Page tree

 

 

Cost Benefit Analysis

(CBA)

 

Purpose:

 

A cost-benefit analysis (CBA) is an analytical tool for assessing the advantages and disadvantages of moving forward with a business proposal or project. By using a cost-benefit analysis template, Activities can identify quantitative and monetary estimates to determine whether to pursue an initiative, tweak it or abandon it completely.

This document is your template for producing a GEANT cost benefit analysis. The CBA is created for the GEANT PMO by a project sponsor, department or unit seeking funding, approval, or both for an activity, initiative, or project.

 

Created by:

The CBA is created and maintained by the GEANT Activity Leader.

 

Submit to:

projectdocumentation@geant.org (the GÉANT Project Office).

 

 

CBA Information

 

Project Name:

eduTEAMS

 

CBA Author:

Ann Harding, Alan Lewis,  Niels van Dijk, Christos Kanellopoulos, Marina Ad omeit

 

CBA Code:

 

 

Project Type/Size

Medium/Large

 

Date submitted

24. January 2019

 

Activity (if applicable)

GN4-2 JRA3, SA2

 

Task(if applicable)

GN4-2 JRA3/ T2 and SA2/T2

 

Gate Approval Meeting

 

Decision:

 

 

Date of Meeting:

 

 

Comments:

 

 

Table of Contents

1 Executive Summary

1.1 Summary

1.2 Recommendation

1.3 Financial summary

2 Background Information

2.1 Organisational Overview

2.1.1 Service vision & goals

2.1.2 Service overview

2.1.2.1 eduTEAMS Service

2.1.2.2 eduTEAMS Dedicated

2.1.2.3 eduTEAMS Bespoke

2.1.3 Business and Delivery model

2.1.3.1 eduTEAMS Service

2.1.3.2 eduTEAMS Dedicated

2.1.3.3 eduTEAMS Bespoke

2.1.4 Community Need

2.1.5 Drivers for Change

2.1.6 Outcomes of Pilot

2.1.7 Production KPIs:

3 Description Of Alternatives Considered

3.1 Option 1 – Do not move the service to production and withdraw from this space

3.2 Option 2 – Offer only one service/serve only one customer segment.

3.3 Option 3 – Provide the three offerings as documented, target research communities, especially in the context of EOSC

4 Benefits / Impacts

4.1 Benefits to GÉANT Community

4.2 Benefits to Research Communities/NRENs adopting the eduTEAMS


1                 Executive Summary

1.1           Summary

This cost benefit analysis proposes to finalise the transition of eduTEAMS to production service, target ing general availability of the eduTEAMS offerings for research communities .

eduTEAMS enables researchers, students and other members of the research and education community to create and manage virtual teams and securely access and share common resources and services using federated identities from eduGAIN and trusted Identity Providers.

For further information see: https://wiki.geant.org/display/timops/eduTEAMS+-+Service+Description

1.2           Recommendation

Following the design and successful implementation of the technical components of eduTEAMS, the piloting activities and th e inclusion of the service in the Service Catalogue of the European Open Science Cloud (EOSC) through EOSC-hub implementation project , this CBA recommends that eduTEAMS offerings transition to production.

Three eduTEAMS offerings are defined for research communities:

      eduTEAMS S ervice platform operated and owned by GÉANT in the context of the GN4 project, targeted at small and medium communities and/or the long tail collaborations.

      eduTEAMS D edicated GÉANT can host and operate a dedicated instance of the eduTEAMS platform for a community. The eduTEAMS Dedicated offering will still be operated and maintained by GEANT, but with the flexibility to have policies, configuration and branding  tailored to each community.

      eduTEAMS B espoke For communities who require tailor-made functionalities that are not available in any of the other offerings, such as integration with custom back-office and front-office systems, GÉANT may provide bespoke solutions based on eduTEAMS Service, which can include a combination of consultancy, development and hosting of the service .

