Cloud Providers and AARC

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

Contrail and Federated Identity Management
HEAnet Cloud Compute Update 1.HEAnet Cloud – a Multilayered Strategy 2.HEAnet Cloud Project 3.Cloud Realities 4.Role of the NREN – Why Cloud ? 5.NREN Collaboration.
Presentation to the Housing Technology Conference Tim Cowland- Senior Consultant 27 th February 2014 The Rise of the Housing Cloud.
EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
JASMIN and CEMS: The Need for Secure Data Access in a Virtual Environment Cloud Workshop 23 July 2013 Philip Kershaw Centre for Environmental Data Archival.
Tim Bell 24/09/2015 2Tim Bell - RDA.
Ian Bird, WLCG MB; 27 th October 2015 October 27, 2015
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos
A European Open Science Cloud
EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid
Economical opportunities stemming from data and computing e- infrastructures Stakeholders consultation on computing and data for the WP Brussels,
INDIGO – DataCloud WP5 introduction INFN-Bari CYFRONET RIA
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
EGI-Engage EGI-Engage WP3 e-Infrastructure Commons Diego Scardaci EGI.eu/INFN 6/18/2016 EGI-Engage – First.
INDIGO – DataCloud CERN CERN RIA
Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
IGTF in 10 years enabling the interoperable global trust federation Nikhef, Amsterdam supported the Dutch national e-Infrastructure funded and coordinated.
Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.
Web SSO with Cloud Resources using AD Federation Services
Introduction to AAI Services
WLCG Update Hannah Short, CERN Computer Security.
Boosting AAI for research and collaboration
Service Portfolios for Research in Europe
RCauth.eu CILogon-like service in EGI and the EOSC
EGI Updates Check-in Matthew Viljoen – EGI Foundation
AAI for a Collaborative Data Infrastructure
AARC Update What’s been happening in AARC which matters for GÉANT
User Community Driven Development in Trust and Identity
Federated Cloud Computing
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
Business and Pricing Models
Identity Federations - Overview
Christos Kanellopoulos
Federated IdM Across Heterogeneous Clouding Environment
CheckIn: the AAI platform for EGI
Federated Identity Management for Researchers (FIM4R)
Marketplace & service catalog concepts, first design analysis
Check-in Nicolas Liampotis
Linked Challenges Virtualisation has a key role to play….
Chapter 18 MobileApp Design
EGI-Engage Engaging the EGI Community towards an Open Science Commons
An AAI solution for collaborations at scale
Boosting AAI for research and collaboration
Incident Response for Federated Identities
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
Minimal Level of Assurance (LoA)
ESA Single Sign On (SSO) and Federated Identity Management
Sustainability and Operational models
Thursday pilot session: 7-minutes
Policy and Best Practice … in practice
AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R
AARC Blueprint Architecture and Pilots
ELIXIR Competence Center
AAI Architectures – current and future
RCauth.eu CILogon-like service in EGI and the EOSC
Break out group coordinator:
Community AAI with Check-In
14th International IEEE eScience Conference
Authentication and Authorisation for Research and Collaboration
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Cloud Providers and AARC What are the best practices to support them? What AARC can/should do in this space? Hannah Short CERN, AARC AARC 4th General Meeting 30th November 2016

Federated Access for Cloud Services Agenda Federated Access for Cloud Services Ongoing projects AARC’s role in HNSciCloud Challenges for HNSciCloud Where can AARC help?

Federated access for cloud services Access to cloud management tools Web based management portals offered by the cloud providers Management APIs offered by the cloud providers Access to cloud resources (IaaS) SSH access to VMs Desktop access to VMs Access to applications/services on cloud resources operated by the communities Access to web based services Access to non-web based service Access to applications/services operated by cloud providers ([P/S]aaS) Credit to Christos Kanellopoulos (AARC/GRNET) for this slide

Ongoing Projects High Energy Physics (& other) communities increasingly turning to Cloud Beginning to become financially viable A few examples included in the following slides… CHEP (Computing for High Energy Physics Conference) Track 3 Highlights, strong focus on Cloud! https://indico.cern.ch/event/505613/contributions/2331046/attachments/1355033/2047461/summary_track3_chep_2016_lb.pdf

