Hybrid Cloud Architecture for Higher Education System

As technology improves, several modernization efforts are taken in the process of teaching and learning. An effective education system should maintain global connectivity, federate security and deliver self-access to its services. The cloud computing services transform the current education system to an advanced one. There exist several tools and services to make teaching and learning more interesting. In the higher education system, the data flow and basic operations are almost the same. These systems need to access cloud-based applications and services for their operational advancement and flexibility. Architecting a suitable cloud-based education system will leverage all the benefits of the cloud to its stakeholders. At the same time, educational institutions want to keep their sensitive information more secure. For that, they need to maintain their on-premises data center along with the cloud infrastructure. This paper proposes an advanced, flexible and secure hybrid cloud architecture to satisfy the growing demands of an education system. By sharing the proposed cloud infrastructure among several higher educational institutions, there is a possibility to implement a common education system among organizations. Moreover, this research demonstrates how a cloud-based education architecture can utilize the advantages of the cloud resources offered by several providers in a hybrid cloud environment. In addition, a reference architecture using Amazon Web Service (AWS) is proposed to implement a common university education system.


Introduction
The education system and related methods always motivate every field for its advancement. The growing technology like IT (Information Technology) can play a vital role in the process of teaching and learning. However, upgrades in the curriculum, delivery methods and learning processes will have a great impact on the effectiveness of the education system. As technology improves, there is a shift from knowledge to a critical thinking-based education system. The influence of IT can change the way, data is flowing across the current education system. Digitalization in teaching, learning and administrative processes improve the dynamic nature of the sector. Unlike the traditional education system, the current one needs to be updated frequently with the latest trends and innovations. Implementation of a national or global education system is a challenge for any organization because of the lack of integration in standards. It is not so easy for any organization to maintain the latest technologies and related software to activate the education services. There is a need to implement an integrated, technology-enabled education system to learn the latest trends. Currently, IT-related tools and technologies are widely used in the education sector for some progress. Moreover, the differences in standards are the major drawback of integration. Therefore, it is very important to update the system through a common technology that can adopt frequent changes. SOA (Service-Oriented Architecture) is the main area that can effectively utilize web services to implement a variety of services in the education sector.
Currently, the global education system is under transformation to a cloud-based education system, and this can change the teaching and learning process more exciting. Managing the data and related services through cloud applications will maintain its dynamic nature. The adoption of such an integrated system will improve efficiency and results in cost-effective methods for the implementation of a nationwide common education system. Employment of a cloud-based education system means activating the educational services using the power of the cloud for computing, networking and storing of data. A cloud-based centralized education system allows us to integrate the functionalities of the education system and store the relevant data in the cloud [1]. Moreover, using cloud infrastructure for education represents how to use the power of the cloud in the areas of teaching, learning, administration and research. Additionally, the cloud-based educational applications allow interoperable, highly reusable modules that can adopt the latest trends in the education sector. Fig. 1 shows an overview of the common cloud computing infrastructure for education systems. The bottom layer is the physical hardware maintained by the cloud provider in which the actual computing, storage and networking can take place. The second layer contains the virtualized cloud resources, which will be offered by the cloud provider to construct the architecture as per the organization setup. The cloud infrastructure for the education system is designed in this layer, from which other layers are linked to manage the operations. The top layer contains third-party tools and applications for managing education services. This layer includes many tools, services and other managing subsystems that can integrate the operations of the education system. This may include tools for teaching and learning, content management, library management, laboratory services, assessment, reporting, analytics, research and collaboration [2].
There are several cloud services under various domains offered by providers to implement various functionalities of the educational infrastructure. But, simply using these services from the existing environment will not help to migrate to the cloud environment that can reflect the current trends. So, there is a need to construct a well-designed cloud architecture to support an effective learning environment among the stakeholders of the education system. But, the educational organizations always willing to keep the sensitive data within their premises to maintain high security. At the same time, they want to implement the advancements of the education sector, especially in teaching and learning. No organization can develop its software to satisfy the complete requirements. Moreover, these institutions want to provide their services anytime anywhere in the world. So, a hybrid cloud is the only possibility to manage such a situation. Also, the local stakeholders want to manage the data and certain local administration issues on their premises. This results in the reduction of cost as well as easy maintenance of the highly secure and sensitive data. So, for the flexible delivery of cloud services in the education systems, hybrid cloud joins both the private and public service models. The hybrid cloud helps to leverage the key benefits such as cost reduction, availability, agility and security.
The remaining part of this paper is organized as follows: Section 2 reviews the existing related architectures in the education sector. Section 3 proposes a hybrid cloud architecture developed using cloud infrastructure services. In Section 4, a reference architecture is designed using Amazon Web Services. Finally, this work is concluded in Section 5 and followed by references.

