentof theuseroptimizationobjectivesandmayregardscalingaspects(e.g.,vertical/horizontalscaling),adaptationofthequalityofprovidedservices,and/ormonitoringintrusiveness(e.g.,adaptperiodicity).Inordertosupportsuchintelligentfunctionality,asetofdistributedintelligentmechanismsmustbedesignedanddevelopedthatwill be based on various optimization strategies target by the interested users in order tooptimizeresourceallocationacrossmulti-clouddeploymentsforperformance,cost,anddatalocality.
ID FR.10
Title Managetheruntimelifecycleofadeployedcloudapplication
UserRoles CloudApplicationAdmin,UnicornDeveloper
Description TheUnicornplatformmustprovideitsuserswiththeabilitytomanageboththestateandtheruntime aspects of the application as driven by the Unicorn context model through theUnicorngraphicaluserinterface.StatereferstotheresponsibilityoftheUnicornplatformtohandle requests for deployment, undeployment, start, pause, stop and migration of anapplicationtoacloudoffering,andtomakesurethatapplicationsarealwaysinaconsistent
D1.1StakeholdersRequirementsAnalysis
72
state. To achieve this, the Unicorn platform must maintain an application lifecycle statetransitiongraph,whichdescribes thevalidstate transitions fromonestate toanotherandmust incorporate asynchronous application state transitions for actions that require largetimeframesforcompletion(e.g.,deployment,migration).Ontheotherhand,runtimeaspectsrefertotheUnicorncontextmodel,where,aftertheapplicationinstantiationandduringthesmoothexecutionofanapplication,changesmayberequestedsuchasreconsideringapolicyconstraint(e.g.,restrictingdatamovementfromonegeographicregion).Inthecasewheresuchchangescanbesatisfiedbythecurrentdeployment(thusredeploymentisnotrequired),thentheymustbereflecteddirectlytotheconfigurationoftheUnicornenablershandlingtheruntimecontextoftheaforementionedapplication.
ID FR.11
Title Applicationplacementoverprogrammablecloudexecutionenvironments
UserRoles CloudApplicationDeveloper,CloudApplicationProductManager,CloudApplicationAdmin,UnicornDeveloper
Description TheUnicornplatformmustsupporttheplacementofdeployedapplicationsoveranavailableprogrammable infrastructure which may expand over multiple cloud provider offerings.Application placement may be defined either: (i) manually, by users in their deploymentassembly (e.g., the user specifically defines the resource requirements and offerings toinstantiate);or(ii)constraint-driven,whereplacementisrealizedatdeploymenttimebasedonthehigh-levelpolicyobjectivesgivenbytheuser (e.g., followfairnessplacement takinginto account cost budget, application geo-location, etc.). At this point, high-level userobjectivesmustbetranslatedtolow-levelprimitivesthatcanberealizedthroughappropriatehandling of the operational status of an application’s components by the orchestrationmechanismsoftheUnicornplatformtoachieve(near-)optimalapplicationplacement.Upontheinitialplacement,real-timeadaptionandreconfigurationoftheexecutionenvironmentshouldbesupported.Therefore,adaptationcanbetriggeredtowardsthe fulfilmentof theoptimization objectives and may regard scaling aspects (e.g., vertical/horizontal scaling),adaptationofthequalityofprovidedservices,and/ormonitoring intrusiveness(e.g.,adaptperiodicity).
ID FR.12
Title Registerandmanagecloudapplicationowners
UserRoles UnicornAdmin
Description The Unicorn Admin is responsible to approve andmanage (e.g., modify, suspend, revokeaccess)theuserregistrationsintheUnicornplatform(denotedascloudapplicationadmin’s).Therefore,usersmustberegisteredtotheUnicornplatforminordertoobtainaccessto,themaintained and distributed under Unicorn, artifacts (e.g., design libraries) and supportedcloudplatformsforapplicationdeployment.
D1.1StakeholdersRequirementsAnalysis
73
ID FR.13
Title Managecorecontextmodelforanddistinguishbetweennewandlegacycloudapplications
UserRoles UNICORNAdmin
Description TheUnicornplatformmustdesignandmaintainamulti-facetcorecontextmodelsothataninstanceofthemodelwillbecreatedandenrichedforeachapplicationdeployment.Fornewapplications, the Core Context Model will be accessed by cloud application developers atdesign-timewhenannotating theircodewithcloudpoliciesandconstraintsandbyproductownersatruntimeduringuser’sapplicationcontextevaluation.Forlegacysoftware,aspolicyand constraint definition cannot be supported via code annotations (i.e., the application isalreadydesigned,itisclosed-source,etc.)policyandconstraintsaredefinedduringapplicationdeployment and at runtime during context evaluation. The Context Model should be, bydefinition,extensiblesinceitshouldallowexplicitinstantiationsand,asaresult,thebusinesslogicofvariouscomponentsshouldheavilyrelyontheCoreContextModel.Inturn,theContextModelmustkeepaclearlistofthepoliciesandconstraintssupportedanditmustbeabletodistinguish among policies and constraints that can be defined at design time, duringdeployment,atruntimeoranytime,sothattheplatformcanvalidateifthemodelinstancecanbeusedinthecontextoflegacysoftware.The creation, deletion andmodification of the centralized Core ContextModel, alongwithversioning(andversiondeprecation)willbeundertakenbytheUnicornAdmin.
ID FR.14
Title RegisterandManageenablersinterpretingUnicorncodeannotations
UserRoles UnicornAdmin
Description For theUnicornplatform,anenablerentails andconceptualizes the software componentshosted by the Unicorn orchestration service and/or in the (multi-) cloud executionenvironmentofdeployedcloudapplications;andisabletointerprettheUnicorncorecontextmodel (FR.13). Indicative components include orchestration performing runtime context-evaluation upon deployment and the code annotation enablers which perform policyenforcement such as monitoring, auto-scaling, security enforcement and data privacyprotection.Thesecomponentsshouldbeupdatedwhenthecontextmodeliseitherextendedormodifiedsinceadditionalfunctionalcapabilitiesmustalwaysreflectthenewversionofthecorecontextmodel.Asaresult,itisimportantthattheenablersoftheUnicornplatformaremanagedandmaintainedthroughouttheirlifecycle,withtheentityresponsibleforthistaskbeingtheUnicornAdmin.
ID FR.15
Title UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironments
UserRoles CloudApplicationProductManager,UnicornDeveloper
D1.1StakeholdersRequirementsAnalysis
74
Description TheUnicornplatformmustexposeanAPIthatwillprovideastandardized,consistentandyetsimplifiedviewoftheunderlyingcloudinfrastructure,ofthe-supportedbyUnicorn-providerenvironments,bymeansofstandardinformation,offeringsmetadataanddatamodels.Thiswill allow forauthorizedentities, includingUnicornsub-components (e.g., intelligentauto-scaling, application placement), to query the Unicorn-compliant cloud providers in atransparentand infrastructureagnosticmanner, forprovidersupportedofferingsandtheirmetadata(e.g.,supportedcontainerflavors,costsetc.)alongwiththecapabilitiessupported(e.g., container memory resizing). One of the main concerns in this task is the level ofgranularity for the abstraction.On one hand, not all the details and characteristics of theresources are necessary for Unicorn. On the other hand, excessive abstraction preventsapplications from over-provisioning unnecessary resources because of hidden resourcegranularitydecompositiondetails.
