Version 1.0 Ministry of Blectronies & Information Technology, Government of india Cloud Management OfficeGI Cloud Reference Architecture DISCLAIMER ‘This document has been prepared by Cloud Management Office (CMO) under Ministry of Electronics and Information Technology (MeitY). This document is advisory in nature and aims to provide information in respect of the GI Cloud (MeghRaj) Initiative. Certain commercial entities, technology, or materials may be identified in this document in order to deseribe a concept adequately. Such identification is not intended to imply recommendation or endorsement by MeitY. ‘While every care has been taken to ensure that the contents of this Document are accurate and up to date, the readers are advised to exercise discretion and verify the precise current provisions of law and other applicable instructions from the original sources. It represents practices as on the date of issue of this Document, which are subject to change without notice. The readers are responsible for making their own independent assessment of the information in this document. In no event shall MeitY or its’ contractors be liable for any damages whatsoever Gincluding, without limitation, damages for loss of profits, business interruption, loss of information) arising out of the use of or inability to use this Document Meity Page 2 of 31GI Cloud Reference Architecture Table of Content 1 Purpose. 5 2 Background. rseeaeneseees6 3 GICloud Reference Architecture: Introduction sss 4 GICloud Reference Architecture 41 Consumer... . 10 4.2 Managed Servie Provder/Servie Integrator. 10 4.3 Cloud Carrier n 4.4 Cloud Service Provider: 441 Service Orchestration 12 442 Cloud Management Platform. 4 443 Cloud Management SerVi0es srninsisninsinsnsnsninnsinanininnimnnnnnannnnnninlS 444 — Cloud Security and Privacy. o ses soon 4.5 Cloud Auditor: 5 Use case scenarios in Cloud.. 5.1 Database on Cloud... 5.2 Hot Disaster Recovery on Cloud with on-premise Primary DC. 26 5.3 Backup & Archive / Cold Disaster Recovery on Cloud with an On-premise Primary DC..u.27 5.4 Analytics on Cloud. 28 5.5 Multiple Cloud for Different Functions... sev 56 Multi Cloud Scenarios ~ Migrating to Containers (Monolithic to Microservices) Meity Page 3 of 31GI Cloud Reference Architecture Table of Figures Figure 1: GI Cloud Reference Architecture 7 Figure Figure 3: Cloud Management Platform... Figure 4: Cloud Management Services Figure 5: Hybrid Cloud Reference Architecture. Figure 6: Multi Cloud Reference Architecture. Figure 7: Database on Cloud . Figure 8: Hot DR on cloud with on-premise Primary DC enn Figure 9: Backup & Archive/ Cold DR on Cloud with on-premise Primary DC... 27 Figure 10: Analytics on Cloud 28 Figure 11: Multiple Cloud for Different Functions ......00000unnnnnnnnnn 29 Figure 12: Migration to Containers. Service Orchestration. Meity Page 4 of 31GI Cloud Reference Architecture 1 Purpose Government of India has referenced the Conceptual Reference Model of National Institute of Standards and Technology's (NIST). A requirement to design a GI Cloud Reference Architecture arose to standardize on the nomenclature of terms, various actors and their roles & responsibilities in the GI cloud ecosystem. This document has been prepared to address the requirement of GI Cloud Reference architecture. ‘The GI Cloud Reference Architecture has been designed to assist the Government Departments to build their Cloud deployment architecture with components, activities and actors as relevant in the GI Cloud ecosystem. The Reference architecture proposed in the document is a vendor neutral architecture and has been designed by adopting widely used and recognized cloud reference architecture and their components. ‘The document also captures different use case scenarios along with their merits as applicable in today’s cloud setup, These use cases are intended to assist Government Departments while designing their cloud solutions. The GI Cloud Reference Architecture is intended to facilitate the understanding of operational intricacies in cloud computing with focus on “what” cloud serviees provide. Meity Page 5 of 31GI Cloud Reference Architecture 2 Background Cloud computing has advanced significantly in the delivery of information technology and services by providing an on-demand access to a shared pool of computing resources in a self-service, dynamically sealable, efficient and metered manner. NIST had published a Cloud Computing reference architecture which identified major actors, their activities and functions in cloud computing. It was a generic high-level architecture intended to facilitate the understanding of the requirements, uses, characteristics and standards of cloud computing. Government of India (MeitY) referenced NISI’s conceptual