The 2020 OCRE IaaS+ Framework Agreement governs the relationship between GÉANT and the suppliers (specifically, the awarded tenderers from the pan-European procurement run by OCRE) covering the provision of services by the suppliers to customers (in this case, NRENs and their member institutions).
A framework agreement is an “umbrella agreement” that sets out the terms (particularly relating to price, quality and quantity) under which parties named in the original tender (in this case, NRENs and their member institutions) can acquire and provide services to their community (end organisations) by individual call-off contracts throughout the period of the agreement.
Individual contracts can be established by:
The OCRE 2020 IaaS+ Framework Agreement sets out the procedure for ordering services, the main terms and conditions for the provision of the services, and the obligations of the suppliers under this Framework Agreement. Customers (NRENs and their member institutions) may, at their absolute discretion and from time to time, order services from the suppliers through the specific ordering procedure as indicated in the OCRE IaaS+ Framework.
In 2016, GÉANT led on a fully EU-rules-compliant tender process to seek commercial providers of cloud services on behalf of the European research and education community, supported by its member National Research and Education Networks (NRENs). Since the introduction in 2016, the Infrastructure as a Service (IaaS) Frameworks have shown a significant growth in annual turnover.
Well before the end of the GÉANT IaaS Framework (December 2020), it was decided to do a follow-on procurement to build on this success and extend the scope of the original Framework by accommodating other cloud services such as Platform as a Service (PaaS) and Software as a Service (SaaS). The number of eligible participants was to be increased by including many more countries, and by making the resulting services also available to the European research community via bodies such as the European Open Science Cloud (EOSC). The 2020 OCRE IaaS+ Framework Agreement is the outcome of the OCRE project and has been implemented successfully, having increased the uptake of cloud in research and academia - one of the main high level goals of the project.
Through the Framework Agreement, the European NRENs deliver a digital single market for the consumption of cloud services offerings (IaaS, PaaS and SaaS) from selected suppliers by the European research and education (R&E) community. The collective tender outcomes ensure these services are available for all participating NRENs and their institutions. Specific benefits are described below.
Collective expenditure and discounts
Through the collective pan-European tender led by GÉANT, the European R&E institutions have a stronger negotiating position: they aggregate the purchasing power of over 10,000 institutions across Europe. This allows the participants to negotiate better legal and financial conditions, otherwise not possible for individual institutions or even countries.
The Suppliers submitted bids with various extra discounts, some as a percentage of current prices, some as a consumption-based discount with thresholds, and more. In addition, the fees normally charged for data egress from the cloud are waived.
Saving time – no need for separate tenders
The GÉANT cloud tender saves both institutions and Suppliers valuable time. Institutions do not need to run separate tenders themselves. Suppliers reach a large user base, through one tender and Framework Agreement.
The GÉANT framework agreements contain standardised terms and conditions. While in some cases individual countries may have additional local legal or regulatory requirements, the GÉANT framework agreements save legal costs as well as time and effort for individual institutions.
GÉANT applied the EC Procurement Directive (2014/24/EU) [EC_2014/24/EU], which enables cross-border procurement through a central purchasing body. This EC Directive ensures institutions can easily consume cloud solutions from the GÉANT Cloud Catalogue, via either a direct call-off, desktop evaluation or mini-competition.
The delivery model is as follows:
Federated login and AAI services
The GÉANT identity management infrastructure significantly reduces the costs, complexity and security risks of the online services and the data is handled safely. More specifically, single sign-on (SSO), federated login and authentication and authorisation infrastructure (AAI) services enable fast and easy access to various online services in R&E institutions and provide assurance to economic operators. The IaaS services offered by Suppliers are compatible with the GÉANT community’s identity management capabilities as SSO, the federated authentication mechanism feature that uses existing institution-based ID, matches the needs of R&E institutions. SSO offers access management to institutions, accelerating the adoption of cloud services and reducing the complexity of creating and supporting multiple sets of IDs. Only one username and password need to be remembered for accessing the wide variety of e-services provided.
SAML, the key enabler for the exchange
Security Assertion Markup Language (SAML), being the standard within the sector worldwide, adds an additional security layer for the data-sensitive users. GÉANT and the NRENs provide authentication services based on the SAML2 protocol, which is the key enabler for the exchange of identity attributes in a trust relationship between an identity provider (IdP) and a service provider (SP). Using SAML2 on its own requires configuration on a per-institution basis for each service and therefore does not scale. SAML2 was a mandatory requirement in the tender and must be provided by all eligible Suppliers.
OpenID Connect is an equally admissible technology for SSO under OCRE.
eduGAIN infrastructure – no need for individual configuration
Some IaaS services will support authentication provided by eduGAIN, which is the pan-European standard and SAML-based authentication and authorisation infrastructure for single sign-on/off. eduGAIN provides access to online services that students, researchers and educators need and gives NRENs and service providers access to a large pool of users internationally, allowing users to access the resources of institutions or commercial cloud services using their one trusted identity. Participation in the eduGAIN federation provides access to an authentication service for all participating vendors and institutions without the need for individual configuration and lets users access online services with their trusted institutional account.
The cloud services Suppliers will not charge for data traffic costs. Some Suppliers will apply a fair use policy. The Suppliers are required by GÉANT to connect their cloud infrastructure to the GÉANT and/or NRENs’ networks.
High-capacity, low-latency network and direct peering
With an extensive GÉANT backbone, the national NREN network capabilities provide secure, high-capacity and low-latency network access to over 10,000 institutions across Europe. Direct peering between the NRENs, institutions and Suppliers helps to offer services without data-transport-related costs.
This page is an extract of the OCRE IaaS+ Framework Guide. To learn more about the details of the framework, how it works and how is it used: