Information Technology Reference
In-Depth Information
Thereby the applications under consideration are very specialized and expensive
similar to the applications described in chapters 9 and 10. Due to the low number
of users, such applications are usually offered with licensing models that are valid
for use on one computer on which the application runs and a certain period of time
(usually a year). As soon as the application is obtained in a SaaS manner, different
licensing relationships need to be established. A move towards licenses that abstract
from the fact on which machine the application is running or which allow an ad hoc
transfer of jobs from the application to available resources internally or externally
is necessary. Even though many software vendors have already started to evolve
towards pay-per-use and similar licensing and payment models, there are still not
many applications available that are suitable for Grid environments.
The second aspect that needs to be considered by user companies is the choice
of the external utility computing providers and the establishment of contractual rela-
tionships with them. This means that in case the user company is interested in a
SaaS version of a HPC application, it might require two new contracts, one to the
SaaS provider and one to the utility computing provider. From the perspective of
the user company a better solution is clearly a contractual relationship to only one
of the providers. Usually this is the SaaS provider who is the main contact point to
the user company and who hides the complexity of the underlying infrastructure
by establishing bilateral relationships to one or several utility computing providers.
Major legal aspects that need to be considered are (see also chapter 7): fees that
apply as well as Service Level Agreements (SLA) including Quality of Service
(QoS) in terms of availability, performance, downtime and service suspension and
support services, privacy, security, and confidentiality.
The access of external HPC infrastructure furthermore implies changes in IT
governance of companies, in particular with respect to:
• Definition of criteria for the choice of external utility computing and SaaS
providers.
• Establishment of rules when external resources can be used and by whom.
• Establishment of guidelines for contractual relationships with the utility
computing and SaaS providers.
• Choice and application of tools to monitor the execution of SLA and provided
QoS in a complex mixed internal and external monitoring environment.
• Consideration of security and definition of security policies. These policies need
to include at least the following aspects: secure communication of input and
resulting data among the end user and external provider, access policies defining
who in the company has the right to access external data and under which condi-
tions, and policies for storage of data on external resources.
• Consideration of privacy risks and definition of privacy policies. Special care
should be taken for particularly sensitive data - for example patient or customer
data. Consideration of privacy includes a range of questions related to commu-
nication, storage and processing of data. The BEinEIMRT Business Experiment
for example anonymised and encrypted the patient data before sending it to the
external providers. The end user company needs to assure that even though the
