What Multisite Means for Identity Management Howard Huang, Huawei Multisite.

Slides:

Advertisements

Similar presentations

Windows Server ® 2008 File Services Infrastructure Planning and Design Published: June 2010 Updated: November 2011.

Advertisements

Introducing Open Platform for NFV Please direct any questions or comments to 1.

Zhipeng (Howard) Huang

The road of success for implementing a multi-vendor GSM-R ERTMS network.

Open Search Office Web Services Database Doc Mgt Sys Pipeline Index Geospatial Analysis Text Search Faceting Caching Query parsing Clustering Synonyms.

Gerald Kunzmann, DOCOMO Carlos Goncalves, NEC Ryota Mibu, NEC

CERN IT Department CH-1211 Genève 23 Switzerland PES 1 Ermis service for DNS Load Balancer configuration HEPiX Fall 2014 Aris Angelogiannopoulos,

DPACC Management Aspects

Security Level: Slide title :40-47pt Slide subtitle :26-30pt Color::white Corporate Font : FrutigerNext LT Medium Font to be used by customers.

1 OPNFV Summit 2015 Doctor Fault Management Gerald Kunzmann, DOCOMO Carlos Goncalves, NEC Ryota Mibu, NEC.

HUAWEI TECHNOLOGIES CO., LTD. Huawei FusionSphere Key Messages – Virtualization, Cloud Data Center, and NFVI.

配色参考方案：建议同一页面内不超过四种颜色，以下是 13 组配色方案，同一页面内只选择一组使用。（仅供参考）客户或者合作伙伴的标志放在右上角. 英文标题 :32-35pt 颜色 : R153 G0 B0 内部使用字体 : FrutigerNext LT Medium 外部使用字体 :

Make IT Simple, Make Business Agile Joy Huang VP of IT Product Line Huawei.

Huawei e-Gov Public Service Platform Solution Author/ ID/ Zhaozhijuan/ Department: Vertical Solution Marketing Execution Dept., Enterprise.

Emergency Communication — Response in Real Time — Huawei Roadway Emergency Communication Solution.

ELTE References for Tianjin Port. 1 Huawei eLTE Improves Dispatch Efficiency by 30% at Tianjin Port Pacific International Container Terminal (TPCT) TPCT.

Huawei eSpace Unified Communications Solution

Introducing: Chengdu’s Industrial Cloud Huawei & GDS Services Industrial Cloud Solution for SMEs Author/ID: Zhao Zhijuan/ Dept: Industry Solutions.

Agile Network Leading ICT Transformations. Page 2.

Huawei e-Gov Cloud Solution. Page 1 Headline:36pt Color: Black Font : Arial First stage text : Arial 20 – 24pt Second stage text : Arial 16-18pt Color:

Security Level: 英文标题 :32-35pt 颜色 : R153 G0 B0 内部使用字体 : FrutigerNext LT Medium 外部使用字体 : Arial 中文标题 :30-32pt 颜色 : R153 G0 B0 字体 : 黑体英文正文.

Huawei Enterprise Storage Cases for Energy Author/ ID: Lliu Xi/ Dept: Storage solutions sales Dept Version: V1.0( )

Author/ ID: Storage Marketing Huawei OceanStor S2200T Key Message.

What is OPNFV? Frank Brockners, Cisco. June 20–23, 2016 | Berlin, Germany.

ELTE Make City Smarter. Page 2 Page 3 Page 4 Page 5 … … eLTE PSTN PLMN TETRA 1.4GHz1.8GHz400MHz800MHz2.3GHz.

HUAWEI TECHNOLOGIES CO., LTD. Security Level: Expert Tips for GSM BTS Deployment and Corresponding Documents.

配色参考方案：建议同一页面内不超过四种颜色，以下是 13 组配色方案，同一页面内只选择一组使用。（仅供参考）客户或者合作伙伴的标志放在右上角. 英文标题 :32-35pt 颜色 : R153 G0 B0 内部使用字体 : FrutigerNext LT Medium 外部使用字体 :

Security Level: 英文标题 :32-35pt 颜色 : R153 G0 B0 内部使用字体 : FrutigerNext LT Medium 外部使用字体 : Arial 中文标题 :30-32pt 颜色 : R153 G0 B0 字体 : 黑体英文正文.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Storage ISM Management Pre-sales Product Training Materials Easy and Efficient WEU IT Solution Team.

FusionCube At-a-Glance. 1 Application Scenarios Enterprise Cloud Data Centers Desktop Cloud Database Application Acceleration Midrange Computer Substitution.

Page 2 Page 3 Page 4 Units of Switches Shipped Increased YOY Units of Routers Shipped Increased YOY Page 4.

Huawei VTM Key Message. 1 Huawei VTM Key Messages (1/3) 1. Mini bank branch: easy deployment, anywhere as required Product feature 1: Integrated and comprehensive.

LM 9. Distributed Database Dr. Lei Li 1. Note: The content of the slides including figures are mainly based on a publicly available textbook chapter:

Bearer Network Is Priority in ITS s-1990s Guarantee point-point transmission reliability Enhance reliability and flexibility of communication network.

HUAWEI TECHNOLOGIES CO., LTD. Digital Transport in the Mobile Internet Era.