reference model to design the GI Cloud ecosystem and published it in its GI Cloud (Meghraj) Adoption and Implementation Roadmap (April 2013). Apart from NIST, global technology OEMs such as Oracle, IBM have published their own Cloud Reference Architecture which further elaborate NIST's conceptual model and include newer aspects of cloud technology. MeitY empaneled Cloud service offerings of private Cloud Service Providers for different cloud deployment models (Publie Cloud, Virtual Private Cloud, Government Community Cloud) in 2017 thereby including private players in the GI Cloud ecosystem. Government Departments have been leveraging the empaneled services of these players along with cloud services provisioned by NIC to deliver services internally within the Department as well as to the citizens of the country. Meity intends to come forward with the updated GI Cloud Reference Architecture which would be designed referencing various globally accepted Cloud Reference Architectures and would identify actors, their activities and functions in line with the GI Cloud ecosystem. The guiding principles leading to creation of the document were to prepare a Reference Architecture that is vendor neutral and does not restriet infrastructure modernization. The Reference Architecture is not tied to any specifie vendor products, services or reference implementation, nor does it describes prescriptive solutions that constrain innovation, Also, the GI Cloud Reference Architecture ean be used by Government Departments for describing and developing a system architecture using a common framework of reference. Meity Page 6 of 31GI Cloud Reference Architecture 3 GI Cloud Reference Architecture: Introduction ‘The Government's focus on digitalizing governance under the “Digital India” campaign has led to an increase in computing resource requirements for numerous projects. To meet the existing Infrastructure requirements and to reap benefits provided by the cloud computing, Government Departments are now more inclined towards adopting Cloud. Other factors playing key role in adoption of digital services and reformed Government's outlook to accelerate cloud adoy accessibility of high speed internet, advent of emerging technologies such as Internet of Things(I0T), Artificial Intelligence (AD/Machine Learning(ML) , Augmented Reality(AR)/Virtual Reality (VR) and blockchain.. Nowadays, Cloud technology is enabling practices such as DevOps to simplify and speed up the application development process. The near real-time response to Department needs with benefits of cloud would enable the government departments to efficiently deliver internal and citizen centric services leading to increase in adoption of cloud-based infrastructure, platforms and applications. Cloud enables Departments to operate more efficiently, reducing up-front capital costs while providing flexibility in data storage, processing, and other functionalities. As Government Departments are migrating 18 applications to the cloud and developing new capabilities/applications on the cloud, understanding and designing cloud deployment architectures «with elements of security and management have become crucial while adopting cloud, In this regard, an architecture is being proposed which shall be referred to as ‘Government of India Cloud Reference Architecture (GI CRAY’ The reference architecture has been designed using globally prescribed frameworks (addressing security and privacy requirements) and is based on the regulatory and compliance needs for application deployments in the cloud. The design of GI CRA is intended to illustrate and understand the various cloud services in the context of cloud computing and to provide a technical reference to Government Departments to understand, categorize and compare cloud services. The GI CRA comprises of various building blocks and their relationships with each other which ultimately shape to form up a cloud setup. =) a> Figure 95: Backup & Archive/ Cold DR on Cloud with on-premise Primary DC ‘The figure above illustrates the Backup & archival of data on Cloud scenario which is one of the most popular Hybrid cloud use cases. Setting up an on-premise storage for backup and archival demands huge CAPEX. Putting on-premise backup on cloud is of the most significant ways to utilize cloud services. In this scenario Backup / snapshots are sent over cloud through an automated process by ‘the Cloud provider and are kept in an Object storage in encrypted form. Local on-premise storage can also be backed up on cloud. This architecture may also find suitability in designing Cold Disaster Recovery solutions where Departments may not have strict RTO & RPO requirements. If Primary site is down, the CSP or MSP will be able to bring up those virtual machines from Machine image, which were backed up in object storage. Also, as per the Department's backup policy requirement for the availability of data, they can archive their data on cost effective object storage as well. Benefits: Cost effective backup & DR Solution for Non-critical workloads. + Can archive structure & unstructured data for longer time with minimal cost. + Free up production storage after analyzing data which required to move on archives, + Easy retrieval process of archived data. Meity Page 27 of 31GI Cloud Reference Architecture ‘= Noneed to procure hardware for backup data on-prem, 5.4 Analytics on Cloud (— Public Cloud (— 0 Promises Aepberton Figure 10: Analytics on Cloud Running analytics and data serubbing requires lots of compute power and chain of cluster which is an expensive solution to be built on premises. Government Departments , in order to gain insight from large, complex data sets may utilize data storage and analytics services from CSPs. Users analyze high volumes of data, which might already be stored in the cloud, for example in a Data Warehouse, Cloud provider have enabling BI (Business Intelligence) semantic data modeling capabilities in the cloud. Users ean access data sources across on-premises and the cloud infrastructure, model that data and provide business users with a simplified view of their data to enable interactive self-service BI and data discovery using their preferred data visualization tool. Benefits: + Noneed to procure high performance server clusters. ‘Gaining useful information out of stored data. + Consumer can integrate their preferred data visualization tool with Cloud analytics tool. Meity Page 28 of 31GI Cloud Reference Architecture 5.5 Multiple Cloud for Different Functions pute outst — Figure 11: Multiple Cloud for Different Functions ‘With Multi Cloud strategies, Government Departments can utilize best services (based on functionality and cost) provided by different Cloud providers. In this scenario, application is hosted on Premise, and for Funetions and processing, the application is using compute and tools/services provided by different cloud providers. It is a potential cost saving, as Government Departments need not to spend on CAPEX for setting up hardware for data queries and other analytical process, Moreover, such an arrangement reduces vendor lock-in as well. In a multi-cloud strategy , systems and storage are spread out across multiple cloud platform. Hence, it becomes easier to migrate small- small footprint from on Cloud provider to another’s, because most of the infrastructure remains in place during the migration. Meity Page 29 of 31GI Cloud Reference Architecture 5.6 Multi Cloud Scenarios — Migrating to Containers (Monolithic to Microservices) O ai 7 Pabclute 2 a iO O 0 0 ) Figure 6: Migration to Containers Government Departments may not enjoy the complete benefits of cloud technology without using, containers and microservices. Microservices and containers are a fast-emerging industry standard that give the Department the flexibility and portability to move data and workloads in and out of different clouds, to deploy more quickly, and to manage applications and data across environments. Microservices belong to a type of architecture in which the applications are split into component pieces, each of which performs a specific fine-grained function. Microservices run inside containers, which include everything a microservice needs to run, such as code, dependencies, and libraries. Containers provide optimal portability across cloud and on-premises environments. Container platforms provide a system for automating deployment, scaling and management of containerized applications. Multiple players whose services are empaneled by MeitY provide container orchestration across cloud platforms. Multi cloud management platform using leading container orchestration, will enable the Government Department to build a cloud, and access cloud services quickly and securely. It ean be helpful to compare microservices to the older monolithic development style of applications, ‘where all an application's components and functions were in a single instance. Many Department applications are still essentially monoliths. Departments may try to identify applications where microservices could be used to improve performance. In these cases, the application should be incrementally broken down into smaller deployable components. Meity Page 30 of 31GI Cloud Reference Architecture A container and microservices based architecture used consistently across on-premises, private, and public cloud environments provides the ability to seamlessly and securely run workloads across any cloud platform while using a vendor's cloud services. Meity Page 31 of 31