private_cloudeSUNFISH, which stands for “SecUre iNFormatIon SHaring in federated heterogeneous private clouds“, started as a Research and Innovation proposal presented under the first Horizon 2020 call dedicated to ICT, particularly to Advanced Cloud Infrastructure and Services.

Today the European Public Sector Players currently lack the necessary infrastructure and technology to allow them to integrate their computing clouds. Furthermore, legislative barriers often make it difficult to use available commercial technological solutions.

The purpose of the SUNFISH project, and of the Platform developed, is to facilitate the formation of secure federations of various Public-Sector cloud implementations, to be able to securely share data and services. This makes possible the cross-functional sharing of data and the transparent implementation of cross-functional services.

Cloud federations allow access to Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) from different public or private clouds over the internet, introducing the concept of Federation as a Service (FaaS) in a hybrid cloud environment. Such a FaaS solution can be flexibly adapted to the needs of participating clouds and partners in the federation by making use of existing identity-management components. This flexibility allows public administrations and governments to collaborate and securely share their private cloud resources. A Public Administration may therefore decide which data remains in its private cloud and which services may be migrated to another cloud managed by a different cloud provider.

Through the platform, it is possible for existing solutions to be re-used by integrating them into the federation, resulting in better resource utilisation of Public Sector cloud infrastructures as well as faster and cheaper deployment of interoperable and scalable public services.

The SUNFISH platform therefore focuses on enabling the sharing of data between potentially untrusted entities while protecting the sensitive data of each entity. This is achieved through several components for controlled data sharing between services provided by different private clouds, to be invoked when the mechanism they provide is the most efficient.

The cloud federation is intended to enable the management and optimisation of computing resources in a secure and compliant manner across the cloud federation to deliver business services for end users. A distributed infrastructure allows intelligent and dynamic assignment of processing resources to tasks, or workloads, based on criteria such as business process priorities, resource availability, security protocols and event scheduling.

In order to ensure that the various components of the federated infrastructure all work well individually, as well as interoperate collectively as a cohesive whole, the different SUNFISH subsystems underwent a testing process tailored to determine whether the system performance meets the required specifications and quality attributes by validating them against a set of predetermined use cases that address the specific challenges faced by the Italian Ministry of Economy and Finance, the Maltese Ministry of Finance as well as by the UK South East Regional Cyber Crime Unit.

Use case 1: On-line services for managing personnel salary accounts.

Use case 2: Use of Public Cloud PaaS to host SaaS and/or to integrate with commercial SaaS solutions and an entity’s own private cloud to provide data to the entity, while ensuring data confidentiality, integrity and availability.

Use case 3: Cloud federation-based system allowing searching and sharing of cyber-crime evidences while enforcing computation and data sharing requirements for sensible data managed.