GÉANT and EUNIS (European University Information Systems) recently collaborated in an online workshop, bringing together NRENs and universities to exchange insights on Trusted Research Environments (TREs) and Cloud Cost Management. This joint effort aims to explore shared challenges, leveraging EUNIS’s focus on high-level requirements and GÉANT and NRENs’ ability to build solutions. The collaboration ensures an efficient and insightful exploration of innovative solutions, saving time and resources in addressing common issues faced by the research and education community.
Maria Ristkok (co-leader of the GÉANT Cloud Team) and Denise Dittrich (leader of the EUNIS Special Interest Group on Cloud Management) set the stage by introducing the respective organisations, the work of the GÉANT Clouds team in the GN4-3 and GN5-1 projects, and the status of adoption and consumption of commercial cloud services across European Research and Education institutions.
Trusted Research Environments (TREs)
Also known as “Data Safe Havens”, Trusted Research Environments (TREs) are secure and controlled research environments that allow researchers to access, share and analyse sensitive data in a safe way. TREs can address many of the challenges that researchers encounter in the consumption of cloud services, in particular regarding the processing of sensitive data, security, data governance, auditability, cost tracking, compliance with regulations, and support to complex workflows.
In the first segment of the workshop, James Grant, Research Solutions Architect at AWS introduced the main aspects and benefits of TREs, the open-source TRE solution offered by AWS and its use at universities and research institutions in UK. Also mentioned were the efforts of the DARE UK programme towards a Federated Architecture Blueprint to connect data service providers and TREs, and to standardise TREs architectures via the SATRE project.
Piotr Kasprzak, Cloud Engineer at GWDG, provided then further insights on how GWDG collaborated with Rackspace and AWS to develop and provide a TRE for their research communities.
“Researchers need to use IT services to solve specific scientific problems and advance their research, to collaborate with researchers at other institutions, to access state-of-the-art analytics anytime and with the possibility to scale with demand.” – Piotr stated – “However, they are also usually not experts in cloud or security, and they should not have to deal directly with technical IT infrastructure. As such, they need a well-structured, pre-configured and secure environment simplifying the consumption of cloud services and a common platform for their workflows. That’s where the GWDG TRE solution on AWS comes into play.”
The development of the GWDG TRE and the onboarding of its first research projects was made possible also thanks to EOSC Future funding awarded to digital service aggregators teaming up with OCRE service providers for the distribution of commercial cloud services. You can read the full EOSC In Practice story on Zenodo: https://zenodo.org/record/8340057
Cost Management in the Cloud
Introduced by Jakob Tendel (co-leader of the GÉANT Cloud Team) the second section of the workshop addressed the topic of cost management in the cloud, highlighting the need for institutions to understand cost differences brought by a variable consumption of commercial cloud services and to appropriately focus on cost recording and analytics in order to achieve cost savings, optimisation, and efficiency.
In her role as Deputy Head of Department Systems and Operations at the IT Center of RWTH Aachen University, Denise Dittrich presented the main challenges encountered by her department with accounting and billing on the consumption of Microsoft Azure services via the OCRE Framework, together with some possible solutions. In particular, the most complex aspects included internal cost allocation, split billing across different users, programmes and faculties, third-party funding, the absence in pricing calculators of OCRE discounts and NRENs’ cost recovery fees. While some of these challenges were successfully tackled by opting for dedicated billing for each subscription, and introducing a blocked range of dedicated SAP numbers, some remain in need of attention and should be addressed in the OCRE 2024 Framework, either by applying some of the already successful examples in the community or by finding new solutions.
John Segers, Cloud Governance Specialist at SURF, shared the experience of SURF with cost management in their role as underwriter in the OCRE Framework, which gave them further visibility and insights into billing and accounting processes.
From this perspective, SURF identified room for improvement in different areas: the process – from cost and usage reports to invoicing – is prone to error and often takes too long; the tools offered by cloud resellers usually use proprietary data formats and APIs, resulting in laborious processes of migration and standardisation of the data towards new resellers; communications lines within institutions should be improved – to get more control and to optimise cost and efficiency. Beyond direct cost optimisation, organisations should also consider the pillars of operational excellence and performance efficiency, which should inform decisional processes and be part of a circular process of continuous improvement spanning multiple departments.
Finally, Segers highlighted the critical role that system designers have in delivering savings in cloud spend at their organisations and as such their need to become aware of costs, get familiar with the varying cost models of different cloud providers, and consider cost-effective solutions.