Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Services Lifecycle Management and GEYSERS Service Delivery Framework Yuri Demchenko, UvA Cloud Security BOF 26 October 2010 OGF30 25-28 October.

Published bySuzan Nelson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Services Lifecycle Management and GEYSERS Service Delivery Framework Yuri Demchenko, UvA Cloud Security BOF 26 October 2010 OGF30 25-28 October."— Presentation transcript:

1 Security Services Lifecycle Management and GEYSERS Service Delivery Framework Yuri Demchenko, UvA Cloud Security BOF 26 October 2010 OGF30 25-28 October 2010, Brussels

2 Outline  Cloud Security – New challenges  On-Demand Infrastructure Services Provisioning  Background – TMF Service Delivery Framework (SDF)  GEYSERS SDF  Security Services Lifecycle Management ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels Security Services Lifecycle Management Slide _ 2

3 Cloud Security – New challenges Clouds as infrastructure services provisioning model/environment u Security along the whole provisioning process and service/infrastructure lifecycle u Manageable/user controlled security u Securing remote executing environment u Security context/session management ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels ISOD RG Chapter Discussion Slide _ 3

4 ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels Security Services Lifecycle Management Slide _ 4 Security Service Lifecycle Management in On-Demand Resources/Services Provisioning  On-Demand Infrastructure Services Provisioning requires definition of Services Lifecycle Management u Multidomain multi-provider environment u Includes standard virtualisation procedures and mechanisms  Requires dynamic creation of Security/Trust Federations in multi-domain environment  Access control infrastructure dynamically created and policy/attributes dynamically configured u Access/authorisation session/context management

5 ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels Security Services Lifecycle Management Slide _ 5 GEYSERS Service Delivery Framework (SDF)  Service provisioning workflow by VIP: u Creation of the Virtual Infrastructure (VI) u May include more engineers support  Service provisioning workflow by VIO: u Creation and operation of the Virtual Infrastructure on-demand for specific project, tasks or user groups u Should be completely automatic  Should also include activities/stages for infrastructure re-planning, restoration and migration  Adopted TeleManagement Forum Service Delivery Framework (TMF SDF)  GEYSERS Project - http://www.geysers.eu/

6 GEYSERS Reference Model Role: VIO VIP PIP ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels ISOD RG Chapter Discussion Slide _ 6

7 Role of GEYSERS actors with respect to its architectural layers ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels ISOD RG Chapter Discussion Slide _ 7

8 TMF Service Delivery Framework (SDF) GN3-JRA3-T3 Discussion Security Services Lifecycle Management Slide _ 8 Goal: Automation of the whole service delivery and operation process (TMF SDF, http://www.tmforum.org/ServiceDeliveryFramework/4664/home.html) End-to-end service management in a multi-service providers environment End-to-end service management in a composite, hosted and/or syndicated service environment Management functions to support a highly distributed service environment, for example unified or federated security, user profile management, charging etc. Any other scenario that pertains to a given phase of the service lifecycle challenges, such as on-boarding, provisioning, or service creation

9 SDF Reference Architecture (refactored from SDF) Security Services Lifecycle Management Slide _ 9 SDF Service Repository (ISS) SDF Service Lifecycle Metadata Coordination (ISS) SDF Service Design Management (ISS) SDF Service Deployment Management (ISS) SDF Service Provisng Mngnt (MSS) SDF Service Instance SDF Service Lifecycle Metadata Repository (ISS) Design Operate Deploy SDF Service Resource Fulfillment (ISS) SDF Service State Monitor (ISS) SDF Service Resource Monitor (ISS) SDF Service Resource Usage Monitor (ISS) SDF Service Quality/ Problem Mngnt (MSS) SDF Service Usage Mngnt (MSS) Composite Services provisioned on-demand 9 3 7 6 6 8 4 2 1 10 16 15 14 13 12 11 17 SDF MSS SDF ISS 1 – Service Instance 2 - Service Management Interface 3 – Service Functional Interface 4 - Management Support Service (SDF MSS) 8 - Infrastructure Support Service (ISS) DESIGN stage 9 - Service Repository 10 - Service Lifecycle Metadata Repository 16 - Service Design Management DEPLOYMENT stage 10 - Service Lifecycle Metadata Repository 11 - Service Lifecycle Metadata Coordinator 17 - Service Deployment Management OPERATION stage 5 - Service Provisioning Management 6 - Service Quality/Problem Management 7 - Service Usage Monitor 12 - Service State Monitor 13 - Service Resource Fulfillment 14 - Service Resource Monitor 15 - Resource Usage Monitor

10 GEYSSERS Service Delivery Workflow Geysers SDF supports both Geysers infrastructure development and deployments and its operation for on-demand Infrastructure services provisioning by VIO GN3-JRA3-T3 Discussion Security Services Lifecycle Management Slide _ 10 Service Request/ SLA Negotiation Planning (Design) Deployment (Instant& Config&Synchro) Operation &Monitoring (by VIO) Decommissioning Service Request/ SLA Negotiation Planning (Compos/Reserv) Deployment Operation (Monitoring) Decommissioning Registr&Synchro Network+IT Services Provisioning Workflow by VIO Recovery/ Migration Re- Planning Services Provisioning Workflow by VIP Recovery/ Migration Re- planning

11 SDF main stages and phases Main stages/phases  Service Request (including SLA negotiation)  Planning (including Composition, Reservation and Design)  Deployment (including Reqistration/Synchronisation)  Operation (including Monitoring)  Decommissioning Additional stages  Re-Composition should address incremental infrastructure changes  Recovery/Migration can use SL-MD to initiate resources re-synchronisation but may require re- composition The whole workflow should be supported by the Service Lifecycle Metadata Service (SL MD) ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels Security Services Lifecycle Management Slide _ 11

