A cost-benefit analysis (CBA) is an analytical tool for assessing the advantages and disadvantages of moving forward with a business proposal or project. By using a cost-benefit analysis template, Activities can identify quantitative and monetary estimates to determine whether to pursue an initiative, tweak it or abandon it completely.

This document is your template for producing a GEANT cost benefit analysis. The CBA is created for the GEANT PMO by a project sponsor, department or unit seeking funding, approval, or both for an activity, initiative, or project.


The CBA is created and maintained by the GEANT Activity Leader.


Ann Harding, Alan Lewis,  Niels van Dijk, Christos Kanellopoulos, Marina Ad omeit


24. January 2019


GN4-2 JRA3, SA2


GN4-2 JRA3/ T2 and SA2/T2


1 Executive Summary

1.1 Summary

1.2 Recommendation

1.3 Financial summary

2 Background Information

2.1 Organisational Overview

2.1.1 Service vision & goals

2.1.2 Service overview eduTEAMS Service eduTEAMS Dedicated eduTEAMS Bespoke

2.1.3 Business and Delivery model eduTEAMS Service eduTEAMS Dedicated eduTEAMS Bespoke

2.1.4 Community Need

2.1.5 Drivers for Change

2.1.6 Outcomes of Pilot

2.1.7 Production KPIs:

3 Description Of Alternatives Considered

3.1 Option 1 – Do not move the service to production and withdraw from this space

3.2 Option 2 – Offer only one service/serve only one customer segment.

3.3 Option 3 – Provide the three offerings as documented, target research communities, especially in the context of EOSC

4 Benefits / Impacts

4.1 Benefits to GÉANT Community

4.2 Benefits to Research Communities/NRENs adopting the eduTEAMS

1                 Executive Summary

1.1           Summary

This cost benefit analysis proposes to finalise the transition of eduTEAMS to production service, target ing general availability of the eduTEAMS offerings for research communities .

eduTEAMS enables researchers, students and other members of the research and education community to create and manage virtual teams and securely access and share common resources and services using federated identities from eduGAIN and trusted Identity Providers.

For further information see:

1.2           Recommendation

Following the design and successful implementation of the technical components of eduTEAMS, the piloting activities and th e inclusion of the service in the Service Catalogue of the European Open Science Cloud (EOSC) through EOSC-hub implementation project , this CBA recommends that eduTEAMS offerings transition to production.

Three eduTEAMS offerings are defined for research communities:

      eduTEAMS S ervice platform operated and owned by GÉANT in the context of the GN4 project, targeted at small and medium communities and/or the long tail collaborations.

      eduTEAMS D edicated GÉANT can host and operate a dedicated instance of the eduTEAMS platform for a community. The eduTEAMS Dedicated offering will still be operated and maintained by GEANT, but with the flexibility to have policies, configuration and branding  tailored to each community.

      eduTEAMS B espoke For communities who require tailor-made functionalities that are not available in any of the other offerings, such as integration with custom back-office and front-office systems, GÉANT may provide bespoke solutions based on eduTEAMS Service, which can include a combination of consultancy, development and hosting of the service .

Transition to service has followed a phased roll-out approach. In the initial phase, after the successful completion of the technical piloting activities, eduTEAMS has been made available to research communities in the context of EOSC and to a limited set of other strategically important communities. Following the initial phase and the transition through the production gate, the offerings will become generally available to research communities and NRENs will be included in a staged approach, starting at first with a limited set. If the eduTEAMS offering for NRENs will need to be further evolved in a manner that results in changes to the offering described in this CBA, a development cycle that will result in update of this CBA may be initiated.

eduTEAMS has a pipeline of communities interested in using the service, and once the initial service is rolled out further engagements will take place to address additional ones. The initial set includes:

      Life Science AAI  (CORBEL)

CORBEL and EOSC-Life are cluster initiatives of the life science biological and medical research infrastructures (BMS RIs), which together create a platform for harmonised user access to biological and medical technologies, biological samples and data services required by cutting edge biomedical research. The Life Science Science is delivered to the Life Science Community through a collaboration between GÉANT, EGI and EUDAT. This is a bespoke implementation of eduTEAMS.

