16.1 Summary

The MODAClouds approach offers a set of innovative techniques for development and runtime operation management of multicloud applications. In particular it delivers an open source integrated development environment for the high-level design, cloud service selection, early prototyping, QoS assessments, semi-automatic code generation, and automatic deployment of multicloud applications, as presented in Part I Dev. Secondly it delivers a run-time environment for monitoring, dynamic adaptation, and data migration to optimize multicloud application execution with respect to quality of service concerns, as presented in Part II Ops. Thirdly it delivers DevOps enabling features supporting continuous design, deployment and QoS analysis for performance optimization, as presented in Part III DevOps. Finally to demonstrate the technology the book discusses a set of applications from various domains ranging from more classical information systems with the model management and business process modelling applications to the Internet of Things and Cyber Physical Systems domains with e-health and smart city applications. Part IV Applications discusses the demonstration of the general applicability the MODAClouds approach and the main MODAClouds techniques and features, as presented in Part IV Applications.

16.2 Outlook and Further Research

While the MODACLouds approach addresses a set of concerns for multicloud application development and operation, many challenging concerns remain, and new concern arise as new opportunities are discovered in the pace of the continuously evolving digitalized world.

A trend is that increasingly large and complex systems and systems of systems need to be executed, managed and evolved on hybrid infrastructures consisting of a continuum of cloud, fog, Cyber Physical Systems and Internet of Things resources and devices. Coping with this continuum represent daunting challenges. These challenges also embrace dealing with "old" concerns but in an even larger scale and in new contexts, for example, seamless management of vast heterogeneity, QoS guarantees and optimization of such complex systems, security, privacy and vulnerability control etc.

A recent trend related to multicloud is federated clouds, where the cloud federation can consist of multiple clouds. MODAClouds provides baseline technologies to support this. Moreover, there is an acknowledgement that the centralized cloud model (all the data are computed and processed centrally in the cloud) that have been the dominating cloud application model until now, does not meet significant requirements such as response time and efficient resource exploitation. A decentralized cloud model where computation and processing are also performed at the edges (i.e., fog computing) and the optimal utilization of tiny devices, e.g., for real time response, require new methods and techniques for development and operation.

Preparing the cloud to improve the management of big data and machine learning are challenges that will require cloud architectures to evolve in the areas of cloud networking, deployment practices and run-time management as well as managing security and privacy needs. Networking and deployment practices will support an agile and DevOps approach to application requirements fulfillment.

DevOps is part of a strategy that will lead to continuous delivery, the frequent updates and bug fixes that are characteristic of the best apps in the mobile arena. This project has shown that creating applications from previously composed services will shorten the delivery time. The use of SLA monitoring and automated deployment also embrace a DevOps strategy. Cloud services that have to be unit tested after change and composed into an application that can have automated or semi-automated integration testing again shortens the application supply chain. All of these support a DevOps approach, however, there needs to be more work done on increasing the automated supply chain to include integration testing, requirements management and composition.

An additional area that will require further work is in the security domain. Whenever cloud computing adoption is discussed there are many commentators and users who claim that the cloud is insecure. This is now being countered by the realization that most of the security and vulnerability issues are the same issues for IT in general. There are no authentication issues that are present in cloud computing architectures such as SaaS and PaaS that are not there in general non-cloud applications. The addition of multi cloud applications where federations of cloud services, containers and microservices are orchestrated or tightly bound into applications brings some interesting challenges. Since many of these services are not fully under the developers control, being accessed only by APIs there is an increased risk to an application. A composed or orchestrated application is only as secure as the least secure component. It is important in an increasingly agile development world that the security metrics of a service are well understood and reported. Making note of liability exclusions in an SLA, even if its not in small print, is of no comfort to an organization who has been penetrated via an insecure service. This is well recognised and is being addressed in a number of research programs, not the least the MUSA project. This project is targetted at the above security issues and will extend the MODAClouds DSS to enable the selection and runtime monitoring of service security performance as well as risk, cost etc., that are part of the MODAClouds project. There are other proposals as well as funded research in the area of regulatory compliance, assurance etc. that are addressing the security gaps in cloud and particularly multicloud applications. This area will become increasingly important as more public services become available, delivering government, finance and healthcare data to the application developers and user.