Transition to service has followed a phased roll-out approach. In the initial phase, after the successful completion of the technical piloting activities, eduTEAMS has been made available to research communities in the context of EOSC and to a limited set of other strategically important communities. Following the initial phase and the transition through the production gate, the offerings will become generally available to research communities and NRENs will be included in a staged approach, starting at first with a limited set [AL1] [M2] [AL3] . If the eduTEAMS offering for NRENs will need to be further evolved in a manner that results in changes to the offering described in this CBA, a development cycle that will result in update of this CBA may be initiated [AL4] [M5] .

eduTEAMS has a pipeline of communities interested in using the service, and once the initial service is rolled out further engagements will take place to address additional ones. The initial set includes:

      Life Science AAI  (CORBEL)

CORBEL and EOSC-Life are cluster initiatives of the life science biological and medical research infrastructures (BMS RIs), which together create a platform for harmonised user access to biological and medical technologies, biological samples and data services required by cutting edge biomedical research. The Life Science Science is delivered to the Life Science Community through a collaboration between GÉANT, EGI and EUDAT. This is a bespoke implementation of eduTEAMS.

      Photon and Neutron community (PaNOSC - UmbrellaID)
The project PaNOSC, Photon and Neutron Open Science Cloud is one of five cluster projects funded under the European H2020 programme. By bringing together six strategic European research infrastructures (ESRF, CERIC-ERIC, ELI-DC, the European Spallation Source, European XFEL and Institut Laue-Langevin, ILL) and the e-infrastructures EGI and GEANT, PaNOSC will contribute to the construction and development of the EOSC, an ecosystem allowing universal and cross-disciplinary open access to data through a single access point, for researchers in all scientific fields. eduTEAMS has been chosen by the Photon and Neutron community as the replacement of the existing umbrellaID federated identity system.

      FENIX Research Infrastructure

The European ICEI project is funded by the European Commission and is formed by the leading European Supercomputing Centres BSC (Spain), CEA (France), CINECA (Italy), ETH Zuerich/CSCS (Switzerland) and Forschungszentrum Juelich/JSC (Germany). The ICEI project plans to deliver a set of e-infrastructure services that will be federated to form the Fenix Infrastructure. The distinguishing characteristic of this e-infrastructure is that data repositories and scalable supercomputing systems will be in close proximity and well integrated. The European Human Brain Project will be the initial prime user of this research infrastructure. It will take care of developing the community-specific services on top of the Fenix infrastructure services. Part of the resources within the ICEI infrastructure will be provided to European researches at large through PRACE .

      SURFnet
SURFnet has a similar offering to eduTEAMS called the Science Collaboration Zone (SCZ), but have been interested in outsourcing parts of this system to eduTEAMS. SURFnet is one of NRENs that eduTEAMS is working with to further evolve the offering to NRENs. 

      JISC
This is an implementation of the dedicated offering which could be integrated into their Assent offering which uses federated identity to access a range of applications. Further customisation may be required and this may be the subject of eduTEAMS Bespoke offering, but in the first instance JISC have interest in the shared service. JISC could be another NRENs that eduTEAMS is working with to further evolve the offering to NRENs.

In addition, the eduTEAMS offerings are also available in EOSC through the initial EOSC implementation project phase (EOSC-hub) allowing access by a diverse set of scientific communities in Biomedical Sciences, Astronomy, Earth Sciences, Atmospheric Physics, Fusion Physics and Oceanography. The eduTEAMS Service has been integrated the EOSC AAI and has been successfully connected to the e-Infrastrurcture proxies of EGI, EUDAT, GÉANT and EOSC-Portal.

1.3           Financial summary

Following table presents the cost of service development and production, that will be covered by the GÉANT project in GN4-3 phase which will last from January 2019 until December 2022. 

Recommended Approach – Summary information for GN4-3

Cost Information

Per year

For GN4-3 duration 2019-2022

Development cost

€89,791.25

€359,165.00

Production and support cost

€207,635.75

€830,543.00

Total Costs /  Income available

€297,427.00

€1,189,708.00

 


2                 Background Information

2.1           Organisational Overview

2.1.1 Service vision & goals

In digital research environments, access to digital resources is regulated by a uthentication and authorization infrastructures (AAI). T he research and education sector champions federated access as a mechanism to reduce the number of credentials for the users, whilst at the same time enabling them access to more resources once the users authenticate (Single Sign On). This approach also preserves privacy and complies with the GDPR regulation. A federated AAI  is challenging because services have to trust and rely on the authentication performed by different identity providers. As this number grows, there is an increased risk of the multiplication of ad hoc identities, and maintaining trust among all the parties is even more challenging. These well-known issues have driven National Research and Education Networks (NR ENs) to create identity   federations and at the international/interfederated level, this has led to the establishment of the eduGAIN serv ice . Identity federations deploy technical and contractual mechanisms to establish trust among all the entities participating in a national R&E federation; eduGAIN scales this trust at global level.

