unicorn d1.1 resubmit vfinalunicorn-project.eu/wp-content/uploads/2018/04/... · D1.1 Stakeholders Requirements Analysis 7 List of Tables Table 1: Industry Studies and Points of Interest

UNICORNhasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchand

innovationprogrammeundergrantagreementNo731846

StakeholdersRequirementsAnalysisDeliverableD1.1

Editor DemetrisTrihinas

AthanasiosTryfonos Reviewers ManosPapoutsakis(FORTH)

SotirisKoussouris(Suite5) Date 30October2018(v1.1) Classification Public

!

D1.1StakeholdersRequirementsAnalysis

2

ContributingAuthor # VersionHistoryName Partner Description

DemetrisTrihinas UCY 1 TableofContents(ToC),documentpurposeandpartnercontributionassignment

AthanasiosTryfonos UCY 2 BackgroundandTerminologysectioninitialcontentmerged,relationtootherWPsadded

ZachariasGeorgiou UCY 3 Contentformethodologyfollowedtoderiverequirements

GeorgePallis UCY 4 Updatedmethodologyandbackgroundsection,surveyfirstresults

MariosD.Dikaiakos UCY 5 Initialnon-functionalrequirementssection,updatedmethodologywithindustryfindings

SpirosAlexakis CAS 6

Minorimprovementstoterminology,refinedindustryfindingsinmethodology,initiallistofsystemrequirementsandkeyfindingsfrominterviewprocess

JuliaVuong CAS 7

Updateduserroles,updatedfunctionalrequirementsaftermergingcommentsreceived,updatedmethodologyandbackground

FenaretiLampathaki Suite5 8

Updatednon-functionalrequirementsandmergedcommentsreferringtosurveykeyfindings,mergedsecuritycontenttobackground

SotirisKoussouris Suite5 9Updatedfunctionalrequirements,addeddataprivacyprotectionmentiontosurveymethodology,mergedsecuritytobackground,

SpirosKoussouris Suite5 10Mergedcommentsonuserroles,conclusionandmergedcommentsonnon-functionalrequirements,conclusion

PanagiotisGouvas Ubitech 11Updatedintroduction,mergedcommentsonmappingoffunctionalrequirementstouserroles

GiannisLedakis Ubitech 12Mergedcommentsonmarketanalysisscheme,executivesummaryandintroduction

ManosPapoutsakis FORTH 13Mergedcommentsonstakeholdersanalysis,functionalrequirementsandfigurenumbering

BernhardKoelmel Steinbeis 14 FinalversionResubmissionVersionDemetrisTrihinas,AthanasiosTryfonos,GeorgePallis,SotirisKoussouris,SpirosAlexakis,JuliaVuong,GiannisLedakis,BernhardKoelmel,ManosPapoutsakis,PanagiotisGouvas

15

Updatedstakeholdersanalysis,definedbusinessmetrics,indepthtargetaudiencepresentation,updatedfunctionalrequirements(v1.01–v1.04)

16 Finalversionforresubmission(v1.1)


3

ResubmissionChangeLog

• Chapter 5 has been updated to include the Stakeholders relevant to theUnicorn platform and this

Chapter also includes the main offerings of the Unicorn platform and challenges faced by the

Stakeholders.TheUnicornplatformuserrolesandtargetaudiencehavebeenmovedtoChapters8and

7,respectively.

• Chapter7hasbeenaddedtoexplicitlydescribetheaudiencestargetedbytheUnicornplatform.This

Chapter also includes a comprehensive list of business metrics which Stakeholders should use to

evaluatethebenefitsofutilizingtheUnicornplatform.

• TheSystemFunctionalandNon-FunctionalRequirementshavebeenmovedtoChapter8(previously

Chapter 7) and have been updated to take into consideration private cloud platforms and legacy

applications.

• Chapter4,theMethodologytoderivedtheSystemRequirementsandStakeholders,hasbeenupdated

toalsoincludethederificationoftheUnicorntargetaudienceandbusinessmetrics.

• Chapters1,2,5and9havebeenupdatedaccordinglytobeconsistentwiththenewcontent.


4

TableofContents

1 EXECUTIVESUMMARY 8

2 INTRODUCTION 9

2.1 DocumentPurposeandScope 112.2 DocumentRelationshipwithotherProjectWorkPackages 112.3 DocumentStructure 12

3 BACKGROUNDANDTERMINOLOGY 13

3.1 ProgrammableInfrastructure 133.2 Multi-CloudOfferings 143.3 Micro-services 153.4 Containerization 163.5 DevOps–ContinuousIntegrationandDelivery 193.6 Annotation-BasedProgramming 213.7 SecurityEnforcementandDataPrivacyPreserving 22

4 METHODOLOGYFOLLOWEDTODERIVEUNICORNSYSTEMREQUIREMENTS 25

4.1 KeyFindingsfromindustrystudies 28

5 UNICORNSTAKEHOLDERIDENTIFICATIONANDMARKETPOSITIONING 31

5.1 TheStakeholdersfortheUnicornPlatform 315.2 Marketpositioning 32

6 REQUIREMENTANALYSISSCHEME 46

6.1 IntervieweeProfile 466.2 UnicornSurveyandInterviewStudyKeyFindings 47

6.2.1 UnclearDistinctionBetweenSoftwareProgrammerandDevOpsEngineerinStartups 476.2.2 ProgrammingFrameworksareIncreasingAnnotation-BasedProgrammingParadigmAdoption486.2.3 CollaborationToolsarenowIndustryStandardPracticeswhileContinuousIntegrationandDeliveryToolAdoptionisFacingSeriousChallenges 496.2.4 CloudIDE’sareBecomingPopularbutforLarge(r)DevelopmentTeams 506.2.5 Micro-serviceArchitecturalApproachisBecomingaCloudTrendEspeciallyintheIoTandSaaSdomains 526.2.6 ContainerizedSolutionsareFollowingMicro-serviceAdoptionTrends 526.2.7 Multi-CloudDeploymentModelAdoptionandChallenges 546.2.8 CloudMonitoringAdoptionandChallenges 566.2.9 ElasticScalingAdoptionandChallenges 586.2.10WhenisSecurityConsideredintheLifecycleofanApplication 60


5

6.2.11 CloudSecurityEnforcementandPrivacyPreservationChallenges 60

7 UNICORNTARGETAUDIENCEANDBUSINESSMETRICS 63

7.1 TargetAudienceProfile 637.2 BusinessMetrics 64

8 UNICORNSYSTEMREQUIREMENTS 66

8.1 UserRoles 668.2 FunctionalRequirements 678.3 Non-FunctionalRequirements 79

9 CONCLUSIONS 90

10 REFERENCES 92

11 ANNEX 98

11.1 IdentifiedUnicornFunctionalRequirements 9811.2 DisseminatedQuestionnaire 98


6

ListofFiguresFigure1:UnicornVision 10Figure2:DeliverableRelationshipwithotherTasksandWorkPackages 12Figure3:MonolithicLegacyEnterpriseArchitecturevsMicro-serviceArchitectureApproach 15Figure4:HypervisorvsContainer-basedVirtualization 17Figure5:DockerRelationtoLinuxContainerNotion 17Figure6:CoreOSHostandRelationtoDockerContainers 18Figure7:UnikernelRelationtoVMsandContainers 19Figure8:ContinuousIntegrations,ContinuousDeliveryandContinuousDeploymentSteps 20Figure9:IndicativeExampleofAnnotationDeclarationinJava 22Figure 10: High-Level Abstract Methodology to Derive Unicorn System Requirements and Relevant Key

Technologies 25Figure11:UnicornMarketPositioning 33Figure12:OrganisationOperatingBusinessDomainsasIdentifiedbyInterviewees 47Figure13:NumberofEmployeesinITdepartment 47Figure14:IntervieweeRoleinOrganisation 48Figure15:UsageofAnnotation-basedProgrammingParadigmbyInterviewees 48Figure16:PopularProgrammingFrameworksUsedbyInterviewees 49Figure17:UsageofCollaborationToolsAmongEmployeesofOrganisation 49Figure18:PopularityofCI/CDFrameworksEmbracedbySurveyedOrganisations 50Figure19:ChallengesPreventingFullAdoptionofCI/CDPipeline 50Figure20:CloudIDEEmbracementbyInterviewedOrganisations 51Figure21:PopularreasonspreventingCloudIDEadoptionfromrespondersnotusingCloudIDEs 51Figure22:Micro-serviceArchitectureAdoptionbyInterviewedOrganisations 52Figure23:ContainerizedSolutionAdoptionbyInterviewedOrganisations 53Figure24:ContainerizedSolutionAdoptionChallengesasIdentifiedbyInterviewedOrganisations 53Figure25:ContainerizedSolutionsthathavebeenadoptedbythoseusingorconsideringcontainerization54Figure26:Multi-CloudDeploymentModelAdoptionbyIntervieweeOrganisations 54Figure27:PopularCloudProviders 55Figure28:Multi-CloudAdoptionChallenges 56Figure29:MonitoringLevelTargetsasRespondedbyInterviewedOrganisations 56Figure30:MonitoringToolTypeAdoptionbyInterviewedOrganisations 57Figure31:MonitoringChallengesFacedbytheInterviewedOrganisations 57Figure32:ElasticScalingAdoption 58Figure33ElasticScalingType 58Figure34:ElasticitytoolsusedbyorganizationshaveadoptedelasticscalingaspartoftheirALM 59Figure35:ElasticScalingAdoptionChallenges 59Figure36:StageofApplicationLifecycleatwhichSecurityisConsideredbyInterviewedOrganisations 60Figure37:SecurityMechanismsAdoptedbyInterviewedOrganisations(#1) 61Figure38:SecurityMechanismsAdoptedbyInterviewedOrganisations(#2) 61Figure39:SecurityMechanismsAdoptedbyInterviewedOrganisations(#3) 62Figure40:UnicornVisionTowardsTargetAudienceProfiles 63Figure41:Non-TechnicalQualityAspectsasOrganisedbyISO/IEC25010:2011 80


7

ListofTablesTable1:IndustryStudiesandPointsofInterestRelevanttoUnicorn 28Table2:MarketPlayersAnalysis–BriefOverview 35Table3:MarketPlayersAnalysis–DevOpsSupportandHighlightFeatures 37Table4:MarketPlayersAnalysis–Perspectives 42Table5:OrganisationsParticipatedinInterviewProcess 46Table6:Unicorn’sBusinessMetrics 64Table7:Unicorn’sOfferingsandBusinessMetrics 65Table8:UnicornActors 66Table9:FunctionalRequirementsRelationtoUserRole 77


8

1 ExecutiveSummaryThemainobjectiveoftheUnicornprojectistodeliveraunifiedplatformthatwillfacilitateSMEsandStartups

todevelop, deploy andmanage secure-by-design andelastic-by-design cloudapplications and services, that

follow themicro-servicearchitecturalparadigm,onmulti-cloudprogrammableexecutionenvironments.The

platform will allow software developers to tackle data privacy constraints and restrictions through the

applicationofvariousprivacypoliciesandwilleasetheresourcemonitoringprocess.Inthisrespect,Deliverable

D1.1-StakeholdersRequirementsAnalysis,hereaftersimplyreferredtoasD1.1,providesadescriptionofthe

audience targetedbyUnicornanddefines a clear setof guidelines thatwill guide thepartners through the

technical activities of theUnicorn project. The guidelines thatwill drive the project technical activities, are

expressed in the form of functional and non-functional requirements that will assist in shaping the final

frameworkthatfulfilsthevisionandobjectivesoftheproject.

The work in this deliverable begins by presenting an agreed background and terminology of innovative

technological concepts such as the programmable infrastructure, multi-cloud offerings, micro-services,

containerization,DevOps,annotationbasedprogrammingandvarioussecurityenforcementmechanisms.This

terminologywillconsistentlybeusedthroughoutallfuturetechnicaldeliverablesastheseconceptsformthe

basictechnologicalpillarsonwhichtheimplementationoftheUnicornprojectwillbebasedon.

Furthermore, the methodology that was used to derive the functional and non-functional requirements is

presented. In the beginning of this agile methodology the partners analysed industry reports, surveys and

practicesinordertoidentifytheUnicornstakeholdersandpotentialuserrolesonwhichthefunctionalsystem

requirementswillbemappedon.Basedonthisanalysisoftheindustry,aninterviewquestionnairewasdesigned

toidentifythekeytechnologiesuptakenbytheSMEandStartupeco-systeminEurope,aswellastheemerging

technologiesthatarewithintheirinterestsbutcannotbesuccessfullyintegrateintotheirsoftwarestackyetdue

todifferentchallengestheyarefacing.

OneofthemostcriticalcontributionsofthisdeliverableisthedefinitionoftheprofilesoftheUnicorntarget

audienceandthebenefitsstemmingfromtheUnicornofferingstowardsthoseaudiences.Specifically,Unicorn

targetsDevOpsEngineersandSoftwareProgrammersemployedinSMEsandStartupsthatfallintooneofthe

followingcategories:i)smallandmedium-sizedindependentvendorswhocurrentlyofferon-premisebusiness

applicationsandwishtooffertheseapplicationsinthefutureusingthe"as-a-servicemodel",ii)start-upswho

intendstodevelopanddeploynewsecureandelasticservicesandiii)SMEsthatalreadyoffertheirservicesas

cloudsolutionsandwanttobenefitfromthecorefunctionalityoftheUnicornPlatform.Whatismore,D1.1

definesasetofbusinessmetricsinordertomeasurethebenefitsofUnicornutilizationfromdifferentbusiness

perspectives. These metrics are then mapped to offerings and features that Unicorn brings to the cloud

applicationlifecyclemanagement.

Lastly,wenotethattheanalysisoftheinterviewresponseshascontributedindecidingandclarifyingboththe

projecttargetaudienceandthesetoffunctionalandnon-functionalsystemrequirementsthatcanbeassigned

totheidentifieduserrolesthatareinvolvedindifferentstagesoftheapplicationlifecycle.


9

2 IntroductionCloudcomputingshiftsITspendingtoapay-as-you-gomodel,wheresimilartoutilitybilling,youonlypayforwhatyouuseandonlywhenyouuseit[1].CloudcomputinghasrevolutionizedtheITindustrytothepointwhere

anyperson,withevenbasictechnicalskills,canaccessandobtain,viatheinternet,ondemandvastandscalable

computingresourcesatlowcost[2].ForSmallandMediumEnterprises(SMEs)andtoday’sStartups,thiswell-

established argument is sound. Cloud computing eliminates the capital expense of buying hardware and

diminishescostsforconfiguring,runningandmaintainingon-sitecomputinginfrastructuresofanysize.Thus,it

isnowcheaperandeasiertoinnovate,enablingbusinessestodramaticallylowertheircostofoperations,and

byextension lowercostofstartingabusiness—independentbusinessessharetheircollective infrastructure

costsviathecloud—andthusspurringentrepreneurship[3].Therefore,itisnowonderwhySMEsandStartups

aremigratingcoreservicesandproductsoftheirbusinesstothecloud.Arecentstudyshowsthat,inthisdigital

economy,morethan37%ofSMEshaveembracedthecloudtorunpartsoftheirbusiness,whileprojections

showthatby2020thisnumberwillgrowandreach80%[4].

Whileopportunitiesforinnovationareriperthanever,SMEsandStartupswithalimitednumberofdevelopers,

whichideallyshouldbefocusedoncoreproductdevelopment,arefoundconstantlyinneedoftacklingsecurity,

complianceandcodevulnerabilitiesbydesigningsoftwaresecuritymechanismstopreventdatabreachesand

ensurecustomerprivacy.Arecentstudyfoundthat62%ofdatabreachesimpactingSMEsaccountedforaloss

ofmorethan50%oftheircustomerbase[4].Hence,asdatacontinuestomigratetothecloud,thecostofbadsecuritywill only continue to rise. Theother inhibitor that remains a consistentbarrier to cloudadoption is

vendor lock-in, which iswhere an organization fears becoming beholden to an individual cloud vendor [5].

However,while vendor lock-in remains the second inhibitorpreventing cloudadoption concernshavebeen

droppingrecentlydueto interoperability initiatives toestablishopenAPIsand libraries forcloudaccessand

deployment[6],[7]alongwithtopologyspecificationsandstandards[8],[9].ArecentstudybyRightScale(2017)

[10], reveals that SMEs use, on average, up to 6 different clouds (including private clouds) to achieve their

business objectswith the hybrid cloud establishing itself as themost popular deploymentmodel for SMEs.

Nonetheless,while thecloudpromises toautomateapplicationand infrastructuremanagement,multi-clouddeployments raise the complexity of monitoring, managing and effectively projecting cost budgets of theirservicesandcoreproductsdistributedacrossmultiplecloudswithunbearableengineeringrequiredtoovercomethesechallengesinordertocopeandnotperish.

Furthermore,resourcescaling(dubbedaselasticity)introducesanotherchallengethatmustbetackledaswell.

Elasticityisoneofthemost-hypedfeaturesofcloudcomputingandis,from2014,drivingcloudadoption[11].

Albeit,therealitydoesn'tnecessarilymeasureuptocloudproviders'promises[12].Websitetrafficfromsudden

userdemandcanexploderapidly,andtheneedforimmediatescalabilitytoaddressdemandscomeswithmany

obstacles. Cloud providers offering auto-scaling (e.g., AWS), automatically provision virtual instances when

high/low user-defined thresholds are violated [13]. However, auto-scaling is challenging, especially when

determiningwhetheranalertisissuedduetoaspikeindemandofanapplication,orwhethersomethingisa

malfunctionofthesystem[14].Adenialofservice(DDoS)attackorsimilarissuecouldinitiallyappeartobean

increase indemand,andamechanismthatautomaticallyscales, inresponse,maynotbeagoodthing.Fastscalingcould,infact,endupbeingdetrimentalresultinginunwantedcharges[15].


10

Figure1:UnicornVision

Nowadays,anumberofcloudapplicationmanagementframeworksclaimtoaddresstheabovechallengesby

facilitating the design and deployment of cloud applications and services. Some of these frameworks are

proprietary[16][17],lockingtheiruserstospecificproviders,whileothersaregeneric[18][19][20]allowing

managementofapplicationsondifferentinfrastructureswithadaptersforpopularcloudofferingproviders.A

common denominator in all aforementioned frameworks is that none provides the ability to manage the

lifecycleofacloudservicedistributedacrossmultipleavailabilityzonesand/orcloudsites.Inturn,noframeworkcurrentlytacklesdataprotectionprivacyconstraintsandrestrictionsduetonationalandEUdirectivesfordatamovementacrossapplicationtiers,availabilityregionsormultiplecloudsites.Also,elastictechniquesarenotwellsupportedtodealwithmulti-dimensionalelasticpropertiescoveringresources,costsandquality[21].Most

importantly,thesetoolstacklethechallengesofmanagingcloudapplicationsafterapplicationdevelopment.

Thisresultsoftentomoreiterationsintheapplicationdevelopmentcycleifpolicydefinitionforelasticity,securityand privacy deployment constraints for different cloud providers is not foreseen at the development phase,delayingtime-to-marketandimpactingnegativelySMEsandStartupscomprisedofsmalldevelopmentteams.

Asaresult,newcategoriesoftoolsandsolutionsareneededtosupportchallengesholdingbackSMEgrowth.

Therefore, the concept of the Unicorn project is to deliver a platform that facilitates the deployment oftrustworthyapplicationsandservicescreatingamoreentrepreneurialICTecosystem.Specifically,theUnicorn

platformtargets,butisnotlimitedto,SMEandStartupdevelopmentteamsthatfollowagileandcontinuous

softwaredeliveryprinciplestoimprovesoftwaredesignonacontinuousbasisand,thus,increaseproductivity.

Hence,Unicornwillsimplifythedesign,deploymentandmanagementofsecureandelastic–bydesign–multi-

cloudservicesbyprovidingsoftwaredevelopmentteamswithacloudIDEplug-inandsoftwaredesignlibrariestoreducedevelopmenttimeofcloudapplications.Thiswillenablesoftwaredeveloperstodesignanddevelop

secureandreactiveapplicationsthroughtheirIDE,hencerightwheretheywritetheircode,thatincorporatesa

setofsoftwarecodeannotations,validationandpackagingtoolsforsecurity,privacyprotection,monitoringandelasticitypolicydefinitionattheplatform,application,componentandevencodesegmentlevelwithouthaving

to manually perform resource mappings and bindings. To circumvent the burdensome installation and

integrationprocess,theUnicornplatformwillenablecontinuousorchestrationandautomaticoptimizationofportableanddynamiccloudservicesrunningonvirtual instancesormicro-executioncontainersforincreasedsecurity, data protection privacy, and vast resource (de-)allocation. Once the software team has finished

developmentandarereadytodeploytheirapplication,thedeploymenttoolofthecloudIDEpluginwillbundle

applicationcode,third-partylibrariesandUnicornannotatedpoliciesandevenallowuserstosearchforrequired

OSlibrariesandruntimesoftwarestacksastheUnicorndevelopmentparadigmsupportsthenotionofmicro-

executioncontainerenvironments.Specifically,containerizedenvironmentsareparticularlyrelevanttomicro-

servicesandthedevelopingconceptof“immutableinfrastructure”wherecloudofferingsservedfromvirtual

instancesaretreatedasdisposableartefactsandcanberegularlyre-provisionedsolelyfromversion-controlled

code.Whatismore,thesupportfromtheUnicornplatformtosoftwaredevelopmentteamsdoesnotstopat

applicationdeployment.Toeliminatesecuritythreats,theUnicornplatformwillprovidecontinuousrisk,cost

andvulnerabilityassessment.Inotherwords,byusingUnicornsoftwareteamsfocusoncoreapplicationfeature


11

developmentlogic,notthescale,monitoringandsecurityissueswhicharehandledinthebackgroundbythe

Unicornplatformensuringinteroperabilityacrossmultipleanddifferentclouds.Thisreducessoftwarerelease

timeandprovidesapowerful tool forSMEs that followagileandcontinuoussoftwaredeliveryprinciples to

improvesoftwaredesignandcontinuousproductivityimprovement.

2.1 DocumentPurposeandScopeThepurposeofthisdocumentistoprovideacomprehensivefoundationdescribingthebasicsetofdesignand

implementation guidelines thatwill start and guide the development of the IT components comprising the

Unicornplatform.Inrespecttothis,DeliverableD1.1aimstoidentifythestakeholdersoftheUnicornecosystem

andderiveclearandbasicdescriptionsofthesystemrequirementsafteranalysingandprioritizingtheneedsof

the industry and the Unicorn Projects’ Stakeholders. This is achieved by designing an online survey and

performingpersonalinterviewswithcarefullyselectedprojectStakeholderswithinandbeyondtheconsortium

inordertoprobetheICTneedsoftheEUSMEandStartupeco-system.Thus,requirementsaremeanttodrive

thedesignanddevelopmentprocessastheycomprisetheconstraintsthataretohelptheUnicornecosystem

andplatformtobestmatchtheprojectvisionandsatisfythe identifiedtechnologicalchallengesandmarket

gaps. Requirements show the functional and non-functional aspects for the Unicorn project and are an

importantinputtotheverificationandvalidationprocess,sincetestsandevaluationKPIsshouldtracebackto

specificrequirements.Tothisend,functionalrequirementsrepresentthelistoffunctionalpropertiesthatneed

to be implemented and finally supported within the context of the Unicorn ecosystem and platform. This

includesallbehaviouralaspectsofthesystemcomponents,aswellasthetoolsandapplications.Ontheother

hand,non-functionalrequirementswillconcernperformance,scalability,securityandprivacyaspects.

2.2 DocumentRelationshipwithotherProjectWorkPackagesWiththeidentificationofthetargetedstakeholdersandthedocumentationofthebasicfunctionalandnon-

functionaltechnicalrequirements,thisdeliverable(D1.1),willbeusedasanagreeduponinstructionsetguiding

thedevelopmentoftheITcomponentsthatmustbedeliveredbytheUnicornProject.Hence,D1.1(Stakeholders

Requirements Analysis) marks the completion of Task 1.1 “Requirements Analysis and Stakeholders’

Identification”.Figure2depictsthedirectand indirectrelationshipofthedeliverabletotheotherTasksand

WorkPackages(WPs).Thedefinitionofsystem-widerequirementsandthekeytechnologyfindingsidentified

byfollowingtheroadmap(describedinChapter4)forprobingtheEUSMEandStartupeco-system,willdrive

the documentation of the Unicorn reference architecture (D1.2). In particular, the Unicorn reference

architectureiscornerstonefortheprojectasfunctionalandnon-functionalrequirementsaredirectlymapped

towell-definedsystementities,thusguidingthetechnicalworkofWP2-WP5.Ontheotherhand,withtheclear

definitionoftheprojectandtheprioritizationofrequirementstomatchtheneedsoftheuse-cases(D1.2),the

workinWP6“Demonstration”canbeginasplanned.Finally,thecommunicationanddisseminationstrategyof

theproject(WP7)naturallyalignsintermsofthetargetaudienceandstakeholdersderivedinthisdeliverable.


12

Figure2:DeliverableRelationshipwithotherTasksandWorkPackages

2.3 DocumentStructureTheremainderofthisdeliverableisstructuredasfollows:Chapter3introducesadescriptiveBackgroundand

TerminologysynopsisreferringtothekeyconceptsrelatedtothenotionofProgrammableInfrastructure.This

synopsiswillbeusedasareferenceglossarythroughouttheUnicornprojectdeliverablesandinteractionswith

projectStakeholders.Chapter4presentsacomprehensivedescriptionofthemethodologyfollowedtoderive

SystemRequirementsfortheUnicornprojectbydesigninganonlinesurveyandperformingpersonalinterviews

withcarefullyselectedprojectStakeholders inordertoprobetheICTneedsoftheEUSMEandStartupeco-

system. In relation to this, Chapter 5 documents Stakeholder analysis scheme. Chapter 6 introduces the

RequirementsAnalysisSchemewhichdocumentsthekeyfindingsderivedfromthedisseminatedonlinesurvey

andtheconductedpersonalinterviewswhichhelpedtheconsortiumcompilethelistofsystemrequirements.

