EMBL Identity & Access Management Rupert Lück IT Services EMBL Heidelberg e-IRG Workshop Zürich Apr 24th 2008.

Slides:

Advertisements

Similar presentations

Distributed Data Processing

Advertisements

Ljubomir Ivaniš CPU d.o.o.

A university wide electronic research ethics review system?

High Performance Computing Course Notes Grid Computing.

GETS Transformation Kick Off Active Directory and Blackberry Migration Firewall and Network Changes 04/21/

The European Molecular Biology Laboratory (EMBL) is supported by sixteen countries. Consists of the main Laboratory in Heidelberg (Germany), Outstations.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Active Directory: Final Solution to Enterprise System Integration

CNIL Report April 4 th, CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.

Microsoft Virtual Server 2005 Product Overview Mikael Nyström – TrueSec AB MVP Windows Server – Setup/Deployment Mikael Nyström – TrueSec AB MVP Windows.

Business Productivity Online Suite Enterprise class software delivered via subscription services hosted by Microsoft and sold with partners.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.

Account Management, The Next Generation Unified Directories at the Rochester Institute of Technology Dan Tobin Matt Campbell.

#CONVERGE2014 Session 1304 Managing Telecom Directories in a Distributed or Multi-Vendor Environment David Raanan Starfish Associates.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Chapter 1: Hierarchical Network Design

COnvergence of fixed and Mobile BrOadband access/aggregation networks Work programme topic: ICT Future Networks Type of project: Large scale integrating.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Ideas for 2011 Prepare must be done work items –Warranty –Software maintenance –Commitments.

SAP R/3 System: Client Server Overview (Buck-Emden & Galimow, 1998) Dr. K. Palaniappan.

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Leveraging Oracle Data for Web- Based Reporting Northern California Oracle Users Group May 2001.

OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

System Management for Virtualization and Automation in a Dynamic Data Center SVM’08 Munich Karsten Beins, Sen. Director Infrastructure Technology.

ASG - Towards the Adaptive Semantic Services Enterprise Harald Meyer WWW Service Composition with Semantic Web Services

DDN & iRODS at ICBR By Alex Oumantsev History of ICBR  Campus wide Interdisciplinary Center for Biotechnology Research  Core Facility  Funded by the.

OEI’s Services Portfolio December 13, 2007 Draft / Working Concepts.

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.

Introduction to dCache Zhenping (Jane) Liu ATLAS Computing Facility, Physics Department Brookhaven National Lab 09/12 – 09/13, 2005 USATLAS Tier-1 & Tier-2.

1 MIIS IAM Nationwide Journey - MIIS & IAM. 2 Agenda 1.Introduction Original objectives Definition of terms 2.MIIS 3.IAM Introduction Definition Approach.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Bioinformatics Core Facility Guglielmo Roma January 2011.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

The CRI compute cluster CRUK Cambridge Research Institute.

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

Distributed Data Management Graeme Kerr Oracle in R&D Programme.

Minimising IT costs, maximising operational efficiency NIMM: Key Business Technology Map The core application delivery solutions that.

Module 7: Configuring Terminal Services. Overview Describe how the components of Terminal Services work together Identify new Terminal Services core features.

1 e-Science AHM st Aug – 3 rd Sept 2004 Nottingham Distributed Storage management using SRB on UK National Grid Service Manandhar A, Haines K,

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Identity Management and Enterprise Single Sign-On (ESSO)

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

Module 1: Introduction to Administering Accounts and Resources.

Windows SharePoint Services. Overview Windows SharePoint Services (WSS) Information Worker Infrastructure component delivered in Windows Server 2003 Enables.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Computing at SSRL: Experimental User Support Timothy M. McPhillips Stanford Synchrotron Radiation Laboratory.

 Understand the concept and scope of IT Infrastructure  Understand with various components and technologies that make up IT Infrastructure  Learn the.

Microsoft Partner Conference Integrated Innovation Don Kerr Partner Technology Specialist.

MANAGED LAN SERVICES How will you benefit? Managed LAN service  Full LAN service (hardware, operation, other services)  Per-port pricing  International.

CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

ENEA GRID & JPNM WEB PORTAL to create a collaborative development environment Dr. Simonetta Pagnutti JPNM – SP4 Meeting Edinburgh – June 3rd, 2013 Italian.

Berkeley Lab Software Distribution Site NLIT Dan Pulsifer - Engineering May 11 th, 2008.

EGI-InSPIRE EGI-InSPIRE RI The European Grid Infrastructure Steven Newhouse Director, EGI.eu Project Director, EGI-InSPIRE 29/06/2016CoreGrid.

