1. Information Initiative Center, Hokkaido University North 11, West 5, Sapporo 060-0811, Japan Tel, Fax: +81-11-706-2923 http://www.iic.hokudai.ac.jp/ Management Functions Requirements Proposed Autonomic Multi-Cloud Model FOSS: Mapping to Requirements and Model Scalr [1] User-Deployed VOI Implemented using VDE Ansible [3] 1.Coordinated Authentication: Actualize Single Sign-On (SSO), issue API keys for web services, and coordinate reserved resources authentication information. 2.Users and Groups: Ability to automate user registration and access, and to coordinate resource access and utilization by groups. 3.Resource Utilization: Ability to list available resources by site, in detail, with minimal administration for actions like starting/stopping virtual systems. 4.Virtual Systems: Ability for users to launch and manage VPCs, HPC clusters, virtual networks, virtual storage, etc., and satisfy QoS levels. 5.Billing and Budget: Ability to show estimated billing and budget for single cloud, overall system, groups, and projects. 6.Information Disclosure, Sharing, and Querying: Ability to share and make public information about resources, billing systems, and service levels. 7.Administration, Resource Registration, and Provisioning: System functions for monitoring and managing the entire inter-cloud system. At Hokkaido University, we are developing a prototype web-based single sign-on inter-cloud management portal called the Simple Heterogeneous INter-CLoud Manager (SHINCLOM). Our objective is to give users the ability to easily configure and launch VPCs, HPC clusters, and autonomic applications and services across disparate clouds. We employ a model-based approach in which the management functions requirements of the project are mapped to the layers of a proposed autonomic model and implemented using Free Open Source Software (FOSS). References 1.Scalr, http://wiki.scalr.com/display/docs/Home. 2.R. Davoli, “VDE: Virtual distributed Ethernet,” TRIDENTCOM'05, pp. 213– 220, 2005. 3.Ansible, http://www.ansibleworks.com/. 4.Shibboleth, http://shibboleth.net/. 5.CloudWeaver, http://lyatiss.com/. 1.Scalr [1] : Provides a skeleton (base) framework for SHINCLOM. Partially satisfies Reqs. 2 through 7. Maps to CPSL, VOIL, and ADNL (provides basic functions). 2.Virtual Distributed Ethernet (VDE) [2] : Provides virtual networking components. Helps to satisfy Req. 4. Maps to VOIL (integral component). 3.Ansible [3] : Provides easily understandable dynamic and automated configuration management. Helps to satisfy Reqs. 3 and 4. Maps to VOIL (integral component). 4.Shibboleth[ 4] : Provides SSO capabilities and allows sites to make informed authorization decisions for individual access in a privacy-preserving manner. Helps to satisfy Reqs. 1, 2, and 6. 5.CloudWeaver* [5] : Provides information on application infrastructure performance, network flows, and data exchange between cloud resources. Helps to satisfy Reqs. 3, 6, and 7. Maps to ADNL and CASL. Identity Management using Shibboleth Application Defined Networking (ADN) [5] Scalr User Hierarchy Ansible is designed to be minimal in nature, consistent, secure, and highly reliable, with an extremely low learning curve for administrators, developers, and IT managers. The core Ansible project manages systems by connecting to them over SSH, either using paramiko (a Python library), or by using native OpenSSH (parameter: -c ssh). When using OpenSSH, connection reuse features are enabled by default if supported by the SSH client, and in either case, SSH is used as a transport, but is not treated as a shell. Instead, modules (small Ansible programs containing baked-in arguments) are transferred over SCP or SFTP to a temporary directory on the remote machine, executed, and then removed in one action. The modules return JSON over standard output, and this return data is processed by the Ansible program on the controlling machine. Application Defined Networking (ADN) is all about applications directly controlling and adapting the networking environment using API’s, so that application delivery and performance across public and private cloud networks are optimized without compromising on portability or security. ADN centers on an application’s goals and immediate needs. Instead of controlling the forwarding of individual packets within the network infrastructure, like SDN, ADN focuses on orchestrating the application flows, accelerating and streamlining the movement of data throughout the entire virtual infrastructure of each application. 1.User logs in to the SHINCLOM portal. 2.SHINCLOM authenticates user via Shibboleth using X.509 certificate to confirm identity. 3.Certificate is distributed to cloud providers (Hokudai, Kyushu, and Tokyo Tech, in this scenario) via MyProxy. 4.Shibboleth request is received in SAML by Resource ACL, which functions as a bridge to issue URL API requests to cloud platforms and accept responses.