Article Preview
Top1. Introduction
Cloud markets promise to supply virtually unlimited capacities and services in a scalable, pay-as-you-go fashion (Buyya, R., Yeo, C., Venugopal, S., Broberg, J., & Brandic, I., 2009). Yet, specifically smaller providers may not be able to satisfy the resource and service demands of large customers on their own due to limited data center capacity and, consequently, limited range of services. A solution lies in cloud collaborations within cloud markets, i.e., the cooperation of multiple providers to aggregate their resources and conjointly satisfy user’s demands. Supposably, such cloud collaborations have both Quality of Service (QoS) and information security impacts: as a user may potentially be served by any provider within a collaboration, the aggregated non-functional service attributes - e.g., availability, latency, security protection level, data center location or tiers – will be determined by “the weakest link in the chain”, i.e., by a provider with the lowest guarantees.
Take the example of two providers: one provider guarantees 99.5% of availability and another provider guarantees only 99%. If these providers aggregate their capacities and related non-functional guarantees to build collaboration, the availability guarantees will be determined by the worst one - 99%.
Consideration of country-specific and industry-specific data privacy laws and regulations is another concern by building cloud collaborations within cloud markets. Since providers can reside in different jurisdictions (the European Union, Russia, Singapore, or the United States), where data privacy laws and data classification substantially differ (Carroll, M., van der Merwe, A., & Kotzé, P., 2011; Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A., 2010). Also regulatory requirements for banking, medical and healthcare institutions are stricter and harder with respect to confidentiality, integrity and availability of data in comparison with other public enterprises or business areas without confidential data (Ackermann, T., Widjaja, T., Benlian, A., & Buxmann, P., 2012). Therefore, the fulfillment of such requirements may not be achieved once multiple cloud providers enter cloud collaborations.
In our previous research (Wenge, O., Lampe, U., Müller, A., & Schaarschmidt, R., 2014; Wenge, O., Siebenhaar, M., Lampe, U., Schuller, D., & Steinmetz, R., 2012; Wenge, O., Lampe, U., & Steinmetz, R., 2014), we examined security risks and concerns of cloud computing with the focus on multi-clouds and cloud brokerage. We identified that multi-clouds are still very heterogeneous and the lack of security standards between cloud providers still pose obstacles in their cooperation and in cloud services exchange. Therefore, the role of the cloud broker is of growing interest. The broker’s function is not trivial – he/she should bring cloud providers and cloud users together in order to satisfy their functional and non-functional requirements. Due to the mentioned lack of standards, cloud brokerage is becoming more complex, especially if very fine-grained security parameters and the entire security landscape must be considered.
Based on this scenario and our previous research, we examine the Cloud Collaboration Composition Problem (CCCP) in the work at hand. Our focus is on a broker within the cloud market, who aims to maximize his/her profit through the composition of cloud collaborations from a set of providers and assignment of users to these collaborations. In that assignment, QoS and security requirements, i.e., non-functional attributes, should also be considered and fulfilled. This work extends the previously introduced CCCP problem and its exact optimization solution approach with a heuristic approach that improves the computational time in the context of cloud markets.