Literature Review
Cloud-based education systems are aiming to provide the latest education services in teaching, learning, administration, research and collaboration to its stakeholders from anywhere at any time at less cost. Several research reviews are done to implement the advantage of cloud computing in the education sector. The Office of Education Technology of the United States published the National Education Technology plan that insists on the importance of reimaging the role of technology in education. This work clearly explains how IT can help the teachers, policymakers and administrators to use educational services in an effective manner [3]. El Mhouti et al. [4] explained a currently adopted cloud computing architecture and its advantages in the e-learning systems. In this article, they discussed the challenges in implementing such architectures and possible ways to overcome these issues. Moh Noor et al. [5] discussed the importance of cloud computing service in the mobile learning framework. They also analyzed the advantage and disadvantages of using the cloud framework in the education sector. Several surveys are also conducted to understand the current usage of cloud computing infrastructure in education systems. These surveys present the rate of adoption of cloud computing in the education sector along with its benefits [6][7][8].
Baginda et al. [9] proposed a design to enhance education system operations such as teaching, learning, library and laboratory by using the available cloud services. Several architectures are proposed to explore the potential of cloud-based services in designing higher education systems. But there were only a few researches dealt with developing models for cloud-based architectures for the actual problems the education industry is facing. Bogdanovic et al. [10] presented a cloud-based education model in which they addressed the various issues in designing a cloud infrastructure for education. Also, they demonstrate the measurable improvement of e-learning systems when it uses cloud-based infrastructure. Mehdi [11] proposed an architecture to utilize the power of resources such as compute, storage and network. This work tried to analyze the impact of the architecture on education services. Vertical cloud architecture is presented by Brummett et al. [12] to replace costly computer laboratory infrastructure with a vertical IaaS (Infrastructure as a Service) cloud architecture. Lakshmi [13] proposed an architecture for e-learning applications that uses cloud computing services.
All these proposed architectures are designed on the provider's cloud infrastructure using the offered services in the domains such as compute, network, storage, management and monitoring [12][13][14]. But the higher education institutions are concerned about their sensitive data and its operations on the cloud. So, hybrid cloud architectures are well suited for the education sector for its security and data protection.
Srinivasan et al. [15] proposed a general overview of a hybrid cloud environment that can support several services of an educational sector. This architecture support users of different organizations to interface the common infrastructure. Intel Corporation presents the advantage of hybrid cloud architecture in the field of education and how the architectural elements from Intel can be used to meet the technical challenges in designing educational infrastructure [14]. The on-premises data center connects to the cloud infrastructure to manage the services of the education sector. These cloud infrastructures have developed with services from cloud providers such as Amazon Web Service (AWS), Microsoft Azure, Google Cloud, IBM, Oracle, etc. AWS supports services such as Elastic Compute Cloud (EC2), Lambda, Simple Storage Service (S3), Virtual Private Cloud (VPC), etc., to develop a hybrid cloud environment [16,17].
Several studies are conducted in the area of cloud-based education, concluded that the success of such systems mainly based on the proper architectural design to use the provider cloud services. Most of the researches did not use the architectures hybrid in nature, present only the overview of the architecture and failed to demonstrate the cloud services that are used in the architecture. So, this research proposed a hybrid cloud architecture that will manage the data flow and operations in the cloud-based education environment.

Proposed Cloud Based Education Architecture
The overview of the proposed architecture has shown in Fig. 2. It is a hybrid cloud environment in which both organization's data center and provider's cloud infrastructure are present. AVirtual Private Cloud (VPC) is created in the cloud infrastructure to maintain the resources that are needed to manage the education system. Creating such a VPC in the cloud will have better control over the resources in the network environment. The data centers of the institution in the same education domain have connected to the VPC through a Virtual Private Network (VPN) or Direct Connection. So, the institution's data center and the VPC in the cloud can act as a single network. Hence, the resources in the data center and VPC can communicate through private IP addresses. To restrict user access to certain resources in the VPC, it has further divided into private and public subnets. The resources that are needed to connect the outside world are kept inside the public subnets and the resources that need more security are maintained in the private subnets. The services that manage the data flow and operations are kept in the private subnet of the VPC. The users such as students, teachers and other stakeholders can access the web application maintained in the web server in the public subnet. Apart from using the services offered by the cloud provider, other third-party tools and services to manage the educational operations are linked from the VPC. These tools can be accessed based on certain privileges assigned to the stakeholders.
The detailed functionality of the proposed architecture is shown in Fig. 3. The existing on-premises data center of the organization is used to manage the data and operations that are local to the organization. So, the workloads more closely related to the organization are shared by the on-premises data center. This may include the details of the stakeholders' such as teachers, students and administrative employees of the organization. Moreover, some sensitive data and operations such as student assessment details should be managed within the organization's data center. On the other side, the cloud infrastructure is managed by utilizing the resources from any cloud provider. This infrastructure can be dynamically scaled by adding virtual resources whenever it is needed. First, a VPC is created to maintain the resources of the education system. To control access to the resources used in the VPC they are maintained in the subnets. The web, application and database servers are situated in separate subnets. Different access permissions are set to subnets so that the resources can have different access levels. Rather than connecting individual resources in the cloud, VPC allows connecting the data center to the cloud network. The router in the on-premises data center is connected to the VPC through a direct connection. Now the data center and VPC can act as a single network. All the resources in the VPC can be communicated through the private IP address from the on-premises data center. The application servers in the on-premises data center and the VPC can access the database servers on either side using private IP addresses without moving to the internet. The main components and their functions of the proposed architecture are discussed as follows.