ID FR.16
Title Resourceandservice(de-)reservationovermulti-cloudexecutionenvironments
UserRoles UnicornDeveloper
Description The Unicorn platformmust provide a standardized and consistent interface providing themeansto(de-)reservetheappropriateresourcesandserviceofferingsrequiredforthe(un-)deploymentoftheconsideredapplication,evenacrossmulti-cloudexecutionenvironments.Thismust includethesetupand(de-)allocationofprogrammable infrastructuralresourcesincluding,butnotlimitedto,computational,storageandnetworkingforthedeploymentofdistributed applications in a scalable, dependable, secure and effective way over virtualenvironments spanning across cloud sites, availability zones and/or regions. In order tosupportmulti-clouddeployments, thechallengesof interactingandsynchronizingresourceadvertisementandallocationfrommultipleandheterogeneouscloudofferingplatformsmustbesupported.ThistaskwillbeundertakenbytheUnicornorchestratorandistightlycoupledwiththeUnicornbootstrappingprocessdescribedinFR.5.
ID FR.17
Title Developmentofcodeannotationlibraries
UserRoles UnicornDeveloper
Description Thedevelopment,maintenanceandmodificationofdesignlibrariesprovidedtoUnicorncloudapplication developers for annotating their code withmonitoring, resourcemanagement,security and data privacy enforcement policies and constraints, is a task that will beundertaken by Unicorn developers. This requirement relates to developing respectivemetadata code annotations (e.g., for defining monitoring) and providing the means ofhandlingofcodeannotationinterpretationand“synchronization”oftheapplicationbusinesslogicwiththeCoreContextModel(FR.13).
D1.1StakeholdersRequirementsAnalysis
75
ID FR.18
Title DevelopmentofenablersinterpretingUnicorncodeannotations
UserRoles UnicornDeveloper
Description For theUnicornplatform, theCoreContextModelentailsdesign-timeusage throughcodeannotationsbycloudapplicationdevelopersandruntimeusage.Inparticular,runtimeusagerefers to the various components that rely their business logic to the model. Indicativecomponentsincludeorchestrationperformingruntimecontext-evaluationupondeploymentand the code annotation enablerswhich perform policy enforcement such asmonitoring,auto-scaling,securityenforcementanddataprivacyprotection.
ID FR.19
Title Registerandmanageprogrammableinfrastructureandserviceofferings
UserRoles CloudProvider
Description Theavailable infrastructural resource and serviceofferingsof a cloudproviderhave toberegisteredtotheUnicornplatformwhichwilladvertiseandmakethemavailablethroughaunifiedresourcemanagementAPI(FR.15).Toachievethis,theUnicornplatformmustprovidea“standardized”interfaceinwhichcloudofferingsareregisteredandmadeavailabletotheplatform in order to ease cloud provider on-boarding as well as updating and managingofferingsandtheirmetadatafromtheprovider-side.Thenotionof“programmability"mustbeservedtoshowthegranularityatwhichresourceswillbeadvertisedsoas toallowthecreationofpropercloudexecutionenvironments:providepreferencesfortheinfrastructurethe code runs on (e.g., virtual hardware like servers, storage and networking) and itsconfigurationincludingadditionalproviderservices(e.g.,customizedstoragesolutions).
ID FR.20
Title Monitorcloudofferingallocationandconsumption
UserRoles CloudProvider
Description Advertised infrastructural resource and service offerings deployed throughUnicornmust bemonitoredatruntimeinordertooffercloudproviderswithintuitiveandhigh-levelinsightsofthecurrentutilizationofcloudofferingsallocatedandconsumedbyUnicornusers.
ID FR.21
Title QoSadvertisingandmanagement
UserRoles CloudProvider
D1.1StakeholdersRequirementsAnalysis
76
Description Cloud execution environments offer different QoS capabilities and guarantees for theirprovided offerings either these refer to raw access to programmable resources such ascompute memory, storage and network resources or to bundled application executioncontainers,whileguaranteesarealsoavailableforquotamanagement,(prioritized)resourcereservation,trafficshapingandmore.AsQoSguaranteesplayanimportantroleinmulti-cloudenvironmentapplicationplacement(FR.11)andruntimeadaptationdecision-making(FR.9),which favor cloud providers based on advertised QoS parameters, providers should beprovidedwith themeans to alter andmanage the QoS guarantees for the cloud offeringadvertisedthroughtheUnicornplatform.
ID FR.22
Title Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones
UserRoles CloudApplicationDeveloper,CloudApplicationAdmin,UnicornDeveloper
Description The Unicorn platform must provide the means to allow its users to define at variousapplication granularity levels (e.g., entire application, service tier, data object) privacypreservingpolicieswhichrestrictaccesstoexposeduserdata(e.g.,entiredatabase,databasetable, password, SNN, etc.) by describing associations between types of access rulesdependingonthedataobjectsandcircumstancesunderwhichthisaccessshouldbeallowed.The context-aware security model (FR.13) will be used as the background method forannotatingdataaccessobjects(DAO),thusallowingforthedynamicenforcementofpolicyruleswhentherearenewdataaccessattemptsinordertoencryptdata,protectsensitivedataexposureandrestrictmovementofdatatocloudsites,availabilityzonesorparticulargeo-locationzones(e.g.,outsidetheEU)basedonthedefineduserconstraints.Therefore,duringapplicationruntime,theprivacypreservingenablermustbeabletointerpretannotatedcodebasedonthemappingoftheapplicationbusinesslogictotheCoreContextModel,providetheessentialdecouplingbetweentheaccessdecisionsandthepointsofuse,andfinallygrant,denyandmanageanyincomingdataaccessrequests.
ID FR.23
Title Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
UserRoles CloudApplicationAdmin,CloudProvider
Description TheUnicornplatformmustprovide itsuserswithmechanismscapableofensuring, atanytime, that the trafficexchangedwith the cloudwill notharm the (multi-cloud)applicationexecutionenvironmentwhilepreservingtheprivacyofthedataexposedandmanagedbytheapplication(FR.22).Toachievethis,anIDS(IntrusionDetectionSystem)willbeimplementedat the cloud execution environment level where adaptive network and information flowmonitoringwillbeestablishedatruntimetodetectanyin-boundorout-boundexfiltrationofinformation based on well-known communication channels, information flow patternsobserved through the usage of anomaly detection and pattern recognition algorithms. As
D1.1StakeholdersRequirementsAnalysis
77
deploymentsof(micro-)executioncontainersmayberestrictiveinthemeansofresources,theIDSwilladapttheprocessforinformationflowtrackingtorestrictitsruntimeintrusivenessbasedonlow-costapproximateandadaptivemonitoringtechniqueswhileofflineprocessingwillbeboostedperformance-wisebyencompassingGPU-acceleratedtechniques.