Al Lilianstrom and Dr. Olga Terlyga NLIT 2016 May 4 th, 2016 Under the Hood of Fermilab’s Identity Management Service.

People Inc. from P&A Software

Company Bundesdruckerei GmbH Headquarters Berlin Industry High tech

Clouds , Grids and Clusters

Module 1: Introduction to Administering Accounts and Resources

Design and realization of Payload Operation and Application system of China’s Space Station Wang HongFei 首页.

To Join the Teleconference

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

EGI Webinar - Introduction -

People Inc. from P&A Software

Presentation transcript:

EMBL Identity & Access Management Rupert Lück IT Services EMBL Heidelberg e-IRG Workshop Zürich Apr 24th 2008

IT Services HEIDELBERG 2 Outline  EMBL Overview  Identity & Access Management for EMBL –IT Requirements & Strategy –Project Goal and Features –Defining the scope –Integrated User Management –Benefits

IT Services HEIDELBERG 3 EMBL  European Molecular Biology Laboratory  Supported by 20 Member States (+1 associated: )  1500 staff & researchers from 60 nations

IT Services HEIDELBERG 4 Heidelberg, DE: Main Lab, Basic molecular biology research Hinxton, UK: EBI, Bioinformatics databases, research & services Grenoble, F & Hamburg, DE: Structural Biology Monterotondo, I: Mouse Biology EMBL Sites

IT Services HEIDELBERG 5  Flagship Lab for Basic Research in Molecular Biology  Instrumentation & Technology Development  Services  Advanced Training  Technology transfer EMBL’s Mission

IT Services HEIDELBERG 6 Systems Biology: From Molecules to Organisms GenomeEmbryoCell Fruitfly Protein/DNA MouseHuman Development, Ageing, Disease

IT Services HEIDELBERG 7 Systems Biology  Understand Cell Function as a dynamic biological system –Away from one gene – one function concept –Towards quantitative understanding of living systems  Involves –Interdisciplinary Research across scientific domains  Collaboration infrastructures  Data sharing & data integration –Quantitative studies & Integration of information –Technologically complex experimentation –Computational approaches  modeling and simulation  Highly compute and storage intensive (Grid technology)

IT Services HEIDELBERG 8 Instrumentation & Technology Development  NG Sequencing, microarrays, databases, screens…  Light Microscopy (4D confocal microscopy, cell assays screening, …)  Electron & Synchrotron tomography  High throughput proteomics and structure analysis  Modelling of biological processes  small animal imaging  Large amounts of heterogeneous data (PetaByte+ range)  Significant needs for Network, Compute & Storage Resources  Scalability of IT

IT Services HEIDELBERG 9 EMBL Services  More than 2000 Facility Users per year use the radiation sources for structural biology  More than 200,000 scientists per year from all life sciences branches use the EMBL bioinformatic data resources  More than 1000 visitors per year benefit from state-of-the-art equipment learn new techniques carry out collaborative projects

IT Services HEIDELBERG 10 EBI Services  Reference site for biological data –150 different databases –120+ different tools. –9 different data submission systems. –8 major query interfaces.  User base –Rapidly growing –> different Users / Month –Scientific community –Pharma & Biotech Industry  Trends –Rapid growth of data –Faster than Moore’s law => Service oriented architecture  Web Service based access  Database Federation  Grid approach EBI web requests / day (millions) [ Source: Peter Stoehr, EBI ] Gbases EMBL-Bank Growth in Gbases

IT Services HEIDELBERG 11 Outline  EMBL Overview  Identity & Access Management for EMBL –IT Requirements & Strategy –Project Goal and Features –Defining the scope –Integrated User Management –Benefits

IT Services HEIDELBERG 12 IT Requirements & Strategy  IT Requirements –Collaboration IT Environment to support Interdisciplinary research –Scalability, Efficiency & Reliability of IT infrastructure and processes  Strategy –Institution-wide Collaboration Platform –Identity & Access management solution –Consolidation –IT Standards

IT Services HEIDELBERG 13 Project: Identity & Access Management for EMBL  Project goal –Provide an EMBL-wide user database – EMBL Network Passport  Key features –Based on an LDAP –Identity management and provisioning infrastructure –Unified Login and Single-Sign-On where reasonable –Automated fine-grained provisioning of resources to different user populations –Balanced implementation effort and cost –Future flexibility

IT Services HEIDELBERG 14 Defining the scope  Resources  User & Client populations  Access roles  IT Security domains