Organization's On-Premises Data Center
It is the existing environment of the organization on its premises. All the data and operations closely related to the day to day activities of the institution are maintained here. Generally, limited hardware capacity is enough to handle the workload of the sensitive data and operations carried out at the premises. Data such as student and staff details, evaluation results, employee management information, and the institution's administrative details are maintained here. Operations on the data set have been managing with the services and application software developed by the institution. This setup will not be disturbed because the stakeholders are more closely related to this environment and familiar with the operations here [18]. Moreover, this setup shares the workload of the cloud setup, thereby reducing the operational cost. The institution is having complete control over the data stored in the on-premises data center.

The Education's Virtual Private Cloud
The VPC in the cloud provider's infrastructure is used to maintain the cloud resources based on the designed architecture. The VPC is spread across multiple availability zones of the same region. The VPC is further classified into private and public subnets so that the resources that need external access can be placed in the public subnets and others are in the private subnet. In the proposed architecture the web The data center of the organization can communicate with the VPC though a dedicated connection so that private IP addresses can be used. The business logic of this infrastructure is managed with the services located in the application servers on either side. The application services in the data center can connect the services in the cloud to access the data in the cloud storage. Also, the data and operations that need to be managed in the on-premises data center can carry out by the cloud-based services [19].
The users of an education system can access the web portal stored in the web server in the public subnet of the VPC. These servers are in the auto-scaling group so that it can serve any number of users based on the usage. Load balancers are employed to balance the load between multiple servers to improve efficiency. The request of any user from the institution can be routed to the appropriate web server that contains the related web application. Most of the operations can be carried out by the services in the application servers in both the data center and cloud infrastructure. These services may be developed based on choices or leased from the third-party provider as per the requirement. Teaching, learning, notification and administrative services are included in this category. The database server uses any database management system provided by the cloud provider such as Oracle, SQL Server, Amazon Aurora, etc. The data need to store in this system may include the basic details of students, teachers and administrative data [20].

Other Storage and Analytic Services
Advanced analytic methods can transform the higher education sector to the next level. Modernization in the teaching and learning process will be implemented based on some analytics on the data generated in this field. Learning Management Systems (LMS) used in the education sector will generate a lot of data about attendance, grades, assignments, frequency of login into a system, time spent on a specific task, socioeconomic data and, so on. There are different ways to do analytics on these education data. Analytical software such as Tableau can be linked with the education cloud environment so that some standard analytics will be done to get the insights for education reforms [21]. Deep insights into the student's academic performance, active participation, and feedback on various services result in the reformation of teaching and learning procedures. On the other side, the huge data stored in the cloud setup can be analyzed by the advanced analytic services from the provider for more specific analytics. Amazon, Google and Microsoft companies support several analytic services for educational analytics. Azure Data Lake Analytics supports different programming languages to process huge data for the most needed analytics. Additionally, appropriate data analytics programs are developed as application logic and can be executed for the required insights.
Several cloud storage services can store data of different formats. Structured data such as student grading details, employee administrative details are managed with the relational database services offered by the cloud provider. Amazon Arora, SQL Server, Oracle are such services that can satisfy the requirement. Object storage services like Simple Storage Service (S3) can store huge unstructured data generated in the education sector.
The performance of the proposed cloud architecture can be monitored using cloud monitoring and managing services. Top cloud providers offer these monitoring services along with other cloud services that are best suited for their cloud infrastructure. Amazon Cloud Watch, Microsoft Cloud Monitoring, Google Cloud Monitoring, App Dynamics are some of those famous monitoring services available in the market. These services can be used to monitor the utilization of cloud resources, the performance of the cloud application, identify the security threats and analyze the log files in this educational cloud [22]. The administrators of the education system can get insights into these application metrics to take appropriate decisions for potential changes in the current system.

Third Party Applications and Other Services
Several advanced tools and services that are in use for teaching, learning, and administration in the education sectors. Learning Management System (LMS), library management system, communication and collaboration services, administrative services are some of those services used effectively. Private software companies are expertise in developing these services after continuous research. These third-party services can be linked with any education system based on some agreement. The application services in the proposed cloud infrastructure can link those services through the web portal of the education system. Certain privileges are set to the stakeholders to get access to these tools and services. The identity and access management services offered by the cloud provider will help to segregate the users and provide some access to the operations as well as the data. The proposed cloud setup allows sharing these thirdparty services among the organizations to enhance the engagement of educational stakeholders in a costeffective manner.