ID FR.24
Title Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
UserRoles CloudApplicationAdmin,CloudProvider
Description TheUnicornplatformwillprovideitsuserswiththemechanismstoensurethattheir(multi-)cloud application execution environment behaves, at runtime, as intended, and that thesecurity-enforcementandprivacypreservingpoliciesanddataaccessrulesarenotviolated.Toachievethis,Unicornwillprovidethemeansfortheruntimeassessmentoftheapplicationexecutionenvironmentagainstknownvulnerabilitiesbyperformingsecurityandbenchmarkteststodetectpotentialsecuritythreatsandprivacybreaches.ThelevelofintrusivenessofthetestingperformedbytheUnicornplatformwillbeconfigurablebyusers.Aftertesting,theUnicornplatformwillreportanysuspiciousactivityandthemeasuredriskexposureleveltotheapplicationadministrator(FR.8)inordertoimmediatelytakeactionandpreventsensitivedataleakageandprivacybreaches.
Table9:FunctionalRequirementsRelationtoUserRole
UserRole FunctionalRequirements
CloudApplicationDeveloper
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
CloudApplicationProductManager
FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudexecutionenvironmentcloudofferingandcapabilitymetadatadescriptionsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.11Applicationplacementoverprogrammablecloudexecutionenvironments
D1.1StakeholdersRequirementsAnalysis
78
CloudApplicationTester
FR.6Deploymentassemblyintegrityvalidation
CloudApplicationAdmin
FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviorFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
UnicornAdmin FR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotations
UnicornDeveloper
FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6DeploymentassemblyintegrityvalidationFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironments
D1.1StakeholdersRequirementsAnalysis
79
FR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.22Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones
CloudProvider FR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorcloudofferingallocationandconsumptionFR.21QoSadvertisingandmanagementFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
8.3 Non-FunctionalRequirementsNon-functionalrequirementsrelatetothedesiredqualityaspectsthatshouldbesatisfiedbythearchitecturalcomponents of the Unicorn eco-system that, in turn, must satisfy the functional requirements previouslyintroduced.Tothisend, thewidelyaccepted,bythesoftwareandresearchcommunity, ISO/IEC25010:2011software quality assurance model was selected to create a shared conceptualization of the non-technicalattributes[124].ThefundamentalobjectiveoftheISO/IEC25010:2011standard3istoaddresssomeofthewell-knownhumanbiasesthatcanadverselyaffectthedeliveryandperceptionofasoftwaredevelopmentprojectwhileitalsodetermineswhichqualitycharacteristicswillbetakenintoaccountwhenevaluatingthepropertiesofasoftwareproduct.TheISO/IEC25010:2011qualitymodelclassifiessoftwarequalityinastructuredsetofcharacteristicsandsub-characteristics,asfollows:
• Functionalsuitability:Itreferstoasetofattributesthatbearontheexistenceofasetoffunctionsandtheirspecifiedproperties.Thefunctionsarethosethatsatisfystatedorimpliedneeds.Indicativesub-characteristicsinclude:softwarefunctionalcompletenessandfunctionalcorrectness.
• Reliability:Itreferstoasetofattributesthatbearonthecapabilityofsoftwaretomaintainitslevelofperformanceunderstatedconditionsforastatedperiodoftime.Indicativesub-characteristicsinclude:softwarematurity,faulttolerance,recoverabilityandreliabilitycompliance.
• Usability:Itreferstoasetofattributesthatbearontheeffortneededforuse,andontheindividualassessment of such use, by a stated or implied set of users. Indicative sub-characteristics include:understandability,learnability,operability,attractivenessandusabilitycompliance.
3NotethatISO/IEC25010hasreplacedISO/IEC9126
D1.1StakeholdersRequirementsAnalysis
80
• Efficiency:Itreferstoasetofattributesthatbearontherelationshipbetweenthelevelofperformanceof the software and the amount of resources used, under stated conditions. Indicative sub-characteristics include:timebehaviour,resourceutilization, latency,serviceavailabilityandefficiencycompliance.
• Maintainability: It refers to a set of attributes that bear on the effort needed to make specifiedmodifications. Indicative sub-characteristics include: analyzability, changeability, stability, testabilityandmaintainabilitycompliance.
• Portability:Itreferstoasetofattributesthatbearontheabilityofsoftwaretobetransferredfromoneenvironmenttoanother.Indicativesub-characteristicsinclude:adaptability,installability,co-existencewithothersoftware,replaceabilityandportabilitycompliance.
• Security:Itreferstoasetofattributesthatdefinethedegreetowhichaproductorsystemprotectsinformation anddata so that persons or other products or systemshave thedegree of data accessappropriatetotheirtypesandlevelsofauthorization.
• Compatibility: It refers to a set of attributes that define the degree towhich a product, system orcomponentcanexchangeinformationwithotherproducts,systemsorcomponents,and/orperformitsrequiredfunctions,whilesharingthesamehardwareorsoftwareenvironment.
Eachqualitysub-characteristic(e.g.adaptability)isfurtherdividedintoattributes.Anattributeisanentitywhichcanbeverifiedormeasuredinthesoftwareproduct.Attributesarenotdefinedinthestandard,astheyvarybetween different software products. An overviewof the aforementioned characteristics is provided in thefollowingfigure.
Figure41:Non-TechnicalQualityAspectsasOrganisedbyISO/IEC25010:2011
Aftertheselectionofthequalitymodel,thenextstepistoexaminewhichattributesarerelatedtotheUnicorneco-systemandhowdotheymaptofunctionalrequirements.Intheenumeratedlistingsthatfollow,wemakea concretemapping between the core quality model attributes and the functional requirements that theycorrelate to. Inparallel, for eachnon-functional requirement, abrief descriptionof theUnicorneco-systemrelevantcharacteristicsisalsoprovided.
D1.1StakeholdersRequirementsAnalysis
81
NR.1 FunctionalSuitability
Description This characteristic represents the degree to which a product or system providesfunctionsthatmeetstatedandimpliedneedswhenusedunderspecifiedconditions.Thischaracteristiciscomposedofthefollowingsub-characteristics:
• Functional completeness.Degree towhich thesetof functionscoversall thespecifiedtasksanduserobjectives.
• Functional correctness. Degree to which a product or system provides thecorrectresultswiththeneededdegreeofprecision.