Havingperformedthesurveyanalysis,Chapter7 introducesan in-depthdescriptionof theUnicornplatform

targetaudiences,whilethelistoffunctionalandnon-functionrequirementsalongwiththeUnicorneco-system

userrolesthatwillbeobeyedthroughoutfutureprojectdeliverablesandwillserveasguidelinesforthetechnical

worktobeperformedtoderivetheUnicornplatform,isintroducedinChapter8.Finally,Chapter9concludes

thisdeliverableandoutlinestheworkthatwillfollow.


13

3 BackgroundandTerminologyBeforeproceedingwiththestakeholderidentificationandtherequirementcollectionandanalysisprocess,itis

importanttoidentifyandelaborateonthekeyconceptsdrivingtheinnovativetechnologicalaxesoftheUnicorn

project.The terminologydetermined in this sectionwillworkasa referenceguideacrossall futureUnicorn

technicaldeliverables.

3.1 ProgrammableInfrastructureProgrammable infrastructure is the IT concept of applying methods and tooling established in software

developmentontothemanagementof IT infrastructure.This includes,but isnot limitedto,automation,on-demandresource(de-)provisioning,serviceintegrationanddelivery,APIversioning,dataaccess,immutabilityandagiledevelopment[22].

Whatismore,thenotionof“programmability”canbeviewedandexaminedfromtwodifferentperspectives

[23].Inparticular,fromadeveloperperspective,“programmability”isthemeanstocreatetheproperexecution

environment independently of theunderlyingphysical resources. Thus, there is a needof bothoverarching

resourceabstractionsatthedesign/developmentstageandconvenientAPIsatrun-time,inordertoimplement

anapplicationinanenvironment-agnosticwayandtodynamicallytailorittotheactual(andusuallychanging)

context.Tothisdirection,theProgrammableInfrastructureprovidesdeveloperswithacommonandsinglepoint

ofaccesstoallresources,hidingphysicalissueslikeresourcenature,faults,maintenanceoperations,andsoon.

Ontheotherhand,fromaninfrastructureofferingproviderperspective,“programmability”mostlyreferstothe

concernsoftheproviderwithoperationandmaintenanceof (usually) largepoolsofresources. Inparticular,

infrastructure providers are in need of handy tools to deal with typical management tasks like insertion,

replacement,removal,upgrade,restorationandconfigurationwithminimalservicedisruptionanddowntimes.

Tothisdirection,ahighdegreeofautomationisdesirable,throughprogrammaticrecoursetoself-*capabilities

(self-tuning,self-configuration,self-diagnosis,self-healing).

Cloud computing adheres to the notion of Programmable Infrastructure by providing users with (virtual)

resourcesondemand,accordingtotheirneeds,andbymetaphoricallyblurringtherealphysicalinfrastructure

(baremetal)insideanopaque“cloud”[24].Thekindofresourcesexposedbycloudsdependsuponthespecific

service model; they are infrastructural elements like (virtual) hosts, storage space, network devices

(Infrastructure-as-a-Servicemodel, IaaS),computingplatforms includingtheOperatingSystemandarunning

environment (Platform-as-a-Servicemodel, PaaS), or application software like databases, web servers,mail

servers(Software-as-a-Servicemodel).InUnicorn,wemainlytargettheIaaSmodel,since,orchestration-wise,

itgivesdevelopersthebroadestcontrolonthecloudexecutionenvironmentfortheirapplications.However,

the Unicorn project also targets providing the appropriate tooling sets to developer teams to ease cloud

applicationdevelopment,securityenforcement,andlifecyclemanagementandthereforewhilenottargeting

persePaaSofferings,itresemblesaPaaSservice,orbetter,aDevOps-as-a-Service.

Inthefollowing,wepresentanoverviewofthekeyconceptsrelatedbothtotheUnicornprojectandthenotion

of Programmable Infrastructure. Although the following approachesmay adhere to different architectures,

frameworks and implementations (State-of-the-Art will be thoroughly documented in D1.2), they are

interrelatedandtheirsynergytowardsafullyprogrammableinfrastructureismoreandmoreevidentintoday’s

platforms.


14

3.2 Multi-CloudOfferingsToachievetheircloudgoals,businessleadersareincreasinglychoosingtoworkwithmultiplecloudofferings

and/orcloudproviders [25].Adominantfactor is that leadingcloudprovidersareconstantly innovatingand

introducing new technologies to better their services, so an enterprise with a multi-cloud solution can be

proactive in themarket,electing toconsistentlyemploy thebest servicesandvalue, fromanygivenservice

provider,atanygivencircumstances.ArecentstudybyIDC[26],predictsthat86%ofenterpriseswillrequirea

multi-cloud strategy to support their business goals within the next two years, while other studies (e.g.,

RightScale’sStateoftheCloudyearlytrends[10],[27])revealthatthehybridcloudisdominatingtheinterests

ofmorethan70%ofITrelatedorganisations[28].However,whilethetermshybrid-clouds,multi-cloudsorevenfederated-clouds are used in studies across the industry as interchangeable terms, only when specifically

questioninginterviewees(ataskperformedbyUnicornasdocumentedinChapters4and6)itisrevealedthat

organisationsoftenrefertodifferentclouddeploymentmodelswhenusingtheaforementionedterms.

Therefore,inwhatfollowsweclarifydifferent(multi-)clouddeploymentmodelsevolvingaroundthenotionof

usingmorethanonecloudofferingsand/orcloudserviceproviders.

• MC1–CloudBursting: Thismodel allows forworkloads tomove between private and public cloud

offerings as computing needs dynamically change [29]. Specifically, organisations benefit from the

scalabilityofpubliccloudsfordemandingcomputeoperations,otherwiselimitedbytheinfrastructural

resources of the organisation, while also leveraging the security provided by their private cloud

infrastructurebynotexposing,atalltimes,protectedandsensitivedata.Furthermore,organisations

canbenefitbythereducedaccesstimeandlatencyofdataexchangeinsideaprivatecloud.

• MC2–OneCloudProviderMultipleAvailabilityZones:Thismodelsupportstheuseofonlyonecloud

providerorcloudofferingstype,albeitmultipleavailabilityzones,regionsand/orcloudsitesareused,

todeployorganisationservicesoncloudofferings[30].Forinstance,anorganisationmayselecttooffer

itsservicesclosertoconsumersbyselectingappropriateavailabilityzones(e.g.,AWSoffersEUofferings

viaIrelandandFrankfurtzones)oritmaydeployloosely-coupledservicesacrossmultiplecloudsitesbut

allusingthesamecloudofferingstype(e.g.,Openstack,VMware).Thelatterisacasehighlyrelevantto

the health sectorwhere health institution data (e.g., clinic patient health records), for security and

privacyreasons,areprotected,andused,behindprivateclouddeploymentsbutcanstillbeaccessed

afterobtainedauthorizationfromotherinter-connectedhealthinstitutions.

• MC3 – Multiple Cloud Providers Heterogeneous Offerings: This model supports the ability of

organisations to route their workload to respected providers that better suit particular tasks of a

service’soperations (e.g.,datastorage,processing) [25].For instance,anorganizationmayconclude

thattoachievecertaincostreductionbenefitsforitscloudcomputingbillage,itscloudstorageneeds

wouldbebest shifted toAmazonWebServices (AWS)while itsdataprocessingneeds forparticular

(offline)tasks(e.g.,imageprocessing)mightbebetterservicedbyutilizingMicrosoft’sAzuremachine

learningdatapipeline.

• MC4–MultipleCloudProvidersHomogeneousOfferings:Thismodelallowstheuseofhomogeneous

offerings (e.g., sameorsimilarVMtypes foradeployedservice) frommultiplecloudproviders (e.g.,

AWS,GoogleComputeEngine)tosupportcontinuousavailabilityofanorganization’sservices[31].With

thismodel,organisationsbenefitbyallowingoperationstocarryon,despitetheeventofcloudprovider

downtimeascloudresourceacquisition isdistributedamongtheselectedcloudserviceproviders. In

particular,thismodelalsoallowsforloadtobebalancedacrossproviders,whilereducedaccesstime


15

andlatencyfor intra-dataexchangeisachievedfortheofferings insidetheboundariesofeachcloud

provider.

3.3 Micro-servicesTheevolvementofnewsoftwaredevelopmentparadigmsisfollowingtheneedfordevelopmentofapplications

thatadheretothenotionsofmodularity,distribution,scalability,elasticityandfault-tolerance [32].Amicro-

servicearchitecturalapproachisconsideredastheresultingsetthatarisesfromthedecompositionofasingle

applicationintosmallerpieces(services)thattendtorunasindependentprocessesandhavetheabilitytointer-

communicateusuallyusinglightweightandstatelesscommunicationmechanisms(e.g.,RESTfulAPIsoverHTTP)

[33].These(micro-)servicesarebuiltaroundbusinesscapabilitiesandareindependentlydeployablebyfully

automateddeploymentmachinery.For(micro-)services,thereisabareminimumofcentralizedmanagement

and such servicesmay bewritten in different programming languages and even use different data storage

technologies[34].

Figure3:MonolithicLegacyEnterpriseArchitecturevsMicro-serviceArchitectureApproach

Tounderstandthelogicbehindamicro-servicearchitecturalapproachitisusefultocompareittoamonolithicapproach(Figure3)whereasingleexecutablehoststheentirefunctionallogicofanapplication,suchasinthe

caseofawebservicehandlingHTTPrequestswhileresponsibleforexecutingdomainlogic,databaseaccess,

andHTMLviewpopulation.Hence,alllogicforhandlingwebrequestsrunswithinasingleprocess.However,

thisapproachfeaturesanumberofdisadvantages,oftenreferredtoasmonolithinhibitors[35].Inparticular,featureroll-outsandsoftwarecodechangesarealwaystiedtogether–evenasinglechangemadetoasmall

codesegmentoftheapplication,requirestheentiremonolithtoberebuiltandre-deployed.Overtime,andas

thesoftwarestackexpands,itbecomesevidentthatagoodmodularstructureishardtokeep,makingitdifficult

totracksoftwarecodechangesthatoughttoonlyaffectonemodulewithinthatmodule.Most importantly,

resourcecapacityprovisioningforthesoftwarestackrequiresscalingtheentireapplicationratherthanonlythe

specificservicesinrealneedofadditionalresources.

In contrast to monoliths, micro-services are decomposed into services organised around discrete businesscapabilities.TheboundariesbetweentheseunitsareusuallycomprisedoffunctionalAPIsthatexposethecorecapabilities of each service. Large systems are then composed of many (micro-) services, whereby

communicationbetweenmicro-servicesisacentralingredient.Forinstance,suchisthecaseofamazon.com1,

1https://www.amazon.com/


16

wherethedifferentaspectsof theire-commerceplatform—recommendations,shoppingcart, invoicingand

inventorymanagement—aresplitintodiscrete,scalableandindependent(micro-)services[36].Insteadofall

beingpartofoneenormousmonolith,eachbusinesscapabilityisaself-containedservicewithawell-defined

interface.Theadvantageofthisisthatseparateteamsareeachresponsiblefordifferentaspectsoftheservice

allowing the team and software core to develop, test, handle failures and scale independently. In turn,continuousdeliveryispossibleassmallunitsareeasiertodeployandmanagetheirentirelifecycle.

Finally,decentralizeddatamanagementishighlyevidentwhereeachservicedealingwithaspecificfunctionof

thebusinessprocessmaymanageitsowndatabase,eitherdifferentinstancesofthesamedatabasetechnology

or entirely different database systems, so as to optimize data storage, processing and acquisition to the

heterogeneousneedsand scaleof eachbusiness function.As statedbyA.Cockcroft,whooversawNetflix’s

transition from amonolithic DVD-rental company to amicro-service architecture comprised ofmany small

teamsworkingtogethertostreamcontenttomillionsofusers,amicro-servicewithcorrectlyboundedcontextisself-containedforthepurposesofsoftwaredevelopment[37].Therefore,onecanunderstandandupdatethemicro-service’scodewithoutknowinganythingabouttheinternalsofitspeers,becausethemicro-servicesand

itspeers interact strictly throughAPIsand therefore there isnoneed for sharingorexposing (with security

threats lurking) data structures, database schemata, or other internal representations of objects. Thus, the

commonlyunderstood“contract”betweenmicro-servicesisthattheirAPIsarestableandforwardcompatible.

3.4 ContainerizationResourcevirtualization,ingeneral,consistsofanintermediatesoftwarelevelontopofphysicalresources(bare

metal)andtheoperatingsystem,providingabstractionsformultiplevirtualresources(e.g.,compute,memory,

storage,etc.),oftenbundledtogetheranddenotedasvirtualmachines(VMs)orvirtualinstances.VMscanalso

beseenasisolatedexecutioncontexts[38].Inparticular,VMsrequirefullguestoperatingsystemsinaddition

tobinariesandvariouslibrariesthatarenecessaryfortheapplicationstorun,whichtranslatesintolargeisolated

filesthatstoretheirentirefile-systemonthehostmachine[39],[40].EachVMisrunontopofahypervisor,

whichisaspecialisedsoftwareonthehostoperatingsystemthatisresponsiblefortheoperationoftheVMand

themanagementoftheresourcesneededfromthehostmachine.Today,hypervisor-basedvirtualizationisthe

mostpopularmethodofresourcevirtualizationandthemainrepresentativesofthespecifiedtechnologycan

be considered the XEN [41], VMWare [42] and KVM [43]. Although security concerns have been addressed

throughisolation,securitylimitationsstillexist,mainlyduetonumerousvulnerabilitiesmaskedindependencies

ofthedeployedapplicationstothird-partybinariesandlibraries[44].

On the other hand, containerization is a virtualization method, for deploying and running distributed

applicationswithout the need to launch entire VMs. In particular, containerization (Figure 4) allows virtual

instancestoshareasinglehostoperatingsystemandrelevantbinaries,dependenciesand/or(virtual)drivers,

inasecurebutalsoportableandinteroperableway[45].Applicationcontainersholdcomponentssuchasfiles,

environmentalvariables,andlibrariesrequiredtorunthedesiredsoftware.Becausecontainersdonothavethe

overheadofanentireguestoperatingsystemrequiredbyVMstooperate,theirsizeissmallerthanVMswhich

makesthemeasiertomigrate,fastertoboot,requirelessmemoryandasaresult, it ispossibletorunmanymorecontainersonthesameinfrastructureratherthanVMs[46].Inturn,applicationdevelopmentwiththeuse

ofcontainers isperfectforamicro-serviceapproachasunderthismodel,complexapplicationsaresplit into

discreteandmodularunitswheree.g.,adatabasebackendmightruninonecontainerwhilethefront-endruns

inaseparateone.Hence,containersreducethecomplexityofmanagingandupdatingtheapplicationbecause


17

aproblemorchangerelatedtoonepartoftheapplicationdoesnotrequireanoverhauloftheapplicationasa

whole[47].

Figure4:HypervisorvsContainer-basedVirtualization

Sincecontainerssharetheoperatingsystemkernel,theisolationprovidedcomparedtothehypervisor-based

virtualizationisweaker,neverthelessitseemsfromtheuserperspective,thateachcontainerexecutesasingle

stand-aloneOS. Isolation in container-based virtualization can be achieved through kernel namespaces and

ControlGroups(cgroups)[48][49].Namespaces,isafeatureoftheLinuxkernelthatallowsdifferentprocesses

tohavedifferentviewsonthesystem,whilecgroups,anotherfeatureoftheLinuxkernel,manageand limit

resourceaccessforprocessaccessgroupsthroughlimitenforcement.Inorderforacontainerizedimagetorun,

it isrequiredthataspecializedsoftwaretobepresentontopoftheoperatingsystem,theContainerEngine

whichutilizestheLinuxkernelmechanisms(LXC)describedabove[50].ThemostpopularContainerEngineis

DockerwhichisbuiltbasedontheLXCtechniques[51].

Figure5:DockerRelationtoLinuxContainerNotion

Docker is the leading container platform with the ability to package and run containerized applications. It

providesacompletetoolset tomanagethe lifecycleofcontainers, fromdevelopmentphasetodeployment.

Docker streamlines thedevelopment lifecyclebyallowingdevelopers towork in standardizedenvironments


18

usinglocalcontainersandallowsforhighlyportableworkloads.ItiswritteninGoandtakesadvantageofseveral

featuresoftheLinuxkerneltodeliveritsfunctionalitysuchasnamespacesandcgroups.However,asDocker's

technology is based on LXC, containers do not run an independent version of the OS kernel. Instead, all

containersonagivenhostrununderthesamekernel,withonlyapplicationresourcesisolatedpercontainer.

Thisallowsforacertaindegreeofisolation(thoughnotasisolatedasafullVM)withalowerresourceoverhead

but leaving an attacking surface for exposed vulnerabilities in the central OS daemonmanaging co-located

containers[52].Toimproveisolationbyprovidingsecurecontainerization,andstilladheretothelinuxkernel

principles, CoreOSwas designed to alleviate and improvemanyof the flaws inherent inDocker's containermodel[53].Inparticular,CoreOS(Figure6)featuresaread-onlylinuxrootfswithonlyetcbeingwritable.In

turn,ascontainersareisolated,evenco-locatedones,andtoreacheachothercommunicationishandledovertheIPnetworkwhilenetworkconfigurationsareexchangedoveretcd.

Figure6:CoreOSHostandRelationtoDockerContainers

For the deployment and orchestration of containers, frameworks such as Docker Swarm [54], Google’sKubernetes[55]andFleet[56]instantiateandcoordinatetheinteractionsbetweencontainersacrossacluster.Therefore,containerorchestrationtoolscanbebroadlydefinedasprovidinganenterprise-levelframeworkfor

integratingandmanagingcontainersatscale.Suchtoolsaimtosimplifycontainermanagementandprovidea

frameworknotonlyfordefininginitialcontainerdeploymentbutalsoformanagingmultiplecontainersasone

entity, for purposes of availability, scaling, and networking, while the underlying CoreOS provides strong

isolationtotheaboveDockerexecutionenvironment.Hencethecontainersolutionstackpresentsitselfasideal

for micro-service architectures [32], as micro-services are indeed built in this manner: a number of thin

containers,eachwithaminimalsetofprocesses,interactoverwell-defined(software)networkinterfaces.Thus,

for micro-services different containers are prepared for each of the components comprising the cloud

applicationwhichisidealtodeployadistributed,multi-componentsystemusingthemicro-servicesarchitecture,

abletoscalebothhorizontallyandverticallythedifferentapplications.

Inturn,unikernelsarespecializedvirtualmachineimagescompiledfromthemodularstackofapplicationcode,

systemlibrariesandconfigurationwhichadheretoboththeprinciplesofcontainerizedexecutionenvironments

and programmable infrastructure [57]. Specifically, unikernels are specialized single-purpose images

disentanglingapplicationsfromtheunderlyingoperatingsystemasOSfunctionalityisdecomposedintomodular

and “pluggable” libraries (similar to CoreOS). Developers select, from a modular stack, the minimal set of

libraries(e.g.,network,blockdevices),whichcorrespondtotheOSconstructsrequiredfortheirapplicationto


19

run. These libraries are then compiled with the application’s code, to build sealed and fixed-purpose

containerized environmentswhich run directly on the hypervisorwithout an interveningOS, as depicted in

Figure7.Therefore,alongwiththebenefitsofcontainerization,whichincludes:(i)shortboottimes(fewsecond

range) [58], (ii) small images sizes (fewMBs) [59] [60]and (iii) fierce security [61];unikernelsexhibit strong

isolationguaranteesduetohypervisor-basedexecution,livemigrationandrobustSLAs[62].Thesebenefitsare

particularlyrelevanttomicro-servicesandthedevelopingconceptofimmutableinfrastructurewhereVMsare

treated as disposable artefacts and can be regularly re-provisioned solely from version-controlled code.

ModifyingsuchVMsdirectlyisnotpermitted:allchangesmustbemadetothesourcecodeitself.

Figure7:UnikernelRelationtoVMsandContainers

3.5 DevOps–ContinuousIntegrationandDeliveryRecent surveys ([63], [64]) have shown that DevOps is rapidly growing especially in the enterprise and the

demandofpeoplewithDevOpsskills is increasing.AccordingtoAmazon[65],DevOps is thecombinationof

cultural philosophies, practices, and tools that increases anorganization’s ability todeliver applications and

services at high velocity. Under the DevOps paradigm, there is no more a distinct separation between

developmentandoperationsteams.Theseteamscanbemergedintoasingleteam,inwhichoperationsand

development engineers participate together in the entire service lifecycle, from design through the

development process to production support. Enterprises and organizations gain huge benefits [66] from

adopting DevOps practices. Such benefits include: (i) improved collaboration between the various teams

(developersandoperations)ofanorganization;(ii)highvelocityandefficiencyonnewdeployments;(iii)reliable

application updates and infrastructure changes; (iv) improved security by using compliance policies and

configurationmanagement techniques; and (v) rapid deliverywhich increases the pace of new releases by

adoptingcontinuousintegrationandcontinuousdeliverypractices


20

Figure8:ContinuousIntegrations,ContinuousDeliveryandContinuousDeploymentSteps

ContinuousIntegration(CI)andContinuousDelivery(CD)aresoftwaredevelopmentpracticesthatautomate

thesoftwarereleaseprocess,frombuildtodeploy.Morespecifically,CI[67]isasoftwaredevelopmentpractice

wheremembersofateamintegratetheirworkfrequently(usuallydaily)intoacentralsoftwarerepository(e.g.

git, svn). Each integration is verified by an automated build (including tests) to detect integration errors as

quicklyaspossible,whichallowsteamstodelivercohesivesoftwaremorerapidly.Continuousintegrationmost

oftenreferstothebuildorintegrationstageofthesoftwarereleaseprocessandentailsbothanautomation

component(e.g.aCIorbuildservice)andaculturalcomponent(e.g.learningtointegratefrequently).Thekey

goalsofcontinuousintegrationaretofindandaddresssoftwarebugsquicker,improvesoftwarequality,and

reducethetimerequiredtovalidateandreleasenewsoftwareupdates.CDisthesoftwaredevelopmentpractice

inwhichteamsareconstantlyproducingnewsoftwarereleases(includingnewfeatures,configurationchanges,

bug fixesandexperiments) inshortcyclesandensurethat itcanbereliably releasedatanytime[68].With

continuousdelivery,everycodechangeisbuilt,tested,andthenpushedtoanon-productiontestingorstaging

environment. The final decision to deploy to a live production environment is triggered by the developer

whereasincontinuousdeploymentthislaststepisautomatic.

TofurtherassistDevOpsengineers,especiallyinthedevelopmentphase,tocollaborateunderbetterconditions

andtobetterpromoteCI/CDpractices,anewcategoryoftools,theCloudIDE,isontheriseoverthepastfew

years [69]. Simply stated, a Cloud IDE is, usually, a browser-based IDE that allows real-time collaborative

software development via portableworking environments (workspaces) deployed on the cloud. They allow

access from anywhere using Internet Access (or even can provide access to a local setup), with minimal

configuration needed. Cloud IDE’s provide support to all major software repositories thus promoting

collaboration and CI practices. Most of the state-of-the-art Cloud IDE’s working environments are usually

containerizedallowingtheusertocustomizethecontainerimagesaccordingtoitsneeds(e.g.EclipseCHE[70],

SAPHana[71]).Moreover,CloudIDEscanconnecttovariouscloudproviders,makingiteasierforDevOpsto

deploytheirapplicationsremotely.

Finally,oneofthemostchallengingtasksofaDevOpsengineer,particularlyinthecloudarea,isthedevelopment

ofelasticapplications,abletoefficientlyadapttheirresourcesaccordingtotheirneeds.Elasticityisdefinedasthedegreetowhichasystemisabletoadapttoworkloadchangesbyprovisioningandde-provisioningresources

inanautonomicmanner,suchthatateachpointintimetheavailableresourcesmatchthecurrentdemandas

closely as possible [1]. It is used to avoid inadequate provision of resources and degradation of system

performance while achieving cost reduction [72], making this service fundamental for cloud performance.

Nowadays,themostcloudprovidersandthird-partytoolsofferanautomatedwaytoscaleresourcesbygiving


21

theabilitytothedevelopertodefinetheoptimalpoliciesforhisapplicationprovisioning.Horizontalscalingis

thescalingmethodofchoiceformanycloudsystemssinceitprovidesawayofscalingtheapplicationtomeet

itsdemands inanuninterruptibleway.Horizontal scaling requires from theapplication to supportawayof

cloning itself, inorder tobedeployed inanothervirtual container tosupportpartof thedemand.Although

vertical scalingseemssimpler since itonly requires increasing resourcesof thevirtual containerhosting the

application, in fact it isnotappropriate to supportapplication’suninterruptibleoperationsincemostof the

operatingsystemsdoesnotsupporton-the-flychanges(withoutrebooting)ontheavailableresources(e.g.CPU

ormemory)ofarunninginstance.Thus,horizontalscalingismostlypreferredincloudsystems.