In this federated and interfederated structure, however, the collaborative, transorganizational dimension of research activities is still challenging. Many research communities can be described as virtual organisations: they bring together end-users who usually already belong to their (home) organisations and communities . Users are distributed over different countries, most often collaborate for a rather limited period of time, e.g. the duration of an H2020 project.  At a technical and administrative level, these virtual organisations do not necessarily have resources or expertise to deploy and manage more complex AAI solutions that use eduGAIN.

eduTEAMS aims to serve the needs of these communities . It envisions that GÉANT can address the above mentioned issues with segmented service offerings based on a common set of software that uses the underlying infrastructure of eduGAIN and combines home organisational identities with additional community information to support fine grained authorisation decisions that are fully controlled by the research communities . Additionally, where organisations are not members of eduGAIN , eduTEAMS will provide support for using guest and social identities.

eduTEAMS aims to address the full gamut of virtual organisations by offering a segmented set of offerings. For smaller virtual organisations a shared service owned and operated by GÉANT is offered as an eduTEAMS branded service to the hundreds or thousands of virtual organisations with a small number of members. For larger communities or NRENS wishing to offer a service to their communities and members, they can take advantage of a eduTEAMS D edicated offering operated by GÉANT which is owned and branded by the NREN or community. Finally, for situations where the eduTEAMS D edicated offering does not exactly meet the needs of the community a eduTEAMS B espoke offering is possible subject to a review the requirements and an examination of GÉANT’s ability to deliver such customisation.

2.1.2 Service overview

Within eduTEAMS, three clear offerings are identified: Service, Dedicated and Bespoke offerings. Those can meet the needs of research communities and are particularly suitable for providing access to EOSC services. The features and functionality of the offerings leverage a common set of infrastructure and components for delivery. The functionality of the eduTEAMS Service and the eduTEAMS Dedicated offerings are described at https://wiki.geant.org/display/eduTEAMS . The functionality of the eduTEAMS Bespoke will vary depending on the requirements and will be detailed as a part of the definition process of such an offering.

 

2.1.2.1                  eduTEAMS Service

      Multi-tenant service that can be used by small medium research communities and the long tail of s cience”;

      Owned by GÉANT and operated by GÉANT project;

      eduTEAMS branding & eduTEAMS community identifier;

      Community has to follow the eduTEAMS S ervice policies;

      Connected to EOSC (GEANT, EGI and EUDAT services).

2.1.2.2                  eduTEAMS Dedicated

      Single tenant service offering, specific to a community;

      Owned by the community, piloted with the community in the GÉANT project, operated by GÉANT organisation;

      Community branding & community specific identifier;

      Community managed policies;

      Connected to EOSC (GEANT, EGI and EUDAT services);

      Connected to community services as specified by the customer.

2.1.2.3                  eduTEAMS Bespoke

      Custom  solution, tailored to the community requirements;

      Typically involves a subset of components which are used in the other eduTEAMs offerings;

      May include expertise/custom integration of components  into customer’s particular environment;

      Ownership model depends on the solution. The expectation is that the service would be operated by GÉANT organisation;

      Service delivery is accepted on a case by case basis and subject to individual strategic analysis/feasibility assessments based on the nature of changes, effort involved and the desirability of satisfying the opportunity.

2.1.3 Business and Delivery model

The business model for each of the eduTEAMS offerings is based on cost recovery rather than generation of margin. The purpose of this choice is to reinforce the position of GÉANT as a friendly neutral partner in the e-Infrastructure commons. Depending on the service offering, the service is either delivered and funded by the GÉANT project, or it is delivered via GÉANT Association and funded by the community. In each of those cases, the service development and operations teams are fundamentally the same but the streams of funding and formal delivery channels may be different. The means of delivery of eduTEAMS Dedicated and Bespoke offerings by GÉANT Association will differ in case by case basis and it can imply participating in other projects and similar (like for LSAAI). Funding and delivery of development efforts for eduTEAMS Bespoke will depend whether new features can become part of the eduTEAMS Service and/or Dedicated, [AL6] [M7] and if so, it will be delivered and funded by GÉANT project and vice versa founded by the user and delivered by the GÉANT Association. This is reflected in the following image, and explained further in this chapter.