• Functional appropriateness. Degree to which the functions facilitate theaccomplishmentofspecifiedtasksandobjectives.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIforabstractionandsearchingofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.21QoSadvertisingandmanagement
NR.2 PerformanceEfficiency
Description Thischaracteristicrepresentstheperformancerelativetotheamountofresourcesusedunder stated conditions. This characteristic is composed of the following sub-characteristics:
• Time behaviour. Degree to which the response and processing times andthroughputratesofaproductorsystem,whenperformingitsfunctions,meetrequirements.
D1.1StakeholdersRequirementsAnalysis
82
• Resourceutilization.Degreetowhichtheamountsandtypesofresourcesusedbyaproductorsystem,whenperformingitsfunctions,meetrequirements.
• Capacity.Degreetowhichthemaximumlimitsofaproductorsystemparametermeetrequirements.
PerformanceunderthecontextofUNICORNreferstotheabilityofthesystemtosupportcollaborative development allowingmultiple users accessing the systemat the sametime.AlsoforUNICORNtobeefficient,theusersneedtoknowatanytimewhattheresourceutilizationofthesystemis. Itshouldalsoprovidefastencryption/decryptiontimesbetweenservicesthatcommunicateanditshouldprovidetheabilitytoeffectivelyusehardwareresourcesofanytype(e.g.,GPUs)forcomplexandresourcedemandingtaskssuchasperforming intenseanalysison informationflowdata inordertodetectpotentialmaliciousbehaviours.
FunctionalRequirements
FR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorcloudofferingallocationandconsumptionFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
NR.3 Compatibility
Description Degreetowhichaproduct,systemorcomponentcanexchangeinformationwithotherproducts,systemsorcomponents,and/orperformitsrequiredfunctions,whilesharingthe same hardware or software environment. This characteristic is composed of thefollowingsub-characteristics:
• Co-existence. Degree to which a product can perform its required functionsefficiently while sharing a common environment and resources with otherproducts,withoutdetrimentalimpactonanyotherproduct.
D1.1StakeholdersRequirementsAnalysis
83
• Interoperability. Degree to which two or more systems, products orcomponentscanexchangeinformationandusetheinformationthathasbeenexchanged.
TheUNICORNrun-timecomponentsshouldbe,architectural-wiseandimplementation-wise,closetotheindustry.ForthisreasonUNICORNwillprovidesupporttoanumberofcommonlyusedstandards,standardsyntax,APIs,widelyavailabletools,technologies,methodologiesandbestpractices.Thesystemshouldsupportabstractionswhichwillhidefromdevelopersandtheirapplicationsdetailsregardingthesystemandapplicationinfrastructure. UNICORN will also support uniform service descriptions such as SLAofferingswithclearpoliciesandguidelines.
FunctionalRequirements
FR.1Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints.FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptionsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.22Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones.FR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviour.
D1.1StakeholdersRequirementsAnalysis
84
NR.4 Usability
Description Degreetowhichaproductorsystemcanbeusedbyspecifieduserstoachievespecifiedgoalswith effectiveness, efficiency and satisfaction in a specified context of use. Thischaracteristiciscomposedofthefollowingsub-characteristics:
• Appropriatenessrecognizability.Degreetowhichuserscanrecognizewhetheraproductorsystemisappropriatefortheirneeds.
• Learnability.degreetowhichaproductorsystemcanbeusedbyspecifiedusersto achieve specified goals of learning to use the product or system witheffectiveness,efficiency,freedomfromriskandsatisfactioninaspecifiedcontextofuse.
• Operability.Degreetowhichaproductorsystemhasattributesthatmakeiteasytooperateandcontrol.
• Usererrorprotection.Degreetowhichasystemprotectsusersagainstmakingerrors.
• Userinterfaceaesthetics.Degreetowhichauserinterfaceenablespleasingandsatisfyinginteractionfortheuser.
• Accessibility.Degreetowhichaproductorsystemcanbeusedbypeoplewiththewidestrangeofcharacteristicsandcapabilitiestoachieveaspecifiedgoalinaspecifiedcontextofuse.
Takingintoconsiderationalltheabovecharacteristicsofusability,theUNICORNplatformwillsupportautomaticandseamlessdeploymentmakingitveryeasytouseandlearn.Thedevelopmentplatformandtoolswillbehostedonthecloudandwillbeaccessiblethroughawebbrowser.UNICORNwillhaveallthecontentanduserinterfaceorganizedlogicallyanditwillprovideapresentationinterface(e.g.,menuandnavigation,reporting,usercontrolsetc.)
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptionsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviourandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguarantees
D1.1StakeholdersRequirementsAnalysis
85
FR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.12RegisterandmanagecloudapplicationownersFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorresourceandserviceconsumptionFR.21QoSadvertisingandmanagement
NR.5 Reliability
Description Degree towhich a system,productor componentperforms specified functionsunderspecifiedconditionsforaspecifiedperiodoftime.Thischaracteristiciscomposedofthefollowingsub-characteristics:
• Maturity. Degree towhich a system, product or componentmeets needs forreliabilityundernormaloperation.
• Availability.Degreetowhichasystem,productorcomponentisoperationalandaccessiblewhenrequiredforuse.
• Faulttolerance.Degreetowhichasystem,productorcomponentoperatesasintendeddespitethepresenceofhardwareorsoftwarefaults.
• Recoverability.Degreetowhich, intheeventofan interruptionora failure,aproduct or system can recover the data directly affected and re-establish thedesiredstateofthesystem.
WithinthecontextofUNICORN,specificmechanismswillbearchitecturallydefinedandimplementedthatguaranteethatanyapplicationcanbesecurelydeployed.
FunctionalRequirements
FR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6DeploymentassemblyintegrityvalidationFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguarantees
D1.1StakeholdersRequirementsAnalysis
86
FR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.21QoSadvertisingandmanagement
NR.6 Security
Description Thedegreetowhichaproductorsystemprotectsinformationanddatasothatpersonsorotherproductsorsystemshavethedegreeofdataaccessappropriatetotheirtypesand levels of authorization. This characteristic is composed of the followingsubcharacteristics:
• Confidentiality. Degree to which a product or system ensures that data areaccessibleonlytothoseauthorizedtohaveaccess.
• Integrity. Degree to which a system, product or component preventsunauthorizedaccessto,ormodificationof,computerprogramsordata.
• Non-repudiation.degreetowhichactionsoreventscanbeproventohavetakenplace,sothattheeventsoractionscannotberepudiatedlater.
• Accountability.Degreetowhichtheactionsofanentitycanbetraceduniquelytotheentity.
• Authenticity.Degreetowhichtheidentityofasubjectorresourcecanbeprovedtobetheoneclaimed.