配色参考方案：建议同一页面内不超过四种颜色，以下是 13 组配色方案，同一页面内只选择一组使用。（仅供参考）客户或者合作伙伴的标志放在右上角. 英文标题 :32-35pt 颜色 : R153 G0 B0 内部使用字体 : FrutigerNext LT Medium 外部使用字体 :

Huawei Enterprise Channel Business. Page 2 70% 68% 64% 62%

Project Tacker Open Platform for NFV Orchestration OPNFV Design Summit.

Learnings from the first Plugfest

Open Source Summit May 8, 2017.

Huawei Corporate Presentation

Service Experience Assured Network (SEAN) Introduction and Demo

Models for Resources and Management

TECH TRACK: RHEV Backup AND Recovery

Workshop Discussion on Day-2

Escalator: Refreshing Your OPNFV Environment With Less Troubles

Ian Bird GDB Meeting CERN 9 September 2003

OPNFV Doctor - How OPNFV project works -

Design Summit: Multisite and Upstream

Cross Community CI (XCI)

Virtualization Engine console Bridge Concepts

ETSI NFV POCS and PLUGTESTS

<Name of Product>Pilot Closeout Meeting <Customer Name>

MCU cluster Cristian Alexe 18 October 2010.

Enterprise Application Architecture

Nov, 2015 Howard Huang, Huawei Julien Zhang, ZTE

Multisite BP and OpenStack Kingbird Discussion

Designing the Architecture for Grid File System (GFS)

Distributed System Structures 16: Distributed Structures

Isasku, Srini, Alex, Ramki, Seshu, Bin Hu, Munish, Gil, Victor

DPACC Management Aspects

State of OPNFV MANO OPNFV MANO WG Report

Sr. Developer Cloud System - Architecture

Quality Assurance in an Agile Development Team Michelle Wu 2018 PNSQC

DAT381 Team Development with SQL Server 2005

AD RMS Templates Active Directory Rights Management Services (AD RMS)

Key Manager Domains February, 2019.

Database System Architecture

OpenStack Summit Berlin – November 14, 2018

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec

Presentation transcript:

What Multisite Means for Identity Management Howard Huang, Huawei Multisite

2 Bio Standard Engineer Standard Engineer ETSI NFV ETSI NFV SNIA Object Drive TWG SNIA Object Drive TWG OCI/Spec OCI/Spec Open Source Community Operation Manager Open Source Community Operation Manager OpenStack (Tricircle, Kingbird, Dragonflow, …) OpenStack (Tricircle, Kingbird, Dragonflow, …) OPNFV (Parser, Multisite, DPACC, …) OPNFV (Parser, Multisite, DPACC, …) OpenVswitch OpenVswitch Like Heavy Metal Music and father of twin girls ! Like Heavy Metal Music and father of twin girls !

3 Outline  Multisite Project Overview  Multisite Identity Management The Whole Nine Yard Upstream Bug Report

4 Multisite Project Overview  Multisite project was approved on Apr 2015, to be a requirement project that deals with OPNFV deployment across multiple sites  Weekly meeting at #opnfv-meeting very Thursday, have members from various companies to participate (Ericsson, Orange, Docomo, Metaswitch, RedHat …)  Discussed 5 use cases: - Multisite Identity Service Management (Use Case 1) - Multisite VNF HA Support (Use Case 2) - Multisite VNF Geo Redundancy Support (Use Case 3) - Multisite Centralized Services (Use Case 4&5)  Feedback BPs or bugfixes back to the upstream community based on the discussion:

5 Multisite Identity Service Management – Use Case Analysis  Use Case Description: User should be able to manage virtual resources spread over multiple OpenStack regions, by using a single authentication point

6

7 KeyStone service(Distributed) with Fernet token + Async replication ( star-mode). One master KeyStone cluster with Fernet token in two sites (for site level high availability purpose), other sites will be installed with at least 2 slave nodes where the node is configured with DB async replication from the master cluster members, and one slave’s mater node in site1, another slave’s master node in site 2. Only the master cluster nodes are allowed to write, other slave nodes waiting for replication from the master cluster ( very little delay) member. But the chanllenge of key distribution and rotation for Fernet token should be settled. Pros. Why cluster in the master sites? There are lots of master nodes in the cluster, in order to provide more slaves could be done async. replication in parallel. Why two sites for the master cluster? to provide higher reliability (site level) for writing request. Why using multi-slaves in other sites. Slave has no knowledge of other slaves, so easy to manage multi-slaves in one site than a cluster, and multi-slaves work independently but provide multi-instance redundancy(like a cluster, but independent). Cons. The distribution/rotation of key management. Multisite Identity Service Management - Requirements

8 KeyStone Cluster slave master slave master slave master Nova API Local Token Validation Nova Local Token Validation Nova Local Token Validation Nova Local Token Validation Nova Local Token Validation Site 1Site 2 Site 3Site 4 Site x DB Multisite Identity Service Management – Requirement Recommended Deployment

9 Now there is something different: We demoed the solution to see if it is logical ! (Shout out thanks to Hans Feldt) Multisite Identity Service Management - Prototype

10

11 Multisite Identity Service Management – Prototype

12 BUG: Can't specify identity endpoint for token validation among several keystone servers in keystonemiddleware: The method we provide works. After discussion, community proposed using region-name to specify the keystone server for token validation. This one is merged Multisite Identity Service Management – Bugfix to Upstream Project

Copyright©2015 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.