2.1.3.1                  eduTEAMS Service

Model f or cost recovery and delivery of the eduTEAMS Service will be:

      D elivered at no cost to all communities in R&E domain ;

      S ustained via development , pilot and operational funding in GN4-3 on behalf of the community;

      C andidate for inclusion in the cost sharing model in the event that project funding is no longer available ;

      Fully developed and operated by the GÉANT project, via collaboration of the GÉANT project partners. GÉANTproject is also responsible for ensuring the specific platform policies and data protection requirements are adhered to;

      The delivery can be channelled through the NRENs, their respective Identity Federations or GÉANT .

2.1.3.2                  eduTEAMS Dedicated

Model for cost recovery and delivery o f the eduTEAMS D edicated offering will be:

      Sustained by the communities/NRENs who ordered the service, based on cost recovery schema. Costs may be recovered by direct billing of the customer, participation in EC funded projects etc [AL8] [M9] ;

      Development and piloting of the offering are sustained via funding available in GN4-3 project, and is delivered by the GN4-3 project;

      Service is operated by the GÉANT [AL10] [M11] leveraging on the same foundation of collaborative partners like in the eduTEAMS Service;

      Community or NREN who uses the service are responsible for ensuring their policies and data protection requirements are adhered to;

      The delivery can be channelled through the NRENs, their respective Identity Federations or GÉANT.

The exact business model can be a subject to case by case basis (similarly like for GÉANT network services), and this CBA may be amended after a certain number of deployed eduTEAMS Dedicated instances to reflect typical models used [AL12] [M13] .

2.1.3.3                  eduTEAMS Bespoke

Model f or cost recovery and delivery of the eduTEAMS B espoke service will be:

      Eligibility for service will be considered on a case by case basis by GÉANT ;

      Custom pricing and cost recovery mechanisms. This may include, but is not limited to:

      Sustaining by billing the community for the eduTEAMS B espoke costs;

      Participation in EC funded projects in order to recover costs.

      Development and piloting of the offering are sustained via funding available in GN4-3 project, and is delivered by the GN4-3 project. As shown in the diagram above this will depend on whether the results of the development can be used by the eduTEAMS Service or Bespoke offerings;

      Service is operated by the GÉANT leveraging on the same foundation of collaborative partners like in the eduTEAMS Service.

      Community or NREN who uses the service are responsible for ensuring their policies and data protection requirements are adhered to;

      The delivery can be channelled through the NRENs, their respective Identity Federations or GÉANT.

The exact business model for eduTEAMS Bespoke can be determined on a case by case basis (similarly like for GÉANT network [AL14] [M15] services), and this CBA may be amended after a certain number of deployed eduTEAMS Bespoke instances to reflect typical models used.

2.1.4 Community Need

Initial community need is outlined in D9.2 Market Analysis for Virtual Organisation Platform as a Service , i ncluding a detailed description of stakeholders.

Based on data from CORDIS [ https://data.europa.eu/euodp/en/data/dataset/cordisH2020projects ], of the 13643 projects funded by the EU under H2020 from 2014 to 2020, over 4000 have more than one participant organisation and therefore by implication have collaboration requirements. This represents the long tail of research collaboration, for which the basic use case for multi-tenant service has been identified.

The CORDIS data also provides support for the validity of this use case. Taking GÉANT as an example, it is a 40+ participant project. However, in reality there are over 400 individuals needing to be on-boarded based on project-based roles and given access to a wide range of services that change over time. This is supported by the CAMS system, which is architecturally the forerunner of eduTEAMS and based on the same core component set. While there are only 38 projects noted in Horizon2020 with 40 or more participants, the probable individual complexity of the projects supports both the scale and approach of the advanced use case. There is a need for complex AAI platforms, but the size of the market allows for customised approaches.

Many eduGAIN members do not have any collaborative platform in place, or mainly focus on national collaboration. A platform offered by GÉANT would truly enable pan- European collaboration beyond borders. Furthermore, with the use of the external ID provider the platform would allow users from outside the R&E community to access connected Services, it would enable collaboration across different sectors without requiring r&e users to create new accounts.