12 Security Services Lifecycle Management Slide _ 12 SDF use for defining Security Services Lifecycle Management Model Security Service request and generation of the GRI that will serve as a provisioning session identifier and will bind all other stages and related security context. Reservation session binding that provides support for complex reservation process including required access control and policy enforcement. Deployment stage begins after all component resources have been reserved and includes distribution of the security context and binding the reserved resources or services to GRI as a common provisioning session ID. Registration&Synchronisation stage (optional) specifically targets possible scenarios with the provisioned services migration or failover/interruption. In a simple case, the Registration stage binds the local resource or hosting platform run-time process ID to the GRI as a provisioning session ID. Operation stage - security services provide access control to the provisioned services and maintain the service access or usage session. Decommissioning stage ensures that all sessions are terminated, data are cleaned up and session security context is recycled.

13 Security Services Lifecycle Management Slide _ 13 Relation between SSLM and general SLM  Service Request stage may include SLA negotiation u Security service instantiation may use SLA security context

14 Security Services Lifecycle Management Slide _ 14 Relation between SSLM/SLM stages and supporting general and security mechanisms SLM stages RequestDesign/Reservation Development DeploymentOperationDecomissioni ng Process/ Activity SLA Nego tiationService/ Resource Composition Reservation Composition Configuration Orchestration/ Session Management Logoff Accounting Mechanisms/Methods SLA VV Workflow (V)V Metadata VVVV Dynamic Security Associatn (V)VV AuthZ Session Context V(V)V Logging (V) VV

15 SSLM – Existing developments  GAAA Toolkit Library with tickets/tokens handling functionality for security session context management  GAAA-NRP (GAAA profile for Network Resource Provisioning)  On-going work in GEYSERS project to develop Security Architecture for On-Demand Infrastructure Services provisioning  Possible Contribution to planned ISOD RG u Visit ISOD BOF today 15:00-18:30 (no security discussions planned but …) u http://www.gridforum.org/gf/event_schedule/index.php?id=2099 ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels Security Services Lifecycle Management Slide _ 15

16 Additional Information  TMF SDF Lifecycle Management model Security Services Lifecycle Management Slide _ 16

17 Discussion  CSA is proposed as a possible deliverable for ISOD RG  Who is interested to contribute?  Any interested people to review and verify against other usecases? ISoD BoF, OGF30, 25-29 Ocftober 2010, Brussels Security Services Lifecycle Management Slide _ 17

Download ppt "Security Services Lifecycle Management and GEYSERS Service Delivery Framework Yuri Demchenko, UvA Cloud Security BOF 26 October 2010 OGF30 25-28 October."

Similar presentations

Geneva, Switzerland, 17 October 2011 ITU Workshop on Service Delivery Platforms (SDP) for Telecommunication Ecosystems: from todays realities to requirements.

Geneva, Switzerland, 17 October 2011 ITU Workshop on Service Delivery Platforms (SDP) for Telecommunication Ecosystems: from todays realities to requirements.
Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.

Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.
Multi-level SLA Management for Service-Oriented Infrastructures Wolfgang Theilmann, Ramin Yahyapour, Joe Butler, Patrik Spiess consortium / SAP.

Multi-level SLA Management for Service-Oriented Infrastructures Wolfgang Theilmann, Ramin Yahyapour, Joe Butler, Patrik Spiess consortium / SAP.
Security Services Lifecycle Management in Dynamically Provisioned Composable Services GEMBus Infrastructure for Composable Services ITU-T standards seria.

Security Services Lifecycle Management in Dynamically Provisioned Composable Services GEMBus Infrastructure for Composable Services ITU-T standards seria.
The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE MAY 2011 Presentation at proposers day.

The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE MAY 2011 Presentation at proposers day.
Yuri Demchenko SNE Group, University of Amsterdam

Yuri Demchenko SNE Group, University of Amsterdam
Cloud Management Mechanisms

Cloud Management Mechanisms
Infrastructure layer Massonet Philippe, CETIC RESERVOIR Dissemination Activity Leader John Kennedy, INTEL Infrastructure Leader.

Infrastructure layer Massonet Philippe, CETIC RESERVOIR Dissemination Activity Leader John Kennedy, INTEL Infrastructure Leader.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
Cloud Interoperability

Cloud Interoperability
December 3, 2010 SAIF Governance Framework A Brief Update on work to date.

December 3, 2010 SAIF Governance Framework A Brief Update on work to date.
WORKFLOWS IN CLOUD COMPUTING. CLOUD COMPUTING  Delivering applications or services in on-demand environment  Hundreds of thousands of users / applications.

WORKFLOWS IN CLOUD COMPUTING. CLOUD COMPUTING  Delivering applications or services in on-demand environment  Hundreds of thousands of users / applications.
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
Introduction to Cloud Computing

Introduction to Cloud Computing
Initial slides for Layered Service Architecture

Initial slides for Layered Service Architecture
Achieving Agility with WSO2 App Factory S. Uthaiyashankar Director, Cloud Solutions WSO2 Inc. Dimuthu Leelarathne Software Architect WSO2 Inc.

Achieving Agility with WSO2 App Factory S. Uthaiyashankar Director, Cloud Solutions WSO2 Inc. Dimuthu Leelarathne Software Architect WSO2 Inc.
© Drexel University Software Engineering Research Group (SERG) 1 Based on the paper by Philippe Kruchten from Rational Software.

© Drexel University Software Engineering Research Group (SERG) 1 Based on the paper by Philippe Kruchten from Rational Software.

Similar presentations

Ads by Google