deployed, PaaS and SaaS providers might concentrate more on encryption of both user and communication data.
Additionally within the Supplier Management process the need for a deeper understanding of the related software licenses is necessary. Some software companies might prohibit the use of their software in virtualized environments, e.g. licenses for Oracle based databases are usually per CPU of the server that the database runs on. In virtualized environments this usually leads to the problem that a lot of CPUs need to be licensed since Oracle does not accept to limit the number of CPUs. Especially in Cloud Computing scenarios, that standard licensing model would lead to licensing every CPU that the database is potentially running on. Therefore software licenses based on a “per CPU” base do not scale very well in Cloud Computing scenarios. Moreover other companies do not directly prohibit the use of their software in the cloud, but limit the support opportunities for the software. One usual way to do this is to provide a service level that asks to provide the proof that a certain incident also occurs in the same way in a not virtualized environment. On the first view, this does not seem to be much of a problem, but having a closer look, it still provides some problems, at least if the service provider has to stick to a defined service levels or even high availability. Moreover the provision of additional hardware just to be sure to be able to proof that a ccrtain incident also happens in a non-virtualized environment leads to an additional effort.
In the cloud, software licenses that are more related to the amount in which a certain software is used, scale a lot better, e.g. software licenses per user or (nowadays quite unusual) the amount of time a certain software is used.
One major advantage of moving a ccrtain service into the cloud is that the IT Service Continuity Management process is no longer of high interest since the Cloud Computing provider guarantees a ccrtain availability, also with respect to disaster recovery. But this leads to the fact, that the Service Level Management process becomes more and more important, since this is the process that is responsible to ensure the defined availability (in case of a disaster) as explained before.
c. Service Transition
Within the lifecycle phase Service Transition [10] the results from the design phase are brought into production. Therefore especially processes like the Change Management process and the Release and Deployment Management process are important for this phase'
One of the major goals of the Change Management process is to decrease the number of incidents due to changes and to provide mechanisms that allow to deploy changes in a controlled way. Within a cloud based environment the Change Management process needs to consider other services when deploying a change to one service. Since most of the commonly available IaaS scenarios are based on virtualization, potentially a large number of other services might be influenced by the work necessary to deploy a change to a single service.
On the other hand, the major goal of the Release and Deployment Management process is the protection of the productive environment. This process becomes even more complex since the complexity of a cloud based infrastructure is usually higher than the complexity of a non-cloud based infrastructure.
But also the service transition phase can benefit from deploying a service in the cloud: the usually very complex Service Asset and Configuration Management System becomes a lot easier. The major goal of the Service Asset and Configuration Management process is to provide an overview about all the parts (so called assets) of the infrastructure and the interrelations that are necessary to provide a ccrtain service. This process is outsourced to the cloud service provider since he is responsible to run his infrastructure. Here, again the oursourcing level is highly dependent on the cloud scenario (IaaS, PaaS or SaaS) in question. In an SaaS scenario the cloud service provider will be responsible for the complete Service Asset and Configuration Management process whereas in e.g. an IaaS scenario the cloud service provider will only be responsible for the infrastructure part of the Service Asset and Configuration Management process. The customer itself is in an IaaS scenario only responsible to provide the configuration management information about the used platform and the relationship between the used applications.
D. Service Operation
The Service Operation [11] lifecycle phase it the phase where the services are provided to the customers and where the added value for the customers is generated.
Processes like the Incident, Problem and Event Management do not run completely different in a cloud based environment in comparison to a not cloud based environment. Anyway, at least in a public cloud scenario some cloud based services are outsourced. Therefore, a high integration for the Incident, Problem and Event Management process of the cloud service provider and the corresponding processes at the customer site IS necessary. Furthermore, the Access Management process becomes more important in cloud based scenarios. As already stated, usual security mechanisms like a perimeter firewall, demilitarized zones and intrusion detection do not work very well in cloud based environments. Therefore, the only way to protect the data is to provide a reasonable concept for the access rights of the data and the resources provided in the cloud.
Additionally, the Request Fullfillment process, that is responsible for the fulfilment of small user requests, e.g. resetting a password, becomes more powerful from a user perspective. Usually standardized changes can often be applied over the Request Full rill me lit process. Within ITIL a standardized change is defined by low costs, low risk and the change has to be run successfully at least once before. If all these criteria are met, a ccrtain change can be made a so-called standard change and these kind of changes can usually later on be applied over the Request Fullfillment process. In a cloud based scenario all these criteria are met also for increasing a ccrtain resource, like computing power or amount of memory. Changes at this level are now able to be deployed over the Request Fullfillment process which is completely not possible in a not cloud based scenario. This is basically one of the reasons for the increased flexibility of Cloud Computing scenarios. Therefore, it could be said that to this extend the Request Fullfillment process becomes more powerful in cloud based scenarios.
E. Continual Sen’ice Improvement
The Continual Service Improvement [12] phase is responsible to ensure that the provided services are provided more efficiently over time. This is the major goal of the 7 Step Improvement Process. With respect to cloud based scenarios the quality improvement might be to put as many service as reasonably possible in a cloud based scenario to increase the flexibility of the service and, at the same time, to