The 2016 annual REFEDS survey [https://geant.app.box.com/s/8f30ptw5houmauurfqfupw3ruz3x9enu] provides important information that enhances this. In particular, information gathered on staffing and funding at federations indicate a significant number of federations have very little resource and would not be able to offer much beyond a bare minimum federation registry. The majority have a annual budget of below 300,000 EUR and staffing below 2.5 FTE.

Even where federations would be capable of delivering collaboration management services within their organisation, or do so already, research collaborations are increasingly less tied to a single country. Each federation with an equivalent service would have to open it beyond their borders and support additional users. This could also lead to a single research community having to work with several federations simultaneously to combine infrastructure which undermines one of the advantages of eduGAIN. NRENS including JISC and SURFnet are looking to replace or extend legacy systems in this space both for their own needs and also for requirements within their communities.

2.1.5 Drivers for Change

Taking a devil's advocate position, it could be argued that we are positioning the service in direct competition with seemingly similar services as those from EGI and EUDAT or Indigo Data Cloud. These are targeted at the same group of large panEU VOs. It might be perceived we have a disadvantage in this area, as we are last in the field.

However, strategically, if GÉANT abdicates any role in the higher layer AAI services, it will be significantly more difficult to claim lead positions in development projects beyond GN4-3, and to adequately protect the interests of existing services such as eduGAIN or federation interests.

More positively, there is still space in the market for another service offering . By positioning eduTEAMS as a truly service-neutral platform, and providing flexibility and choice among the service offerings, we have the possibility to address several segments of the market. The proposed service offerings interoperate with the existing services in the context of EOSC, including the EOSC AAI gateway. Finally, the eduTEAMS platform also enables NRENs to offer collaborative AAI services and access to EOSC services on a national level.

2.1.6 Outcomes of Pilot

The pilot has successfully engaged with a number of virtual organisations as a result of participation in the Lifesciences AAI project which was a key success criteria. In addition eduTEAMS have met the criteria of having at least three communities interested in using eduTEAMS through work with the Life Sciences community, the Photon and Neutron community and the FENIX community.

On the NREN front there are at least 2 NRENS actively looking at using eduTEAMS in production meeting the KPI for commitment and several NRENS have also tested and evaluated eduTEAMS meeting the final criteria for success.

The diverse feedbacks and requirements from these pilots contributed to the decision to identify three eduTEAMS offerings.

2.1.7 Production KPIs [AL16] [M17] [AL18] :

This CBA using the following KPIs for the production service:

KPI1: Service quality

      Web UI availability for the eduTEAMS Service; Target: 99%.    

KPI2: Service uptake

      Number of service providers connected across all three eduTEAMS offerings; Target: 10

3                 Description Of Alternatives Considered

3.1           Option 1 – Do not move the service to production and withdraw from this space

Other e-Infrastructures, such as EUDAT and EGI have developed collaboration platforms e.g.   B2ACCESS (https://eudat.eu/services/b2access) and EGI CheckIn Service respectively. GÉANT could choose to cease development and leave the middleware space to other infrastructures. This is very strongly opposed as an approach for the following reasons:

      If GÉANT does not position a higher level AAI service beyond eduGAIN, the position of eduGAIN is weakened and the position of GÉANT in this space even more so .

      Choice for research infrastructures is restricted to EUDAT and EGI solutions. Some research communities have expressed a preference for G É ANT to be involved in AAI service delivery for EOSC in particular.

      Without concrete action from GÉANT to implement services identified by AARC and FIM4R, GÉANT loses its strategic authority to be a lead or coordinating partner for future projects in those environments.

      NRENs would have to take services in this space from an e-Infrastructure other than G É ANT or develop in house.

3.2           Option 2 – Offer only one service/serve only one customer segment.

The GN4-1 VO survey encompassed community use cases with established AAI of different maturity levels. This highlighted the need for GÉANT to not only provide a service for the communities that are already working with, or towards adopting AAI infrastructures (suitable for eduTEAMS Dedicated and Bespoke offerings ), but also for the smaller and long tail. It is expected that the latter communities will be less familiar with AAI concepts and therefore may prefer a less complex scenario to start with, but that their needs will grow as they understand the potential of adopting these infrastructures.

