Openlab major review Marek Denis Openlab research fellow

Slides:

Advertisements

Similar presentations

OpenStack Mission To produce the ubiquitous open source cloud computing platform that will meet the needs of public and private clouds regardless of size,

Advertisements

Orchestration of Fibre Channel Technologies for Private Cloud Deployments OpenStack Summit; Ecosystem Track April 15 th, 2013 Oregon Convention Center.

OpenStack Update Infrastructure as a Service May 23 nd 2012 Rob Hirschfeld, Dell.

Cotswolds International Middleware Meeting Upper Slaughter, UK, October 2004 Slides partially by John Martin, JISC; pictures by Ken Kingenstein.

Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.

IS Management at Chase Holly David February 28 th, 2007.

WebFTS as a first WLCG/HEP FIM pilot

CLOUD FEDERATION Are We There Yet?. Tim Bell - CERN Why Do We Federate?

Rackspace Lump Sum Policy

Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.

CERN Cloud Infrastructure Report 2 Bruno Bompastor for the CERN Cloud Team HEPiX Spring 2015 Oxford University, UK Bruno Bompastor: CERN Cloud Report.

Cisco and OpenStack Lew Tucker VP/CTO Cloud Computing Cisco Systems,

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Server System. Introduction A server system is a computer, or series of computers, that link other computers or electronic devices together. They often.

Raffaele Di Fazio Connecting to the Clouds Cloud Brokers and OCCI.

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

EDUCAUSE – October 2011 Kuali Student Project Update.

Rackspace Analyst Event Tim Bell

Cloud Computing Infrastructure at CERN

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice The China Digital Museum Project.

Summit Held in Hong Kong, 1 st time in Asia –Beijing is the city with the most OpenStack developers Attendance 3,500 up from 3,000 in Portland –45% APAC,

Openstack with Stackops Guy Tel-Zur

2 OpenStack Design Summit Summary Swiss and Rhone Alpes - OpenStack User Group Meeting 6 th December, CERN Belmiro Moreira

Tim Bell 24/09/2015 2Tim Bell - RDA.

26 September 2013 Federating OpenStack: a CERN and Rackspace Collaboration Tim Bell Toby Owen

EduGain Federation – Web SSO

Tim 18/09/2015 2Tim Bell - Australian Bureau of Meteorology Visit.

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

Cloud federation Are we there yet? Marek Denis CERN openlab Major Review Geneva, Switzerland › October

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Opening Up OpenStack’s Identity Service David W Chadwick, Ioram S Sette, Kristy W Siu.

CoprHD and OpenStack Ideas for future.

Tim Bell 04/07/2013 Intel Openlab Briefing2.

© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.

LHC Computing, CERN, & Federated Identities

Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF Cluman: Advanced Cluster Management for Large-scale Infrastructures.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

INDIGO – DataCloud CERN CERN RIA

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Enterprise Innovation.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.

1 Authorization Federation in Multi-Tenant Multi-Cloud IaaS Navid Pustchi Advisor: Prof. Ravi Sandhu.

Access Policy - Federation March 23, 2016

Bob Jones EGEE Technical Director

Security on OpenStack 11/7/2013

LAMS: The Learning Activity Management System

The CLoud Infrastructure for Microbial Bioinformatics

A successful public-private partnership

Openlab Compute Provisioning Topics Tim Bell 1st March 2017

Identity Federations - Overview

EMI Interoperability Activities

OpenStack Foundation. OpenStack Foundation Latest: Foundation Mission The OpenStack Foundation.

Usage of Openstack Cloud Computing Architecture in COE Seowon Jung Systems Administrator, COE

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

A Complete Internet Company

Intel® network builders university

Huawei : Clouds at Scale

About CodeTwo We are a trusted software vendor and Microsoft partner delivering Office 365 and Exchange solutions to over businesses all over the.

About CodeTwo We are a trusted software vendor and Microsoft partner delivering Office 365 and Exchange solutions to over businesses all over the.

Standards for success in city IT and construction projects

ESA Single Sign On (SSO) and Federated Identity Management

Accelerated Computing in Cloud

Enterprise Service Bus (ESB) (Chapter 9)

Overview and Development Plans

Mix & Match: Resource Federation

OpenStack Summit Berlin – November 14, 2018

The StarlingX Story Learn, Try, Get Involved!