IT Services HEIDELBERG 15 IT Resource Landscape  HPC Clusters –Several 1000 CPU cores –mainly in Heidelberg and at the EBI –NIS  Storage Systems –> 700 TByte primary storage –on NetApp and BlueArc NAS –3 PB secondary storage –NIS, AD  Network –WLAN (Radius) –VPN (Radius) –Multiple VLANs –Inter-campus VPN  Applications –Small to enterprise level application server based –Web apps and native clients –Scientific and commercial line of business systems –LDAP, individual access silos  Database systems –Oracle –MySQL  Desktop and Server Systems –Operating systems (Windows, MacOS X and Linux)

IT Services HEIDELBERG 16 User / Client populations  Named users –Staff:  ~1500 across 5 different EMBL sites  9yr contracts max. –Visitors: >1000 / Year –Facility users: >2000 / Year –Contractors & Consultants –e-Collaborators: >500 –Alumni: >4000 –Industry: collaborations & programme  Public access: –Scientific tool and content DB user populations ( ) – High fluctuation – Even between populations

IT Services HEIDELBERG 17 Access Roles (selection)  VPN Access  Unix / NIS Account  Windows / Active Directory Account  Account  Access to Intranet  Access to shared workspaces  Access to resource booking system (Microscopes, Rooms, etc.)  SAP: can use online shopping module (SRM)  SAP Modules X, Y, Z: can manage data  Access to scientific application X,Y,Z  Oracle DB user / access roles

IT Services HEIDELBERG 18 IT Security domains  EMBL’s organization is distributed across 5 sites  Individual IT Services organizations –Responsible for local IT management (Site in Rome, managed from Heidelberg) –Local IT security –Inter-site security as a joint effort  Split user domains  Blocks efficient collaboration

IT Services HEIDELBERG 19 HRIT User Management  Until 2007 Oracle DBs EMBL Groups (Web), Visitors, PhD, EIPOD, Alumni, Consultants monthly export EMBL Web Pages & Web Applications Other IT resources IT resources Applications & Operating Systems HR System Payroll & Staff replace Unix, Windows, Mail, VPN etc. HR Data not linked

IT Services HEIDELBERG 20 User Management  Short comings  Many different identities in different systems  Huge efforts –to manage individual identities and access profiles –To achieve a reasonable level of consistency  No fine-grained assignment of access patterns  By default only access to IT infrastructure of users EMBL home site  Many existing (self developed) systems cannot be integrated with others

IT Services HEIDELBERG 21 Integrated User & Access Management  LDAP / Oracle IM EMBL User Directory & Identity Management Unix, Windows, Mail, VPN Web CMS, SAP, Oracle, etc. Master Data (one central resource) Payroll, Staff EMBL Groups (Web), EIPOD, PhD, Visitors, Alumni, Consultants Access Management SAP HR / OM sync IT resources Applications & Operating Systems Template based Provisioning User & Identity Management sync HRIT

IT Services HEIDELBERG 22 Integrated User Management  Benefits  One central user directory (LDAP) –for all people associated with EMBL –from all sites –not only staff  Automation of access rights management and provisioning to IT resources  Real time information displayed on the EMBL web  LDAP is a standard component –Easy Integration in future projects –Can also be used by any application developer within EMBL –Integration projects costs significantly lower

IT Services HEIDELBERG 23 Integrated User Management  Collaboration Benefits  EMBL-wide unified login (username & password) e.g. NIS, Windows, SAP, Storage systems,…  Ability to login while visiting another EMBL site  Access to remote (expensive) analysis tools e.g. via Terminal Server  Secure sharing of data with EMBL colleagues from remote sites  Resource booking and checking peoples availability across the organization

IT Services HEIDELBERG 24 Integrated User Management  Technical Benefits  Provisioning templates allow fine-grained access management –i.e. a user population could get access to many resources –Others only could be assigned -only access  Why a commercial solution –Vendors like Oracle provide out-of-the-box connectors to other access infrastructures, e.g.  Active Directory  LDAP (various vendors)  UNIX, NIS  SAP (various modules) –Allows faster and cost effective integration of other infrastructures –Federations:  Supports Liberty alliance standard  Federations across organizations also to industry partners

IT Services HEIDELBERG 25 Summary  Systems biology at EMBL requires a collaborative, scalable and secure IT environment to enable research and to protect IP  The introduced an identity management and provisioning infrastructure is one of the key components to support this requirement  It allows automated fine-tuning of individual access scenarios  Allows fast and cost effective integration of other infrastructures