Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Providers and AARC

Published byMilton Austin Modified over 6 years ago

Similar presentations

Presentation on theme: "Cloud Providers and AARC"— Presentation transcript:

1 Cloud Providers and AARC
What are the best practices to support them? What AARC can/should do in this space? Hannah Short CERN, AARC AARC 4th General Meeting 30th November 2016

2 Federated Access for Cloud Services
Agenda Federated Access for Cloud Services Ongoing projects AARC’s role in HNSciCloud Challenges for HNSciCloud Where can AARC help?

3 Federated access for cloud services
Access to cloud management tools Web based management portals offered by the cloud providers Management APIs offered by the cloud providers Access to cloud resources (IaaS) SSH access to VMs Desktop access to VMs Access to applications/services on cloud resources operated by the communities Access to web based services Access to non-web based service Access to applications/services operated by cloud providers ([P/S]aaS) Credit to Christos Kanellopoulos (AARC/GRNET) for this slide

4 Ongoing Projects High Energy Physics (& other) communities increasingly turning to Cloud Beginning to become financially viable A few examples included in the following slides… CHEP (Computing for High Energy Physics Conference) Track 3 Highlights, strong focus on Cloud!

5 EGI Federated Cloud cloud/ IaaS-type cloud for scientific communities  unities Made of academic private clouds and virtualised resources EGI Cloud Services: Cloud Compute – Run virtual machines on demand with complete control over computing resources Cloud Container Compute – Run Docker containers in a lightweight virtualised environment Training infrastructure – Dedicated computing and storage for training and education Federated access: SAML 2.0/OIDC for web-based dashboard OIDC tokens for CLI tools OCCI CLI tools support also X.509 credentials Credit to Peter Solagna, EGI.eu, for this slide

6 INDIGO open source, cloud service provider for scientific communities SAML enabled, eduGAIN integration Consolidates all identities to OAuth (OpenID connect) Marcus H has been involved and knows more! Credit to Andrea Ceccanti, CERN, for this slide

7 GEANT Cloud Catalogue Project in initial stages
Commercial Cloud Providers GEANT will act as broker between cloud providers and NRENS Engaging with CPs to ensure requirements feasible Key requirement is for SAML2.0 consumption GEANT is sponsoring the UK as a catch-all federation for clouds Credit to Vincenzo Capone, GEANT, for this slide

8 The Helix Nebula Initiative
Hybrid cloud Competitive tender for commercial cloud providers, one will be selected post prototype Procurers: CERN, CNRS, DESY, EMBL-EBI, ESRF, IFAE, INFN, KIT, STFC, SURFSara SAML2 Consumption a requirement but… Not necessarily eduGAIN Mainly targeting IT Admins though some LToS researchers may be end users Undefined which services will be accessed (management portal + VMs?) State that the Helix Nebula initiative was created as a result of a commitment by the EIROforum IT Working group when it met in January 2011. Credit to Bob Jones & Joao Fernandes, CERN

9 AARC’s role in HNSciCloud
FIM requirements included in Tender Specification AARC Approached for guidance for design phase Kickoff held November 3rd “The Tenderer must be able to support an authentication service based on SAML 2.0, such as eduGAIN, for accessing their services” “The objective is to provide the IT managers and/or end-users with the ability to use their own credentials (from their institution) in order to manage and access IaaS resources transparently via GUIs and ideally via CLIs and APIs in addition.” “Demonstrable evidence for support of SAML 2.0-based identity federations as a Service Provider and conformance with the GEANT Data Protection Code of Conduct  (or equivalent behavioural rules for Service Providers who want to receive user attributes from the Identity Providers) will score higher marks.”

10 Federated access for cloud services
Access to cloud management tools Web based management portals offered by the cloud providers Management APIs offered by the cloud providers Access to cloud resources (IaaS) SSH access to VMs Desktop access to VMs Access to applications/services on cloud resources operated by the communities Access to web based services Access to non-web based services Access to applications/services operated by cloud providers ([P/S]aaS) Credit to Christos Kanellopoulos (AARC/GRNET) for this slide

11 Join eduGAIN as a service provider through a national federation
How to do it? Join eduGAIN as a service provider through a national federation Use blueprint architecture patterns to enable access to non-web clients and external AAs Credit to Lukas Hämmerle – SWITCH/GEANT for this graphic

12 Lessons learned A proportion of cloud providers are already part of identity federations (or in the process) Commercial providers are treated inconsistently across federations (financially & policy wise) The idea of a shared set of attributes (R&S) seems to be largely accepted Biggest concern is using external authorisation sources Very difficult to give concrete advice without clear use cases! If there are small numbers of users (e.g. a handful of IT Admins) and no easy options for FIM, risk of infrastructures adopting a simpler but incomplete strategy

13 Challenges for HNSciCloud (and probably others…!)
Not all users are in eduGAIN - split between eduGAIN and Umbrella - how will this work? How can multiple AAs from separate communities be integrated? Are there plug-and-play components available? In the blueprint architecture, what is run by the cloud providers and what is run by the research communities?

14 What can AARC do?

15 What can AARC do? Consult on architecture for specific use cases
GN4 Covering this aspect, great resources available! Consult on architecture for specific use cases Provide specifics of reusable components AARC can provide a summary of resources available (there are many!), to help both research communities looking to integrate cloud services, and the cloud providers themselves

16 References Looking for more details Prefer to speak to someone? Contact

17

Download ppt "Cloud Providers and AARC"

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Contrail and Federated Identity Management

Contrail and Federated Identity Management
HEAnet Cloud Compute Update 1.HEAnet Cloud – a Multilayered Strategy 2.HEAnet Cloud Project 3.Cloud Realities 4.Role of the NREN – Why Cloud ? 5.NREN Collaboration.

HEAnet Cloud Compute Update 1.HEAnet Cloud – a Multilayered Strategy 2.HEAnet Cloud Project 3.Cloud Realities 4.Role of the NREN – Why Cloud ? 5.NREN Collaboration.
Presentation to the Housing Technology Conference Tim Cowland- Senior Consultant 27 th February 2014 The Rise of the Housing Cloud.

Presentation to the Housing Technology Conference Tim Cowland- Senior Consultant 27 th February 2014 The Rise of the Housing Cloud.
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
JASMIN and CEMS: The Need for Secure Data Access in a Virtual Environment Cloud Workshop 23 July 2013 Philip Kershaw Centre for Environmental Data Archival.

JASMIN and CEMS: The Need for Secure Data Access in a Virtual Environment Cloud Workshop 23 July 2013 Philip Kershaw Centre for Environmental Data Archival.
Tim Bell 24/09/2015 2Tim Bell - RDA.

Tim Bell 24/09/2015 2Tim Bell - RDA.
Ian Bird, WLCG MB; 27 th October 2015 October 27, 2015

Ian Bird, WLCG MB; 27 th October 2015 October 27, 2015
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos https://wiki.geant.org/display/AARC/AARC+Architecture+-+private.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos
A European Open Science Cloud

A European Open Science Cloud
Www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 B2ACCESS LSDMA.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid

3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid
Economical opportunities stemming from data and computing e- infrastructures Stakeholders consultation on computing and data for the WP 2016-17 Brussels,

Economical opportunities stemming from data and computing e- infrastructures Stakeholders consultation on computing and data for the WP Brussels,
INDIGO – DataCloud WP5 introduction INFN-Bari CYFRONET RIA-653549.

INDIGO – DataCloud WP5 introduction INFN-Bari CYFRONET RIA
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

Similar presentations

Ads by Google