      Photon and Neutron community (PaNOSC - UmbrellaID)
The project PaNOSC, Photon and Neutron Open Science Cloud is one of five cluster projects funded under the European H2020 programme. By bringing together six strategic European research infrastructures (ESRF, CERIC-ERIC, ELI-DC, the European Spallation Source, European XFEL and Institut Laue-Langevin, ILL) and the e-infrastructures EGI and GEANT, PaNOSC will contribute to the construction and development of the EOSC, an ecosystem allowing universal and cross-disciplinary open access to data through a single access point, for researchers in all scientific fields. eduTEAMS has been chosen by the Photon and Neutron community as the replacement of the existing umbrellaID federated identity system.

      FENIX Research Infrastructure

The European ICEI project is funded by the European Commission and is formed by the leading European Supercomputing Centres BSC (Spain), CEA (France), CINECA (Italy), ETH Zuerich/CSCS (Switzerland) and Forschungszentrum Juelich/JSC (Germany). The ICEI project plans to deliver a set of e-infrastructure services that will be federated to form the Fenix Infrastructure. The distinguishing characteristic of this e-infrastructure is that data repositories and scalable supercomputing systems will be in close proximity and well integrated. The European Human Brain Project will be the initial prime user of this research infrastructure. It will take care of developing the community-specific services on top of the Fenix infrastructure services. Part of the resources within the ICEI infrastructure will be provided to European researches at large through PRACE .

SURFnet has a similar offering to eduTEAMS called the Science Collaboration Zone (SCZ), but have been interested in outsourcing parts of this system to eduTEAMS. SURFnet is one of NRENs that eduTEAMS is working with to further evolve the offering to NRENs. 

This is an implementation of the dedicated offering which could be integrated into their Assent offering which uses federated identity to access a range of applications. Further customisation may be required and this may be the subject of eduTEAMS Bespoke offering, but in the first instance JISC have interest in the shared service. JISC could be another NRENs that eduTEAMS is working with to further evolve the offering to NRENs.

In addition, the eduTEAMS offerings are also available in EOSC through the initial EOSC implementation project phase (EOSC-hub) allowing access by a diverse set of scientific communities in Biomedical Sciences, Astronomy, Earth Sciences, Atmospheric Physics, Fusion Physics and Oceanography. The eduTEAMS Service has been integrated the EOSC AAI and has been successfully connected to the e-Infrastrurcture proxies of EGI, EUDAT, GÉANT and EOSC-Portal.

1.3           Financial summary

Following table presents the cost of service development and production, that will be covered by the GÉANT project in GN4-3 phase which will last from January 2019 until December 2022. 

Recommended Approach – Summary information for GN4-3

Cost Information

Per year

For GN4-3 duration 2019-2022

Development cost



Production and support cost



Total Costs /  Income available




2                 Background Information

2.1           Organisational Overview

2.1.1 Service vision & goals

In digital research environments, access to digital resources is regulated by a uthentication and authorization infrastructures (AAI). T he research and education sector champions federated access as a mechanism to reduce the number of credentials for the users, whilst at the same time enabling them access to more resources once the users authenticate (Single Sign On). This approach also preserves privacy and complies with the GDPR regulation. A federated AAI  is challenging because services have to trust and rely on the authentication performed by different identity providers. As this number grows, there is an increased risk of the multiplication of ad hoc identities, and maintaining trust among all the parties is even more challenging. These well-known issues have driven National Research and Education Networks (NR ENs) to create identity   federations and at the international/interfederated level, this has led to the establishment of the eduGAIN serv ice . Identity federations deploy technical and contractual mechanisms to establish trust among all the entities participating in a national R&E federation; eduGAIN scales this trust at global level.