One of themajor focal points of UNICORN is to be able to provide to SMEs securityfeatures for their cloudapplications.For that reasonUNICORNwill incorporateauserauthentication and authorization system along with the ability to securely store andmanagevarioususercredentialsandcloudaccesstokens.UNICORNwillprovideasecureend-to-end encrypted communication channel between the various components of aclouddeploymentandtheabilityforDevOpsteamstosecureapplicationdataaccordingtovariouspoliciesandregulations.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2Securelyregisterandmanagecloudprovidercredentials
D1.1StakeholdersRequirementsAnalysis
87
FR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.6DeploymentassemblyintegrityvalidationFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.21QoSadvertisingandmanagementFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviourFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation
NR.7 Maintainability
Description This characteristic represents the degree of effectiveness and efficiencywithwhich aproduct or system can bemodified to improve it, correct it or adapt it to changes inenvironment, and in requirements. This characteristic is composed of the followingsubcharacteristics:
• Modularity. Degree to which a system or computer program is composed ofdiscretecomponentssuchthatachangetoonecomponenthasminimalimpactonothercomponents.
• Reusability.Degreetowhichanassetcanbeusedinmorethanonesystem,orinbuildingotherassets.
• Analysability.Degreeofeffectivenessandefficiencywithwhichitispossibletoassesstheimpactonaproductorsystemofanintendedchangetooneormoreofitsparts,ortodiagnoseaproductfordeficienciesorcausesoffailures,ortoidentifypartstobemodified.
• Modifiability. Degree to which a product or system can be effectively andefficientlymodifiedwithout introducing defects or degrading existing productquality.
• Testability.Degreeofeffectivenessandefficiencywithwhichtestcriteriacanbeestablishedforasystem,productorcomponentandtestscanbeperformedtodeterminewhetherthosecriteriahavebeenmet.
D1.1StakeholdersRequirementsAnalysis
88
In order for UNICORN to be easily maintained, all the annotation libraries, the CoreContext Model, and the Cloud Application Enablers that will perform runtime policyenforcementshouldincorporatetheabovementionedfeatures.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2SecurelyregisterandmanagecloudprovidercredentialsFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20Monitorcloudofferingallocationandconsumption
NR.8 Portability
Description Degreeofeffectivenessandefficiencywithwhichasystem,productorcomponentcanbetransferredfromonehardware,softwareorotheroperationalorusageenvironmenttoanother.Thischaracteristiciscomposedofthefollowingsubcharacteristics:
• Adaptability.Degreetowhichaproductorsystemcaneffectivelyandefficientlybeadaptedfordifferentorevolvinghardware,softwareorotheroperationalorusageenvironments.
• Installability. Degree of effectiveness and efficiency with which a product orsystem can be successfully installed and/or uninstalled in a specifiedenvironment.
• Replaceability. Degree to which a product can replace another specifiedsoftwareproductforthesamepurposeinthesameenvironment.
One of the most important requirements under the context of UNICORN is therequirementofPortability.This requirementrelates to theUNICORNCompliantCloudApplications that should be interoperable and functional in multiple operational
D1.1StakeholdersRequirementsAnalysis
89
environments (multi-cloud environments). To this direction the adoption of variouscommonly used standards (e.g., OASIS TOSCA4) which are infrastructure andenvironmentagnostic.
FunctionalRequirements
FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.21QoSadvertisingandmanagementFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior
4https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca
D1.1StakeholdersRequirementsAnalysis
90
9 ConclusionsThisfinalsectionofthecurrentdeliverable(D1.1)willbeusedasasynopsisofthecontentpresentedinthedocument, which was the outcome of a carefully designedmethodology and research upon industrial andacademicdatacollectedduringtheinitialprojectimplementationactivities.Intherequirementsanalysisphase,whichthisdeliverable(D1.1)ispartof,alogicalprocesshasbeenfollowed,usingtheagilemethodologyinordertoidentifytheUnicornstakeholdersandtargetaudience,deriveacompletesetofUnicornActorsanddefinetheUnicornsystemrequirements.Thestepsofthisprocessinvolvedactivecontributionbyallpartnersandtheresultsofthisanalysisprovidethepillarsonwhichthetechnicalandresearchwork,thatwillfollow(D1.2Unicornreferencearchitecture),willbebased.
The first step of this process was to identify the main Unicorn stakeholders and target audience profiles.Chapters5-7ofthisdeliverable(D1.1)depictthefullimageoftheonesthatthefinalresultofUnicornProjectaimsat.Moreover,byanalysingthecurrentstateoftheindustry,themarketgapsthattheUnicornprojectwillcontribute to have been identified. Another contribution of D1.1 was the definition of commonterminology/glossarypresentedinChapter3thatwillbeusedasareferenceguideacrossallfuturedeliverablesand interactionwithUnicorn stakeholders. The final outcomeof the first step of themethodologywas theidentificationoftheuserrolesfortheUnicorneco-system.Someoftheuserroleresponsibilitiesmayoverlapamongusersof theplatform,whichmaycausemisinterpretations,howeveras theanalysisof the interviewresultssuggestsinthenextstep,inDevOpsteams,thesilverliningbetweenrolesintheengineeringteamareoften quite blur (e.g., a Cloud Application Developer may also be in charge of Testing or the ApplicationAdministratormayalsobeaDeveloper).
ThenextstepofthelogicalprocesswasthedevelopmentoftheinterviewquestionnaireforpotentialUnicorntargetusers and theanalysisof the responseswhichproduced results thatwere in accordance toallmajorindustry surveys of the field. The analysis of the responses contributed in deciding and clarifying a set offunctionalandnon-functionalsystemrequirementsthatcanbeassignedtotheidentifieduserroles(Chapter8).Inaddition,theinterviewresultshavehighlightedthemainobstaclesanddifficultiesthatITworkersinSMEsarecurrently facing on the cloud environment, such as lack of unified tools for monitoring and elasticity, thedeploymentofapplicationovermulti-cloudenvironmentsandcloudclustermanagement.AnotherinterestingfindingfromtheinterviewprocesswastheprioritizationandrankingofthevarioussecuritythreatsandprivacyissuesthatSMEsarefacing.Thisrankingofthesecurityandprivacythreatscontributed indecidingthecoresecurityfunctionalitythatUnicornwilloffertoitsusers.
Inaddition, the interviewprocessalsoprovidedvaluable informationregardingthetechnologies involvedtorealizevariousaspectsoftheUnicornproject.Micro-servicearchitecturalapproachesaretypicallyincreasinginpopularity among IT workers in the SMEs (some are experimenting, some are partly using amicro-servicearchitecture,somehavefullyembracedthemicro-serviceapproach).Withtheincreaseintheinterestformicro-servicesarchitecturalpatterns,interviewedorganisationsalsoseemtobeutilizingcontainerizedsolutions(e.g.,Docker,Swarm,andKubernetes)forapplicationdeploymentandorchestration.