Auto-scalingtechniquesaredistinguishedtoreactiveandproactive(orpredictive)[1].Reactivetechniquesrefer

tothosemethodsthatreacttothecurrentsystemand/orapplicationstatewhichstatesaredecidedfromthe

latestvaluesofmonitoredvariables.Proactive(orpredictive)techniquesattempttoscaleresourcesinadvance

ofdemandbypredictingthelatter.Reactivetechniquesmayproveinefficienttosupportuninterruptibleatall

timesoperationoftheapplicationespeciallywhenthereisasuddendemandburst.Thisisduetothefactthat

acquiring new resources and instantiating a new execution environment (virtual container) requires a non-

negligibletimeinterval.Ontheotherhand,proactivetechniquesaremorepromising;however, intheworst

casetheymaymisstopredictdemandandactasareactivetechniquewith,possible,additionalcostsoccurring

formiss-predictions.Thus,auto-scaling isasignificantchallenge,asabadperformingauto-scalingtechnique

may lead to problems such as under-provisioning; the application does not have enough resources, over-

provisioning; the application reserves more resources than the ones really needed, and oscillation; scaling

actionsarecarriedouttooquickly,fortheapplicationtoseetheimpactofthescalingaction[31].

3.6 Annotation-BasedProgrammingModern programming languages (e.g., java, C#, python) offer an extremely useful mechanism named

“annotations” that can be exploited for several purposes. Annotations are a form of metadata providing

informationandinstructionsthatarenotpartoftheapplicationitself[73].Annotationsdonotdirectlyaffect

programsemantics,buttheydoaffectthewaysoftwarecodeistreatedbytoolsandlibraries,whichcaninturn

affectthesemanticsoftherunningsoftware.Annotationscanbereadfromsourcefiles,binaryfiles(e.g.,class

files),orreflectivelyatruntime.Theyprovidecompilersandbuildengineswithuseful informationandhints

(e.g.,suppresswarnings),andallowcodeinjectionatcompilationordeploymenttimeforruntimeprocessing

decisions(e.g.,addloggers,providehandlerstocountmethodaccesses,etc.).

Fromthesoftwareengineerperspective,annotationscanbepracticallyseenasaspecialinterfacewhichmay

beaccompaniedbyseveralconstraints,suchasthepartofthecodethatcanbeannotatedorthepartofthe

codethatwillprocesstheannotations.AnindicativeexampleinJavaispresentedinFigure9,whichdefinesanannotationdenotedasTest,thatwillbeusedtoannotateJavamethods.Thescope(javamethods)oftheTest

annotation is defined via another annotation @Target(ElementType.METHOD) while the annotation

@Retention(RetentionPolicy.RUNTIME)indicatesthattheTestannotation(andotherannotationsof

thesametype)willberetainedbytheVMsoastobeparsedreflectivelyatrun-time[74].


22

Figure9:IndicativeExampleofAnnotationDeclarationinJava

AnnotationsarewidelyusedbynumerousframeworkssuchastheSpringFramework[75]andeachframework

selects one handling technique in order to process annotations. In general, there are three strategies for

annotations’handling:

• Sourcecodegeneration:Thisannotationprocessingoptionworksbyreadingtheinitialsourcecodeandgeneratingeithernewsourcecodeormodifyingexistingcode,andnon-sourcecode(e.g.,configfiles,

documentation).The(code)generatorstypicallyrelyoncontainerorotherprogrammingconventions

and work with any retention policy. Indicative frameworks that belong to this category are the

AnnotationProcessingTool(APT)[76]andXDoclet[77].

• Bytecode transformation: Annotation handlers of this form parse binary and/or executable files

containing annotations and emit modified binaries and/or newly generated executables. They also

generatenon-binaryartifacts(e.g.,configfiles).Bytecodetransformerscanruneitheroffline(compile

time),atload-time,ordynamicallyatrun-time.InJava,theyworkwithclassorruntimeretentionpolicy

(asshowninFigure9).IndicativebytecodetransformerexamplesincludeAspectJ[78]andSpring[75].

• Runtimereflection:Annotationhandlersofthisformusereflectiontoprogrammaticallyinspectdata

objectsatruntime.Ittypicallyreliesonthecontainerorotherprogrammingconventionandrequires

runtimeretentionpolicy.ThemostprominenttestingframeworkslikeJUnit[79]useruntimereflection

forprocessingtheannotations.

3.7 SecurityEnforcementandDataPrivacyPreservingData security has consistently been a major issue in information technology. In the cloud computing

environment,itbecomesparticularlyseriousbecausethedataislocatedindifferentplacesandevenallaround

globe.Theincreasingnumberofconnecteddevicesandthehugeamountofsoftwarethatisbeingdeveloped

on a daily basis will continue to generate and introduce new attack vectors and exploit opportunities for

malicioushackers.Datasecurityandprivacyprotectionarethetwomainfactorsofuser'sconcernsaboutthe

cloudtechnology.Forthisreason,theissueofcontinuouscloudandapplicationsecurityenforcementmustbe

tackled, while enabling data protection privacy mechanisms at the cloud/hypervisor layer due to the co-

existenceofmultipleusersandserviceswithinthesamehosts.

Data security is commonly referred to as the confidentiality, availability, and integrity of data. Securityenforcementmechanismsareinplacetoensuredataisnotbeingusedoraccessedbyunauthorizedindividualsor parties. In addition, thosemechanisms ensure that the data is accurate, reliable and availablewhen an

authorizedpartyneedsit.

Tothisdirection,onesecurityenforcementmechanismthat iswidelyusedisthe IntrusionDetectionSystem

(IDS).An IDS is a software component that automates themethodofmonitoringeventswithina computer

systemornetworkandanalysingthemforsignsofpossibleviolationsorthreatsofviolatingcomputersecurity

policies,acceptableusepolicies,orstandardsecuritypractices.Suchsystemscanalsoattempttostoppossible


23

incidents (IDPS - IntrusionDetection and Prevention System). Information gathering, logging, detection and

preventionareamongthecapabilitiesofferedbyIDSs.Asfarasthedetectioncapabilitiesisconcerned,most

IDSsuseacombinationofsignature-baseddetection,anomaly-baseddetection,andstatefulprotocolanalysis

techniquestoperformin-depthanalysisoftheavailabledata.

An IDS in the hypervisor or container level is able tomonitor all available network interfaces used by the

executionenvironmentofthesystem.Theproducedlogsarestoredlocallyandfeedadatabase.Inturn,anhttp

servercanrepresentthosedatatoawebinterface.IDSsrequiresignificantresourcesintermsofcomputation

capacityneededtoprocessapacketandtheamountofmemoryneededtostorethesecurityruleset.Awayto

speed-up this inspection process is to take advantage of GPUs. Their low design cost, the highly parallel

computationandthefactthattheyareusuallyunderutilized,especially inhostsusedfor intrusiondetection

purposes,makes them suitable for use as an extra low-cost coprocessor for time-consuming problems, like

patternmatching.TherehavebeenmanyworkstryingtouseGPUcapabilitiesinordertoimprovethecurrent

stateofIDSandIPSsystems[80]–[83].

Encryptionisanothersecuritymechanismwhichisintendedtoprotecttheconfidentialityofdigitaldatastored

oncomputersystemsor transmittedvia the Internetorcomputernetworks.Encryption is theconversionof

electronic data, often referred to as plaintext, into another form, the ciphertext, by applying an encryption

algorithmandselectinganencryptionkey.Encryptionalgorithmsaredividedintotwomaincategories:

i) Symmetricii) Asymmetric

Symmetric-keyciphersusethesamekey,orsecret,forencryptinganddecryptingamessageorfile.Themost

widelyusedsymmetric-keycipherisAES[84],whichwascreatedtoprotectgovernmentclassifiedinformation.

Symmetric-keyencryptionismuchfasterthanasymmetricencryption,butthesendermustexchangethekey

used to encrypt the data with the recipient before he or she can decrypt it. This requirement to securely

distributeandmanagelargenumbersofkeysmeansmostcryptographicprocessesuseasymmetricalgorithm

toefficientlyencryptdata,butuseanasymmetricalgorithmtoexchangethesecretkey.

Ontheotherhand,Asymmetriccryptography,alsoknownaspublic-keycryptography,usestwodifferentbutmathematicallylinkedkeys,onepublicandoneprivate.Thepublickeycanbesharedwitheveryone,whereas

theprivatekeymustbekeptsecret.RSA[85]isthemostwidelyusedasymmetricalgorithm,partlybecauseboth

thepublicandtheprivatekeyscanencryptamessage;theoppositekeyfromtheoneusedtoencryptamessage

isusedtodecryptit.Thisattributeprovidesamethodofassuringnotonlyconfidentiality,butalsotheintegrity,

authenticity and non-reputability of electronic communications and data at rest through the use of digital

signatures.

Anothercrucialsecuritymechanismthatisusedtoprotectagainstpotentialsecuritythreatsisbyperforming

Risk andVulnerabilityAssessments.Vulnerability assessment is theprocessof identifying, quantifying, and

prioritizing(orranking)thevulnerabilities inasystem.Vulnerabilityassessmenthasmanythings incommon

withriskassessment.Assessmentsaretypicallyperformedaccordingtothefollowingsteps:

i) Catalogingassetsandcapabilities(resources)inasystem.

ii) Assigningquantifiablevalue(oratleastrankorder)andimportancetothoseresources

iii) Identifyingthevulnerabilitiesorpotentialthreatstoeachresource


24

iv) Mitigatingoreliminatingthemostseriousvulnerabilitiesforthemostvaluableresources

Althoughdataprivacyanddatasecurityareoftenusedassynonyms,theysharemoreofasymbiotictypeof

relationship.Dataprivacyissuitablydefinedastheappropriateuseofdata.Dataprivacypreservingmechanisms

areinplacetoensurethatthedatashouldbeusedaccordingtotheagreedpurposes.Makingsurealldatais

private and being used properly can be a near-impossible task that involves multiple layers of security.

Fortunately,withtherightpeople,processandtechnology,datasecuritypolicythroughcontinualmonitoring

andvisibilityintoeveryaccesspointcanbesupported.

Privacypreservingmechanismsofferasetofhighlevelruling,whichallowallinterestedstakeholderstodefine

thetypeandscopeofdataprotectionconstraintstopreventdataaccessfromunauthorizedentitiesandrestrict

datamovementbetweenapplicationservices,countriesorgeographic/legalregions(e.g.,theEU),availability

regionsand/ormultiplecloudsitestoadheretonationaland/orEUdatarestrictiondirectives.Suchmechanisms

offer a safety net against data processing of data,which inmany occasions, are processed in unknowingly

remotedatacentersacrossborderswithsecuritybreachesbreakinglegalactcomplianceduetounsecuredata

movementlurkinginthebackground.


25

4 MethodologyFollowedtoDeriveUnicornSystemRequirementsDerivingsystemrequirements isthecornerstoneactivityofanysuccessfulproject. Itplaysakeyroleforthe

successfulscoping,defining,estimatingandmanagingofaprojectrightfromthestart.Successfulrequirements

collectionistypicallyuniqueineveryprojectandcircumstances,butitalsocanleadtomanyadvantages.For

instance, itcanaccommodatebetterresourcemanagement,systemanalysis,design, improvedquality inthe

productdelivered,andminimizetheriskfordelaysandoverruns.Themethodologyselectedandusedforthe

Unicornprojectisanagilemethodology,whichinprincipleisiterativewhilesomeofthebasicprinciplesitrelies

onpromoteunderstandingbetweenthebusiness,technicalandscientificneedsofaprojectbylayingoutclear

expectationsatthebeginningandateachmilestone(softwarerelease)achievedbytheproject[86].Theagile

methodologybuildsonincreasedcommunication,throughouttheprojectanditfairlydeliverstherequirements

earlierthantraditional,waterfallapproachesforsoftwaredevelopment.

Therequirementsare iteratively improvedateachnewmilestoneandarekeptup-to-date in thebacklogto

influenceinparallelseveraloftheactivitiesintheproject(e.g.,development,testing,newtechnologyuptaking).

TheaimistobringtogetherthetechnicalandresearchpartnersoftheUnicornproject,andmakethemaware

from the start of the importantbusiness aspects identifiedby its respected stakeholders. Themethodology

promotes understanding of the partners’ different views, consolidates opinions and defines what Unicorn

should do. This enables collection and elicitation of concrete high-level requirements, promoting

communication,alignment,consensusandactivebusinessuserandcustomerinvolvementtomeetthegoals

andneedsoftheproject.

In the followingparagraphsadescriptionof theagileand taskdrivenmethodology followedby theUnicorn

consortiumisprovided.Thismethodologyaimstoidentifykeystakeholdersfortheproject,derivetheUnicorn

systemrequirementsandstirthepartnerstothetechnologiesdominatingtheinterestsofitsstakeholderssoas

toguidethetechnicalworkthatwillfollowafterdesigningtheUnicornreferencearchitecture(D1.2).Figure10

depictsahigh-levelandabstractoverviewofthemethodologyprocess.

Figure10:High-LevelAbstractMethodologytoDeriveUnicornSystemRequirementsandRelevantKeyTechnologies

The first task of themethodology followed involved clearly describing the key stakeholders of theUnicorn

platform while also providing an updated market positioning of the Unicorn eco-system towards the

continuouslyevolvingcloudmarket.AcomprehensivedescriptionofthistaskisfoundinChapter5.Important

outcomes of this task for the requirements collection process, is a concise description of the platform

stakeholdersandderivingaglossaryofkeytechnologytermsthatareunderstandablebyUnicornstakeholders.


26

ThestakeholdersaretheonestheUnicornproductwillbedevelopedforandwillbeusedbytheiremployees

andmanagement staff, therefore, a common terminology/glossary of the key technologies comprising the

UnicornplatformwasdefinedandagreeduponbyallpartnersandisprovidedinChapter3.Thisterminology

willbeusedasareferenceguideacrossallfuturedeliverablesandinteractionwithUnicornstakeholders.

ThenexttaskinvolvedtrawlingtheICTindustryresearchandtechnologyleaders’websitesforglobalmarket

and technology reports (e.g.,Gartner, IDC),bestpractices from ICTvisionaries,and thebibliography forkey

technologies(e.g.,cloudplatforms,containersolutions)andrequirements(e.g.,cloudcredentialmanagement),

relevanttotheUnicornidentifiedstakeholders.Thisprocessismeanttoactasastartingpointforthemarket

requirementscollectionratherthana listofdetailedtechnologiesandrequirementsrelevanttotheUnicorn

project.Inaddition,itwasconsideredvitaltovalidatethisinitiallistofcollectedrequirementsincollaboration

with the industrial partners andpractitioners inorder to increase the likelihoodof thewidespread industry

adoptionoftheresultsproducedbytheUnicornproject.Asummaryofkeyfindingsandpointsofinterestfrom

theICTindustryreportsrelevanttotheUnicornprojectarelistedinSection4.1thatfollows.

Tothisend,anonlinequestionnaireandinterviewprocesswasdevelopedandtailoredspecificallytoprobethe

EU ICT industry to provide, validate and prioritize fine-grained system functional and non-functional

requirementsrelevanttotheUnicornplatform(note:Allquestionscomprisingthequestionnairecanbefound

inAnnexI).Thisisimportantasinseveralcloudreports(e.g.,Gartner’sMagicQuadrant,Rightscale’sStateof

theCloudreport)therearestatementssuchas“elasticscalingandperformancemonitoringaredrivingcloud

adoption”,however,atthesametime,“elasticityandmonitoring”arealsoconsideredmajorchallengesacross

businessesofalltypeswithouthighlightingwhatthe“elasticityandmonitoring”keymarketfeaturesare,and

what the challenges still in need to be addressed are. In turn, while security is often stated as something

companies highly take into consideration, oftenoffering high standards and guarantees to their customers,

security and data privacy protection are also top on the list for cloud challenges. At this point, one is left

wondering,whichenforcementmechanismsareappliedforsecurityanddataprivacyprotectionandwhichare

stillconsideredaschallenges.Onadifferentlevel,asintroducedinChapter2,whilethetermshybrid-clouds,

multi-cloudsorevenfederated-cloudsareusedinstudiesacrosstheindustryas interchangeableterms,only

whenspecificallyquestioningstakeholders(ataskperformedbyUnicornduringthepersonal interviews)it is

revealedthatorganisationsoftenhaveinmindcompletelydifferentclouddeploymentmodelswhenreferring

theaforementionedterms.

Therefore,theinterviewprocesswasdesignedtostudystatementsandclarifygeneralizationssuchastheones

mentionedabove.Theinterviewprocessisalsobeneficialforidentifyingthekeytechnologiesuptakenbythe

SMEandStartupeco-systeminEurope,aswellastheemergingtechnologiesthatarewithintheirinterestsbut

cannot be successfully integrated into their software stack yet due to different challenges they are facing.

Specifically,theinterviewprocesstargetedobtainingdeeperinsightstomorethanjustkeytechnologyconcepts

dominatingtheinterestsoftheUnicornstakeholders.Forinstance,containerizationissomethingthatisseento

beofinterestforstakeholders.However,aretherecommongo-tosolutionsforthestakeholdersorarethere

anymixturesofsolutionsutilized?ThesequestionsareofinterestfortheprojectandwillhelpshapetheUnicorn

referencearchitectureandbusinessmodelthatwillbedocumentedinD1.2andD6.1respectively.Inparticular,

theinterviewprocesswasheldaftertheonlinequestionnairewascompletedandwasrefinedeachtimetobest

adapttothe intervieweeprofilebasedonthegivenanswerstoobtaingreateranddeeper insights fromthe

interviewees. The intervieweeswere carefully selected by the consortium to span across different industry

domainsrelevanttoUnicornandincluded:(i)4StartupsfromtheCINCUBATORStartupHub;(ii)2SMEmembers


27

fromtheCyberForumdigitalalliance;(iii)the4Unicornpilotsservicingasplatformdemonstrators;and(iv)10

interviewees from EU-based organisations of various size (large enterprises, SMEs, Startups) not affiliated

directlyorindirectlywiththeUnicornproject.Acomprehensivedescriptionofthequestionnaire,theinterview

processandthekeyfindingsderivedfromthisprocess,canbefoundinChapter6.

Atthispoint,itisimportanttomentionthatallintervieweeswereexplicitlynotifiedthattheinformationgiven

bytheintervieweeinthedurationoftheinterviewprocesswillbekeptconfidential,theinterviewee’spersonal

detailswillnotberevealed,andtheprocessingofallanswerswillbeconductedinananonymousmanner,in

compliance with European Union's data privacy laws, solely for the purpose of deriving the technical

requirementsfortheUnicornproject.Forthesereasons,individualintervieweeanswerswillnotberevealedin

thisDeliverable.

Having obtained all completed questionnaires and interviews, the next tasks involved cross-examining,

correlating,analysingandelaboratingontheresultsinorderto:(i)deriveaconcretedescriptionoftheUnicorn

platformtargetaudienceprofilefromtheinitialidentifiedStakeholders(Chapter7);and(ii)maptheobtained

keyfindingstoalistofsystemfunctionalandnon-functionalrequirementsanddefineacomprehensivelistof

userrolesfortheUnicornplatform(Chapter8).Inaddition,thisprocedurehelpedustobetterunderstandthe

goalsandexpectationsoftheusersandprofileofourtargetaudience inamarket liketheonethatUnicorn

wishestoinfiltrate.Thisprocesshasgreatlycontributedtotheprojectasitallowsustohaveamoreconcisepictureofthekeytechnologiestouptake(e.g.,whichcloudplatformsandcontainerizedsolutionsareusedbyourstakeholders)inthespanoftheprojectandderivetheUnicornreferencearchitectureinD1.2.Basedonthedeep insights obtained from the interviews, we managed to define a set of user- and system-perspective

technical requirements that pave the way for the design and development of the Unicorn platform.

Furthermore,wealsoprovideadescriptionofeveryrolethatwewillconsiderthroughouttheprojectandhow

eachroleisconnectedwiththefunctionalrequirementsoftheproject.

Asafinalstep,clearlydefiningsuitablebusinessmetricandprioritizingtheobtainedrequirementsbasedonthe

relevancetotheproject’spilotsandtargetaudienceisrequired,inorderforthelonglistofrequirementsdriven

bytheindustrytoreflecttheparticularneedsemergingfromtheUnicorndemonstratoruse-cases.However,we

note that in order to reduce repetition,D1.1 documents the list of relevant businessmetrics. Requirement

prioritization based on the Unicorn demonstrators, will introduced in D1.2 where each demonstrator is

describedandjustifiedindetail,referringtotheuse-casesrelevantandtheexpectedKPIswhichwillbeachieved

byutilizingtheUnicornplatform.


28

4.1 KeyFindingsfromindustrystudies

Table1:IndustryStudiesandPointsofInterestRelevanttoUnicorn

StudyorReport PointsofInterestandKeyFindings

RightScale2016StateoftheCloudReport[87]

1060respondents

34%Developers

55%ITOperations

61%US,19%EU

• Hybrid-cloudadoptionisdominatingICTindustryinterests(71%-up

from58%in2015)

• Challengesforadoptinghybrid-clouddeploymentmodelincludelack

ofresources/expertiseandmanagingmulti-cloudofferings

• DevOpsgrowthandspecificallycontainersolutionadoptionisonthe

rise.Particularly,Dockerismentionedwhichishighlyadoptedby

enterprises(Dockermarketsharemorethandoubledcomparedto

2015)

• GreatestinterestincontainerizedsolutionsisseeninEuropeantech

companies

RightScale2017StateoftheCloudReport[27]

1002respondents

61%US,20%EU

• Hybrid-cloudadoptionnumbersareevenstrongerin2017(78%)

• Cloudcomputingtopchallengesforadoptersnowinclude(other

thansecurityandmulti-clouddeployments):managingcosts,

monitoringandgovernance,improvingperformanceandcompliance

• Challengesforadoptingcontainerizedsolutionsinclude:lackof

experience,security,maturity,monitoringandresource

orchestration

Gartner2016:MagicQuadrantIaaSCloudSolutions[88]

Gartner2016:MagicQuadrantPaaSCloudSolutionsandContainerizedEnvironments[89]

• Studyreportsnotablecloudprovidingsolutionsincludingmarket

leaders,visionaries,challengersandnicheplayers.

• Distinctionofrecommendedcloudserviceprovidersperbusiness

relatedoperation

• Vendorstrengthsandchallengeswhere,evenforAWS(theonly

notableforitsauto-scalingsolution),elasticscalingfeaturessevere

challengesandgrowthpotentialthatcandriveto-and-away

businessestospecificcloudofferingproviders

• TheIaaScloudmarkethasclearleaders,however,thePaaSand

containermarketsareconsideredbattlefieldsalthoughDocker

seemstobeobtainingaclearadvantageinthecontainersolution

field


29

Veracode2016:SecureDevelopmentSurvey[90]

351respondents

230US,121EU

• Sensitivedataexposureistheprimeconcernforallcompanies

• Securityanddataprivacyprotectionchallengesforcloud

applicationsdevelopedbylargeenterprises,SMEsandStartups

• Mostorganizationswant(butnotalwaysable)toincorporate

securityearlierinthesoftwarelifecycle(requirement,development

phase)ratherafterdevelopmentortestingphase

• ReporthighlightsthatDevOpsisprovidingmoreopportunitiesto

integratesecurityanddataprivacyprotectionmentioningsecurity

methodsenforcedbySMEsandStartupsincludingdynamictesting,

webfirewallsandruntimeapplicationprotectioninproduction.

• Mostsignificantchallenge:runtimesoftwarevulnerabilityand

systemmalwaredetection

VisionMobile2017:Stateofthedevelopernation[91]

21,200+Developers

• Amazonistheleaderpubliccloudprovider,regardlessofthetarget

audienceandcompanysize,followedbyAzurecloudforprivate

clouddeployments

• SMEsusepubliccloudprovidersmorethanlargeenterprises

• Highlightsthepopularprogramminglanguagesandframeworksused

indifferentbusinessdomains(machinelearning,AR/VR,front-end

development,backenddevelopment,etc.)

LightBend2016:Cloud,Container&Micro-services[92]

2151JVMdevelopersaround

theglobe

• Micro-servicesareadoptedby55%ofrespondentDevOpsteams

• DevOpsteamsareembracingmicro-servicesbecauseofincreased

security,improvedresourcemanagementand(elastic)scaling

• Micro-service“laggards”arelargeenterprises

• Toolsneededtoeasemicro-servicedeliveryincludeAPI

management,serviceorchestration,monitoring,andcontinuous

delivery

• PortabilityisconsideredbyDevOpsahugebarriertoovercome

whenbuildingcloudapps

DZone2017:"DevOps:ContinuousDeliveryandAutomation"

497respondents

30%US,45%EU,25%Other

GitLab:2016GlobalDeveloperReport[93]

362StartupandEnterpriseCTOs

• 1outof4SMEshavededicatedDevOpsteamincontrasttothelarge

enterpriseswitha1outof2ratio

• 67%ofDevOpsteamsusingmicro-servicessomehowcomparedto

27%inpreviousyear

• 51%ofDevOpsteamsusecontainerizedsolutionscomparedto25%

inpreviousyear

• PreventingDevOpsteamsfromadoptingacontinuousdelivery

pipelineareconsidered:lackofexperience,unifiedenvironment

toolsformanagementandmonitoring

• Developersusegitforsourcecontrolonadailybasis(92%)while

continuousintegrationisadopted,atsomelevel,by77%of

questionedorganisationsandapplicationmonitoringisconsidered

asveryimportantby67%


30

RebelLabs:2016DevelopmentandProductivityReportandJavaLandscape[94]

2040respondents

RebelLabs:2017ProgrammingtheWebReport[95]

2000Respondents

StackOverflow:2016DeveloperReport[96]56003developers

StackOverflow:2017DeveloperReport[97]64000developers

• TheEclipseIDEisthemostpopularIDEamongdevelopersforover5

yearsnowandisusedexclusivelyby48%ofquestioneddevelopers,

withthepercentagegrowingto55%whenusedwithotherIDEs

(IntelliJIDEA,NetBeans,SpringToolSuite)

• ThereisashiftamongdevelopersfromdesktopIDEstocloudIDEs

withthemostnotablecloudIDEsbeingEclipseChe,SAPHanaand

Cloud9

• Micro-serviceadoptionisparticularlyhighforsmallbusinesseswhile

largeenterprisesaremorehesitant

• 68%ofmicro-serviceadoptersclaimthatmicro-servicesmake

developer’sjobeasier

• Reportdenotesthemostpopularprogramminglanguagesper

businessoperationdomain

• Annotationprogrammingparadigmisdominatinginterestsofjava

andpythondevelopersparticularlyduetothepopularityofSpring

andDjangoframeworkswhichprovidedataabstractions

• RebelLabs2017istheonlyreportdenotingthego-toframeworksfor

micro-servicedevelopmentinjava(Spring,Play)


31

5 UnicornStakeholderIdentificationandMarketPositioningThis chapterprovidesa comprehensivedescriptionof theUnicornPlatformStakeholdersandanup todate

MarketPositioningAnalysis.