In this federated and interfederated structure, however, the collaborative, transorganizational dimension of research activities is still challenging. Many research communities can be described as virtual organisations: they bring together end-users who usually already belong to their (home) organisations and communities . Users are distributed over different countries, most often collaborate for a rather limited period of time, e.g. the duration of an H2020 project.  At a technical and administrative level, these virtual organisations do not necessarily have resources or expertise to deploy and manage more complex AAI solutions that use eduGAIN.

eduTEAMS aims to serve the needs of these communities . It envisions that GÉANT can address the above mentioned issues with segmented service offerings based on a common set of software that uses the underlying infrastructure of eduGAIN and combines home organisational identities with additional community information to support fine grained authorisation decisions that are fully controlled by the research communities . Additionally, where organisations are not members of eduGAIN , eduTEAMS will provide support for using guest and social identities.

eduTEAMS aims to address the full gamut of virtual organisations by offering a segmented set of offerings. For smaller virtual organisations a shared service owned and operated by GÉANT is offered as an eduTEAMS branded service to the hundreds or thousands of virtual organisations with a small number of members. For larger communities or NRENS wishing to offer a service to their communities and members, they can take advantage of a eduTEAMS D edicated offering operated by GÉANT which is owned and branded by the NREN or community. Finally, for situations where the eduTEAMS D edicated offering does not exactly meet the needs of the community a eduTEAMS B espoke offering is possible subject to a review the requirements and an examination of GÉANT’s ability to deliver such customisation.

2.1.2 Service overview

Within eduTEAMS, three clear offerings are identified: Service, Dedicated and Bespoke offerings. Those can meet the needs of research communities and are particularly suitable for providing access to EOSC services. The features and functionality of the offerings leverage a common set of infrastructure and components for delivery. The functionality of the eduTEAMS Service and the eduTEAMS Dedicated offerings are described at . The functionality of the eduTEAMS Bespoke will vary depending on the requirements and will be detailed as a part of the definition process of such an offering.                  eduTEAMS Service

      Multi-tenant service that can be used by small medium research communities and the long tail of s cience”;

      Owned by GÉANT and operated by GÉANT project;

      eduTEAMS branding & eduTEAMS community identifier;

      Community has to follow the eduTEAMS S ervice policies;

      Connected to EOSC (GEANT, EGI and EUDAT services).                  eduTEAMS Dedicated

      Single tenant service offering, specific to a community;

      Owned by the community, piloted with the community in the GÉANT project, operated by GÉANT organisation;

      Community branding & community specific identifier;

      Community managed policies;

      Connected to EOSC (GEANT, EGI and EUDAT services);

      Connected to community services as specified by the customer.                  eduTEAMS Bespoke

      Custom  solution, tailored to the community requirements;

      Typically involves a subset of components which are used in the other eduTEAMs offerings;

      May include expertise/custom integration of components  into customer’s particular environment;

      Ownership model depends on the solution. The expectation is that the service would be operated by GÉANT organisation;

      Service delivery is accepted on a case by case basis and subject to individual strategic analysis/feasibility assessments based on the nature of changes, effort involved and the desirability of satisfying the opportunity.

2.1.3 Business and Delivery model

Model for cost recovery and delivery of the eduTEAMS Service will be:

      Delivered at no cost to all communities in R&E domain;

      Sustained via development, pilot and operational funding in GN4-3 on behalf of the community;

      Candidate for inclusion in the cost sharing model in the event that project funding is no longer available;

      Fully developed and operated by the GÉANT project, via collaboration of the GÉANT project partners. GÉANT project is also responsible for ensuring the specific platform policies and data protection requirements are adhered to;

      The delivery can be channelled through the NRENs, their respective Identity Federations or GÉANT.

Model f or cost recovery and delivery of the eduTEAMS Service will be:

      D elivered at no cost to all communities in R&E domain ;

      S ustained via development , pilot and operational funding in GN4-3 on behalf of the community;

      C andidate for inclusion in the cost sharing model in the event that project funding is no longer available ;

      Fully developed and operated by the GÉANT project, via collaboration of the GÉANT project partners. GÉANTproject is also responsible for ensuring the specific platform policies and data protection requirements are adhered to;

      The delivery can be channelled through the NRENs, their respective Identity Federations or GÉANT .                  eduTEAMS Dedicated

Model for cost recovery and delivery o f the eduTEAMS D edicated offering will be:

      Sustained by the communities/NRENs who ordered the service, based on cost recovery schema. Costs may be recovered by direct billing of the customer, participation in EC funded projects etc [AL8] [M9] ;

      Development and piloting of the offering are sustained via funding available in GN4-3 project, and is delivered by the GN4-3 project;

      Service is operated by the GÉANT [AL10] [M11] leveraging on the same foundation of collaborative partners like in the eduTEAMS Service;

      Community or NREN who uses the service are responsible for ensuring their policies and data protection requirements are adhered to;

      The delivery can be channelled through the NRENs, their respective Identity Federations or GÉANT.