In the forthcoming steps, based on the outcomes of D1.1, the documentation of the overall architecturedescribing the main components and artefacts of Unicorn, the interconnection scheme and the specificinterfacesforexchangeofinformationamongthemwillbedesignedanddescribedindetailinD1.2.Inadditiontothereferencearchitecture,thesupportedUnicornUseCasesdescribingtheimplementationscenariosofthe
D1.1StakeholdersRequirementsAnalysis
91
mechanismsthatwillbedevelopedwithintheprojectinthedemonstratorswillbeanalysedinordertobeusedasastartingpointfortheresearch/technicalanddemonstration/business-orientedworkpackages.
D1.1StakeholdersRequirementsAnalysis
92
10 References[1] N.R.Herbst,S.Kounev,andR.Reussner,“ElasticityinCloudComputing:WhatItIs,andWhatItIsNot.,”
inICAC,2013,pp.23–27.
[2] N.Loulloudes,C.Sofokleous,D.Trihinas,M.D.Dikaiakos,andG.Pallis,“EnablingInteroperableCloudApplicationManagementthroughanOpenSourceEcosystem,”{IEEE}InternetComput.,vol.19,no.3,pp.54–59,2015.
[3] L.Willcocks,W.Venters,andE.A.Whitley,“CloudinContext:ManagingNewWavesofPower,”inMoving
to the Cloud Corporation:How to face the challenges and harness the potential of cloud computing,London:PalgraveMacmillanUK,2014,pp.1–19.
[4] IntuitInc.,“IntuitStudyShowsHowtheCloudWillTransformSmallBusinessby2020.”2015.
[5] MichaelJ.SKok,“BreakingDowntheBarrierstoCloudAdoption.”2014.
[6] ApacheJClouds,“https://jclouds.apache.org/.”.
[7] ApacheLibClouds,“https://libcloud.apache.org/.”.
[8] OASIS TOSCA Committee, “OASIS Topology and Orchestration Specification for Cloud Applications(TOSCA).”.
[9] OASISCAMPCommittee,“OASISCloudApplicationManagementforPlatforms(CAMP).”.
[10] RackspaceInc.,“StateoftheCloud2016.”2016.
[11] RightscaleInc.,“CloudComputingTrends2015.”2015.
[12] JulieKnudson,“Study:IaaSandCloudChallengesintheEnterprise.”2014.
[13] D.Trihinas,G.Pallis,andM.D.Dikaiakos,“JCatascopia:MonitoringElasticallyAdaptiveApplicationsintheCloud,”inCluster,CloudandGridComputing(CCGrid),201414thIEEE/ACMInternationalSymposium
on,2014,pp.226–235.
[14] D.Trihinas,G.PallisandM.D.Dikaiakos,“MonitoringElasticallyAdaptiveMulti-CloudServices,” IEEETrans.CloudComput.,vol.4,2016.
[15] G.Copiletal.,“Service-OrientedComputing:12thInternationalConference,ICSOC2014,Paris,France,November3-6,2014.Proceedings,”Berlin,Heidelberg:Springer,2014,pp.275–290.
[16] AmazonCloudFormation,“https://aws.amazon.com/cloudformation/.”.
[17] Oracle Virtual Assembly Builder, “http://www.oracle.com/us/products/middleware/exalogic/virtual-assembly-builder/overview/index.html.”.
[18] EclipseIDECommunity,“CloudApplicationManagementFramework(CAMF).”.
[19] JuJufromCanonical,“http://www.ubuntu.com/cloud/juju.”.
[20] ServiceMesh Agility Platform, “http://www.csc.com/cloud/offerings/53410/104965-csc_agility_platform_cloud_management.”.
[21] S.Dustdar,Y.Guo,B.Satzger,andH.-L.Truong,“Principlesofelasticprocesses,”IEEEInternetComput.,no.5,pp.66–71,2011.
D1.1StakeholdersRequirementsAnalysis
93
[22] ProgrammableInfrastructure,“programmableinfrastructure.com.”2017.
[23] P.Gouvas,C.Vassilakis,E.Fotopoulou,andA.Zafeiropoulos,“ANovelReconfigurable-by-DesignHighlyDistributed Applications Development Paradigm over Programmable Infrastructure,” in 2016 28thInternationalTeletrafficCongress(ITC28),2016,vol.2,pp.7–12.
[24] Z.A.Mann,“AllocationofVirtualMachinesinCloudDataCenters&Mdash;ASurveyofProblemModelsandOptimizationAlgorithms,”ACMComput.Surv.,vol.48,no.1,p.11:1--11:34,Aug.2015.
[25] KurtMarkoetal.,“Thebenefitsofamulti-cloudapproach.”.
[26] TonyConnor,IDC,“Thebenefitsofamulti-cloudstrategy.”2016.
[27] RightScale,“StateoftheCloudReport2017,”2017.
[28] Rightscale,“StateoftheCloud2017Trends.”2017.
[29] D.TovarnakandT.Pitner,“Towardsmulti-tenantandinteroperablemonitoringofvirtualmachinesincloud,”inSymbolicandNumericAlgorithmsforScientificComputing(SYNASC),201214thInternational
Symposiumon,2012,pp.436–442.
[30] N.Bassiliades,M.Symeonidis,G.Meditskos,E.Kontopoulos,P.Gouvas,and I.Vlahavas,“ASemanticRecommendationAlgorithmforthePaaSportPlatform-as-a-serviceMarketplace,”ExpertSyst.Appl.,vol.67,no.C,pp.203–227,Jan.2017.
[31] G.Copiletal.,“ADVISE–aframeworkforevaluatingcloudserviceelasticitybehavior,”inService-OrientedComputing,Springer,2014,pp.275–290.
[32] J.Thones,“Microservices,”IEEESoftw.,vol.32,no.1,p.116,Jan.2015.
[33] Lori MacVittie, Micorservices and Microsegmentation,“https://devcentral.f5.com/articles/microservices-versus-microsegmentation.”2015.
[34] Martin Fowler, “Microservices a definition of this new architectural term.” [Online]. Available:https://martinfowler.com/articles/microservices.html.
[35] EricS.Raymond,“TheArtofUNIXProgramming.”2013.
[36] ScottM.Fulton,“WhatLedAmazontoitsOwnMicroservicesArchitecture.”2015.
[37] TonyMauro,“AdoptingMicroservicesatNetflix:LessonsforArchitecturalDesign.”2016.
[38] M.G.Xavier,M.VNeves,F.D.Rossi,T.C.Ferreto,T.Lange,andC.A.F.DeRose,“PerformanceEvaluationof Container-Based Virtualization for High Performance Computing Environments,” in 2013 21stEuromicro InternationalConferenceonParallel,Distributed,andNetwork-BasedProcessing,2013,pp.233–240.
[39] R. Jain and S. Paul, “Network virtualization and software defined networking for cloud computing: asurvey,”IEEECommun.Mag.,vol.51,no.11,pp.24–31,Nov.2013.