Open Infrastructure: Integrating OpenStack and Kubernetes

OpenStack Summit; Operations Track

Presentation transcript:

Openlab major review Marek Denis Openlab research fellow

CERN & Rackspace collaboration Collaboration project Started 1st October 2013 Full time research fellow (Marek Denis) working together with the OpenStack community. Joint research and work on the Cloud Federation Referential architecture for building cloud federations Blueprints, code contributions, code reviews, active participation in design and implementation process Whitepapers and presentations to allow others to build on our findings Marek Denis- CERN openlab

Marek Denis- CERN openlab Rackspace OpenStack founder (together with NASA) More than 5000 rackers Over 205,000 customers 98,000+ SERVERS 26 000 VMs 70PB storage 120+ countries 9 global data centres Chicago, Washington, Dallas, London, Hong Kong, Sydney .... Marek Denis- CERN openlab

„To be recognised as one of the world’s greatest service companies.” The Rackspace Vision „To be recognised as one of the world’s greatest service companies.” Marek Denis - CERN openlab

Marek Denis - CERN openlab Meet our team... Toby Owen Head of Technical Strategy Rackspace Lives in London, UK toby.owen@rackspace.com Lee Kimber Senior Product Technologist Rackspace Lives in Cambridge, UK lee.kimber@rackspace.co.uk Tim Bell Head of Infrastructure Services, CERN Lives in Geneva, Switzerland tim.bell@cern.ch Product Manager for Identity Rackspace Lives in Austin, TX joe.savak@rackspace.com Joe Savak Marek Denis - CERN openlab

...and the rest of the community involved in federation work Dolph Matthews (Rackspace) – Keystone PTL Steve Martinelli (IBM) Adam Young (RedHat) David Chadwick (University of Kent) Kristy Siu (University of Kent) .....and many more! Marek Denis - CERN openlab

How do we work on the OpenStack? OpenStack is Open Source – everybody can contribute Very powerful community Rackspace, IBM, RedHat, AT&T, Cisco, HP, Intel, Ubuntu... (full list: http://www.openstack.org/foundation/companies/) Marek Denis - CERN openlab

How do we work on the OpenStack? Blueprints Proposals for new features, high level designs Summits (every 6 months) Choose blueprints for the next release We can work in one room, with a real whiteboard Design phase (markdowns, IRC discussions, mailing list threads, design sessions, hackathons) Implementation/code reviews Code merge Bugfixing Marek Denis - CERN openlab

How do we work on the OpenStack? Marek Denis - CERN openlab

Cloud Federation – the basics Cloud resources are isolated CERN Private Cloud Public Cloud such as Rackspace Many Others on Their Way NecTAR Australia Brookhaven National Labs IN2P3 Lyon Marek Denis - CERN openlab

Cloud Federation – Single Sign On As a user I want to use my single set of existing credentials to access services across multiple clouds. Marek Denis - CERN openlab

Cloud Federation – technical details Use existing protocol – SAML2 Use established software for handling communication between federated peers (at the OpenStack side) We are building mechanisms that map SAML assertion parameters into local users/groups/roles Marek Denis - CERN openlab

Our aim for the Icehouse release (Spring 2014) Implement all parts required to handle federated authn/authz in the Keystone Identity Providers and Protocols CRUD operations (already merged) Mapping rules CRUD operations (already merged) Rules mapping algorithm (work in progress) Consuming SAML assertions (work in progress) Token generation after the local groups are returned (work in progress) Marek Denis - CERN openlab

Marek Denis - CERN openlab Next steps Extend basic federation use-case so clients can experience a real cloud of clouds Work on image cloud federation (project glance) Prepare a working federated cloud infrastructure Marek Denis - CERN openlab

Cloud federation – image sharing Cloud A Image1 Image2 Cloud B Image3 Image4 Cloud C Image 5 VM1(Image5) VM2(Image1) VM3(Image3) Marek Denis - CERN openlab

Marek Denis - CERN openlab Questions Q & A Marek Denis - CERN openlab

First Name and Family Name - CERN openlab If you are interested... SAML2 specification http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf Shibboleth http://shibboleth.net/ Extenal Identity Providers blueprint https://blueprints.launchpad.net/keystone/+spec/identity-providers Identity Providers and Mapping rules CRUD specification https://review.openstack.org/#/c/59848/ First Name and Family Name - CERN openlab