The exact business model can be a subject to case by case basis (similarly like for GÉANT network services), and this CBA may be amended after a certain number of deployed eduTEAMS Dedicated instances to reflect typical models used [AL12] [M13] .                  eduTEAMS Bespoke

Model f or cost recovery and delivery of the eduTEAMS B espoke service will be:

      Eligibility for service will be considered on a case by case basis by GÉANT ;

      Custom pricing and cost recovery mechanisms. This may include, but is not limited to:

      Sustaining by billing the community for the eduTEAMS B espoke costs;

      Participation in EC funded projects in order to recover costs.

      Development and piloting of the offering are sustained via funding available in GN4-3 project, and is delivered by the GN4-3 project. As shown in the diagram above this will depend on whether the results of the development can be used by the eduTEAMS Service or Bespoke offerings;

      Service is operated by the GÉANT leveraging on the same foundation of collaborative partners like in the eduTEAMS Service.

      Community or NREN who uses the service are responsible for ensuring their policies and data protection requirements are adhered to;

      The delivery can be channelled through the NRENs, their respective Identity Federations or GÉANT.

The exact business model for eduTEAMS Bespoke can be determined on a case by case basis (similarly like for GÉANT network [AL14] [M15] services), and this CBA may be amended after a certain number of deployed eduTEAMS Bespoke instances to reflect typical models used.

2.1.4 Community Need

Initial community need is outlined in D9.2 Market Analysis for Virtual Organisation Platform as a Service , i ncluding a detailed description of stakeholders.

Based on data from CORDIS [ ], of the 13643 projects funded by the EU under H2020 from 2014 to 2020, over 4000 have more than one participant organisation and therefore by implication have collaboration requirements. This represents the long tail of research collaboration, for which the basic use case for multi-tenant service has been identified.

The CORDIS data also provides support for the validity of this use case. Taking GÉANT as an example, it is a 40+ participant project. However, in reality there are over 400 individuals needing to be on-boarded based on project-based roles and given access to a wide range of services that change over time. This is supported by the CAMS system, which is architecturally the forerunner of eduTEAMS and based on the same core component set. While there are only 38 projects noted in Horizon2020 with 40 or more participants, the probable individual complexity of the projects supports both the scale and approach of the advanced use case. There is a need for complex AAI platforms, but the size of the market allows for customised approaches.

Many eduGAIN members do not have any collaborative platform in place, or mainly focus on national collaboration. A platform offered by GÉANT would truly enable pan- European collaboration beyond borders. Furthermore, with the use of the external ID provider the platform would allow users from outside the R&E community to access connected Services, it would enable collaboration across different sectors without requiring r&e users to create new accounts.

The 2016 annual REFEDS survey [] provides important information that enhances this. In particular, information gathered on staffing and funding at federations indicate a significant number of federations have very little resource and would not be able to offer much beyond a bare minimum federation registry. The majority have a annual budget of below 300,000 EUR and staffing below 2.5 FTE.

Even where federations would be capable of delivering collaboration management services within their organisation, or do so already, research collaborations are increasingly less tied to a single country. Each federation with an equivalent service would have to open it beyond their borders and support additional users. This could also lead to a single research community having to work with several federations simultaneously to combine infrastructure which undermines one of the advantages of eduGAIN. NRENS including JISC and SURFnet are looking to replace or extend legacy systems in this space both for their own needs and also for requirements within their communities.

2.1.5 Drivers for Change

Taking a devil's advocate position, it could be argued that we are positioning the service in direct competition with seemingly similar services as those from EGI and EUDAT or Indigo Data Cloud. These are targeted at the same group of large panEU VOs. It might be perceived we have a disadvantage in this area, as we are last in the field.

However, strategically, if GÉANT abdicates any role in the higher layer AAI services, it will be significantly more difficult to claim lead positions in development projects beyond GN4-3, and to adequately protect the interests of existing services such as eduGAIN or federation interests.

