The motivation for this paper is based on our experience with a number of multi-cloud applications, obtained in the context of several applied research projects in collaboration with industrial SaaS providers. In Section
1, we discuss a set of realistic cases of SaaS applications in multi-cloud environments, from which we derive in Section
1 the key challenges for multi-cloud applications.
2.1 Multi-cloud application cases
The following cases present a number of the deployment and operation aspects of four multi-tenant SaaS applications, while illustrating the benefits of multi-cloud environments. Each of these applications have different properties and requirements with respect to execution and storage.
Application #1: Document processing as a service. This multi-tenant SaaS application delivers B2B document processing facilities to a wide range of companies (see also [
20]). It supports the business-specific generation, the archival and the delivery of large sets of customized digital documents. This SaaS application is deployed on top of a hybrid cloud solution, consisting of a private cloud platform that is managed by the SaaS provider, and a public cloud offering that is used as a spill-over to address peaks in the processing load. The storage of the documents occurs at the same location in the hybrid cloud as the processing.
However, the various types of data and documents (e.g. invoices, payslips, medical reports and leaflets) have different requirements with respect to confidentiality. For example, invoices may only be processed and stored in a cloud environment where certain security requirements are guaranteed (encrypted communication and storage), while there are no such constraints for generating leaflets. In addition, the SaaS provider aims to maximally utilize his/her on-premise infrastructure.
Application #2: Log management as a service. This B2B cloud offering integrates with the on-premise infrastructure of the different tenants: a local agent collects and aggregates the logs of the applications and infrastructure, and sends them to the log management service. This service performs complex analysis activities on the collected logs (e.g. detection of suspicious activities) and heavily relies on scalable storage. To ensure the necessary availability and scalability, the SaaS provider deploys the application in a multi-cloud environment consisting of a number of geographically distributed private data centers.
As the log management service is a data-driven application, the analysis activities should occur near the storage location to avoid the (expensive) migration of large data sets. In addition, tenant-specific constraints are applicable to the geographical placement of the data. For example, a financial company requires that the data may only be stored in a data center in the same country, or even using a dedicated storage infrastructure to ensure strict isolation.
Application #3: Medical image processing as a service. In this application, medical images from different hospitals are processed and stored online as part of the electronic health record (EHR). The SaaS provider uses a multi-cloud solution to distribute and replicate the data over multiple data centers. These data centers can be managed by external (certified) companies, but are in practice not part of a public cloud offering.
Typically, medical images are large files and subject to strict rules with respect to privacy. As a consequence, different hospitals have different requirements with respect to the processing and storage of these medical images, especially driven by governmental rules. For example, European medical data should be stored within Europe, or even more strict, a specific tenant can require that the data may not be stored in a data center that is hosted by a US company, even if it is located in Europe.
Application #4: Simulation processing as a service. This enterprise SaaS offering provides services to perform simulations and optimizations of engineering processes for companies in the automotive and aerospace industry. After the simulation process, the results should be presented to the respective tenants. The amount of data sent throughout this application is limited (e.g. input parameters and end results), but the simulations and optimizations are CPU-intensive. Therefore, a hybrid cloud solution is used to outsource the processing to the public cloud.
However, the input data as well as the simulation results can be highly confidential, for example information about new prototypes, thus putting restrictions on the storage. In this case, processing could be allowed in the public cloud, but the results should be stored in the private cloud. Similar to the first application, the SaaS provider also aims to maximally use his/her on-premise infrastructure for processing before doing a spill-over.