Findings from the eduTEAMS pilot have indicated that the same infrastructure and offerings has sufficient flexibility to also able to meet the needs of NRENs. Restricting to only one type of user at this stage would impact KPIs negatively. This option is therefore not recommended as GÉANT should provide a segmented offering.

3.3           Option 3 – Provide the three offerings as documented, target research communities, especially in the context of EOSC

This is the recommended option for the reasons provided throughout the document.

4                      Benefits / Impacts

4.1           Benefits to GÉANT Community

Benefits to GÉANT Community can be summarised to the following:

      Reinforcement of strategic position in AAI, supporting the role of eduGAIN and (national) identity federation in EOSC and other NREN initiatives.

      Collaborative development and delivery of group management systems, also for NREN's own use.

      Economies of scale on platform delivery.

4.2           Benefits to Research Communities/NRENs adopting the eduTEAMS

Benefits to collaborations are compared against what it would cost in terms of time, effort and expertise to to obtain the same functionality without using the service. This includes:

    Ability for community to support their users in managing access and authorization towards services in a consistent and automated way.

    eduTEAMS allows the community to add additional profile and membership information to existing user identities. As such this allows the community to leverage eduGAIN, not having to do identity management and reduc es the onboarding of new members.

    R e duced need to build expertise around AAI, interfederation, technical protocols (SAML), technical infrastructure (VM infrastructure, network), expertise for individual components (SAML SP/IdP, database, load balancer, etc) . T his frees up resources in the collaboration to spend more time on their core business.

    Provides streamlined access to EOSC services.

 


[AL1] What is the method whereby GA will be limited to a set of NRENS? Will it be an issue if it is announced but not everybody can access it?  How would this work in practice??

[M2] We assume that NRENs would look at bespoke offerings. This is why we cannot work with all of them at once, but rather one by one –at this stage surfnet and jisc. 

[AL3] To discuss at the meeting. I understand this, but if we announce general availability of eduTEAMS surely everybody can access the service. How do we manage this?

[AL4] If a new version of the CBA is developed will it be presented to another gate review? I would suggest in the case where there is a significant change to the offering (the technical offering or the business model) it is presented to gate to transition it production.

[M5] Yes, this is the idea!

[AL6] And/or eduTEAMS Dedicated? I’m assuming the functionality would be in both the eduTEAMS Service and eduTEAMS. As a general point on the Bespoke business model, if the community are willing to fund development and grant rights for the IP to be used by GEANT in the eduTEAMS Service or Dedicated offerings, why would the project offer to pay for developing that IP? Perhaps, this could be a point for negotiation rather than having the default that the GEANT project will fund. Also, the fact that the IP can be used by the GEANT project (i.e. we have be granted rights to do so), does not mean that in all case we will choose to use it. So perhaps we should say the project will only fund the development if the IP is actually used in the Service or Dedicated offerings.

 

[M7] I added “dedicated”. I think the rest says what you suggested in the comment?

[AL8] How do we know this is viable? Without some idea of what pricing could be sustained by communities how is it clear that the costs would be covered? Unless some information exists at this stage to clarify the viability, I would suggest this is subject to a separate review.

[M9] I am sure that Christos has explanation for this, lets leave it for the PLM gate 

[AL10] The description of the Bespoke offering above gives the possibility of integration into a customer solution. So perhaps this should state that operation by GEANT is the expectation but will depend on the individual case.

[M11] I am not sure about this, lets leave it to Christos

[AL12] As mentioned above. Would this then be subject to another gate review?

[M13] Yes, any changes to the CBA needs to be confirmed at the PLM gate meeting

[AL14] As mentioned above. Would this then be subject to another gate review?

 

[M15] yes

[AL16] A good measure of success would be the uptake by communities. Number of communities using eduTEAMS

Could we have some KPIs measuring against the agreed SLA?

It would be a good idea to define at least one KPI against each of the key goals of eduTEAMS. Some of the goals I understand:

Support greater pan-European collaboration;

Support cross-sector collaboration;

Support smaller federations to offer a collaboration platform

 

[M17] I would really like to start simple and we can evolve the KPIs as we get the first user base of the offerings.

[AL18] To discuss at the meeting. I think such a large offering needs a few more KPIs at the outset.