Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortiums…) Dean Flanders FMI / SystemsX VAMP / FIM4R in Helsinki Sept. 30 th, 2013
Overview About SystemsX Problem / Proposed Solution Resource FMI Multi-Institutional / Community Resource Sharing Tool Azure AD Collaboration with Microsoft Summary Overview Overview
We live in a brave new world... Overview
Mission «SystemsX.ch is determined to become a world-leading initiative in quantitative Systems Biology.» SystemsX.ch is open to any Swiss university or research institution. About SystemsX
Some Numbers and Facts... About SystemsX 1000 scientists 200 research groups 11 universities and research institutes Work together inter-disciplinarily
About SystemsX
Problem – Current FIM possibilities are not meeting the needs of researchers, and this problem becomes more critical as more pressure is given to share resources and to collaborate across disciplines, as well as with industry. Solution – A robust inter-institutional self- federation and rights management approach is needed. In this way all users and resource providers can easily participate in resource sharing and collaborations. Obstacle Problem / Proposed Solution
Enabling science/education as a service! These are shared resources... Problem / Proposed Solution
Why share resources in research? Increasing complexity of the tools required to perform research puts more pressure on hardware and people resources. Increased competitive pressure forces greater efficiency. No one institution can house all of different types of resources their researchers need. Under utilization of resources. Lack of expertise to operate complex systems causes the need for better cooperation between institutions. Problem / Proposed Solution
Lots of very basic problems are not easily solvable by current academic federations, e.g. existing institutional security groups cannot be easily seen within or across federations. Many challenges can also be faced with current academic federations, such as bringing in new federation members and new users can be difficult, heterogeneous national solutions. Unmet needs of current federations Problem / Proposed Solution
1000’s of Users1000’s of Resources Huge Collection of: Entitled users & rights to use Access rights & Reservations Researchers Companies Students How to ensure that the right people will the right access? Problem Analysis Problem / Proposed Solution
Institutions’ Users Individuals synchronize Self Service Social ID Active Directories User & Resource Collection Institutions’ Resources Publish & Provision User group FormationResource Allocation Self Service Projects & Communities Self Service Resource Selection Owners’ Approval or Automated allocation ResearchNet Management Infrastructure Usage Log on with own ID Single Sign On Leader Self Service Δ Δ Δ Overview High Level Solution = IDMaaS / Rights Management Problem / Proposed Solution
Instruments Meeting rooms Clusters Sample analysis Software Bikes Etc. What resources do we have in mind? Problem / Proposed Solution
Resource Sharing at the FMI... Resource FMI
15 Resource Overview Resource FMI
Resource Request Resource FMI
Resource Assigment Interface Resource FMI
Reservation Request Resource FMI
(Results reviewed periodically to ensure correct use.) Resource Review Resource FMI
(We have now also integrated this approach also into web based applications.) Expert List Resource FMI
Misuse Reporting Resource FMI
Free for everyone (commercial and academic users) Cloud hosted Multi-institutional Multi-community Fully self-service (institutions, communities, research groups, users, providers) New resource types: app store, work orders, store Designed the system to facilitate national / international resource sharing. Designed the system to facilitate business development and startups, as well as large companies. Essential for inter-institutional collaborations and resource sharing. New Multi-tenant Cloud Version Multi-Institutional / Community Resource Sharing
System Design: One common platform shared by participating institutions (there can be many of these shared platforms). Exposes resources across institutions and facilitate sharing of resources & expertise. Provides Controls to prevent misuse and insight to optimize usage. It must be: Simple to use (we cannot train 1000’s of users) and appealing (users must love it!) Self-service driven (administrative interference would cause a new bureaucracy) Pervasive use (right to use encompasses access to resources or information, as well as reservations to use resources) No impediments to start using the platform (just get started) Integrated authentication (SSO to minimize helpdesk support) Multi-Institutional / Community Resource Sharing
Federation with ETH over Auth0 / Azure AD ADFS (IdP) Webapp / Instrument / Service (SP) Auth0 / Azure AD Claim Rules Engine ADFS (IdP) Social (IdP) Resource Management Multi-Institutional / Community Resource Sharing
non-integrated integrated Institutional verification Enrollment Multi-Institutional / Community Resource Sharing
Resulting Claims for Integrated User
Scheduler Multi-Institutional / Community Resource Sharing
Applications
Services
Directories
Setting up a Resource Provider Multi-Institutional / Community Resource Sharing
Resource Rights Management Multi-Institutional / Community Resource Sharing
IDMaaS to provision SaaS on IaaS Multi-Institutional / Community Resource Sharing
Windows Azure Active Directory: The Vision A modern, cloud based identity management service providing federation, directory services, device registration, user provisioning, application access control & data protection. A natural extension to your on premise directory, the combination of Windows Server AD and Windows Azure AD let’s you secure today’s hybrid enterprise. On-premises and cloud Active Directory managed as one Consistent identities for on-prem and cloud applications. Easy user experience with single sign on Azure AD Collaboration with Microsoft Keith Brintzenhofe - Group Program Manager | Windows Azure Active Directory Identity & Access Management
Windows Azure Active Directory and the Hybrid Enterprise - Today Active Directory AD DS, ADFS, FIM Third Party Apps Windows Azure Active Directory Microsoft Apps Identity Management Your Apps On-premises and private cloud Other appsHR sources Other Directories Self-Service Microsoft Account Keith Brintzenhofe - Group Program Manager | Windows Azure Active Directory Identity & Access Management Azure AD Collaboration with Microsoft
Identity & Access Management Scenarios Instant productivity with SaaS applications Access from any device, anywhere Connecting and collaborating with partners & customers Rapidly develop and deploy new enterprise capabilities Security monitoring and alerting for cloud services Keith Brintzenhofe - Group Program Manager | Windows Azure Active Directory Identity & Access Management Azure AD Collaboration with Microsoft
It is free. We are all Microsoft customers anyway…. Many institutions use AD already and Microsoft has a vision of “one AD” in terms of cloud and on- premise integration. Ready made integration into soon to be hundreds of existing cloud services. Multi-factor capabilities. Many possible federation partners. Azure is a robust multi-national infrastructure. Azure AD Benefits Azure AD Collaboration
Azure AD Testing Plan Work within a collaborative team interested in investigating Azure AD as a possible part of the FIM puzzle. Map and test use cases. Define a roadmap with Microsoft which has an open flexible architecture for Azure AD usage. Define action items for Microsoft (e.g. improve SAML interoperability, tighter social identity integration). If you have ideas, issues, or complaints about Azure AD feel free to join the collaboration,. Azure AD Collaboration
Summary The lack of good FIM solutions in academia is one of the biggest technical impediments to research and education currently. We need to take a Zendesk like approach to resource providers so they are empowered to share resources. FIM is crucial for this. We need to look at research groups as if they were their own small company, and stop focusing on the national and institutional level. There are simple approaches to federation that can be used to meet the needs of researchers and research communities. The self-federation concept is vital to an all inclusive federation necessary for research. A platform such as Azure AD can play an important role in an effort to improve FIM for research. Summary