5.1 TheStakeholdersfortheUnicornPlatformSmallandmediumenterprises(SME)playaveryimportantroleinEuropeaneconomy.Statisticsshowthatat

present,SMEs(includingstart-ups)amountto99%oftheorganisations,provide60%ofthetotalproduction

value and about 40% of the profit [98]. Moreover, SMEs offer 75% of the jobs. SME contributions to the

innovation system include not only R&D based new products and services, but also improved designs and

processesandtheadoptionofnewtechnologies.

Butatthesametime,theprocessofsupportingofEuropeanSMEslagsbehindduetomarketandeconomic

factors,suchasintensemarketcompetition,demandatrophy,resourcecosts,hightaxesandlowinvestment.

StrategiestoenhancethecompetitivenessofinnovativeICTSMEsshouldtakeintoaccountthat:

• New information and communication technologies facilitate global reach and help reduce the

disadvantageofscaleeconomieswhichsmallfirmsfaceinallaspectsofbusiness.

• Flexible specialisation has proven to be a particularly successful model of industrial organisation:

throughcloseco-operationwithotherfirmsSMEscantakeadvantageofknowledgeexternalitiesand

rapidlyrespondtomarketchanges.

• Usage of cloud development environments lowers the need for administration skills and frees the

companytoconcentrateontheircorebusiness.Whiletoday’sinstallationsareoftenlocal,itisonlya

matteroftimebeforedevelopmentenvironmentsaremigratedtoCloudplatforms.

• Cloud provides a perfect relationship between user demand and price – it is elastic. Fees increase

incrementallyasusersusemorefunctionalities.

Atthesametime,currentcloudenvironmentshavesignificantweaknessesandthereforeincreasethecritical

viewoncloudtransition.BasedonasurveyoftheGermanITassociation,mainbarriersforclouddevelopment

areoutlinedasfollows:

• Complex and costly development process: Developing new SaaS solutions or redeveloping existing

solutionsforthecloudonexistingPaaSisacomplexandverycostlyprojectmakingitoftenprohibitive

especiallyforSMEs.

• Highdependencyoncloudinfrastructureprovider:Thefearofaso-calledvendorlock-inisoneofthe

majorbarrierstocloudserviceadoption.Customerscannoteasilymovetoacompetitor’sservice.

• Security Concerns: Deploying confidential information and critical IT resources in the cloud raises

concernsaboutvulnerability toattack,especiallybecauseof theanonymous,multi-tenantnatureof

cloudcomputing.

• DataPrivacy:Regulationofdataprivacypresentstheadditionalthreatofsignificantlegalandfinancial

consequencesifdataconfidentialityisbreached,orifcloudprovidersinadvertentlymoveregulateddata

acrossnationalorEuropeanborders.ACSOOnlinesurvey[99]foundthatthetopfivesecurityorprivacy

related concerns for cloud were all related to ubiquitous data access, regulatory compliance and

managingaccesstothedataandtheapplications.


32

Unicorn’sscopelieswithinthecoreofstrengtheninginnovationcapacityanddevelopinginnovationsthatmeet

theneedsofEuropeanICTSMEsandstartups.Theprojectaspirestobringtogetherallstakeholdersinvolvedin

thevaluechainofdevelopingCloudsoftwareservices,and,activelyinvolveexternalSMEsandstartupsthrough

validation subcontracts. The project aims in delivering a set of innovative concepts, tools and services, for

making the European ICT and software engineering SMEsmore competitive, increasing their scientific and

technologicalpotential.

Unicorn specific target audience comprises IT serviceproviders,who, according to theDigital SMEAlliance,

countover750,000SMEsinEurope.TheseSMEsareeagerinincreasingtheirmarketshareofthehugeCloud

Computingmarket,worthover$131billion,asNorthAmericatakeshomemorethanhalfoftheglobalrevenues.

Wearetargetingthefollowingthreeaudiencecategories:

• SmallandmediumsizedIndependentSoftwareVendors(ISVs):whocurrentlyofferonpremisebusiness

applicationsbut,inthefuture,wanttooffertheseapplicationsinthecloud“asaservice”.

• Startups: who intend to deploy their own, new services, without the know-how in developing and

deployingsecureandelasticapplications.

• SMEsalreadyofferingtheirservicesascloudsolutions:Unicornfeatureswillallowthemtoconcentrate

oncorefunctionalityandre-useparticularknowledge,insteadofspendingeffortsforscaling,monitoring

andsecurityissues.

Concluding,UnicornwillcontributetoallthreeEUDigitalSingleMarket(DSM)pillars,namelytothe“Access”

pillar by lowering the barrier for SME’s to develop advance cloud services, to the “Environment” pillar by

supporting the creation of a trusted cloud environment for European SMEs and finally to the “Economy&

Society”pillarbyofferingasolutionthatwillimproveinteroperability,willcontributetostandardsandallowICT

SMEstoconcentrateontheircorecompetenciesandgrow.

5.2 MarketpositioningOverthepastyears,theworldwidecloudmarkethasevolvedandisexpectedtoenteraperiodofstabilisation

withprojectionsofgrowthof18%in2017tototal$246.8billion,upfrom$209.2billionin2016,accordingto

Gartner[100].Thehighestgrowthwillcomefromcloudsysteminfrastructureservices(IaaS),whichisprojected

togrow36.8%in2017toreach$34.6billion,eveniftheIaaScloudmarkethasclearleadersinAWSandMicrosoft

assuggestedbytheGartner’smagicquadrantforCloudInfrastructureasaServiceworldwidein2016[101].

TheCloudApplicationInfrastructureServices(PaaS)arealsoexpectedtoincreasefrom$8,851millionin2017

to$14,798millionby2020whileCloudManagementandSecurityServicesfollowasimilargrowthrate,from

$8,768millionto$14,004million,respectively[102].AccordingtoKPMG,Platform-as-a-Service(PaaS)adoption

ispredictedtobethefastest-growingsectorofcloudplatforms,growingfrom32%in2017to56%adoptionin

2020[103].Theapplicationcontainersegmentalsoreachedarobust$762million in2016and is forecastto

growata40%compoundrateoverthenextfouryearsto$2.7billion[104],suggestinganimpressiveadoption

growthforatechnologythatwasonlyrecentlybroughttothemarket.

Inparallel,DevOpsisaleadingsoftwareengineeringtrend,representingtheshiftfromtraditionalphased,large-

scale delivery models to an agile, continuous continuous delivery mind-set, enabled by better integrating

developmentandoperationsteamswithinITandemployingmoreautomatedprocesses.TheDevOpsandMicro-

serviceeco-systemmarketisbroadlyexpectedtogrowgloballyatarobustCAGR16%between2017and2022,


33

reaching $10 billion by 2021 [105]. In practice, though, coding and deploying reliable, loosely coupled,production-gradeapplicationsbasedonmicro-servicesremainschallengingandevenfrustratingforsoftwareteams who need to account for service discovery, load balancing, fault tolerance, end-to-end monitoring,dynamicroutingforfeatureexperimentation,complianceandsecurity.

Today,anumberofindustrialplayershavehitthemarketwithclouddevelopersolutionsregardingContainers,

UnikernelsandMicro-services(orDevOpsinabroadersense)asdepictedinthefollowingfigure.

Figure11:UnicornMarketPositioning

Inbrief,fromthecontainerstechnologyperspective,theopensourceDockerispracticallyleadingthemarket

and isoftencharacterizedasan“almost”de factocontainerstandard (alsoevident inour interviewprocess

results)thathasgainedmostpublictractionduetoitssimplicityandflexibilityinallowingdeveloperstowrap

theirsoftwareinacontainerthatprovidesacompletelypredictableruntimeenvironment.Otherexamplesfor

container technologies are: CoreOS’ rkt (Rocket) or Cloud Foundry’s Garden / Warden. A recent survey

conductedbyCloudFoundry[106]thoughlistedsignificantcontainerchallengeslikecontainermanagement,

monitoringandpersistencestoragethatmayhinderfurthermarketpenetrationwhilecontainerpersistenceis

in fact acknowledged as a barrier in advancing to stateful containers that are appropriate for production

environments.


34

Fromtheunikernelperspective,althoughtheconceptisquiteold(since1980’s),anumberofecosystemprojects

supportingthedevelopmentanduseofunikernelshaveemergedinthecloudcomputingageallowingforthe

creationofminimal,bespokeunikerneloperatingsystemsinmanydifferentwaysformanydifferentapplications

onmany different hardware platforms. Some systems (like Rumprun) are language-agnostic, and provide a

platformforanyapplicationcodebasedontherequests itmakesof theoperatingsystemwhileothers (like

MirageOS andHaLVM) leveragehigh-level languages and a runtime to provide anAPI for operating system

functionality. OSv and the Xen hypervisor have gained significant attention yet they also impose certain

limitationstoapplicationsaspiringforaunikernelcompilation(e.g.nomultipleprocessesonasinglemachine,

work as single user, need for provision for internal diagnostics when it comes to debugging). Overall, the

unikernelmarketremains inaratherembryoticstatus (this isalsoconfirmedbyour interviewprocess)with

mostsolutionsstillundergoingtheirexperimentalphases.However,theneedforunikernelandlibrary-based

operatingsystems isclearlydepicted in thechallenges thatusers face in thecurrentcontainerenvironment

landscape(alsoconfirmedbyourinterviewprocess).

Withregardtomicro-services,althoughthediscussionaboutmicro-servicesarchitecturesstartedin2014,the

actual widespread implementation was initiated by Netflix which open sourced plenty of frameworks for

implementingmicro-services[107].Infact,theriseofcontainersandthebroaderacceptanceofwebprotocols,

suchasHTTP, JSONandREST,has resulted inbringingbackserviceorientation tocontemporaryapplication

development and is driving the micro-services momentum. In May 2017, two significant industry-driven

initiativesonthemicro-servicesandDevOpsworldwereannounced:Istio,anopentechnologybyGoogle,IBM

andLyfttostreamlinethemanagementandsecurityofmicro-servicesthroughanintegratedservicemesh,and

OpenShift.io, a free, online development environment by Red Hat optimized for creating cloud-native,

container-basedapplications andautomating theentire applicationpipelineenabling companies tobecome

moreDevOpsdrivenandagile.Inthiscontext,itneedstobenotedthattheroleoforchestrators,aswellasof

continuous integration / continuous delivery solutions, is also instrumental for effective micro-services

managementanddeployment.Kubernetes,anopen-sourceplatformforautomatingdeployment,scaling,and

operations of application containers across clusters of hosts, providing a container-centric infrastructure, is

acknowledgedasa leader incontainerorchestrationandmanagement, followedbyotherplatformssuchas

DockerDatacenter,ApacheMesos,andCloudFoundry,thatalsorunandorchestratemicro-services.

In more detail, in the following tables, 9 developer platforms (namely Docker, IncludeOS, Istio, linkerd,

MirageOS,OpenShift.io,OSv,Rumprun,Rkt)havebeenselected,takingintoaccounttheirrelevancetoUnicorn

and thedegree towhich their features represent theircategory,andhavebeen furtheranalysed.Note: the

informationprovidedinthetablesisbasedontheofficialdocumentationprovidedineachplatform’swebsite

andGitHubatthetimeperiodwhenthisdeliverablewaswritten(May2017).


35

Table2:MarketPlayersAnalysis–BriefOverview

Platform Category ShortDescription SupportedLanguages SupportedPlatforms

Docker[108] Containers Dockerisacontainerplatform,packaginganapplicationandits

dependencies inavirtualcontainer inordertoenableflexibility

andportabilityonwhere theapplicationcan run, tobuildagile

software delivery pipelines (allowing for shipping new features

faster andmore securely) and to manage apps side-by-side in

isolatedcontainerstogetbettercomputedensity.

All Ubuntu, Debian, Red Hat

EnterpriseLinux,CentOS,Fedora,

Oracle Linux, SUSE Linux

Enterprise Server, Microsoft

Windows Server 2016, Microsoft

Windows 10, macOS, Microsoft

Azure,AmazonWebServices

IncludeOS[109] Unikernels IncludeOS isan includable,minimalunikerneloperating system

for C++ services running in the cloud, providing a bootloader,

standardlibrariesandthebuild-anddeploymentsystemonwhich

torunservices.

C++ Linux, Microsoft Windows and

AppleOSX

Istio[110] DevOps –

Microservices

Istio is an open platform to connect, manage, and secure

microservices, providing an easy way to create a network of

deployed services with load balancing, service-to-service

authentication,andmonitoring,withoutrequiringanychangesin

servicecode.

Allforappdevelopment Platform-independentbutservice

deployment only on Kubernetes

(v1.5orgreater)atthemoment-

other environments will be

supportedinfutureversions.

Linkerd[111] DevOps –

Microservices

Linkerd is a transparent proxy that adds service discovery,

routing, failure handling, and visibility to modern software

applications.

All All

MirageOS Unikernels MirageOSisalibraryoperatingsystemthatconstructsunikernels

for secure, high-performance network applications across a

varietyofcloudcomputingandmobileplatforms.

Base unikernel language:

OCaml

x86_64 or armel Linux host to

compileXenkernel.

FreeBSD,OpenBSDorMacOSXfor

theuserlevelversion.

OpenShift.io[112] DevOps -

Microservices

OpenShift.io is a Kubernetes-based container management

platform that provides developerswith the tools they need to

build cloud-native, container-based apps, including team

collaboration services, agile planning, developer workspace

management,anIDEforcodingandtesting,aswellasmonitoring

andcontinuousintegrationanddeliveryservices.

All Linux


36

Platform Category ShortDescription SupportedLanguages SupportedPlatforms

OSv Unikernels OSvisanewopen-sourceoperatingsystemforvirtual-machines

fromCloudiusSystems.OSvwasdesignedfromthegroundupto

executea singleapplicationon topofahypervisor, resulting in

superiorperformanceandeffortlessmanagement.

JVM languages (Java,

JRuby, Scala, Groovy,

Clojure,JavaScript),Ruby

Built on 64-bit x86 Linux

distribution

Rumprun[113] Unikernels Rumprun is a production-ready unikernel that uses the drivers

offered by rump kernels, adds a libc and an application

environmentontop,andprovidesatoolchainwithwhichtobuild

existingPOSIX-yapplicationsasRumprununikernels.

C, C++, Erlang, Go, Java,

Javascript (node.js),

Python,RubyandRust.

hw/x86+x64andXen/x86+x64

Rkt[114] Containers CoreOS’ rkt is CLI for running application containers on Linux,

designedtobesecure,composable,andstandards-based.

Allforappdevelopment-

Command line

environment for

container construction

(nocustomDSL)

Linux


37

Table3:MarketPlayersAnalysis–DevOpsSupportandHighlightFeatures

Platform

Development

Continuous,Integration

andTesting

Continuous

Deployment&

Packaging

Orchestration,

Management&

Monitoring

SecurityScalability&Elasticity

ControlAdd-ons

Docker Completedeveloper

toolkitforcreating

containerizedapps

(build,testandrun

multi-containerapps).

DockerComposefor

development,testing,

andstaging

environments,aswellas

CIworkflows.

DeployinDockerCloud,

AWS,Azure,Digital

Ocean,Packet,

SoftLayer.

Universalpackaging,

portabilitytoany

machinerunning

Docker.

DockerComposefor

orchestration–also

runningKubernetes,

Mesos,AmazonECS,

GoogleContainer

Engine.

DockerMachinefor

provisioningand

managingyour

Dockerizedhosts.

Securebydefault:

MutualTLS,certificate

rotation,imagesigning

andcontainerisolation

DockerSwarm:manual

scalingandbuilt-in

swarmclustering.

Softwaredefined

networkingconnects

containerstogether,

intelligentlyroutesand

loadbalancestraffic.

DockerStore

distributingfreeand

paidimagesfrom

variouspublishers.

AnumberofDocker

certifiedplugins.

IncludeOS Notaddressed. KVM,VirtualBoxand

VMWaresupportwith

fullvirtualization,using

x86hardware

virtualization-Runon

anyx86hardware

platform.

Notaddressed. Increasedsecurityby

defaultinunikernels.

Notsupported. -

Istio Conversionofdisparate

microservicesintoan

integratedservice

mesh.

Dynamicrequest

routingforA/Btesting.

Deploymentof

microserviceswithout

worryingaboutservice

discovery.

Provisionforcanary

deployments.

Fine-grainedcontrolof

trafficbehaviourwith

richroutingrules,fault

tolerance,andfault

injection.

Policychangesaremade

byconfiguringthe

mesh.

Extendedversionofthe

Envoyproxytomediate

allinboundand

outboundtrafficforall

servicesintheservice

mesh.Automaticzone-

awareloadbalancing

andfailoverfor

HTTP/1.1,HTTP/2,

gRPC,andTCPtraffic.

Trafficencryption,

service-to-service

authenticationand

strongidentity

assertionsbetween

servicesinacluster

basedonpolicies.

Vulnerabilitychecksofa

networkanddetection

ofunusualpatterns

(causedbymalwareand

bots).

Apluggablepolicylayer

andconfigurationAPI

supportingaccess

controls,ratelimitsand

quotas.

-


38

Platform

Development


andTesting

Continuous

Deployment&

Packaging

Orchestration,

Management&

Monitoring


ControlAdd-ons

Mixerforenforcing

accesscontroland

usagepoliciesacross

theservicemeshand

collectingtelemetry

datafromtheEnvoy

proxyandother

services.

Fleet-wideVisibility:

Automaticmetrics,logs

andtracesforalltraffic

withinacluster,

includingclusteringress

andegress.

Keyandcertificate

distributioninIstioAuth

isbasedonKubernetes

secrets.

Nosupportfor

authorizationatthe

moment.

linkerd Notapplicable. linkerdrunsasa

separatestandalone

proxy:Applications

typicallyuselinkerdby

runninginstancesin

knownlocations,and

proxyingcallsthrough

theseinstances—i.e.,

ratherthanconnecting

todestinationsdirectly,

servicesconnecttotheir

correspondinglinkerd

instances,andtreat

theseinstancesasif

theywerethe

destinationservices.

Aconsistent,uniform

layerofinstrumentation

andcontrolacross

services:linkerdapplies

routingrules,

communicateswith

existingservice

discoverymechanisms,

balancesrequesttraffic

usingreal-time

performance,reducing

taillatenciesacrossthe

application,and

providesdynamic,

scoped,logicalrouting

rules,enablingblue-

greendeployments,

Notapplicable. Handlestensof

thousandsofrequests

persecondperinstance

withminimallatency

overhead.Scales

horizontallywithease.

-


39

Platform

Development


andTesting

Continuous

Deployment&

Packaging

Orchestration,

Management&

Monitoring


ControlAdd-ons

staging,canarying,

failover.

MirageOS Solo5isthe"baselayer"

torunanddebug

MirageOSunikernels.

Allsourcecode

dependenciesofthe

inputapplicationare

explicitlytracked,

includingallthelibraries

requiredtoimplement

kernelfunctionality.

RunsunderXenand

KVMhypervisors,and

lightweighthypervisors

likeBSD'sbhyve.

DeployinAmazonEC2

andGoogleCompute

Engine.

Potentialtospecifya

versionorrangeof

versionsforapackage

dependency.

Supportforlogging

only.

Increasedsecurityby


Seamlessscalingofdata

structuresthrough

Irmin,alibraryfor

designingGit-like

distributeddatabases,

withbuilt-inbranching,

snapshoting,reverting

andauditing

capabilities.

RresultisanOCaml

moduleforhandling

computationresultsand

errorsinanexplicitand

declarativemanner

withoutresortingto

exceptions

OpenShift.io Anonlinedevelopment

environmentfor

planninganddeveloping

hybridcloudservices

withprioritizable

backlogsandkanban

boardsaswellas

coding,editing,and

debuggingtoolsbuilton

EclipseChe.

Integratedand

automatedCI/CD

pipelines.

Automaticallycreate

containerized

development

environmentswiththe

workspacemanagement

capabilitiesofEclipse

Che,andusing

OpenShiftOnline,a

managed,multi-tenant

offeringofRedHat

OpenShift.

Integrationofthe

JenkinsPipelineplugins

toallowingdevelopers

toassembletheirbuild

pipeline.Pipeline

definitionsarewritten

usingaGroovyDSL.

OpenShift.ioAnalytics

appliesmachine

learningalgorithms

basedontheusage

patternofcomponents.

Thedataisgathered

fromvariouspublicdata

sourcessuchasGithub,

MavenandNPMalong

withourowninternal

OpenShiftdata.

Detectionofvulnerable

packages(indirectly

throughanalytics).

ContainerHealthIndex

thatinspectsandgrades

allofRedHat’sown

containerproducts,as

wellasthosefromits

ISVpartners,toensure

theyaresecureand

stable.

Notaddressed RedHatOpenShift

ApplicationRuntimes,

pre-builtcontainerized

runtimefoundationsfor

microservicesthat

includesupportfor

Node.js,EclipseVert.x,

WildFlySwarmand

others.


40

Platform

Development


andTesting

Continuous

Deployment&

Packaging

Orchestration,

Management&

Monitoring


ControlAdd-ons

Automaticallycreate

Linuxcontainerbased

environmentswithout

theneedtoinstall

anythinglocallyordeal

withdockercommands

andKubernetes

configuration(orYAML)

files.

OSv Rapidlybuildingand

runninganapplication

onOSvthrough

Capstan.

Runsunderhupervisors:

KVMandXen(fully),

VirtualBoxandVMWare

(experimental).Deploy

inAmazonEC2(fully

functional),Google

ComputeEngine

(experimental).

Packagingandrunning

anapplicationonOSv

throughCapstan.

OSvRESTAPItosimplify

management.

In-browserdashboard

providingliveupdates

andincludingOSbasics

suchasmemoryusage

andCPUload,

Tracepointsforall

systemandapplication

functionality,JMX

endpoints(usingthe

JolokiaJMX-over-REST

connector),

Application-specific

metrics,whichcanbe

addedbythe

applicationdeveloper

Increasedsecurityby


Cloud-initmechanism

providingper-instance

configuration

parameterstoanOSv

VMatboottime.

-

Rumprun Rumprundoesnotbuild

atoolchain,butcreates

wrappersarounda

toolchainthedeveloper

supplies.

Runsunderhypervisors

(KVMandXen),andon

baremetal.Rumprun

canbeusedwithor

withoutaPOSIX'y

interface.

Verylimitedmonitoring

throughremotesyslog.

Increasedsecurityby


N.A. -


41

Platform

Development


andTesting

Continuous

Deployment&

Packaging

Orchestration,

Management&

Monitoring


ControlAdd-ons

Rumpkernels

essentiallyprovidea

driverkitproviding

easy-to-integrate

drivers,withthesetof

driversvaryingper

driverkitandusingthe

NetBSDanykernel

architecturetoprovide

unmodifiedNetBSD

kerneldrivers.

Rkt Acommandlineutility,

acbuild,tobuildand

modifycontainer

images,intendedto

provideanimagebuild

workflowindependent

ofspecificformats

(currentlyitsupports

ACI,OCI).

Applydifferent

configurations(like

isolationparameters)at

bothpod-levelandat

themoregranularper-

applicationlevel.

Supportfortwokindsof

pod(coreexecutionunit

ofrkt)runtime

environments:an

immutablepodruntime

environment,anda

new,experimental

mutablepodruntime

environment.

Clusterorchestration

andmanagement

throughcontainer

orchestrationengine

Fleet(anopen-source

clusterscheduler

designedtotreata

groupofmachinesas

thoughtheysharedan

initsystem),tobe

replacedbyKubernetes

inJanuary2018.

rktisdevelopedwitha

principleof"secure-by-

default",andincludesa

numberofimportant

securityfeatureslike

supportforSELinux,

TPMmeasurement,and

runningappcontainers

inhardware-isolated

VMs.

Notaddressed. -


42

Table4:MarketPlayersAnalysis–Perspectives

Platform Performance Integrationwith3rd

partyservices

CommunityAdoption Maturity Pricingmodel

Comments

Docker High [115], [116] (with

Czipri noting that in

certain experiments,

Docker spent a lot less

CPU time being nearly

equivalent with bare-

metal)

Extensible through

open APIs, plugins

anddrivers

High – 40% market share

growth from March 2016

until March 2017 [Source:

Datadog]

Medium Docker Community

Edition:Free

Docker Enterprise

Edition: from $750

pernodeperyear

Significant learning curve.

Differences on how it runs on

differenthostmachines.

Complete and explanatory

documentation.