[40] J.Sahoo,S.Mohapatra,andR.Lath,“Virtualization:ASurveyonConcepts,TaxonomyandAssociatedSecurityIssues,”in2010SecondInternationalConferenceonComputerandNetworkTechnology,2010,pp.222–226.
[41] XenProject,“http://www.xenproject.org/.”.
D1.1StakeholdersRequirementsAnalysis
94
[42] VMWareVSphereHypervisor,“http://www.vmware.com/products/vsphere-hypervisor.html.”.
[43] KVMHypervisor,“https://www.linux-kvm.org/page/Main_Page.”.
[44] E.Bauman,G.Ayoade,andZ.Lin,“ASurveyonHypervisor-BasedMonitoring:Approaches,Applications,andEvolutions,”ACMComput.Surv.,vol.48,no.1,p.10:1--10:33,Aug.2015.
[45] R.Dua,A.R.Raja, andD.Kakadia, “Virtualization vsContainerization to SupportPaaS,” in2014 IEEEInternationalConferenceonCloudEngineering,2014,pp.610–614.
[46] Nolleetal.,“Continuousintegrationanddeploymentwithcontainers.”2015.
[47] ChrisTozzietal.,“Thebenefitsofcontainerdevelopment.”2015.
[48] E.W.BiedermanandL.Networx,“Multipleinstancesofthegloballinuxnamespaces,”inProceedingsoftheLinuxSymposium,2006,vol.1,pp.101–112.
[49] P.Menageetal.,“C-Groups.”2006.
[50] LXC/LXDLinuxContainers,“https://linuxcontainers.org/.”.
[51] J.Turnbull,TheDockerBook:Containerizationisthenewvirtualization.JamesTurnbull,2014.
[52] DockervsCoreOSRkt,“https://www.upguard.com/articles/docker-vs-coreos.”.
[53] CoreOs,“http://coreos.com/.”
[54] DockerInc.,“DockerCompose.”.
[55] Kubernetes,“http://kubernetes.io/.”.
[56] Fleet,“https://github.com/coreos/fleet.”.
[57] XenProject,“TheUnikernelApproach.”2014.
[58] A.Kivity,D.Laor,G.Costa,andP.Enberg,“OSv—OptimizingtheOperatingSystemforVirtualMachines,”Proc.2014USENIXAnnu.Tech.Conf.,pp.61–72,2014.
[59] MirageOS,“https://mirage.io/.”.
[60] OSv,“http://osv.io/.”.
[61] LarsKurth,“AreCloudOperatingSystemstheNextBigThing?”.
[62] LarsKurth,“HowEarlyAdoptersAreUsingUnikernels-WithandWithoutContainers.”.
[63] DZone,“TheDZoneGuidetoDevOps-ContinuousDeliveryandAutomation,”2016.
[64] R.WEXLER,“theStateofCloudreport,”Weather,vol.27,no.5,pp.211–211,2017.
[65] AWS,“WhatisDevOps?,”https://aws.amazon.com/devops/what-is-devops/.
[66] A.Brown,N.Forsgren,J.Humble,G.Kim,andN.Kersten,“StateofDevopsReport2016,”vol.5,2016.
[67] M.Fowler,“ContinuousIntegration,”2006.
[68] L.Chen,“Continuousdelivery:Hugebenefits,butchallengestoo,”IEEESoftw.,vol.32,no.2,pp.50–54,
D1.1StakeholdersRequirementsAnalysis
95
2015.
[69] StackoverflowCommunity,“DevelopmerReport2016.”.
[70] EclipseCheCloudIDE,“https://eclipse.org/che.”.
[71] SAPHanaCloudIDE,“https://hcp.sap.com/index.html.”.
[72] G.GalanteandL.C.E.DeBona,“Asurveyoncloudcomputingelasticity,”inProceedings-2012IEEE/ACM
5thInternationalConferenceonUtilityandCloudComputing,UCC2012,2012,pp.263–270.
[73] M. Nosal,M. Sulir, and J. Juhar, “Source code annotations as formal languages,” in 2015 FederatedConferenceonComputerScienceandInformationSystems(FedCSIS),2015,pp.953–964.
[74] Y.Golecha,DZone,“HowDoAnnotationsWorkinJava?”.
[75] SpringIOTools,“https://spring.io/tools.”.
[76] AnnotationProcessingTool(APT),“http://docs.oracle.com/javase/7/docs/technotes/guides/apt/.”.
[77] XDocletAnnotations,“http://xdoclet.sourceforge.net/xdoclet/index.html.”.
[78] EclipseAspectJ,“https://eclipse.org/aspectj/.”.
[79] JUnitTesting,“http://junit.org/junit4/.”.
[80] N. Jacob and C. Brodley, “Offloading IDS Computation to the GPU,” in2006 22nd Annual Computer
SecurityApplicationsConference(ACSAC’06),2006,pp.371–380.
[81] L. Marziale, G. G. Richard III, and V. Roussev, “Massive Threading: Using GPUs to Increase thePerformanceofDigitalForensicsTools,”Digit.Investig.,vol.4,pp.73–81,Sep.2007.
[82] G.Vasiliadis,S.Antonatos,M.Polychronakis,E.P.Markatos,andS.Ioannidis,“Gnort:HighPerformanceNetwork Intrusion Detection Using Graphics Processors,” in Proceedings of the 11th InternationalSymposiumonRecentAdvancesinIntrusionDetection,2008,pp.116–134.
[83] G. Vasiliadis, M. Polychronakis, and S. Ioannidis, “MIDeA: A Multi-parallel Intrusion DetectionArchitecture,”inProceedingsofthe18thACMConferenceonComputerandCommunicationsSecurity,2011,pp.297–308.
[84] N.Fips,“AnnouncingtheADVANCEDENCRYPTIONSTANDARD(AES),”Byte,vol.2009,no.12,pp.8–12,2001.
[85] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-keycryptosystems,”Commun.ACM,vol.21,no.2,pp.120–126,1978.
[86] KentBecketal.,“TheAgileManifesto.”2001.
[87] RightScale 2016 State of the Cloud Report, “http://www.rightscale.com/lp/2016-state-of-the-cloud-report.”.
[88] Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,“https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519.”.
[89] Magic Quadrant for Enterprise Application Platform as a Service, Worldwide,
D1.1StakeholdersRequirementsAnalysis
96
“https://www.gartner.com/doc/reprints?id=1-2C8JHBP&ct=150325&st=sb.”.
[90] Veracode Secure Development Survey 2016, “https://info.veracode.com/report-veracode-developer-survey.html.”.
[91] VisionMobile 2017: State of the developer nation, “https://www.visionmobile.com/reports/state-developer-nation-q1-2017.”.
[92] LightBend2016:Cloud,Container&Micro-services,“https://www.slideshare.net/Lightbend/enterprise-development-trends-2016-cloud-container-and-microservices-insights-from-2100-jvm-developers.”.
[93] GitLab:2016GlobalDeveloperReport,“https://about.gitlab.com/2016/11/02/global-developer-survey-2016/.”.