More positively, there is still space in the market for another service offering . By positioning eduTEAMS as a truly service-neutral platform, and providing flexibility and choice among the service offerings, we have the possibility to address several segments of the market. The proposed service offerings interoperate with the existing services in the context of EOSC, including the EOSC AAI gateway. Finally, the eduTEAMS platform also enables NRENs to offer collaborative AAI services and access to EOSC services on a national level.

2.1.6 Outcomes of Pilot

The pilot has successfully engaged with a number of virtual organisations as a result of participation in the Lifesciences AAI project which was a key success criteria. In addition eduTEAMS have met the criteria of having at least three communities interested in using eduTEAMS through work with the Life Sciences community, the Photon and Neutron community and the FENIX community.

On the NREN front there are at least 2 NRENS actively looking at using eduTEAMS in production meeting the KPI for commitment and several NRENS have also tested and evaluated eduTEAMS meeting the final criteria for success.

The diverse feedbacks and requirements from these pilots contributed to the decision to identify three eduTEAMS offerings.

2.1.7 Production KPIs [AL16] [M17] [AL18] :

This CBA using the following KPIs for the production service:

KPI1: Service quality

      Web UI availability for the eduTEAMS Service; Target: 99%.    

KPI2: Service uptake

      Number of service providers connected across all three eduTEAMS offerings; Target: 10

3                 Description Of Alternatives Considered

3.1           Option 1 – Do not move the service to production and withdraw from this space

Other e-Infrastructures, such as EUDAT and EGI have developed collaboration platforms e.g.   B2ACCESS ( and EGI CheckIn Service respectively. GÉANT could choose to cease development and leave the middleware space to other infrastructures. This is very strongly opposed as an approach for the following reasons:

      If GÉANT does not position a higher level AAI service beyond eduGAIN, the position of eduGAIN is weakened and the position of GÉANT in this space even more so .

      Choice for research infrastructures is restricted to EUDAT and EGI solutions. Some research communities have expressed a preference for G É ANT to be involved in AAI service delivery for EOSC in particular.

      Without concrete action from GÉANT to implement services identified by AARC and FIM4R, GÉANT loses its strategic authority to be a lead or coordinating partner for future projects in those environments.

      NRENs would have to take services in this space from an e-Infrastructure other than G É ANT or develop in house.

3.2           Option 2 – Offer only one service/serve only one customer segment.

The GN4-1 VO survey encompassed community use cases with established AAI of different maturity levels. This highlighted the need for GÉANT to not only provide a service for the communities that are already working with, or towards adopting AAI infrastructures (suitable for eduTEAMS Dedicated and Bespoke offerings ), but also for the smaller and long tail. It is expected that the latter communities will be less familiar with AAI concepts and therefore may prefer a less complex scenario to start with, but that their needs will grow as they understand the potential of adopting these infrastructures.

Findings from the eduTEAMS pilot have indicated that the same infrastructure and offerings has sufficient flexibility to also able to meet the needs of NRENs. Restricting to only one type of user at this stage would impact KPIs negatively. This option is therefore not recommended as GÉANT should provide a segmented offering.

3.3           Option 3 – Provide the three offerings as documented, target research communities, especially in the context of EOSC

This is the recommended option for the reasons provided throughout the document.

4                      Benefits / Impacts

4.1           Benefits to GÉANT Community

Benefits to GÉANT Community can be summarised to the following:

      Reinforcement of strategic position in AAI, supporting the role of eduGAIN and (national) identity federation in EOSC and other NREN initiatives.

      Collaborative development and delivery of group management systems, also for NREN's own use.

      Economies of scale on platform delivery.

4.2           Benefits to Research Communities/NRENs adopting the eduTEAMS

Benefits to collaborations are compared against what it would cost in terms of time, effort and expertise to to obtain the same functionality without using the service. This includes:

    Ability for community to support their users in managing access and authorization towards services in a consistent and automated way.

    eduTEAMS allows the community to add additional profile and membership information to existing user identities. As such this allows the community to leverage eduGAIN, not having to do identity management and reduc es the onboarding of new members.

    R e duced need to build expertise around AAI, interfederation, technical protocols (SAML), technical infrastructure (VM infrastructure, network), expertise for individual components (SAML SP/IdP, database, load balancer, etc) . T his frees up resources in the collaboration to spend more time on their core business.

    Provides streamlined access to EOSC services.