IncludeOS High (Extremely small

disk- and memory

footprint,Veryfastboot

time: <0.3 seconds

according to

benchmarks[117])

N.A. Low(41contributorsand187

forksinGitHubrepositoryas

of May 29th, 2017) [Source:

GitHub]

Low - v0.8 released

inJune2016

Open source under

Apache2.0licence

Adequatedocumentation

Istio Not officially assessed

yet – Beta version

planned to track

performance testing,

benchmark/comparison,

performance regression

[118]

Extending Envoy

proxyfromLyft

Kubernetes

Calico-ongoing

Medium - Support of key

industry players & strong

community interest (22

contributors and 147 forks

on GitHub repository as of

June 14th, 2017) [Source:

GitHub]

Low – v0.10

released in May

2017

Open source under

Apache2.0licence

Explanatory introduction and

documentation

linkerd Medium[119] Docker-compose,

DC/OS, Mesos,

Kubernetes

Low(43contributorsand198

forksonGitHubrepositoryas

of June 14th, 2017) [Source:

GitHub]

Medium – v1.1.0

released in June

2017

Open source under

Apache2.0licence

Complete and explanatory

documentation.

MirageOS High[120],[121] ModularOS

libraries,whichcan

beswitchedwhen

needed.


forks on mirage/mirage

GitHubrepositoryasofMay

29th,2017)[Source:GitHub]

Medium – v3.0

releasedinFebruary

2017

Open source under

ISC License (with

some exceptions

released under

LGPLv2)

Adequatedocumentation.


43


partyservices


Comments

OpenShift.io Not officially assessed

yet

fabric8, Jenkins,

Eclipse Che,

OpenJDK, PCP,

WildFly Swarm,

Eclipse Vert.x,

Spring Boot,

OpenShift

Kubernetes


forksonGitHubrepositoryas

of June 14th, 2017) [Source:

GitHub]

Low – announced

andlaunchedinMay

2017, developer

preview available

uponrequest

Open source (exact

license not

announcedyet)

Minimal documentation at the

moment.

OSv High (A typical Capstan

image is only 12-20MB

larger than the

application,andadds~3

seconds to the build

time, according to the

official website and

third-party evaluations

conducted)

Jolokia JMX-via-

JSON-REST

connector,

NewRelic


forks on GitHub as of May


Low – currently on

betaversion

Open source,

distributed under

the 3-clause BSD

license

-

Rumprun High[122] Workinprogress.

TravisCI integration

fornewreleases.


forks on

rumpkernel/rumprun



Low – still on

experimentalphase

Open source,

distributed under a

2-clauseBSDlicense

-


44


partyservices


Comments

Rkt Medium (especially

when it comes to

containerstartuptimein

comparison to Docker

[123])

init systems (like

systemd,upstart).

Kubernetes (via

“rktnetes”),Nomad,

Mesos, Mulled,

Quay.io, SELinux,

cAdvisor.

Support for

swappable

executionengines.

Natively run Docker

images.

Medium (185 contributors

and 699 forks on rkt/rkt



Medium Open source under

Apache2.0license

-


45

InalargelyuncharteredandrapidlyevolvingcloudlandscapeconsistingofDevOps,ContainersandUnikernels,UnicornispositionedasanovelDevOpsasaServicewithauniquevaluepropositioninsimplifyingthedesign,deploymentandmanagementofsecureandelasticbydesign,multi-cloudapplicationsadheringtothemicro-service architectural paradigm. In contrast to the existing platforms (that were analysed in the previousparagraphsandtypicallyofferrathertargetedsolutions),UnicornwilladdressdifferentDevOpsphases,rangingfrom Development, Continuous Integration & Testing, and Continuous Deployment & Packaging, toOrchestration,Management&Monitoringinasolidandconsistentmanner.Fromthetechnologywatchandmarketanalysisinitiallyconducted(andthatwillbeongoingthroughouttheproject’simplementation),IstioandOpenShift.ioaretheplatformsthataredirectlyrelatedtoUnicornyet,takingintoaccountthattheywereonlyveryrecentlyannounced,theysignifythatUnicornisattunedtotheactualstakeholders’needsintherapidlygrowingcloudDevOpsmarket.

Inparticular,inrespecttomicro-services,UnicornwillfacilitatetheDevOpsteamsandSoftwareProgrammerswithinICTSMEsandStartups(thatrepresentthecoretargetaudienceofUnicorn)inadoptingthemicro-servicearchitecturalparadigmbyprovidingaunifiedwebIDEfordevelopment,deploymentandmanagementofcloudapplications.Goingbeyondtheofferingsoftheexistingplatforms,Unicornputsparticularemphasisonsecurity,scalabilityandelasticitycontrolenabledthroughpolicyandconstraintdefinition,aswellasthroughcontinuousriskandvulnerabilityassessment,andcomplementsitssolutionwithadvancedorchestrationandmonitoringcapabilities.Asfarasthecontainerandunikerneltechnologiesforcloudapplicationpackaginganddeploymentareconcerned,Unicornwillpursue,inordertofacilitateadoption,tosupportpopularcontainerizedexecutionenvironments(e.g.,Docker)andtoorchestratecontainerexecutionenvironmentsontopoflibrary-basedandunikernel-likeoperatingsystems(e.g.,CoreOS)thatwillbeabletohostcomplexandresourceintensivecloudapplicationsinaminimal,yetpersistent,mannerfortheDevOpsteam,basedonthecontinuouseffortsoftheprojecttoprobetheEUICTindustryforthetechnologiestrulydominatingtheirinterestsandneeds.


46

6 RequirementAnalysisSchemeThisChapterdocumentsthekeyfindingsoftheanalysisperformedontheresultsofthedisseminatedonlinesurveyandthepersonalinterviews.

6.1 IntervieweeProfileAltogether20organisationsoperatinginmultipleanddifferentfieldsparticipatedintheinterviewprocessandarelistedinTable5.TheseorganisationsareprimarilybasedintheEuropeanUnionwiththelargerorganisations(e.g., SAP, HP) also spanning their business operations across the globe. Figure 13 depicts the number ofemployeesworkingintheITdepartmentofeachorganisation.Fromthisfigure,weobservethatmostoftheorganisationsinterviewedidentifythemselvesasStartups/SMEsandhavelessthan25employees(65%)intheirITdepartment,while15%haveanumberofemployeesbetween26and50. Inturn,15%oftheinterviewedorganisations identify themselves as large organisations and feature more than 101 employees in their ITdepartment.InordernottolimitthetargetaudienceofUnicorn,theorganisationsinterviewedwerecarefullyselectedsoastooperateinmultipleanddifferentbusinessdomainsandgeographicregions,asshowninTable5andFigure12.

Table5:OrganisationsParticipatedinInterviewProcess

Organisation OrganisationType IntervieweeRole

Country

CASA.G. Pilot Management GermanyCocoon NotRelatedtoUnicorn CTO CyprusCRUKInstitute NotRelatedtoUnicorn ChiefArchitect UnitedKingdomCYTA NotRelatedtoUnicorn System/NetAdmin CyprusFxPro NotRelatedtoUnicorn CTO United Kingdom (operates

globally)EduportalGR NotRelatedtoUnicorn ChiefArchitect GreeceHopu CINCUBATOR CTO SpainHP-Cloud NotRelatedtoUnicorn Programmer US(operatesglobally)Ideas2Life NotRelatedtoUnicorn CTO CyprusLockUp CINCUBATOR CTO SpainNubedianA.G. CyberForum DevOpsEngineer GermanyPointRF NotRelatedtoUnicorn ChiefArchitect Israel(operatesglobally)Proasistech CINCUBATOR Management SpainRedikod Pilot Programmer Sweden/ScandinaviaSAPInnovation NotRelatedtoUnicorn Programmer Germany(operatesglobally)Suite5 Pilot CTO UnitedKingdomSwiftflats CINCUBATOR Programmer SpainTursofthealth NotRelatedtoUnicorn ChiefArchitect Turkey/GreeceUbitech Pilot Programmer GreeceYellowmapA.G. CyberForum DevOpsEngineer Germany/Austria/Switzerland


47

Figure12:OrganisationOperatingBusinessDomainsasIdentifiedbyInterviewees

6.2 UnicornSurveyandInterviewStudyKeyFindingsThefollowingsubsectionsdocumentthekeyfindingsoftheUnicornsurveyandinterviewstudy.

Figure13:NumberofEmployeesinITdepartment

6.2.1 UnclearDistinctionBetweenSoftwareProgrammerandDevOpsEngineerinStartupsFromtheinterviewprocess,itwasrevealedthatthereisanuncleardistinctioninthesilverliningbetweentherole(s)ofaSoftwareProgrammerandDevOpsengineer,especiallyfororganisationsidentifyingthemselvesasStartupswithlessthan25employees.Inparticular,programmersare(usually)tightlyinvolvedinthesoftwaredeliverycycle,uptaking,managementtaskssuchasdesigningsecurityenforcementandmonitoringpolicies,and (virtual) infrastructure provisioning and configuration. When asked, programmers identified security

enforcementandelasticresourcescalingasthemainchallengestheyfaceduetolackofexperienceandtimeto

learnrelatedtechnologiesandmethodologies.ThesefindingsconfirmthedeveloperproductivityreportsfromDZone(2017)andRebelLabs(2016).

Telecommunications,Mobile/WebDevelopment


48

Figure14:IntervieweeRoleinOrganisation

6.2.2 ProgrammingFrameworksareIncreasingAnnotation-BasedProgrammingParadigmAdoptionThe majority (80%) of the interview respondents mention that they have adopted annotation-basedprogramming of some sort.When asked during the interview process, interviewees denote that other thangeneratingsourcecodedocumentation,codeannotationsarewidelyusedforsourcecodeprojectconfiguration,

data and APImodelling, logging,monitoring and testing. In particular, annotations aremostly used by theprogrammersoforganisations thathaveadoptedpopularprogramming frameworks, suchasSpring for Java(55%), Node.js for Javascript (25%) and Django for Python (25%). The popularity of the Spring frameworkconfirmstheRebelLabs(2017)developmentreport,whichemphasisesonmicro-serviceframeworkadoptionforjava.

Figure15:UsageofAnnotation-basedProgrammingParadigmbyInterviewees


49

Figure16:PopularProgrammingFrameworksUsedbyInterviewees

6.2.3 CollaborationToolsarenowIndustryStandardPracticeswhileContinuousIntegrationandDeliveryToolAdoptionisFacingSeriousChallenges

Almost all interview respondents (95%)mention that the employees of their organisation use at least onecollaboration tool. In particular, all positive respondentsmention that a collaboration tool for source codeversioncontrol isalwaysused(mainlygit),whilemorethan70%ofsoftwaredevelopmentteamsalsouseatleastonecollaborativetoolforcommunication(e.g.,Slack,Skype)andtaskmanagement(e.g.,Pivotaltracking,Trello,Team).

Figure17:UsageofCollaborationToolsAmongEmployeesofOrganisation

Basedon the results of our survey, 60%of the respondents’ state that they are currently using continuousintegrationtoolsintheirapplicationdevelopmentcycle.Thisnumberisslightlylowerthanthepercentagesinstudies such as GitLab’s developer report (2016).Moreover, Apache Jenkins (55%) was noted as themostpopularCItoolofchoice,althoughalmostoneoutofthreerespondentsarecurrentlynotusinganyCI/CDtool.Interestinglywhenpersonallyquestioned,theserespondentsusuallystatethatlacktime(50%)andlackofskills(45%),ispreventingthemfromfullyadoptingaCI/CDpipeline.Ontheotherhand,respondentswithexperienceinutilizingCI/CDtools,mentionthatthemostchallengingaspectsoffullyembracingaCI/CDsoftwaredelivery

Android,iOS


50

pipelineisthelackofaunifiedtool(55%)andextremedifficultiesfoundinenvironmentsetupand,inparticular,

integratinginthecycleautomatedtechnologies(40%)suchasresourcescaling,runtimesecurityenforcement

andtesting.

Figure18:PopularityofCI/CDFrameworksEmbracedbySurveyedOrganisations

Figure19:ChallengesPreventingFullAdoptionofCI/CDPipeline

6.2.4 CloudIDE’sareBecomingPopularbutforLarge(r)DevelopmentTeamsOur survey highlights that the transition from traditional desktop IDEs to Cloud IDEs has already started.Particularly,45%ofoursurveyrespondentsstatethattheyarecurrentlyusingaCloudIDEforcloudapplicationdevelopment. We note that this number is rather high when comparing to StackOverflow (2016, 2017)developer reports placing general adoption around 15%. However, we note that our survey targets cloudapplicationdevelopmentwhereCloudIDEsprevail.Also,fromtheresultsofoursurveyitisrevealedthatthemostpopularCloudIDEsareEclipseChe(40%),SAPHana(20%)andCloud9(15%).Moreover,whendiscussing


51

withtheinterviewedITprofessionals,itisrevealedthatorganisationscomprisedoflargerdevelopmentteams

(>11 IT employees) are more keen in adopting Cloud IDE’s as they combine development with CI/CD tool

integrationforautomation,collaboration,softwaredeliveryandcommunication,whichareabsolutenecessities.

Figure20:CloudIDEEmbracementbyInterviewedOrganisations

Ontheotherhand,themajorityofthosenotadoptingaCloudIDEfordevelopmentstatethattheyarehappyusingtheirdesktopIDE(82%)andthattheydonotforeseeintheimmediatefuturethetransitioningtoaCloudIDE.Anothernotablepercentage (30%)also reports thatperformance related issuesalsopreventCloud IDEadoption.Thefirstclaimwasaparticulardiscussionpointwith intervieweesfromorganisations identifiedasStartupsandcomprisedofsmalldevelopmentteams.Tobetterunderstandthis,weaskedaboutthesoftwaredevelopmentprocess,whereitwasrevealedthatasingledeveloperinsuchteamsisusuallyinchargeofthecoding of an entire project, or developers are in charge or specific tasks (e.g., front-end, back-end) andintegrationoftaskshappensattheendofadevelopmentcycle,thus,limiting,atthemoment,theneedofacloudIDE.

Figure21:PopularreasonspreventingCloudIDEadoptionfromrespondersnotusingCloudIDEs

Performancerelatedissues


52

6.2.5 Micro-service Architectural Approach is Becoming a Cloud Trend Especially in the IoT and SaaSdomains

Micro-services are currently used in productionby 40%of our respondents,while another 30% is currentlyexperimentingforultimatelyproductiondeployment.ThesenumbersconfirmDZone’s(2017)andLightbend’s(2016)DevOpsreports.Interestingly,organisationsadoptingmicro-servicesinproductionhaveoriginsfromtheIoTandSaaSdomainswhiletheorganisationsexperimentingoriginatefromthebusinessanalyticsand(location)recommendation services sector. Moreover, from the above organisations, the micro-service architecturalpatternisusedfordata-serving(100%),businesslogic(83%)andthefront-end(66%).Ontheotherhand,only10%oftheintervieweesmentionedthatmicro-servicesarenotofinterestwiththeresponsescomingfromthetelecomandeducationalbusinessdomain.

Figure22:Micro-serviceArchitectureAdoptionbyInterviewedOrganisations

6.2.6 ContainerizedSolutionsareFollowingMicro-serviceAdoptionTrendsWiththeincreaseintheinterestformicro-servicesarchitecturalpatterns,interviewedorganisationsalsoseemto be utilizing containerized solutions for application deploymentwith 20%of the respondents stating thatcurrentlytheyarerunningcontainerizedapplicationsinproduction,whileanother35%isseriouslyplanningandexperimenting to ultimately use this technology in production. Similarly, to micro-services, these numbersconfirm DZone’s (2017) and Lightbend’s (2016) DevOps reports. Also, when questioned, only 36% of therespondents’ state that their entire application deployment is containerized. The rest (64%), reveal thatcontainers are utilized only for the dynamic, scalable and stateless service part comprising their application

deployment,thusadoptingamixtureof(virtualized)solutionsfortheircloudexecutionenvironments.


53

Figure23:ContainerizedSolutionAdoptionbyInterviewedOrganisations

Interestingly,itisacknowledgedthatthecontainerdomainintroducesanumberofchallengesfordevelopers.In particular, interviewees with experience in deploying containerized applications mention that, the topchallengesinthecontainerdomaininclude:performanceandapplicationmonitoring(55%),serviceorchestration

(50%),databaseaccess(45%),lackofexperience(45%)andauto-scaling(40%).Thesechallengesconfirmstudiesfrom RightScale (2017) and DZone (2017), and are highly relevant to the Unicorn project. What is more,challengesrelatedtoreducingcontainersecuritythreatssuchasstripingcontainersfromattackinginterfaces

(35%),secureresourceacquisition(30%),fastboottimes(25%)andreducingimagesizes(20%)arealsorelevant

totheadvancementofunikernelsandconsequentlytotheUnicornproject.Finally,itmustbenotedthatalmostall organisations (92%) have adopted, at some point, Docker as the containerized technology for theirapplications,with other preferred containerized solutions such as Kubernetes (33%) and Swarm (25%) alsotightly coupled to Docker for clustermanagementwhen containers are deployed in production. Therefore,DockerisatechnologythatmustbetargetedbyUnicornforcontainerizedcloudexecutionenvironmentsasitsstakeholders,eitherlargeorsmallinsize,identifyDockerastheirtechnologyofchoice.

Figure24:ContainerizedSolutionAdoptionChallengesasIdentifiedbyInterviewedOrganisations


54

Figure25:ContainerizedSolutionsthathavebeenadoptedbythoseusingorconsideringcontainerization

6.2.7 Multi-CloudDeploymentModelAdoptionandChallengesOursurveyisinlinewithGartner’sMagicQuadrant(2016)reportswhichrevealthatthetopcloudproviderisAmazonWebservices(AWS),followedbyMicrosoftAzureandOpenstack,whicharethemostprominentcloudsolutionsforprivatecloudinfrastructuraldeployments.However,moreinterestinglyisthat25%ofoursurveyrespondents are currently following a multi-cloud deployment approach while another 25% is alsoexperimentingandplanningtodoso.ThesenumberaresignificantlylowerthanreportsfromRightScale(2017)whichputthepercentageoforganisationsadoptinghybrid-cloudover70%.However,onemustnotforgetthatintheStartupeco-system,companiesstartsmalladoptingonecloudproviderandthenexperimentastheyscale,and20%ofourrespondentsalsostatetheyareplayingaroundwithmulti-clouddeployments.Ontheotherhand,thosewhoarenotplanningtoadoptamulti-cloudapproachstatethatthisisduetosignificantsecurityreasonsformovingdataacrosscloudregionsorarehappywithjustusingonecloudprovider.

Figure26:Multi-CloudDeploymentModelAdoptionbyIntervieweeOrganisations

Furthermore,bypersonallytalkingwithintervieweestoobtainuserstories,weidentifiedthatdifferentmulti-cloudchallengesarisebasedontheparticulardeploymentstrategyfollowedbyeachorganisation.Thus,insteadofsimplycompilingalistofchallenges,wefurtherinvestigatedwhenandwhereiseachchallengeapplicable.In


55

particular,MC2(onecloudprovidermultipleavailabilityzones), isapopularmulti-clouddeploymentmodel2.For organisations adopting a multi-cloud deployment model resembling MC2 (one cloud provider multiple

availabilityzones)securityreasonsformovingdataacrosscloudsites/regionsandtrust/complianceissuesare

ofextremeconcern.OrganisationsadoptingtheMC2deploymentmodeloriginatemainlyfromGermanyandUK,andoperateinthee-healthorsocialassistancebusinessdomains,wheresuchorganisationsareobligatedtocomplywithstrictdatamovementnationallawspreventingsensitiveclientdatatobehostedoutsidenationalbordersandforthisreasoninter-connectedprivateclouddeploymentsarepreferred.

Figure27:PopularCloudProviders

Ontheotherhand,challengesrelatedtoportability,vendorlockingandalackofunifiedmanagementtools,are

ofextremeconcernfororganisationsthatadoptthepopularMC3andMC4multi-clouddeploymentmodels.Inparticular,thesemodelsmainlyusemultiplecloudproviderstoruntheirservices,targetingloadbalancingandlatency reduction when serving content to clients, and thus, these models are highly relevant tolocation/recommendationbasedservices,SaaScloudsolutionsandIoTapplications.

2Multi-clouddeploymentmodelsaredescribedindetailinSection3.2


56

Figure28:Multi-CloudAdoptionChallenges

6.2.8 CloudMonitoringAdoptionandChallengesMonitoring is employed by all interviewed organisations with monitoring targeting various levels of theapplication lifecycle and execution environment. In particular, respondents usually stated that serviceavailability(80%),APIaccess(60%)andtheunderlyinginfrastructure(55%)aremonitoredbydeployingeitherin-houseorgeneral-purposemonitoringtools.Interestingly,asthemonitoringlevelbecomesmorespecialized

and moves closer to the client side (e.g., application behaviour, client interaction, transactions, etc.),

organisations start to facechallengesasmonitoring toolsmustbeextended, customizedand tailored to the

organisationmonitoringneeds.

Figure29:MonitoringLevelTargetsasRespondedbyInterviewedOrganisations

Ingeneral,multipleanddifferentmonitoringsolutionsareused.Interestingly,allrespondentsstatedthattheymust resort to usingmore than onemonitoring tool for their needswith 70% is dissatisfied by this fact. Inparticular,65-70%oftherespondentsmentioningthattheyusemostly in-housedevelopedmonitoringtoolsand/orgeneralpurposeopen-sourcetools.Ontheotherhand,40%claimtobeusingtoolsofferedbythecloud


57

provider,while35%oftherespondents’mentionthatthird-partymonitoring-as-a-servicetools(e.g.,NewRelic,Datadog)areusedfortheirmonitoringneeds.

Figure30:MonitoringToolTypeAdoptionbyInterviewedOrganisations

Withregardtochallenges,respondentsstatethatthemostprominentneedarisesfromthelackofparameter

tuningbymonitoringtoolstooptimiseperformance,qualityandcost(70%).Inturn,asmultiplemonitoringtoolsmustbeusedbyorganisations,integratingthemintheexecutionenvironmentorfindingamonitoringtoolthatcanbeusedatdifferentandmultiplelevels,isanotherprominentchallenge/needstatedbytheinterviewees(70%). Interestingly, 50% of the interviewees stated that accessing/processing historic monitoring data isanotherimportantchallenge.Alsomonitoringtoolportabilityacrosscloudplatforms(40%),aswellas,providingmulti-cloud monitoring support (40%) are relevant to the project. On the other hand, accessing real-timemonitoringdata(25%)andplottingdata(5%)seemtobecoveredbytheofferedtoolsandarenotconsideredascurrentchallengesinthemonitoringdomain.

Figure31:MonitoringChallengesFacedbytheInterviewedOrganisations


58

6.2.9 ElasticScalingAdoptionandChallengesTheresultsofoursurveyshowthatmostofourrespondents(65%)donotcurrentlyuseelasticscaling,whichcontradictswithpopularcloudsurveysandreportsfromRightScale(2017)andGartner(2016).However,themajorityoftherespondentsofoursurveyareSMEs/Startupswithservicesrecentlyintroducedtothepublic.Thus,althoughtheyarecurrentlynotusingelasticityscalingalmostallofthese(95%)highlightthatelasticityis

needed(95%)butcertainchallengesmustbeovercomefirst,withthemostprominentbeinglackofexperience

ofhowelasticityworks,followedbyhowtoconfiguretheauto-scalingprocessandhowtobudgetconstrainauto-

scaling.

Figure32:ElasticScalingAdoption

Inturn,thosewhoarecurrentlyusingelasticityfortheirapplicationscaling,originatefromtheIoT,SaaScloudsolutions and recommendation/location service offering business domains. Horizontal scaling is the mostpreferablewaytoscaleresourcesformostoftherespondents(71%),andisadoptedmainlyforloadbalancing.Theseorganisationsmostlyadoptthetoolsprovidedbytheircloudprovider(71%)withthesecondpreferredoptionbeingin-housedevelopedtools(57%).Thisisanoppositepicturefrommonitoringwherein-houseandgeneral-purposemonitoringtoolsaremorepreferredoptionsthanthetoolsofferedbythecloudprovider.Thejustificationforthisisthatdevelopinganauto-scalingtoolisextremelychallengingandthereforeresorttousingwhatisofferedbythecloudproviderevenifthisrestrictsdeploymenttoasingleprovider.

Figure33ElasticScalingType


59

Interestingly,themostprominentchallengeinelasticscalingfororganisationsisparametertuningtooptimizetheperformance,costandqualityoftheirservices(65%)whichisrelatedwiththesecondmostchallengingtask,thelackofexperience.RespondentsthatarecurrentlyusingthetoolsprovidedbytheirCloudproviderandeventheonesthathaven’tyetadoptedelasticscaling,statethatconfiguringtheelasticityservicefortheirapplicationneeds,isanon-trivialtaskduetotheinsufficientknowledgetheypossess,therefore,theneedforasimplebutaccurateelasticitycontrolcomestotheforeground.

Figure34:ElasticitytoolsusedbyorganizationshaveadoptedelasticscalingaspartoftheirALM

Anothermajorchallengepreventingcompaniesforadoptingelasticscalingarebudgetconstraints(50%).Usingelasticservicesofferedbycloudproviders,especiallywhentheyarenotconfiguredproperly,theamountspentissignificantlylargerthantheamountearned.Otherchallengesmentionedbyonethirdoftherespondents,areelasticscalingacrossmultiplecloudregionsandprovidersandlackofaunifiedautoscalingenvironment.Thesechallengesaddresstheneedforaunifiedautoscalingtool,abletoorchestrateinstancesacrossmultiplecloudsites,providersandregions.