[94] RebelLabs: 2016 Development and Productivity Report and Java Landscape,“http://pages.zeroturnaround.com/RebelLabs-Developer-Productivity-Report-2016.html.”.
[95] RebelLabs:2017ProgrammingtheWebReport,“https://zeroturnaround.com/webframeworksindex/.”.
[96] StackOverflow:2016DeveloperReport,“https://insights.stackoverflow.com/survey/2016.”.
[97] StackOverflow:2017DeveloperReport,“https://insights.stackoverflow.com/survey/2017.”.
[98] Eu Commission, Annual report on European SMEs performance 2016,“http://ec.europa.eu/growth/smes/business-friendly-environment/performance-review-2016_en.”.
[99] SaaS, PaaS, and IaaS: A security checklist for cloud models - CSO Security Report,“http://www.csoonline.com/article/2126885/cloud-security/saas-paas-and-iaas-a-security-checklist-for-cloud-models.html.”.
[100] Gartner,“GartnerSaysWorldwidePublicCloudServicesMarkettoGrow17Percentin2016,”GartnerPressRelease,2017.[Online].Available:http://www.gartner.com/newsroom/id/3616417.
[101] L. Leong, G. Petri, B. Gill, and M. Dorosh, “Magic Quadrant for Cloud Infrastructure as a Service,Worldwide,” Gartner Inc., 2016. [Online]. Available: https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519.
[102] Gartner,“GartnerSaysWorldwidePublicCloudServicesMarkettoGrow18Percentin2017,”GartnerPressRelease,2017.[Online].Available:http://www.gartner.com/newsroom/id/3616417.
[103] KPMG,“Journeytothecloud:ThecreativeCIOAgenda,”2017.
[104] G. Leopold, “Container Market Pegged at $2.7B by 2020,” EnterpiseTech, 2017. [Online]. Available:https://www.enterprisetech.com/2017/01/10/container-market-pegged-2-7b-2020/.
[105] “DevOps & Microservice Ecosystem Market Forecast 2017-2022,”Market Analysis, 2017. [Online].Available:https://www.marketanalysis.com/?p=63.
[106] CloudFoundry,“HopeVersusReality:ContainersIn2016.GlobalPerceptionStudy,”2016.
[107] Netflix,“NetflixOSS.”[Online].Available:https://netflix.github.io/.
[108] Docker,“https://www.docker.com/.”
[109] IncludeOs,“http://www.includeos.org/.”
D1.1StakeholdersRequirementsAnalysis
97
[110] Istio,“https://istio.io/.”
[111] Linkerd,“https://linkerd.io/.”
[112] OpenShift,“https://openshift.io/.”
[113] R.Unikernel,“https://github.com/rumpkernel/rumprun.”
[114] Rkt,“https://coreos.com/rkt.”
[115] E.Pekka,“APerformanceEvaluationofHypervisor,Unikernel,andContainerNetworkI/OVirtualization,”2016.
[116] C.Tamas, “AperformancecomparisonofKVM,Dockerand the IncludeOSUnikernel,”MasterThesis,2016.
[117] A.Bratterud,A.A.Walla,H.Haugerud,P.E.Engelstad,andK.Begnum,“IncludeOS:Aminimal,resourceefficient unikernel for cloud services,” in Proceedings - IEEE 7th International Conference on CloudComputingTechnologyandScience,CloudCom2015,2016,pp.250–257.
[118] I.Github,“https://github.com/istio/istio/issues/369.”
[119] Autoletics, “Performance Benchmarking and Hotspot Analysis of Linkerd – Part 1,” 2017. [Online].Available: https://www.autoletics.com/posts/performance-benchmarking-and-hotspot-analysis-of-linkerd-part-1.
[120] E.E.IanBriggs,MattDay,YuankaiGuo,PeterMarheine,“APerformanceEvaluationofUnikernels,”2015.
[121] A.Madhavapeddyetal., “Unikernels: LibraryOperating Systems for theCloud,”Proc. eighteenth Int.Conf.Archit.SupportProgram.Lang.Oper.Syst.-ASPLOS’13,vol.48,no.4,p.461,2013.
[122] “Performance Test For Unikernels (Rumpkernel And OSv).” [Online]. Available:http://tech.donghao.org/2015/12/23/performance-test-for-unikernels-rumpkernel-and-osv/.
[123] “Docker v/s Rkt Benchmarking: Performance Benchmarks.” [Online]. Available:https://shivammaharshi.wordpress.com/2016/08/16/docker-vs-rkt-benchmarking-performance-benchmarks/.
[124] ISO/IEC25010:2011,“https://www.iso.org/standard/35733.html.”.
D1.1StakeholdersRequirementsAnalysis
98
11 Annex
11.1 IdentifiedUnicornFunctionalRequirements
FR.1 Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints
FR.2 SecurelyregisterandmanagecloudprovidercredentialsFR.3 Search interface forextractingunderlyingprogrammablecloudofferingsandcapabilitymetadata
descriptionsFR.4 CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5 Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6 DeploymentassemblyintegrityvalidationFR.7 AccessapplicationbehaviorandperformancemonitoringdataFR.8 Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9 Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedon
intelligentdecision-makingmechanismsFR.10 ManagetheruntimelifecycleofadeployedcloudapplicationFR.11 ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.12 RegisterandmanagecloudapplicationownersFR.13 ManagethecorecontextmodelFR.14 RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15 UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloud
executionenvironmentsFR.16 Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.17 DevelopmentofcodeannotationlibrariesFR.18 DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19 RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20 MonitorcloudofferingallocationandconsumptionFR.21 QoSadvertisingandmanagementFR.22 Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdata
accessandmovementacrosscloudsitesandavailabilityzonesFR.23 Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,
detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviorFR.24 Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerability
assessment,measurementandpolicycomplianceevaluation
11.2 DisseminatedQuestionnaireInwhat follows is in printable format theUnicornquestionnaire. Theonline versionof thequestionnaire isaccessibleviathefollowinglink:https://goo.gl/forms/a8rH60DmD3qSWXXN2
D1.1StakeholdersRequirementsAnalysis
99
D1.1StakeholdersRequirementsAnalysis
100
D1.1StakeholdersRequirementsAnalysis
101
D1.1StakeholdersRequirementsAnalysis
102
D1.1StakeholdersRequirementsAnalysis
103
D1.1StakeholdersRequirementsAnalysis
104
D1.1StakeholdersRequirementsAnalysis
105
D1.1StakeholdersRequirementsAnalysis
106
D1.1StakeholdersRequirementsAnalysis
107
D1.1StakeholdersRequirementsAnalysis
108
D1.1StakeholdersRequirementsAnalysis
109
D1.1StakeholdersRequirementsAnalysis
110
D1.1StakeholdersRequirementsAnalysis
111
D1.1StakeholdersRequirementsAnalysis
112