Reference Architecture for University Education System Using AWS Services
Amazon Web Service (AWS) is the most popular cloud provider that offers a wide range of cloud services for constructing reliable cloud architectures. The proposed reference architecture for the university education system using Amazon Web Services is shown in Fig. 4. The on-premises data centers of the university education system are connected to the AWS cloud using a VPN connection. To maintain the connection, the cloud service Virtual Private Gateway is used at the cloud environment and Customer Gateway is used at the university data center. A VPC is formed across multiple availability zones to maintain the resources in the AWS cloud. Each availability zones contain private and public subnets, its workload is balanced among multiple availability zones by Amazon Load Balancer. The resources that are needed to be connected to the internet are in the public subnet. The resources that need more security are in the private subnet and cannot directly accessible from outside. Web servers are maintained in public subnets and the application, database servers are with the private subnets. All the business logic is in the application server. These application services relate to different educational requirements of this architecture for various operations [23]. Web servers are operated with EC2 (Elastic Compute Cloud) instances which are used to run the web application as well as various cloud services. The database server is maintained with Amazon RDS (Relation Database Service) instances which will not be accessible from outside. Students, teachers, and administrators can access the web application and related services by using the website of their respective institution.
The stakeholders can access their web site through the Internet Gateway using the domain name service Amazon Route53. The EC2 instances are in the auto-scaling group and their workload is balanced by Amazon Load Balancing Service. This setup is also scaled across several availability zones. Here, the services Amazon S3 and Dynamo DB are the storage options to store the data of various formats. These services are outside the VPC and can be accessed using the Amazon EC2 instance form the private subnet. Based on the privilege given to the stakeholders they can access the services of the education system. Real-time analytics will be done with Amazon Kinesis so that the stakeholder can get actionable insights for immediate response. Major education reforms will be taken based on big data processing by Amazon EMR (Elastic Map Reduce). Here S3 can act as the data lake for storing huge amounts of data flowing through the education setup [24,25]. Amazon QuickSight delivers insights to all the users of the education system through the interactive dashboards.
The AWS cloud services, its domain and role in this architecture are described in Tab. 1.
The cloud services involved in this architecture can play a vital role in constructing a reliable, efficient, and secure cloud education system to address the problems the current education sector is facing. The proposed architecture can also be developed using cloud services from other top cloud service providers such as Google Cloud, Microsoft Azure, etc.

Conclusion and Future Enhancement
The adoption of the proposed cloud infrastructure for an education system will improve the accessibility of services to all its stakeholders. The implementation of the proposed hybrid cloud architecture enables the services of the higher education system more efficient, reliable and economic. Moreover, the organizations will have better control over their sensitive data. At the same time, they can enhance the teaching and learning experience with advanced tools and services. Almost all the common services are shared among the organizations that are part of this architecture. Proper analytics on the stored data will give deep insights into education reformation. The addition of new organizations under the same umbrella is easy so that organizations can take full advantage of the existing system. Any changes regarding education reforms can be done very easily with specific services, which will be reflected in all the organizations.
Several future enhancements can be done with this cloud architecture to satisfy the educational requirements. Currently, cloud providers like AWS allow creating VPC's in different regions that can communicate via VPC peering. So, this architecture can be expanded to create multiple VPC's in different regions so that the internal resources in the VPC can communicate with each other without moving to the internet. Moreover, authorization and authentication of stakeholders to access specific services are important in this environment. Cloud providers offer identity, access management, and It is the object storage act as a data lake for the entire education system. Amazon RedShift

Analytic Service
Scalable data warehouse to education data analytics.

Amazon Athena
Analytic Service Interactive query service to analyze the object data stored in S3.

Amazon QuickSight
Analytic Service This service delivers analytic insights to the stakeholders of the education system. Amazon Cloud Watch

Management and Governance
Monitors and optimizes the resource utilization of the architecture.

Network and Content Delivery
It establishes a dedicated network connection between the institution's on-premises data center to the AWS cloud infrastructure.

AWS VPC Network and Content Delivery
It allows managing the resources of the cloud education setup into a private network.
security services to handle this situation. The selection of appropriate services will result in a secure and reliable education system. Top cloud providers always introduce new and advanced services to enhance the operations of cloud-based systems. The proposed education system can also be enhanced with such services to manage the future developments of the education sector. The on-premises data center can also be run as a private cloud in which the cloud resources can be virtualized just like a public cloud environment. In such cases, the usage and integration between the cloud services in the on-premises data center and cloud infrastructure are even better.