Figure35:ElasticScalingAdoptionChallenges


60

6.2.10 WhenisSecurityConsideredintheLifecycleofanApplicationFrom the interview process, respondents’ answers to the question “when is security considered in theapplicationlifecycle”,revealthatthereisnonormtowhensecurityistakenintoconsideration.Particularly,35%oftherespondents’statethatsecurityisconsideredattherequirementphase,30%stateattheprogrammingphase, 25% at the design phase, while 10% mention that security is only considered after deploying theapplicationanddetectingwheresecurityisneeded.Atthispoint,anysecurityissuesaredealtwithandare-deploymentisissued.ThesenumbersconfirmthestudyconductedbyVeracode(2016),showingthatthereisnonormforwhentointegratesecurity.Thisisahighlyrelevantrequirementtotheprojectassecuritycannotsimply be assumed that it will be always considered at the requirement or design phase and thereforeintegratingsecurityorcustomizingsecurity,evenatdevelopmentorruntime,whenpermitted,mustbetakenintoconsideration.

Figure36:StageofApplicationLifecycleatwhichSecurityisConsideredbyInterviewedOrganisations

6.2.11 CloudSecurityEnforcementandPrivacyPreservationChallengesRespondents of our interviewprocess state that themajor challenges faced include: vulnerability detection(16/20),datamovementcompliance(15/20),informationflowtracking(14/20)andprivacyprotection(13/20).TheseresultsareinlinewiththefindingsofVeracode(2016),showingthatsensitivedataexposureandruntimesoftware vulnerability are the prime concern of most SMEs and Startups, therefore, they remain openchallenges.Thesechallengesarehighlyrelevantwiththerequirementsoftheproject,pointingouttheneedofa mechanism for data privacy enforcement and continuous vulnerability assessment. On the other hand,challengessuchaswebfirewalling(15/20),SQLinjectionprevention(13/20),staticcodeanalysis(10/20)cross-siteforgery/scripting(9/20)andauthorizationpermissionmanagement(9/20),seemtobeaddressablebymostoftheinterviewedstakeholdersandarelessrelevanttotheproject.


61

Figure37:SecurityMechanismsAdoptedbyInterviewedOrganisations(#1)



62



63

7 UnicornTargetAudienceandBusinessMetricsThischapterpresentstheprofileoftheaudiencetargetedbyUnicornalongwithsuitablebusinessmetricsthathavebeenderivedsoastoevaluatethebenefitsofusingUnicorn.

7.1 TargetAudienceProfileAs stated in the Description of action (DoA) of Unicorn, the project addresses small-to-medium Europeansoftwaredevelopingorganisations,currentlycountingintotaltomorethan750,000,whichanimportantpillarfortheEuropeaneconomy.Morespecifically,wearefocusingondevelopersofCloudservices,asthis isthefastestgrowingITsegment.

Oursurveyhasshownthatcontinuousintegrationtools,microservicepatternsandcontainerizedsolutionsforapplicationdeploymentarepromisingandemergingparadigms,alreadyadoptedbymanySME’swhileevenmoreplansforadoptingthesetechniquesinproductioninthenearfuture.Almostallorganisationsparticipatingin the survey have already adopted Docker as the containerized technology for their applications (>90%).Therefore,theUnicornplatformmusttargettheDockercommunitywhich,asof2016,isalsopartoftheOpenContainer Initiative(OCI) inanattempttostandardizethecontainerecosystemand increase itsalreadyvastaudience.Inturn,advancedrespondents,whichalsoconsiderDockerastheirtooloftrade,mentionedthatthemostchallengingaspectsforbothcontainerizeddeploymentsandtheircontinuoussoftwaredeliverypipelinearethelackofaunifiedtoolanddifficultiesencounteredinintegratingautomatedtechnologiesforresourcescaling, monitoring, runtime security enforcement and testing. Towards this, the Unicorn platform canpotentiallyfillthesegapsforDockerizedandOCIdeploymentswhilealsoservicingthedesignneedsofcloud-enabledmicroservices.

Figure40:UnicornVisionTowardsTargetAudienceProfiles

Concluding,UnicorntargetsinnovativesoftwaredevelopingSMEsthatdevelopCloudapplications(“apps”)thatfollow themicroserviceparadigmandare containerized.Unicorn focusesonbothphasesof theapplicationlifecycle: (i) theDesign Time Phase, which denotes the development of the cloud application; and (ii) theRuntimePhase,whichdenotes theexecution,orchestrationandmanagementof thecloudapplicationafterdeploymenttothecloud.Accordingly,Unicornaddressestwocategoriesofusers,SoftwareProgrammersandDevOps engineers,while, for smaller companies, these roles are not clearly distinct, as shown through oursurvey.

Usersutilizing designlibrariesandcloudIDE

Usersdeployinglegacyormonolithicappsto

thecloud

• Reducecloudapplicationdesign time

• Reduce timetomarket

• Increase securityandprivacy

• Runtimemonitoring,scalabilityandriskassessment

• Continuous lifecyclemanagement


64

Nevertheless,Unicornmayalsosupportthedeploymentoflegacyand“monolithic”cloud-enabledapplicationstobothpublicandprivatecloudinfrastructure,butthesupportedUnicornconstraintsandpoliciesthatcanbedefined(forelasticscaling,monitoringandsecurityenforcement)arelimitedtothescopeoftheruntimephaseduetotheabsenceoftheuseoftheUnicorndesignlibrariesatthedesignphaseoftheapplication.

7.2 BusinessMetricsUnicorncomesasanofferingtotheabove-mentionedtargetaudience,whichcanhavediverseneedsandmaystartfromdifferentpointstowardstheproductionoftheirservicesandproducts,neverthelesstheadvantagesoftheplatformcanprovidebenefitstothosegroupsfromdifferentbusinessperspectives,dependingonhowtheseusersdesign,deployandoperatetheirsystems.

Asinanyparadigmshift,thereisalearningcurveforthetargetaudiencetounderstand,studyandmasterthenewapproachthatissuggestedbyUnicorn(especiallyforaudiencethatalreadyhasadeployedproductwhichneedstoberefactoredbasedontheUnicorn’scontainerisedlogic).Nevertheless,thebusinessbenefitsthatcanberecordedfromtheapplicationof theproject’sofferingsarequitesubstantial lookingtowardsamid-termhorizon.

Thefollowingtableprovidesahigh-levelsetofbusinessmetricswhichdescribeingeneraltermsthebenefitsthatcanberecordedbytheemploymentoftheUnicornplatforminthedesignanddeploymentofcloud-basedsoftwareapplications.ThosemetricsareallmeasurableinquantitativetermsandareinapositiontohighlightareasofcontributionofUnicorntothecommunityofcontainer-basedservicesdevelopment.

Table6:Unicorn’sBusinessMetrics

BusinessMetric Units Description

LeadTime hours How long it takes to go from idea to deliveredsoftware/service

DevelopmentCycleTime minutes How long it takes tomake a change to the softwaresystemanddeliverthatchangeintoproduction.

SecurityIncidents No.ofSecurityIncidents/time Numberofsecurityincidentsrecordedperunitoftime

TimetoDeploy minutes The time it takes to deploy a new instance of theapplication

CloudServiceAvailabilityTimeservicesisup/Total

timePercentageoftimethesystemisupandrunning

CloudinfrastructureCosts €/time TotalCloudInfrastructureCostforrunningtheserviceperunitoftime

CloudServiceProductivity Performance/€ Cloudserviceperformanceperunitofcost

OverprovisioningCost €/time Thecostforreservingadditionalresourcesperunitoftimetosatisfyunrealiseddemand.

User’sQualityofExperience%Perceivedsatisfactionofthecustomer

Distilled out of questionnaires that measurecustomer’ssatisfactionforthequalityoftheservice

Cost-EffectivenessofCloudSecuritySolution

performance/$

The cost atwhicha certain systemperformanceat acertainsecuritylevelisattained.


65

UsageofDAOEncryption #ofDAOSencrypted

NumberofDataAccessObjectsencrypted (unsignedUNICORN’s Privacy-by-Design and EncryptedPersistencyMechanisms)

UsageofContext-Awareprivacy

#ofcontext-aware

authorizationcontrollersadded

Number of application controllers that have beenenhancedwithauthorizationcontrollers(usingPrivacy-by-DesignandEncryptedPersistencyMechanisms)

ThesemetricssteamdirectlyoutoftheofferingsofthedifferentfeaturesthatareprovidedbytheplatformandmaynotallbedirectlyrelevanttoeachSME/startup.

Thefollowingtableprovidesamappingbetweenthesefeatures,theircoreofferingsandthebenefits(measuredasBusinessMetrics)thatthosecan,potentially,bringtoacloudapplication.

Table7:Unicorn’sOfferingsandBusinessMetrics

Features Phase UNICORNOfferings BusinessMetrics

ComplexandCostlydevelopmentprocess

DesignTime

Usage of micro-services paradigmand containerization todescribe theapplicationservicegraphintermsofconstraints and policies to beenforced.

• LeadTime• TimetoDeploy• CloudService

Availability• User’sQualityof

Experience

Runtime

Deployment of the applicationservice graph to a cloud executionenvironment based on the Unicornpolicyandconstraintdescription.

VendorLock-in

DesignTime - • CloudinfrastructureCosts

Runtime

Deployment of the applicationservice graph on multiple differentcloud providers and multi-cloudenvironments

DataPrivacyDesignTime

Annotations for easy encryption ofData Access Objects (DAO).Annotations for the definition ofprivacy restricted actions in theapplication.

• UsageofDAOEncryption

• UsageofContext-Awareprivacy

• User’sQualityofExperienceRuntime Configuringandenforcingtheprivacy

requirements.

SecurityConcerns

DesignTime Combinedholisticsecurityprotection • Cost-EffectivenessofCloudSecuritySolutionRuntime

Riskassessment/intrusion detection reconfiguration,securitystatusreporting

ScalabilityConcerns

DesignTime App-level monitoring metricenablementandconfiguration

• OverprovisioningCost• CloudService

Availability• CloudService

Productivity

Runtime

Elastic scaling policies enablementandconfiguration


66

8 UnicornSystemRequirementsInthisChapterwewillelaborateontheuserrolesoftheUnicornPlatformandthenproceedinlistingsystemfunctionalandnon-functionalrequirementsfortheUnicornplatformandeco-systemthatarederivedbytheresultsoftherequirementcollectionmethodologydescribedandpresentedinChapters4-7.

8.1 UserRolesTable8introducestheidentifieduserrolesfortheUnicorneco-system.Fromthistable,weobservethattheUnicorneco-systeminvolvesmanyroleswithdiverseresponsibilities.Someoftheseresponsibilitiesmayoverlapamongusersoftheplatformwhich,atfirst,mayseemtoleadtoconfusinginterpretationofuserroleduties.However, as we observe in Chapter 6, for small software teams, the silver lining between roles in thedevelopmentteamarequiteblur,withteammembersoftenuptakingresponsibilitiesspreadacrossdifferentuserroles(e.g.,aCloudApplicationDevelopermayalsobeinchargeofTestingortheApplicationAdministratormayalsobeaDeveloperaswell).InthefollowingTable,theActorterminologyanddescriptionsaredesignedtoclarifyandsummarizeeachactor’sroles.

Table8:UnicornActors

Actor Description

CloudApplicationOwner

Thepersonprovidingthevisionfortheapplicationasaproject,gatheringandprioritizinguser requirementsandoverseeing thebusinessaspectsofdeployedapplications (e.g.businessdelivery,functioningandservicesoftheapplication)inaccordancewithvariouscriteria(e.g.costminimizationandpolicydefinitionlikelegalconstraints)

DevOpsTeam Development, operation and testing of cloud applications, including the roles: CloudApplication Product Manager, Cloud Application Developer, Cloud ApplicationAdministratorandCloudApplicationTester.

CloudApplicationProductManager

Thepersondefiningthecloudapplicationarchitectureandimplementationplanbasedon the Cloud Application Owner’s requirements. This person is also responsible forpackagingthecloudapplicationandenrichingthedeploymentassemblywithruntimeenforcementpolicies for theplaceholders defined via code annotationsby theCloudApplicationDeveloper.

CloudApplicationDeveloper

The person that develops a cloud application by using the Unicorn-compliant codeannotation libraries in order to run on a Unicorn-compliant (multi-) cloud executionenvironment.

CloudApplicationAdministrator

The person responsible for deploying and managing the lifecycle of developed andUnicorn-compliantcloudapplications.Thispersonensurestheapplicationrunsreliablyandefficientlywhilerespectingthedefinedbusinessorotherincentivesintheformofpoliciesandconstraints.


67

CloudApplicationTester

ThepersonresponsibleforthequalityassuranceandtestingofaCloudApplication.TheCloudApplicationTesterperformsdeploymentassemblyvalidation(atbusinessandtechnicallevel).

CloudApplicationEndUser

ThepersonusingthedeployedUnicorn-compliantcloudapplication.

UnicornAdministrator

The person responsible formanaging andmaintaining theUnicorn ecosystem,whichincludesinfrastructure,varioussoftwareandarchitecturalcomponentse.g.CoreContextModel,codeannotationlibrariesandEnablersinterpretingandenforcinggivenpoliciesandconstraints.

UnicornDeveloper The person that creates Unicorn related (software) components for compliant CloudProviders and/or DevOps Engineers such as e.g.Monitoring Probes, code annotationlibraries,servicesutilizingtheUnicornAPI

CloudProvider Organization or service provider that provides cloud offerings in the form ofprogrammableinfrastructureaccordingtoaservice-levelagreement.TheCloudProviderisalsoresponsibletooperatetheCloudExecutionEnvironmentsthatwillhostentirelyorpartiallyUnicorn-compliantCloudApplications.

Finally,wenotethat,someoftheActorspresentedintheprevioustablemaynotbeassignedtoanyfunctionalrequirements (e.g., Cloud Application End User), however their existence contributes into having a morecompletedescriptionoftheoverallsystem.

8.2 FunctionalRequirementsFunctional requirements represent the list of system properties that need to be implemented and finallysupportedwithinthecontextoftheUnicornecosystemandplatform.Thisincludesallbehaviouralaspectsofthe system components after taking into consideration the identified roles of the Unicorn ecosystem, asdocumentedinSection8.1.Theserequirementsarelogicallygroupedperrole.WehavefollowedaconsistentandstructuredwayofrepresentingtherequirementswhichwillallowustofurtherdefinethedetailedreferencearchitecturefortheUnicornplatformintheforthcomingdeliverabledenotedasD1.2.IntheAnnexweprovideatable listingall the identifiedUnicornfunctionalrequirementswhilethefollowing listingselaborateonthedescriptionofeachrequirement.Table9providesanoverviewofthemappingoffunctionalrequirementstouser roles. Finally, we note that to derive the functional requirements referring to security enforcementcapabilitiesofferedtoUnicornusers,athreatanalysismodel(asset,threat,vulnerability,andcountermeasure)isrequired. Inordertoreducerepetition,threatanalysisfortheparticularsecurityandprivacyenforcementmechanismsofferedbyUnicornwillbeintroducedintherespecteddeliverable,denotedasD4.1.


68

ID FR.1

Title Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints

UserRoles CloudApplicationDeveloper

Description The Unicorn platform must provide cloud application developers with design libraries toannotate the source code of their cloud application under development, for monitoring,resourcemanagement, security and data privacy policy and constraint enforcement pointdefinition.AnnotatedpoliciesdependingonthescopesupportedbytheUnicornplatformcanbedefinedatvariousapplicationgranularitylevels(e.g.,entireapplication,particularservice,codesegment).Unicornusersmustbeabletousetheannotatedentitieswithoutanyfurthermodification in the business logic of the under development application. This practicallymeansthatpolicyandconstraintenforcementistotallytransparenttothedeveloperandwilltakeplaceinthecloudexecutioncontainer.Hence,metadataannotations(e.g.,monitoring)relate to respected Unicorn policy-enforcement enablers (e.g., handler collecting theannotatedmonitoringdata)thatwillgenerate/transformsourcecodeatdesigntimeand/orbe“synchronized”atruntimewiththeCoreContextModel(FR.13)uponinstantiationofthecloudexecutionenvironment.

ID FR.2

Title Securelyregisterandmanagecloudprovidercredentials

UserRoles CloudApplicationProductManager,CloudApplicationAdmin,UnicornDeveloper

Description TheUnicornplatformmustprovidethemeanstosupportcredentialmanagementforbothpubliccloudsandprivateclouddatacentersthataresupportedbytheUnicornplatform.Assuch, Unicornmust be able to provide themeans for secure credentialmanagement andstorage of access credentials (e.g., user/password pairings, API access tokens) forUnicornusersirrespectiveofthecloudplatform.Thispracticallymeansthatusersarenotrequiredtoprovide their credentials each time an application deployment is initiated or when arequest/queryformanagingtheapplicationlifecycleisconducted(includingre-deploymentofanupdatedversionofanapplication).

ID FR.3

Title Searchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptions

UserRoles CloudApplicationProductManager

Description Unicornmustexposethroughitsunifieddashboardasearchinterfaceprovidingitsuserswiththe ability to browse for cloud offerings and cloud provider services capabilities, obtainintuitivemetadatadescriptionsandfiltertheresultsto limitthereturnedresultset(s).Thesearchinterfacemustreturnandfilterresultsforbothprivateandpubliccloudofferingsthat


69

aresupportedbyUnicornandareaccessibleviatheusers’givencredentials(FR.2).Thesearchinterfacewill be provided as a graphical alternative for users insteadof using directly theUnicornUnifiedAPI(FR.15).

ID FR.4

Title CreationofUnicorn-compliantcloudapplicationdeploymentassembly

UserRoles CloudApplicationProductManager

Description The Unicorn platform must provide its users with a standardized, transparent andinfrastructure-agnosticprocesstocreateandfeedtheUnicornplatformwithadeploymentassemblyfortheapplicationtobedeployed.Unicornadoptsthenotionofadirectedservicegraph, where nodes represent the (micro-) services composing the cloud application andedges represent the relationship(s) and inter-dependencies between services. Nodes aredescribed by a number of attributes denoting resource management parameters (e.g.,requested memory, disk size, network interfaces), monitoring metrics to collect, costconstraintsandelasticscalingpolicies.Inturn,relationshipsandinter-dependenciesdenotethe deployment order and restrictions limiting the security and datamovement betweenservices.Asanumberoftheattributesandparametersdescribingnodesandedgesarealsoavailableascodeannotationpolicies(e.g.,monitoring)attheapplicationdevelopmentphase(FR.1),thesewillbeautomaticallytranslatedandaddedtotheservicegraphdescriptionbyrespectedUnicornenablersinterpretingcodeannotationsbasedontheUnicorncorecontextmodel without any additional user effort (FR.13, FR.14). However, the final deploymentassemblybundlingcodeartifacts,thestandardizeddeploymentdescriptionanddeploymentrequestswillbeautomaticallycreated(noadditionaleffort)onlywhentheuserpackagingtheapplicationdeterminesthatthedevelopedanddescribedapplicationisreadyfordeploymentbytheUnicornplatform.

ID FR.5

Title Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironment

UserRoles CloudApplicationAdmin,CloudProvider,UnicornDeveloper

Description The Unicorn platform must provide its users with the means to deploy their compliantapplicationsfromtheUnicorngraphicalinterfaceafterusershavedevelopedtheirapplicationusing theprovideddesign libraries (FR.1)andhavecreatedadeploymentassembly (FR.4).Usersshouldalsobenotifiedofthestatusofthedeployment(success,failed)andinthecaseof a failed deployment, the response should include a descriptive reasoning as to whatproblem occurred. The application deployment is themost critical process and includes anumberofsteps,definedbelow,thatmustbeperformedinorderfortheUnicorn-compliantapplicationtobeoperational:

• Parsedeploymentassembly(FR.4)


70

• Verifyvalidityofdefinedruntimepolicyandconstraintsandassureallannotationscanbe interpreted and handled by the respected Unicorn enablers (e.g., monitoring,securityenforcement)(FR.6)

• Derive(near-)optimalapplicationplacementplan(FR.11)• Basedonplacementplan,instantiateresourcesandservicestoestablishanoperation

(multi-cloud)executionenvironment(FR.16)• Instantiate required Unicorn runtime enablers to enforce runtime policies and

constraintsandverifyoperationstatus(FR.14)Asthisprocessiscriticalandonlyifallstepsaresuccessful,adeploymentmaybeestablished,theentirebootstrappingprocessmustbetransactional.

ID FR.6

Title Deploymentassemblyintegrityvalidation

UserRoles CloudApplicationTester,UnicornDeveloper

Description Before the reservation of underlying programmable infrastructure, the Unicorn platformshouldverifyandvalidate thedeploymentassembly.ThiswillbeperformedbyUnicorn todetectpotentialproblemssuchasunreachableedgesintheservicegraphdescriptionduetoantagonizing policies/constraints which could result to inaccessible nodes or optimizationcriteriaandcirculardependencieswhichleadtoasituationinwhichnovalidevaluationorderexists,becausenoneofthepoliciesinthecyclemaybeorderlyevaluated(FR.4).Thisprocess,while not exhaustive, is an important aspect for Unicorn users and Unicorn componentdevelopers(FR.18),performedatthepre-deploymentphasetodetectifthereisaproblempreventing a successful deployment in order to reduce resource allocation costs ofunsuccessfullargeandcomplexdeployments.

ID FR.7

Title Accessapplicationbehaviorandperformancemonitoringdata

UserRoles CloudApplicationAdmin

Description TheUnicornplatformmustprovideitsuserswithaccesstoreal-timeandhistoricalmonitoringdataviatheUnicorngraphicaluserinterface.Themonitoringdataperse(e.g.,responsetime,service availability), the granularity level (e.g., entire application, service part) and theintrusiveness(e.g.,periodicity)atwhichmonitoringdataiscollectedandloggedthroughoutthe entire lifespan of an application should be determined by the user via the provideddeployment assembly compiled based on user’s preferences and his/her annotated code(FR.1).Monitoringannotationsmustallowuserstohandleanddefinecounters,timers,trafficinterceptors and custom metric types to gather resource utilization, application featurebehaviourandperformancefromsingleapplication(micro-)instances,aswellasaggregatedoverviews of metrics across application service tiers and availability regions in order tosuccessfullyassess theperformance,scalabilityandsecurityof theirapplicationseamlesslyacrossmultiplecloudofferingsthroughoneunifiedinterfaceofferedbyUnicorn.


71

ID FR.8

Title Real-TimenotificationandalertingofsecurityincidentsandQoSguarantees

UserRoles CloudApplicationAdmin

Description TheUnicornplatformmusthavetheabilitytonotifyandalertthroughtheUnicorngraphicaluserinterfaceitsusersofeventsclassifiedeitherby:(i)theplatform’ssecurityenforcementenablers, suchas suspicious incidents (e.g., avulnerabilitydetected);orby themonitoringenableranalyticsprocess,suchaseventsbasedoncertainuser-definedcriteria(e.g.,metricthreshold violation). In turn, the Unicorn platform must detect QoS policy violations onprovisioned services in operational cloud environments and also notify users about theseviolationsinorderforthemtotakeintoconsiderationand,possibly,actupon.

ID FR.9

Title Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanisms

UserRoles CloudApplicationAdmin,CloudProvider

Description Upon the initial placement of an application over a programmable infrastructure, possiblyspanning across multiple cloud provider offerings, the Unicorn platformmust provide themeanstomanagetheoperationalenvironmentinanautonomicmanner.This includesreal-timeadaptionwheretheexecutionenvironmentofanapplicationmaybereconfiguredbasedonconditionsandhigh-levelpolicyconstraintsgivenbytheuserviathedeploymentassemblyandextractedfromtheenablerinterpretingelasticitycodeannotations.Therefore,adaptationcanbetriggeredtowardsthe fulfilmentof theuseroptimizationobjectivesandmayregardscalingaspects(e.g.,vertical/horizontalscaling),adaptationofthequalityofprovidedservices,and/ormonitoringintrusiveness(e.g.,adaptperiodicity).Inordertosupportsuchintelligentfunctionality,asetofdistributedintelligentmechanismsmustbedesignedanddevelopedthatwill be based on various optimization strategies target by the interested users in order tooptimizeresourceallocationacrossmulti-clouddeploymentsforperformance,cost,anddatalocality.

ID FR.10

Title Managetheruntimelifecycleofadeployedcloudapplication

UserRoles CloudApplicationAdmin,UnicornDeveloper

Description TheUnicornplatformmustprovideitsuserswiththeabilitytomanageboththestateandtheruntime aspects of the application as driven by the Unicorn context model through theUnicorngraphicaluserinterface.StatereferstotheresponsibilityoftheUnicornplatformtohandle requests for deployment, undeployment, start, pause, stop and migration of anapplicationtoacloudoffering,andtomakesurethatapplicationsarealwaysinaconsistent


72

state. To achieve this, the Unicorn platform must maintain an application lifecycle statetransitiongraph,whichdescribes thevalidstate transitions fromonestate toanotherandmust incorporate asynchronous application state transitions for actions that require largetimeframesforcompletion(e.g.,deployment,migration).Ontheotherhand,runtimeaspectsrefertotheUnicorncontextmodel,where,aftertheapplicationinstantiationandduringthesmoothexecutionofanapplication,changesmayberequestedsuchasreconsideringapolicyconstraint(e.g.,restrictingdatamovementfromonegeographicregion).Inthecasewheresuchchangescanbesatisfiedbythecurrentdeployment(thusredeploymentisnotrequired),thentheymustbereflecteddirectlytotheconfigurationoftheUnicornenablershandlingtheruntimecontextoftheaforementionedapplication.

