‘RailCloud First’ policy for Indian Railways – Draft for comments.
GOVERNMENT OF INDIA
MINISTRY OF RAILWAYS
All Zonal Railways,
Production Units & CORE
Director General, RDSO, Lucknow
All Centralized Training Institutes
Chief Administrative. Officer
COFMOW, DMW Patiala
Chief Managing Director,
RailTel corporation of India, Gurugram
CRIS, New Delhi
Sub: ‘RailCloud First’ policy for Indian Railways – Draft for comments.
Hon’ble MR has inaugurated the RailCloud on 12.07.17. Also, the first application called NIVARAN has been hosted on it on the same day. To get the benefit of Cloud computing technology, a draft ‘RailCloud First’ policy has been formulated. The draft policy is attached as Annexure-I. Comments may please be sent to [email protected] by 25th September, 2017 so that it can be finalized.
Mobile No: 9773533800
Email: [email protected]
DRAFT FOR COMMENTS
Sub: Rail Cloud First policy for Indian Railways.
Ref: 1. Govt of India’s GI Cloud (Meghraj) strategic Direction paper.
2. Govt of India’s ‘Software Development & Re-Engineering Guidelines for Cloud Ready Applications’
3. Govt of India’s ‘Policy on Adoption of Open Source Software.’
Ministry of Railways has decided to establish a RailCloud.The same has been inaugurated by Hon’ble Minister of Railways on 12.07.17.
Cloud Computing, an emerging new technology for deployment of ICT, is the delivery of on-demand computing resources (e.g. servers, storage, network, applications and services) over the internet, with reduced infrastructure costs, agility to scale up/down, faster deployment of applications, ease in integration of applications, better security, pay-only-for-use model. The Policy features of Railway’s Cloud policy are proposed as:
1. RailCloud First approach: Consistent with GoI policy of ‘Cloud- by-Default’, Indian Railway shall follow Cloud Computing as the default ICT deployment strategy as ‘RailCloud First’ for ICT Applications. The exception of this policy shall be in rare circumstances when an alternative ICT deployment strategy is essentially required for the special requirement of Railways. The proposal for such exception shall be sent to Railway Board, for consideration after approval by the GM of Zonal Railways /PU.
2. RailCloud System: The RailCloud system shall be built with open APIs with an open scale out architecture. The cloud system architecture should support horizontal scaling when required, thus allowing to make incremental capital investments when required.
The system should support lights out scenarios by allowing non¬intrusive monitoring of solution components for better manageability and proactive maintenance. Whenever options are available, open source frameworks/components shall be used instead of proprietary frameworks/components to avoid vendor lock-in and high operation and maintenance costs.The RailCloud shall be deployed as Hybrid Cloud Model which will also use the existing data centres resources (e.g. servers, storage, network, etc, with suitable changes) and will gradually develop service capabilities as- IaaS (Infrastructure as a Service), PaaS (Plateform as a Service) and SaaS (Software as a Service).
3. Application Development and cloud enablement: New IT applications shall be cloud native, open standard-based, technology-independent and open API based architectures to deploy on RailCloud. Also, all new applications shall use Open Source Software (OSS) in all e-Governance systems as a preferred option.
4. Migration of Application to Cloud: Migration of data and applications to the cloud will enhance the availability, agility and functionality of the application and improve the interoperability with other applications. The existing applications are to be migrated to the cloud progressively. For this, application-centric approach shall be made by proper mapping of the existing application and its associated server hardware with due consideration to financial aspects and technical parameters and thereafter roadmap shall be made to migrate. There are five well established approaches to migrate traditional applications to the cloud, these include: REHOST on Infrastructure as a Service (IaaS), REFACTOR for Platform as a Service (PaaS), REVISE for IaaS or PaaS , REBUILD on PaaS & REPLACE with Software as a Service (SaaS) as detailed in the Ref. 2. In process of application migration, adequate testing of the Cloud environment needs to be performed, before existing (in-premise) application is decommissioned.
5. Application and Data ownership, Intellectual Property Rights: Application ownership and IPR after hosting on RailCloud, shall remain with the original Application owning agency. The application owner agency shall have right on access, retrieval, modification and deletion of the data and shall define the policies and processes of data access. Secured access to be given to Admin of the Application for maintenance and upgradation.
6. Security: The Info-Security will be the shared responsibility of RailCloud managing Agency so that the Applications uploaded /run are secure on the Cloud, and the Application Developing & Managing/uploading agency for making the application secure and resilient, to Run on the RailCloud, by implementing necessary security Controls, Role-Based Authentication and suitable encryption of Data as per the latest standards.
The RailCloud managing Agency will get the Cloud audited annually and application managing agency will get the application audited annually, from CERT-In approved agency. The audit of application may be carried out by RailCloud managing agency when mutually agreed.
7. Uploading of an Application to Cloud: The Application & Data Owning directorate or the Zonal Railway/PU to which Application & Data belongs, will send the proposal for uploading the application to OneICT Cell, which is the nodal cell for the same. Once approved, the same would be uploaded.
8. Service Level Agreements (SLAs): The performance of the Rail¬Cloud will be defined by SLAs including parameters for up- time/down-time, Security and Penalties. Both the agencies shall agree on the minimum SLAs, based on the criticality of the application.
9. The stakeholders shall follow the Govt of India’s Cloud and IT security policies as issued from time to time.
Enclosure (soft link):
1. Government of India’s GI Cloud (Meghraj) Strategic Direction Paperhttp://meity.gov.in/writereaddata/files/GI- Cloud%20Strategic%20Direction%20Report%281%29_0.pdf
2. Govt of India’s policy on Software Development & Re¬Engineering Guidelines for Cloud Ready Applications http://meity.gov.in/sites/upload files/dit/files/Application_Development Re-Engineering Guidelines.pdf
3. Govt of India’s policy on ‘Policy on Adoption of Open Source Software’http://meity.gov.in/sites/upload files/dit/files/policy on adoption of oss.pdf
Source : http://www.indianrailways.gov.in