EGI Federated Cloud https://www.egi.eu/federation/egi-federated- cloud/ IaaS-type cloud for scientific communities  https://wiki.egi.eu/wiki/Federated_Cloud_Comm unities Made of academic private clouds and virtualised resources EGI Cloud Services: Cloud Compute – Run virtual machines on demand with complete control over computing resources Cloud Container Compute – Run Docker containers in a lightweight virtualised environment Training infrastructure – Dedicated computing and storage for training and education Federated access: SAML 2.0/OIDC for web-based dashboard OIDC tokens for CLI tools OCCI CLI tools support also X.509 credentials Credit to Peter Solagna, EGI.eu, for this slide

INDIGO https://www.indigo-datacloud.eu, open source, cloud service provider for scientific communities SAML enabled, eduGAIN integration Consolidates all identities to OAuth (OpenID connect) Marcus H has been involved and knows more! Credit to Andrea Ceccanti, CERN, for this slide

GEANT Cloud Catalogue Project in initial stages Commercial Cloud Providers GEANT will act as broker between cloud providers and NRENS Engaging with CPs to ensure requirements feasible https://catalogue.clouds.geant.net Key requirement is for SAML2.0 consumption GEANT is sponsoring the UK as a catch-all federation for clouds Credit to Vincenzo Capone, GEANT, for this slide

The Helix Nebula Initiative Hybrid cloud Competitive tender for commercial cloud providers, one will be selected post prototype Procurers: CERN, CNRS, DESY, EMBL-EBI, ESRF, IFAE, INFN, KIT, STFC, SURFSara SAML2 Consumption a requirement but… Not necessarily eduGAIN Mainly targeting IT Admins though some LToS researchers may be end users Undefined which services will be accessed (management portal + VMs?) State that the Helix Nebula initiative was created as a result of a commitment by the EIROforum IT Working group when it met in January 2011. Credit to Bob Jones & Joao Fernandes, CERN

AARC’s role in HNSciCloud FIM requirements included in Tender Specification AARC Approached for guidance for design phase Kickoff held November 3rd “The Tenderer must be able to support an authentication service based on SAML 2.0, such as eduGAIN, for accessing their services” “The objective is to provide the IT managers and/or end-users with the ability to use their own credentials (from their institution) in order to manage and access IaaS resources transparently via GUIs and ideally via CLIs and APIs in addition.” “Demonstrable evidence for support of SAML 2.0-based identity federations as a Service Provider and conformance with the GEANT Data Protection Code of Conduct  (or equivalent behavioural rules for Service Providers who want to receive user attributes from the Identity Providers) will score higher marks.”

Federated access for cloud services Access to cloud management tools Web based management portals offered by the cloud providers Management APIs offered by the cloud providers Access to cloud resources (IaaS) SSH access to VMs Desktop access to VMs Access to applications/services on cloud resources operated by the communities Access to web based services Access to non-web based services Access to applications/services operated by cloud providers ([P/S]aaS) Credit to Christos Kanellopoulos (AARC/GRNET) for this slide

Join eduGAIN as a service provider through a national federation How to do it? Join eduGAIN as a service provider through a national federation Use blueprint architecture patterns to enable access to non-web clients and external AAs Credit to Lukas Hämmerle – SWITCH/GEANT for this graphic

Lessons learned A proportion of cloud providers are already part of identity federations (or in the process) Commercial providers are treated inconsistently across federations (financially & policy wise) The idea of a shared set of attributes (R&S) seems to be largely accepted Biggest concern is using external authorisation sources Very difficult to give concrete advice without clear use cases! If there are small numbers of users (e.g. a handful of IT Admins) and no easy options for FIM, risk of infrastructures adopting a simpler but incomplete strategy

Challenges for HNSciCloud (and probably others…!) Not all users are in eduGAIN - split between eduGAIN and Umbrella - how will this work? How can multiple AAs from separate communities be integrated? Are there plug-and-play components available? In the blueprint architecture, what is run by the cloud providers and what is run by the research communities?

What can AARC do?

What can AARC do? Consult on architecture for specific use cases GN4 Covering this aspect, great resources available! Consult on architecture for specific use cases Provide specifics of reusable components AARC can provide a summary of resources available (there are many!), to help both research communities looking to integrate cloud services, and the cloud providers themselves

References Looking for more details https://wiki.edugain.org/How_to_Join_eduGAIN_as_Service_Provider Prefer to speak to someone? Contact edugain@geant.org

hannah.short@cern.ch

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.