ID FR.11

Title Applicationplacementoverprogrammablecloudexecutionenvironments

UserRoles CloudApplicationDeveloper,CloudApplicationProductManager,CloudApplicationAdmin,UnicornDeveloper

Description TheUnicornplatformmustsupporttheplacementofdeployedapplicationsoveranavailableprogrammable infrastructure which may expand over multiple cloud provider offerings.Application placement may be defined either: (i) manually, by users in their deploymentassembly (e.g., the user specifically defines the resource requirements and offerings toinstantiate);or(ii)constraint-driven,whereplacementisrealizedatdeploymenttimebasedonthehigh-levelpolicyobjectivesgivenbytheuser (e.g., followfairnessplacement takinginto account cost budget, application geo-location, etc.). At this point, high-level userobjectivesmustbetranslatedtolow-levelprimitivesthatcanberealizedthroughappropriatehandling of the operational status of an application’s components by the orchestrationmechanismsoftheUnicornplatformtoachieve(near-)optimalapplicationplacement.Upontheinitialplacement,real-timeadaptionandreconfigurationoftheexecutionenvironmentshouldbesupported.Therefore,adaptationcanbetriggeredtowardsthe fulfilmentof theoptimization objectives and may regard scaling aspects (e.g., vertical/horizontal scaling),adaptationofthequalityofprovidedservices,and/ormonitoring intrusiveness(e.g.,adaptperiodicity).

ID FR.12

Title Registerandmanagecloudapplicationowners

UserRoles UnicornAdmin

Description The Unicorn Admin is responsible to approve andmanage (e.g., modify, suspend, revokeaccess)theuserregistrationsintheUnicornplatform(denotedascloudapplicationadmin’s).Therefore,usersmustberegisteredtotheUnicornplatforminordertoobtainaccessto,themaintained and distributed under Unicorn, artifacts (e.g., design libraries) and supportedcloudplatformsforapplicationdeployment.


73

ID FR.13

Title Managecorecontextmodelforanddistinguishbetweennewandlegacycloudapplications

UserRoles UNICORNAdmin

Description TheUnicornplatformmustdesignandmaintainamulti-facetcorecontextmodelsothataninstanceofthemodelwillbecreatedandenrichedforeachapplicationdeployment.Fornewapplications, the Core Context Model will be accessed by cloud application developers atdesign-timewhenannotating theircodewithcloudpoliciesandconstraintsandbyproductownersatruntimeduringuser’sapplicationcontextevaluation.Forlegacysoftware,aspolicyand constraint definition cannot be supported via code annotations (i.e., the application isalreadydesigned,itisclosed-source,etc.)policyandconstraintsaredefinedduringapplicationdeployment and at runtime during context evaluation. The Context Model should be, bydefinition,extensiblesinceitshouldallowexplicitinstantiationsand,asaresult,thebusinesslogicofvariouscomponentsshouldheavilyrelyontheCoreContextModel.Inturn,theContextModelmustkeepaclearlistofthepoliciesandconstraintssupportedanditmustbeabletodistinguish among policies and constraints that can be defined at design time, duringdeployment,atruntimeoranytime,sothattheplatformcanvalidateifthemodelinstancecanbeusedinthecontextoflegacysoftware.The creation, deletion andmodification of the centralized Core ContextModel, alongwithversioning(andversiondeprecation)willbeundertakenbytheUnicornAdmin.

ID FR.14

Title RegisterandManageenablersinterpretingUnicorncodeannotations

UserRoles UnicornAdmin

Description For theUnicornplatform,anenablerentails andconceptualizes the software componentshosted by the Unicorn orchestration service and/or in the (multi-) cloud executionenvironmentofdeployedcloudapplications;andisabletointerprettheUnicorncorecontextmodel (FR.13). Indicative components include orchestration performing runtime context-evaluation upon deployment and the code annotation enablers which perform policyenforcement such as monitoring, auto-scaling, security enforcement and data privacyprotection.Thesecomponentsshouldbeupdatedwhenthecontextmodeliseitherextendedormodifiedsinceadditionalfunctionalcapabilitiesmustalwaysreflectthenewversionofthecorecontextmodel.Asaresult,itisimportantthattheenablersoftheUnicornplatformaremanagedandmaintainedthroughouttheirlifecycle,withtheentityresponsibleforthistaskbeingtheUnicornAdmin.

ID FR.15

Title UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironments

UserRoles CloudApplicationProductManager,UnicornDeveloper


74

Description TheUnicornplatformmustexposeanAPIthatwillprovideastandardized,consistentandyetsimplifiedviewoftheunderlyingcloudinfrastructure,ofthe-supportedbyUnicorn-providerenvironments,bymeansofstandardinformation,offeringsmetadataanddatamodels.Thiswill allow forauthorizedentities, includingUnicornsub-components (e.g., intelligentauto-scaling, application placement), to query the Unicorn-compliant cloud providers in atransparentand infrastructureagnosticmanner, forprovidersupportedofferingsandtheirmetadata(e.g.,supportedcontainerflavors,costsetc.)alongwiththecapabilitiessupported(e.g., container memory resizing). One of the main concerns in this task is the level ofgranularity for the abstraction.On one hand, not all the details and characteristics of theresources are necessary for Unicorn. On the other hand, excessive abstraction preventsapplications from over-provisioning unnecessary resources because of hidden resourcegranularitydecompositiondetails.

ID FR.16

Title Resourceandservice(de-)reservationovermulti-cloudexecutionenvironments

UserRoles UnicornDeveloper

Description The Unicorn platformmust provide a standardized and consistent interface providing themeansto(de-)reservetheappropriateresourcesandserviceofferingsrequiredforthe(un-)deploymentoftheconsideredapplication,evenacrossmulti-cloudexecutionenvironments.Thismust includethesetupand(de-)allocationofprogrammable infrastructuralresourcesincluding,butnotlimitedto,computational,storageandnetworkingforthedeploymentofdistributed applications in a scalable, dependable, secure and effective way over virtualenvironments spanning across cloud sites, availability zones and/or regions. In order tosupportmulti-clouddeployments, thechallengesof interactingandsynchronizingresourceadvertisementandallocationfrommultipleandheterogeneouscloudofferingplatformsmustbesupported.ThistaskwillbeundertakenbytheUnicornorchestratorandistightlycoupledwiththeUnicornbootstrappingprocessdescribedinFR.5.

ID FR.17

Title Developmentofcodeannotationlibraries


Description Thedevelopment,maintenanceandmodificationofdesignlibrariesprovidedtoUnicorncloudapplication developers for annotating their code withmonitoring, resourcemanagement,security and data privacy enforcement policies and constraints, is a task that will beundertaken by Unicorn developers. This requirement relates to developing respectivemetadata code annotations (e.g., for defining monitoring) and providing the means ofhandlingofcodeannotationinterpretationand“synchronization”oftheapplicationbusinesslogicwiththeCoreContextModel(FR.13).


75

ID FR.18

Title DevelopmentofenablersinterpretingUnicorncodeannotations


Description For theUnicornplatform, theCoreContextModelentailsdesign-timeusage throughcodeannotationsbycloudapplicationdevelopersandruntimeusage.Inparticular,runtimeusagerefers to the various components that rely their business logic to the model. Indicativecomponentsincludeorchestrationperformingruntimecontext-evaluationupondeploymentand the code annotation enablerswhich perform policy enforcement such asmonitoring,auto-scaling,securityenforcementanddataprivacyprotection.

ID FR.19

Title Registerandmanageprogrammableinfrastructureandserviceofferings

UserRoles CloudProvider

Description Theavailable infrastructural resource and serviceofferingsof a cloudproviderhave toberegisteredtotheUnicornplatformwhichwilladvertiseandmakethemavailablethroughaunifiedresourcemanagementAPI(FR.15).Toachievethis,theUnicornplatformmustprovidea“standardized”interfaceinwhichcloudofferingsareregisteredandmadeavailabletotheplatform in order to ease cloud provider on-boarding as well as updating and managingofferingsandtheirmetadatafromtheprovider-side.Thenotionof“programmability"mustbeservedtoshowthegranularityatwhichresourceswillbeadvertisedsoas toallowthecreationofpropercloudexecutionenvironments:providepreferencesfortheinfrastructurethe code runs on (e.g., virtual hardware like servers, storage and networking) and itsconfigurationincludingadditionalproviderservices(e.g.,customizedstoragesolutions).

ID FR.20

Title Monitorcloudofferingallocationandconsumption


Description Advertised infrastructural resource and service offerings deployed throughUnicornmust bemonitoredatruntimeinordertooffercloudproviderswithintuitiveandhigh-levelinsightsofthecurrentutilizationofcloudofferingsallocatedandconsumedbyUnicornusers.

ID FR.21

Title QoSadvertisingandmanagement



76

Description Cloud execution environments offer different QoS capabilities and guarantees for theirprovided offerings either these refer to raw access to programmable resources such ascompute memory, storage and network resources or to bundled application executioncontainers,whileguaranteesarealsoavailableforquotamanagement,(prioritized)resourcereservation,trafficshapingandmore.AsQoSguaranteesplayanimportantroleinmulti-cloudenvironmentapplicationplacement(FR.11)andruntimeadaptationdecision-making(FR.9),which favor cloud providers based on advertised QoS parameters, providers should beprovidedwith themeans to alter andmanage the QoS guarantees for the cloud offeringadvertisedthroughtheUnicornplatform.

ID FR.22

Title Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones

UserRoles CloudApplicationDeveloper,CloudApplicationAdmin,UnicornDeveloper

Description The Unicorn platform must provide the means to allow its users to define at variousapplication granularity levels (e.g., entire application, service tier, data object) privacypreservingpolicieswhichrestrictaccesstoexposeduserdata(e.g.,entiredatabase,databasetable, password, SNN, etc.) by describing associations between types of access rulesdependingonthedataobjectsandcircumstancesunderwhichthisaccessshouldbeallowed.The context-aware security model (FR.13) will be used as the background method forannotatingdataaccessobjects(DAO),thusallowingforthedynamicenforcementofpolicyruleswhentherearenewdataaccessattemptsinordertoencryptdata,protectsensitivedataexposureandrestrictmovementofdatatocloudsites,availabilityzonesorparticulargeo-locationzones(e.g.,outsidetheEU)basedonthedefineduserconstraints.Therefore,duringapplicationruntime,theprivacypreservingenablermustbeabletointerpretannotatedcodebasedonthemappingoftheapplicationbusinesslogictotheCoreContextModel,providetheessentialdecouplingbetweentheaccessdecisionsandthepointsofuse,andfinallygrant,denyandmanageanyincomingdataaccessrequests.

ID FR.23

Title Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior


Description TheUnicornplatformmustprovide itsuserswithmechanismscapableofensuring, atanytime, that the trafficexchangedwith the cloudwill notharm the (multi-cloud)applicationexecutionenvironmentwhilepreservingtheprivacyofthedataexposedandmanagedbytheapplication(FR.22).Toachievethis,anIDS(IntrusionDetectionSystem)willbeimplementedat the cloud execution environment level where adaptive network and information flowmonitoringwillbeestablishedatruntimetodetectanyin-boundorout-boundexfiltrationofinformation based on well-known communication channels, information flow patternsobserved through the usage of anomaly detection and pattern recognition algorithms. As


77

deploymentsof(micro-)executioncontainersmayberestrictiveinthemeansofresources,theIDSwilladapttheprocessforinformationflowtrackingtorestrictitsruntimeintrusivenessbasedonlow-costapproximateandadaptivemonitoringtechniqueswhileofflineprocessingwillbeboostedperformance-wisebyencompassingGPU-acceleratedtechniques.

ID FR.24

Title Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation


Description TheUnicornplatformwillprovideitsuserswiththemechanismstoensurethattheir(multi-)cloud application execution environment behaves, at runtime, as intended, and that thesecurity-enforcementandprivacypreservingpoliciesanddataaccessrulesarenotviolated.Toachievethis,Unicornwillprovidethemeansfortheruntimeassessmentoftheapplicationexecutionenvironmentagainstknownvulnerabilitiesbyperformingsecurityandbenchmarkteststodetectpotentialsecuritythreatsandprivacybreaches.ThelevelofintrusivenessofthetestingperformedbytheUnicornplatformwillbeconfigurablebyusers.Aftertesting,theUnicornplatformwillreportanysuspiciousactivityandthemeasuredriskexposureleveltotheapplicationadministrator(FR.8)inordertoimmediatelytakeactionandpreventsensitivedataleakageandprivacybreaches.

Table9:FunctionalRequirementsRelationtoUserRole

UserRole FunctionalRequirements

CloudApplicationDeveloper

FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior

CloudApplicationProductManager

FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudexecutionenvironmentcloudofferingandcapabilitymetadatadescriptionsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.11Applicationplacementoverprogrammablecloudexecutionenvironments


78

CloudApplicationTester

FR.6Deploymentassemblyintegrityvalidation

CloudApplicationAdmin

FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviorFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation

UnicornAdmin FR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotations

UnicornDeveloper

FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6DeploymentassemblyintegrityvalidationFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironments


79

FR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.22Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones

CloudProvider FR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorcloudofferingallocationandconsumptionFR.21QoSadvertisingandmanagementFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation

8.3 Non-FunctionalRequirementsNon-functionalrequirementsrelatetothedesiredqualityaspectsthatshouldbesatisfiedbythearchitecturalcomponents of the Unicorn eco-system that, in turn, must satisfy the functional requirements previouslyintroduced.Tothisend, thewidelyaccepted,bythesoftwareandresearchcommunity, ISO/IEC25010:2011software quality assurance model was selected to create a shared conceptualization of the non-technicalattributes[124].ThefundamentalobjectiveoftheISO/IEC25010:2011standard3istoaddresssomeofthewell-knownhumanbiasesthatcanadverselyaffectthedeliveryandperceptionofasoftwaredevelopmentprojectwhileitalsodetermineswhichqualitycharacteristicswillbetakenintoaccountwhenevaluatingthepropertiesofasoftwareproduct.TheISO/IEC25010:2011qualitymodelclassifiessoftwarequalityinastructuredsetofcharacteristicsandsub-characteristics,asfollows:

• Functionalsuitability:Itreferstoasetofattributesthatbearontheexistenceofasetoffunctionsandtheirspecifiedproperties.Thefunctionsarethosethatsatisfystatedorimpliedneeds.Indicativesub-characteristicsinclude:softwarefunctionalcompletenessandfunctionalcorrectness.

• Reliability:Itreferstoasetofattributesthatbearonthecapabilityofsoftwaretomaintainitslevelofperformanceunderstatedconditionsforastatedperiodoftime.Indicativesub-characteristicsinclude:softwarematurity,faulttolerance,recoverabilityandreliabilitycompliance.

• Usability:Itreferstoasetofattributesthatbearontheeffortneededforuse,andontheindividualassessment of such use, by a stated or implied set of users. Indicative sub-characteristics include:understandability,learnability,operability,attractivenessandusabilitycompliance.

3NotethatISO/IEC25010hasreplacedISO/IEC9126


80

• Efficiency:Itreferstoasetofattributesthatbearontherelationshipbetweenthelevelofperformanceof the software and the amount of resources used, under stated conditions. Indicative sub-characteristics include:timebehaviour,resourceutilization, latency,serviceavailabilityandefficiencycompliance.

• Maintainability: It refers to a set of attributes that bear on the effort needed to make specifiedmodifications. Indicative sub-characteristics include: analyzability, changeability, stability, testabilityandmaintainabilitycompliance.

• Portability:Itreferstoasetofattributesthatbearontheabilityofsoftwaretobetransferredfromoneenvironmenttoanother.Indicativesub-characteristicsinclude:adaptability,installability,co-existencewithothersoftware,replaceabilityandportabilitycompliance.

• Security:Itreferstoasetofattributesthatdefinethedegreetowhichaproductorsystemprotectsinformation anddata so that persons or other products or systemshave thedegree of data accessappropriatetotheirtypesandlevelsofauthorization.

• Compatibility: It refers to a set of attributes that define the degree towhich a product, system orcomponentcanexchangeinformationwithotherproducts,systemsorcomponents,and/orperformitsrequiredfunctions,whilesharingthesamehardwareorsoftwareenvironment.

Eachqualitysub-characteristic(e.g.adaptability)isfurtherdividedintoattributes.Anattributeisanentitywhichcanbeverifiedormeasuredinthesoftwareproduct.Attributesarenotdefinedinthestandard,astheyvarybetween different software products. An overviewof the aforementioned characteristics is provided in thefollowingfigure.

Figure41:Non-TechnicalQualityAspectsasOrganisedbyISO/IEC25010:2011

Aftertheselectionofthequalitymodel,thenextstepistoexaminewhichattributesarerelatedtotheUnicorneco-systemandhowdotheymaptofunctionalrequirements.Intheenumeratedlistingsthatfollow,wemakea concretemapping between the core quality model attributes and the functional requirements that theycorrelate to. Inparallel, for eachnon-functional requirement, abrief descriptionof theUnicorneco-systemrelevantcharacteristicsisalsoprovided.


81

NR.1 FunctionalSuitability

Description This characteristic represents the degree to which a product or system providesfunctionsthatmeetstatedandimpliedneedswhenusedunderspecifiedconditions.Thischaracteristiciscomposedofthefollowingsub-characteristics:

• Functional completeness.Degree towhich thesetof functionscoversall thespecifiedtasksanduserobjectives.

• Functional correctness. Degree to which a product or system provides thecorrectresultswiththeneededdegreeofprecision.

• Functional appropriateness. Degree to which the functions facilitate theaccomplishmentofspecifiedtasksandobjectives.

FunctionalRequirements

FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIforabstractionandsearchingofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.21QoSadvertisingandmanagement

NR.2 PerformanceEfficiency

Description Thischaracteristicrepresentstheperformancerelativetotheamountofresourcesusedunder stated conditions. This characteristic is composed of the following sub-characteristics:

• Time behaviour. Degree to which the response and processing times andthroughputratesofaproductorsystem,whenperformingitsfunctions,meetrequirements.


82

• Resourceutilization.Degreetowhichtheamountsandtypesofresourcesusedbyaproductorsystem,whenperformingitsfunctions,meetrequirements.

• Capacity.Degreetowhichthemaximumlimitsofaproductorsystemparametermeetrequirements.

PerformanceunderthecontextofUNICORNreferstotheabilityofthesystemtosupportcollaborative development allowingmultiple users accessing the systemat the sametime.AlsoforUNICORNtobeefficient,theusersneedtoknowatanytimewhattheresourceutilizationofthesystemis. Itshouldalsoprovidefastencryption/decryptiontimesbetweenservicesthatcommunicateanditshouldprovidetheabilitytoeffectivelyusehardwareresourcesofanytype(e.g.,GPUs)forcomplexandresourcedemandingtaskssuchasperforming intenseanalysison informationflowdata inordertodetectpotentialmaliciousbehaviours.


FR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorcloudofferingallocationandconsumptionFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior

NR.3 Compatibility

Description Degreetowhichaproduct,systemorcomponentcanexchangeinformationwithotherproducts,systemsorcomponents,and/orperformitsrequiredfunctions,whilesharingthe same hardware or software environment. This characteristic is composed of thefollowingsub-characteristics:

• Co-existence. Degree to which a product can perform its required functionsefficiently while sharing a common environment and resources with otherproducts,withoutdetrimentalimpactonanyotherproduct.


83

• Interoperability. Degree to which two or more systems, products orcomponentscanexchangeinformationandusetheinformationthathasbeenexchanged.

TheUNICORNrun-timecomponentsshouldbe,architectural-wiseandimplementation-wise,closetotheindustry.ForthisreasonUNICORNwillprovidesupporttoanumberofcommonlyusedstandards,standardsyntax,APIs,widelyavailabletools,technologies,methodologiesandbestpractices.Thesystemshouldsupportabstractionswhichwillhidefromdevelopersandtheirapplicationsdetailsregardingthesystemandapplicationinfrastructure. UNICORN will also support uniform service descriptions such as SLAofferingswithclearpoliciesandguidelines.


FR.1Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints.FR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptionsFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviorandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.22Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzones.FR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviour.


84

NR.4 Usability

Description Degreetowhichaproductorsystemcanbeusedbyspecifieduserstoachievespecifiedgoalswith effectiveness, efficiency and satisfaction in a specified context of use. Thischaracteristiciscomposedofthefollowingsub-characteristics:

• Appropriatenessrecognizability.Degreetowhichuserscanrecognizewhetheraproductorsystemisappropriatefortheirneeds.

• Learnability.degreetowhichaproductorsystemcanbeusedbyspecifiedusersto achieve specified goals of learning to use the product or system witheffectiveness,efficiency,freedomfromriskandsatisfactioninaspecifiedcontextofuse.

• Operability.Degreetowhichaproductorsystemhasattributesthatmakeiteasytooperateandcontrol.

• Usererrorprotection.Degreetowhichasystemprotectsusersagainstmakingerrors.

• Userinterfaceaesthetics.Degreetowhichauserinterfaceenablespleasingandsatisfyinginteractionfortheuser.

• Accessibility.Degreetowhichaproductorsystemcanbeusedbypeoplewiththewidestrangeofcharacteristicsandcapabilitiestoachieveaspecifiedgoalinaspecifiedcontextofuse.

Takingintoconsiderationalltheabovecharacteristicsofusability,theUNICORNplatformwillsupportautomaticandseamlessdeploymentmakingitveryeasytouseandlearn.Thedevelopmentplatformandtoolswillbehostedonthecloudandwillbeaccessiblethroughawebbrowser.UNICORNwillhaveallthecontentanduserinterfaceorganizedlogicallyanditwillprovideapresentationinterface(e.g.,menuandnavigation,reporting,usercontrolsetc.)


FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2SecurelyregisterandmanagecloudprovidercredentialsFR.3SearchinterfaceforextractingunderlyingprogrammablecloudofferingsandcapabilitymetadatadescriptionsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.7AccessapplicationbehaviourandperformancemonitoringdataFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguarantees


85

FR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.12RegisterandmanagecloudapplicationownersFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20MonitorresourceandserviceconsumptionFR.21QoSadvertisingandmanagement

NR.5 Reliability

Description Degree towhich a system,productor componentperforms specified functionsunderspecifiedconditionsforaspecifiedperiodoftime.Thischaracteristiciscomposedofthefollowingsub-characteristics:

• Maturity. Degree towhich a system, product or componentmeets needs forreliabilityundernormaloperation.

• Availability.Degreetowhichasystem,productorcomponentisoperationalandaccessiblewhenrequiredforuse.

• Faulttolerance.Degreetowhichasystem,productorcomponentoperatesasintendeddespitethepresenceofhardwareorsoftwarefaults.

• Recoverability.Degreetowhich, intheeventofan interruptionora failure,aproduct or system can recover the data directly affected and re-establish thedesiredstateofthesystem.

WithinthecontextofUNICORN,specificmechanismswillbearchitecturallydefinedandimplementedthatguaranteethatanyapplicationcanbesecurelydeployed.


FR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6DeploymentassemblyintegrityvalidationFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguarantees


86

FR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.21QoSadvertisingandmanagement

NR.6 Security

Description Thedegreetowhichaproductorsystemprotectsinformationanddatasothatpersonsorotherproductsorsystemshavethedegreeofdataaccessappropriatetotheirtypesand levels of authorization. This characteristic is composed of the followingsubcharacteristics:

• Confidentiality. Degree to which a product or system ensures that data areaccessibleonlytothoseauthorizedtohaveaccess.

• Integrity. Degree to which a system, product or component preventsunauthorizedaccessto,ormodificationof,computerprogramsordata.

• Non-repudiation.degreetowhichactionsoreventscanbeproventohavetakenplace,sothattheeventsoractionscannotberepudiatedlater.

• Accountability.Degreetowhichtheactionsofanentitycanbetraceduniquelytotheentity.

• Authenticity.Degreetowhichtheidentityofasubjectorresourcecanbeprovedtobetheoneclaimed.

One of themajor focal points of UNICORN is to be able to provide to SMEs securityfeatures for their cloudapplications.For that reasonUNICORNwill incorporateauserauthentication and authorization system along with the ability to securely store andmanagevarioususercredentialsandcloudaccesstokens.UNICORNwillprovideasecureend-to-end encrypted communication channel between the various components of aclouddeploymentandtheabilityforDevOpsteamstosecureapplicationdataaccordingtovariouspoliciesandregulations.


FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2Securelyregisterandmanagecloudprovidercredentials


87

FR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.6DeploymentassemblyintegrityvalidationFR.8Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.21QoSadvertisingandmanagementFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviourFR.24Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerabilityassessment,measurementandpolicycomplianceevaluation

NR.7 Maintainability

Description This characteristic represents the degree of effectiveness and efficiencywithwhich aproduct or system can bemodified to improve it, correct it or adapt it to changes inenvironment, and in requirements. This characteristic is composed of the followingsubcharacteristics:

• Modularity. Degree to which a system or computer program is composed ofdiscretecomponentssuchthatachangetoonecomponenthasminimalimpactonothercomponents.

• Reusability.Degreetowhichanassetcanbeusedinmorethanonesystem,orinbuildingotherassets.

• Analysability.Degreeofeffectivenessandefficiencywithwhichitispossibletoassesstheimpactonaproductorsystemofanintendedchangetooneormoreofitsparts,ortodiagnoseaproductfordeficienciesorcausesoffailures,ortoidentifypartstobemodified.

• Modifiability. Degree to which a product or system can be effectively andefficientlymodifiedwithout introducing defects or degrading existing productquality.

• Testability.Degreeofeffectivenessandefficiencywithwhichtestcriteriacanbeestablishedforasystem,productorcomponentandtestscanbeperformedtodeterminewhetherthosecriteriahavebeenmet.


88

In order for UNICORN to be easily maintained, all the annotation libraries, the CoreContext Model, and the Cloud Application Enablers that will perform runtime policyenforcementshouldincorporatetheabovementionedfeatures.


FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.2SecurelyregisterandmanagecloudprovidercredentialsFR.9Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedonintelligentdecision-makingmechanismsFR.10ManagetheruntimelifecycleofadeployedcloudapplicationFR.12RegisterandmanagecloudapplicationownersFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20Monitorcloudofferingallocationandconsumption

NR.8 Portability

Description Degreeofeffectivenessandefficiencywithwhichasystem,productorcomponentcanbetransferredfromonehardware,softwareorotheroperationalorusageenvironmenttoanother.Thischaracteristiciscomposedofthefollowingsubcharacteristics:

• Adaptability.Degreetowhichaproductorsystemcaneffectivelyandefficientlybeadaptedfordifferentorevolvinghardware,softwareorotheroperationalorusageenvironments.

• Installability. Degree of effectiveness and efficiency with which a product orsystem can be successfully installed and/or uninstalled in a specifiedenvironment.

• Replaceability. Degree to which a product can replace another specifiedsoftwareproductforthesamepurposeinthesameenvironment.

One of the most important requirements under the context of UNICORN is therequirementofPortability.This requirementrelates to theUNICORNCompliantCloudApplications that should be interoperable and functional in multiple operational


89

environments (multi-cloud environments). To this direction the adoption of variouscommonly used standards (e.g., OASIS TOSCA4) which are infrastructure andenvironmentagnostic.


FR.1DevelopcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraintsFR.4CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.11ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.13ManagecorecontextmodelFR.14RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloudexecutionenvironmentsFR.16Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.17DevelopmentofcodeannotationlibrariesFR.18DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.21QoSadvertisingandmanagementFR.22RegisterandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdataaccessandmovementacrosscloudsitesandavailabilityzonesFR.23Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehavior

4https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca


90

9 ConclusionsThisfinalsectionofthecurrentdeliverable(D1.1)willbeusedasasynopsisofthecontentpresentedinthedocument, which was the outcome of a carefully designedmethodology and research upon industrial andacademicdatacollectedduringtheinitialprojectimplementationactivities.Intherequirementsanalysisphase,whichthisdeliverable(D1.1)ispartof,alogicalprocesshasbeenfollowed,usingtheagilemethodologyinordertoidentifytheUnicornstakeholdersandtargetaudience,deriveacompletesetofUnicornActorsanddefinetheUnicornsystemrequirements.Thestepsofthisprocessinvolvedactivecontributionbyallpartnersandtheresultsofthisanalysisprovidethepillarsonwhichthetechnicalandresearchwork,thatwillfollow(D1.2Unicornreferencearchitecture),willbebased.

The first step of this process was to identify the main Unicorn stakeholders and target audience profiles.Chapters5-7ofthisdeliverable(D1.1)depictthefullimageoftheonesthatthefinalresultofUnicornProjectaimsat.Moreover,byanalysingthecurrentstateoftheindustry,themarketgapsthattheUnicornprojectwillcontribute to have been identified. Another contribution of D1.1 was the definition of commonterminology/glossarypresentedinChapter3thatwillbeusedasareferenceguideacrossallfuturedeliverablesand interactionwithUnicorn stakeholders. The final outcomeof the first step of themethodologywas theidentificationoftheuserrolesfortheUnicorneco-system.Someoftheuserroleresponsibilitiesmayoverlapamongusersof theplatform,whichmaycausemisinterpretations,howeveras theanalysisof the interviewresultssuggestsinthenextstep,inDevOpsteams,thesilverliningbetweenrolesintheengineeringteamareoften quite blur (e.g., a Cloud Application Developer may also be in charge of Testing or the ApplicationAdministratormayalsobeaDeveloper).

ThenextstepofthelogicalprocesswasthedevelopmentoftheinterviewquestionnaireforpotentialUnicorntargetusers and theanalysisof the responseswhichproduced results thatwere in accordance toallmajorindustry surveys of the field. The analysis of the responses contributed in deciding and clarifying a set offunctionalandnon-functionalsystemrequirementsthatcanbeassignedtotheidentifieduserroles(Chapter8).Inaddition,theinterviewresultshavehighlightedthemainobstaclesanddifficultiesthatITworkersinSMEsarecurrently facing on the cloud environment, such as lack of unified tools for monitoring and elasticity, thedeploymentofapplicationovermulti-cloudenvironmentsandcloudclustermanagement.AnotherinterestingfindingfromtheinterviewprocesswastheprioritizationandrankingofthevarioussecuritythreatsandprivacyissuesthatSMEsarefacing.Thisrankingofthesecurityandprivacythreatscontributed indecidingthecoresecurityfunctionalitythatUnicornwilloffertoitsusers.

Inaddition, the interviewprocessalsoprovidedvaluable informationregardingthetechnologies involvedtorealizevariousaspectsoftheUnicornproject.Micro-servicearchitecturalapproachesaretypicallyincreasinginpopularity among IT workers in the SMEs (some are experimenting, some are partly using amicro-servicearchitecture,somehavefullyembracedthemicro-serviceapproach).Withtheincreaseintheinterestformicro-servicesarchitecturalpatterns,interviewedorganisationsalsoseemtobeutilizingcontainerizedsolutions(e.g.,Docker,Swarm,andKubernetes)forapplicationdeploymentandorchestration.

In the forthcoming steps, based on the outcomes of D1.1, the documentation of the overall architecturedescribing the main components and artefacts of Unicorn, the interconnection scheme and the specificinterfacesforexchangeofinformationamongthemwillbedesignedanddescribedindetailinD1.2.Inadditiontothereferencearchitecture,thesupportedUnicornUseCasesdescribingtheimplementationscenariosofthe


91

mechanismsthatwillbedevelopedwithintheprojectinthedemonstratorswillbeanalysedinordertobeusedasastartingpointfortheresearch/technicalanddemonstration/business-orientedworkpackages.


92

10 References[1] N.R.Herbst,S.Kounev,andR.Reussner,“ElasticityinCloudComputing:WhatItIs,andWhatItIsNot.,”

inICAC,2013,pp.23–27.

[2] N.Loulloudes,C.Sofokleous,D.Trihinas,M.D.Dikaiakos,andG.Pallis,“EnablingInteroperableCloudApplicationManagementthroughanOpenSourceEcosystem,”{IEEE}InternetComput.,vol.19,no.3,pp.54–59,2015.

[3] L.Willcocks,W.Venters,andE.A.Whitley,“CloudinContext:ManagingNewWavesofPower,”inMoving

to the Cloud Corporation:How to face the challenges and harness the potential of cloud computing,London:PalgraveMacmillanUK,2014,pp.1–19.

[4] IntuitInc.,“IntuitStudyShowsHowtheCloudWillTransformSmallBusinessby2020.”2015.

[5] MichaelJ.SKok,“BreakingDowntheBarrierstoCloudAdoption.”2014.

[6] ApacheJClouds,“https://jclouds.apache.org/.”.

[7] ApacheLibClouds,“https://libcloud.apache.org/.”.

[8] OASIS TOSCA Committee, “OASIS Topology and Orchestration Specification for Cloud Applications(TOSCA).”.

[9] OASISCAMPCommittee,“OASISCloudApplicationManagementforPlatforms(CAMP).”.

[10] RackspaceInc.,“StateoftheCloud2016.”2016.

[11] RightscaleInc.,“CloudComputingTrends2015.”2015.

[12] JulieKnudson,“Study:IaaSandCloudChallengesintheEnterprise.”2014.

[13] D.Trihinas,G.Pallis,andM.D.Dikaiakos,“JCatascopia:MonitoringElasticallyAdaptiveApplicationsintheCloud,”inCluster,CloudandGridComputing(CCGrid),201414thIEEE/ACMInternationalSymposium

on,2014,pp.226–235.

[14] D.Trihinas,G.PallisandM.D.Dikaiakos,“MonitoringElasticallyAdaptiveMulti-CloudServices,” IEEETrans.CloudComput.,vol.4,2016.

[15] G.Copiletal.,“Service-OrientedComputing:12thInternationalConference,ICSOC2014,Paris,France,November3-6,2014.Proceedings,”Berlin,Heidelberg:Springer,2014,pp.275–290.

[16] AmazonCloudFormation,“https://aws.amazon.com/cloudformation/.”.

[17] Oracle Virtual Assembly Builder, “http://www.oracle.com/us/products/middleware/exalogic/virtual-assembly-builder/overview/index.html.”.

[18] EclipseIDECommunity,“CloudApplicationManagementFramework(CAMF).”.

[19] JuJufromCanonical,“http://www.ubuntu.com/cloud/juju.”.

[20] ServiceMesh Agility Platform, “http://www.csc.com/cloud/offerings/53410/104965-csc_agility_platform_cloud_management.”.

[21] S.Dustdar,Y.Guo,B.Satzger,andH.-L.Truong,“Principlesofelasticprocesses,”IEEEInternetComput.,no.5,pp.66–71,2011.


93

[22] ProgrammableInfrastructure,“programmableinfrastructure.com.”2017.

[23] P.Gouvas,C.Vassilakis,E.Fotopoulou,andA.Zafeiropoulos,“ANovelReconfigurable-by-DesignHighlyDistributed Applications Development Paradigm over Programmable Infrastructure,” in 2016 28thInternationalTeletrafficCongress(ITC28),2016,vol.2,pp.7–12.

[24] Z.A.Mann,“AllocationofVirtualMachinesinCloudDataCenters&Mdash;ASurveyofProblemModelsandOptimizationAlgorithms,”ACMComput.Surv.,vol.48,no.1,p.11:1--11:34,Aug.2015.

[25] KurtMarkoetal.,“Thebenefitsofamulti-cloudapproach.”.

[26] TonyConnor,IDC,“Thebenefitsofamulti-cloudstrategy.”2016.

[27] RightScale,“StateoftheCloudReport2017,”2017.

[28] Rightscale,“StateoftheCloud2017Trends.”2017.

[29] D.TovarnakandT.Pitner,“Towardsmulti-tenantandinteroperablemonitoringofvirtualmachinesincloud,”inSymbolicandNumericAlgorithmsforScientificComputing(SYNASC),201214thInternational

Symposiumon,2012,pp.436–442.

[30] N.Bassiliades,M.Symeonidis,G.Meditskos,E.Kontopoulos,P.Gouvas,and I.Vlahavas,“ASemanticRecommendationAlgorithmforthePaaSportPlatform-as-a-serviceMarketplace,”ExpertSyst.Appl.,vol.67,no.C,pp.203–227,Jan.2017.

[31] G.Copiletal.,“ADVISE–aframeworkforevaluatingcloudserviceelasticitybehavior,”inService-OrientedComputing,Springer,2014,pp.275–290.

[32] J.Thones,“Microservices,”IEEESoftw.,vol.32,no.1,p.116,Jan.2015.

[33] Lori MacVittie, Micorservices and Microsegmentation,“https://devcentral.f5.com/articles/microservices-versus-microsegmentation.”2015.

[34] Martin Fowler, “Microservices a definition of this new architectural term.” [Online]. Available:https://martinfowler.com/articles/microservices.html.

[35] EricS.Raymond,“TheArtofUNIXProgramming.”2013.

[36] ScottM.Fulton,“WhatLedAmazontoitsOwnMicroservicesArchitecture.”2015.

[37] TonyMauro,“AdoptingMicroservicesatNetflix:LessonsforArchitecturalDesign.”2016.

[38] M.G.Xavier,M.VNeves,F.D.Rossi,T.C.Ferreto,T.Lange,andC.A.F.DeRose,“PerformanceEvaluationof Container-Based Virtualization for High Performance Computing Environments,” in 2013 21stEuromicro InternationalConferenceonParallel,Distributed,andNetwork-BasedProcessing,2013,pp.233–240.

[39] R. Jain and S. Paul, “Network virtualization and software defined networking for cloud computing: asurvey,”IEEECommun.Mag.,vol.51,no.11,pp.24–31,Nov.2013.

[40] J.Sahoo,S.Mohapatra,andR.Lath,“Virtualization:ASurveyonConcepts,TaxonomyandAssociatedSecurityIssues,”in2010SecondInternationalConferenceonComputerandNetworkTechnology,2010,pp.222–226.

[41] XenProject,“http://www.xenproject.org/.”.


94

[42] VMWareVSphereHypervisor,“http://www.vmware.com/products/vsphere-hypervisor.html.”.

[43] KVMHypervisor,“https://www.linux-kvm.org/page/Main_Page.”.

[44] E.Bauman,G.Ayoade,andZ.Lin,“ASurveyonHypervisor-BasedMonitoring:Approaches,Applications,andEvolutions,”ACMComput.Surv.,vol.48,no.1,p.10:1--10:33,Aug.2015.

[45] R.Dua,A.R.Raja, andD.Kakadia, “Virtualization vsContainerization to SupportPaaS,” in2014 IEEEInternationalConferenceonCloudEngineering,2014,pp.610–614.

[46] Nolleetal.,“Continuousintegrationanddeploymentwithcontainers.”2015.

[47] ChrisTozzietal.,“Thebenefitsofcontainerdevelopment.”2015.

[48] E.W.BiedermanandL.Networx,“Multipleinstancesofthegloballinuxnamespaces,”inProceedingsoftheLinuxSymposium,2006,vol.1,pp.101–112.

[49] P.Menageetal.,“C-Groups.”2006.

[50] LXC/LXDLinuxContainers,“https://linuxcontainers.org/.”.

[51] J.Turnbull,TheDockerBook:Containerizationisthenewvirtualization.JamesTurnbull,2014.

[52] DockervsCoreOSRkt,“https://www.upguard.com/articles/docker-vs-coreos.”.

[53] CoreOs,“http://coreos.com/.”

[54] DockerInc.,“DockerCompose.”.

[55] Kubernetes,“http://kubernetes.io/.”.

[56] Fleet,“https://github.com/coreos/fleet.”.

[57] XenProject,“TheUnikernelApproach.”2014.

[58] A.Kivity,D.Laor,G.Costa,andP.Enberg,“OSv—OptimizingtheOperatingSystemforVirtualMachines,”Proc.2014USENIXAnnu.Tech.Conf.,pp.61–72,2014.

[59] MirageOS,“https://mirage.io/.”.

[60] OSv,“http://osv.io/.”.

[61] LarsKurth,“AreCloudOperatingSystemstheNextBigThing?”.

[62] LarsKurth,“HowEarlyAdoptersAreUsingUnikernels-WithandWithoutContainers.”.

[63] DZone,“TheDZoneGuidetoDevOps-ContinuousDeliveryandAutomation,”2016.

[64] R.WEXLER,“theStateofCloudreport,”Weather,vol.27,no.5,pp.211–211,2017.

[65] AWS,“WhatisDevOps?,”https://aws.amazon.com/devops/what-is-devops/.

[66] A.Brown,N.Forsgren,J.Humble,G.Kim,andN.Kersten,“StateofDevopsReport2016,”vol.5,2016.

[67] M.Fowler,“ContinuousIntegration,”2006.

[68] L.Chen,“Continuousdelivery:Hugebenefits,butchallengestoo,”IEEESoftw.,vol.32,no.2,pp.50–54,


95

2015.

[69] StackoverflowCommunity,“DevelopmerReport2016.”.

[70] EclipseCheCloudIDE,“https://eclipse.org/che.”.

[71] SAPHanaCloudIDE,“https://hcp.sap.com/index.html.”.

[72] G.GalanteandL.C.E.DeBona,“Asurveyoncloudcomputingelasticity,”inProceedings-2012IEEE/ACM

5thInternationalConferenceonUtilityandCloudComputing,UCC2012,2012,pp.263–270.

[73] M. Nosal,M. Sulir, and J. Juhar, “Source code annotations as formal languages,” in 2015 FederatedConferenceonComputerScienceandInformationSystems(FedCSIS),2015,pp.953–964.

[74] Y.Golecha,DZone,“HowDoAnnotationsWorkinJava?”.

[75] SpringIOTools,“https://spring.io/tools.”.

[76] AnnotationProcessingTool(APT),“http://docs.oracle.com/javase/7/docs/technotes/guides/apt/.”.

[77] XDocletAnnotations,“http://xdoclet.sourceforge.net/xdoclet/index.html.”.

[78] EclipseAspectJ,“https://eclipse.org/aspectj/.”.

[79] JUnitTesting,“http://junit.org/junit4/.”.

[80] N. Jacob and C. Brodley, “Offloading IDS Computation to the GPU,” in2006 22nd Annual Computer

SecurityApplicationsConference(ACSAC’06),2006,pp.371–380.

[81] L. Marziale, G. G. Richard III, and V. Roussev, “Massive Threading: Using GPUs to Increase thePerformanceofDigitalForensicsTools,”Digit.Investig.,vol.4,pp.73–81,Sep.2007.

[82] G.Vasiliadis,S.Antonatos,M.Polychronakis,E.P.Markatos,andS.Ioannidis,“Gnort:HighPerformanceNetwork Intrusion Detection Using Graphics Processors,” in Proceedings of the 11th InternationalSymposiumonRecentAdvancesinIntrusionDetection,2008,pp.116–134.

[83] G. Vasiliadis, M. Polychronakis, and S. Ioannidis, “MIDeA: A Multi-parallel Intrusion DetectionArchitecture,”inProceedingsofthe18thACMConferenceonComputerandCommunicationsSecurity,2011,pp.297–308.

[84] N.Fips,“AnnouncingtheADVANCEDENCRYPTIONSTANDARD(AES),”Byte,vol.2009,no.12,pp.8–12,2001.

[85] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-keycryptosystems,”Commun.ACM,vol.21,no.2,pp.120–126,1978.

[86] KentBecketal.,“TheAgileManifesto.”2001.

[87] RightScale 2016 State of the Cloud Report, “http://www.rightscale.com/lp/2016-state-of-the-cloud-report.”.

[88] Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,“https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519.”.

[89] Magic Quadrant for Enterprise Application Platform as a Service, Worldwide,


96

“https://www.gartner.com/doc/reprints?id=1-2C8JHBP&ct=150325&st=sb.”.

[90] Veracode Secure Development Survey 2016, “https://info.veracode.com/report-veracode-developer-survey.html.”.

[91] VisionMobile 2017: State of the developer nation, “https://www.visionmobile.com/reports/state-developer-nation-q1-2017.”.

[92] LightBend2016:Cloud,Container&Micro-services,“https://www.slideshare.net/Lightbend/enterprise-development-trends-2016-cloud-container-and-microservices-insights-from-2100-jvm-developers.”.

[93] GitLab:2016GlobalDeveloperReport,“https://about.gitlab.com/2016/11/02/global-developer-survey-2016/.”.

[94] RebelLabs: 2016 Development and Productivity Report and Java Landscape,“http://pages.zeroturnaround.com/RebelLabs-Developer-Productivity-Report-2016.html.”.

[95] RebelLabs:2017ProgrammingtheWebReport,“https://zeroturnaround.com/webframeworksindex/.”.

[96] StackOverflow:2016DeveloperReport,“https://insights.stackoverflow.com/survey/2016.”.

[97] StackOverflow:2017DeveloperReport,“https://insights.stackoverflow.com/survey/2017.”.

[98] Eu Commission, Annual report on European SMEs performance 2016,“http://ec.europa.eu/growth/smes/business-friendly-environment/performance-review-2016_en.”.

[99] SaaS, PaaS, and IaaS: A security checklist for cloud models - CSO Security Report,“http://www.csoonline.com/article/2126885/cloud-security/saas-paas-and-iaas-a-security-checklist-for-cloud-models.html.”.

[100] Gartner,“GartnerSaysWorldwidePublicCloudServicesMarkettoGrow17Percentin2016,”GartnerPressRelease,2017.[Online].Available:http://www.gartner.com/newsroom/id/3616417.

[101] L. Leong, G. Petri, B. Gill, and M. Dorosh, “Magic Quadrant for Cloud Infrastructure as a Service,Worldwide,” Gartner Inc., 2016. [Online]. Available: https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519.

[102] Gartner,“GartnerSaysWorldwidePublicCloudServicesMarkettoGrow18Percentin2017,”GartnerPressRelease,2017.[Online].Available:http://www.gartner.com/newsroom/id/3616417.

[103] KPMG,“Journeytothecloud:ThecreativeCIOAgenda,”2017.

[104] G. Leopold, “Container Market Pegged at $2.7B by 2020,” EnterpiseTech, 2017. [Online]. Available:https://www.enterprisetech.com/2017/01/10/container-market-pegged-2-7b-2020/.

[105] “DevOps & Microservice Ecosystem Market Forecast 2017-2022,”Market Analysis, 2017. [Online].Available:https://www.marketanalysis.com/?p=63.

[106] CloudFoundry,“HopeVersusReality:ContainersIn2016.GlobalPerceptionStudy,”2016.

[107] Netflix,“NetflixOSS.”[Online].Available:https://netflix.github.io/.

[108] Docker,“https://www.docker.com/.”

[109] IncludeOs,“http://www.includeos.org/.”


97

[110] Istio,“https://istio.io/.”

[111] Linkerd,“https://linkerd.io/.”

[112] OpenShift,“https://openshift.io/.”

[113] R.Unikernel,“https://github.com/rumpkernel/rumprun.”

[114] Rkt,“https://coreos.com/rkt.”

[115] E.Pekka,“APerformanceEvaluationofHypervisor,Unikernel,andContainerNetworkI/OVirtualization,”2016.

[116] C.Tamas, “AperformancecomparisonofKVM,Dockerand the IncludeOSUnikernel,”MasterThesis,2016.

[117] A.Bratterud,A.A.Walla,H.Haugerud,P.E.Engelstad,andK.Begnum,“IncludeOS:Aminimal,resourceefficient unikernel for cloud services,” in Proceedings - IEEE 7th International Conference on CloudComputingTechnologyandScience,CloudCom2015,2016,pp.250–257.

[118] I.Github,“https://github.com/istio/istio/issues/369.”

[119] Autoletics, “Performance Benchmarking and Hotspot Analysis of Linkerd – Part 1,” 2017. [Online].Available: https://www.autoletics.com/posts/performance-benchmarking-and-hotspot-analysis-of-linkerd-part-1.

[120] E.E.IanBriggs,MattDay,YuankaiGuo,PeterMarheine,“APerformanceEvaluationofUnikernels,”2015.

[121] A.Madhavapeddyetal., “Unikernels: LibraryOperating Systems for theCloud,”Proc. eighteenth Int.Conf.Archit.SupportProgram.Lang.Oper.Syst.-ASPLOS’13,vol.48,no.4,p.461,2013.

[122] “Performance Test For Unikernels (Rumpkernel And OSv).” [Online]. Available:http://tech.donghao.org/2015/12/23/performance-test-for-unikernels-rumpkernel-and-osv/.

[123] “Docker v/s Rkt Benchmarking: Performance Benchmarks.” [Online]. Available:https://shivammaharshi.wordpress.com/2016/08/16/docker-vs-rkt-benchmarking-performance-benchmarks/.

[124] ISO/IEC25010:2011,“https://www.iso.org/standard/35733.html.”.


98

11 Annex

11.1 IdentifiedUnicornFunctionalRequirements

FR.1 Developcloudapplicationbasedoncodeannotationdesignlibrariesanddefineruntimepoliciesandconstraints

FR.2 SecurelyregisterandmanagecloudprovidercredentialsFR.3 Search interface forextractingunderlyingprogrammablecloudofferingsandcapabilitymetadata

descriptionsFR.4 CreationofUnicorn-compliantcloudapplicationdeploymentassemblyFR.5 Cloudapplicationdeploymentbootstrappingtoa(multi-)cloudexecutionenvironmentFR.6 DeploymentassemblyintegrityvalidationFR.7 AccessapplicationbehaviorandperformancemonitoringdataFR.8 Real-TimenotificationandalertingofsecurityincidentsandQoSguaranteesFR.9 Autonomicmanagementofdeployedcloudapplicationsandreal-timeadaptationbasedon

intelligentdecision-makingmechanismsFR.10 ManagetheruntimelifecycleofadeployedcloudapplicationFR.11 ApplicationplacementoverprogrammablecloudexecutionenvironmentsFR.12 RegisterandmanagecloudapplicationownersFR.13 ManagethecorecontextmodelFR.14 RegisterandManageenablersinterpretingUnicorncodeannotationsFR.15 UnifiedAPIprovidingabstractionofresourcesandcapabilitiesofunderlyingprogrammablecloud

executionenvironmentsFR.16 Resourceandservice(de-)reservationovermulti-cloudexecutionenvironmentsFR.17 DevelopmentofcodeannotationlibrariesFR.18 DevelopmentofenablersinterpretingUnicorncodeannotationsFR.19 RegisterandmanageprogrammableinfrastructureandserviceofferingsFR.20 MonitorcloudofferingallocationandconsumptionFR.21 QoSadvertisingandmanagementFR.22 Registerandmanageprivacypreservingencryptedpersistencymechanismsforrestrictingdata

accessandmovementacrosscloudsitesandavailabilityzonesFR.23 Registerandmanagepersistentsecurityenforcementmechanismsforruntimemonitoring,

detectingandlabelingofabnormalandintrusivecloudnetworktrafficbehaviorFR.24 Automatedapplicationsourcecodeandunderlyingcloudresourceofferingvulnerability

assessment,measurementandpolicycomplianceevaluation

11.2 DisseminatedQuestionnaireInwhat follows is in printable format theUnicornquestionnaire. Theonline versionof thequestionnaire isaccessibleviathefollowinglink:https://goo.gl/forms/a8rH60DmD3qSWXXN2


99


100


101


102


103


104


105


106


107


108


109


110


111


112

Documents

unicorn d1.1 resubmit vfinalunicorn-project.eu/wp-content/uploads/2018/04/... · D1.1 Stakeholders Requirements Analysis 7 List of Tables Table 1: Industry Studies and Points of Interest