Turbocharge Your Virtualized Infrastructure with Self-service Provisioning
Infrastructure Provisioning in the context of organization
-
Upload
katarina-valalikova -
Category
Software
-
view
1.334 -
download
0
Transcript of Infrastructure Provisioning in the context of organization
![Page 1: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/1.jpg)
Katarina Valalikova
Infrastructure Provisioningin the context of organization
[email protected]@KValalikova
![Page 2: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/2.jpg)
Agenda
● Cloud, infrastructure, provisioning, OpenStack
● Identity management
● Infrastructure management
● Infrastructure and Identity Management
![Page 3: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/3.jpg)
Clouds
Cloud
Hardware specialists
Operation team
Maintenance
Money
Datacenter
Robustness and scalability
![Page 4: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/4.jpg)
● Virtual machines
● Bare metal
● Orchestration
● Containers
● ….
Heat
Neutron
NOVA
Magnum
![Page 5: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/5.jpg)
Heat
Neutron
NOVA
Magnum
Users
???? ?
?
?
??
What about the users?
![Page 6: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/6.jpg)
How to automate user provisioning?
● OpenStack Keystone
– Tenant/Project, User provisioning
– User tenant assignment
– Accesses for Virtual Machines
● Automation in the context of organization?
– Reusing of information
● Accesses and possibilities inside VirtualMachine
![Page 7: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/7.jpg)
DB Application
DB
HR
IDM
LDAP
UNIX
Who am I? What do I do?
● Company Evolveum
● Java Developer & Identity Engineer
● IDM midPoint
– Provisioning
– Deprovisioning
– Identities
– Groups
– Projects
![Page 8: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/8.jpg)
Who am I? What do I do?
● Company Evolveum
● Java Developer & Identity Engineer
● IDM midPoint
– Provisioning
– Deprovisioning
– Identities
– Groups
– Projects
DB Application
DB
HR
IDM
LDAP
UNIX
![Page 9: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/9.jpg)
Education
Insurance
Technical
Experiences
● Different companies
● Different areas
● Different requirements
![Page 10: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/10.jpg)
prc = new PropertyResolverConverter(Application.get().getConverterLocator(), Session.get().getLocale()); - if(object instanceof String){ + if (object instanceof String) { String label = (String) object; String key; - if (label == null || label.trim().equals("")){ + if (label == null || label.trim().equals("")) { PropertyResolver.setValue(expression, getInnermostModelOrObject(), null, prc); } else { + if (!isStrict) { // set default value from input and overwrite later if key is found + PropertyResolver.setValue(expression, getInnermostModelOrObject(), label, prc); + } for (LookupTableRowType row : lookupTable.getRow()) { if (label.equals(WebMiscUtil.getOrigStringFromPoly(row.getLabel()))) { key = row.getKey(); - PropertyResolver.setValue(expression, getInnermostModelOrObject(), key, prc); } } } - } else if (object == null){ - PropertyResolver.setValue(expression, getInnermostModelOrObject(), object, prc); + } else if (object == null) { + PropertyResolver.setValue(expression, getInnermostModelOrObject(), object, prc); } } @Override - public void detach() {} + public void detach() { + } }
Who and what?
● Technical view
![Page 11: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/11.jpg)
prc = new PropertyResolverConverter(Application.get().getConverterLocator(), Session.get().getLocale()); - if(object instanceof String){ + if (object instanceof String) { String label = (String) object; String key; - if (label == null || label.trim().equals("")){ + if (label == null || label.trim().equals("")) { PropertyResolver.setValue(expression, getInnermostModelOrObject(), null, prc); } else { + if (!isStrict) { // set default value from input and overwrite later if key is found + PropertyResolver.setValue(expression, getInnermostModelOrObject(), label, prc); + } for (LookupTableRowType row : lookupTable.getRow()) { if (label.equals(WebMiscUtil.getOrigStringFromPoly(row.getLabel()))) { key = row.getKey(); - PropertyResolver.setValue(expression, getInnermostModelOrObject(), key, prc); } } } - } else if (object == null){ - PropertyResolver.setValue(expression, getInnermostModelOrObject(), object, prc); + } else if (object == null) { + PropertyResolver.setValue(expression, getInnermostModelOrObject(), object, prc); } } @Override - public void detach() {} + public void detach() { + } }
Who and what?
● Technical view
● Management view
![Page 12: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/12.jpg)
prc = new PropertyResolverConverter(Application.get().getConverterLocator(), Session.get().getLocale()); - if(object instanceof String){ + if (object instanceof String) { String label = (String) object; String key; - if (label == null || label.trim().equals("")){ + if (label == null || label.trim().equals("")) { PropertyResolver.setValue(expression, getInnermostModelOrObject(), null, prc); } else { + if (!isStrict) { // set default value from input and overwrite later if key is found + PropertyResolver.setValue(expression, getInnermostModelOrObject(), label, prc); + } for (LookupTableRowType row : lookupTable.getRow()) { if (label.equals(WebMiscUtil.getOrigStringFromPoly(row.getLabel()))) { key = row.getKey(); - PropertyResolver.setValue(expression, getInnermostModelOrObject(), key, prc); } } } - } else if (object == null){ - PropertyResolver.setValue(expression, getInnermostModelOrObject(), object, prc); + } else if (object == null) { + PropertyResolver.setValue(expression, getInnermostModelOrObject(), object, prc); } } @Override - public void detach() {} + public void detach() { + } }
Who and what?
● Technical view
● Management view
● Business view
![Page 13: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/13.jpg)
Group A
Group C Group B
Is IDM sufficient?
● Companies with big fluctuation
● Quickly growing companies
● Companies providing serviciesfor wider population
● Users, Account, Projects,
● Organization units, Services,Groups, Infrastructure,...
![Page 14: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/14.jpg)
What is the hardest thing for me?
● Interacting with people
● Get agreement
● Get help (whithin a reasonable time)
● Effectivity
● Infrastructure settings
● Application installation
● Gain accesses and permissions
![Page 15: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/15.jpg)
Is there a way how to solve it?
● midPoint and OpenStack together?
● Can it work somehow?
● Are there any advantages?
● Positive impacts?
Web Application
HR
IDM
LDAP
UNIX
![Page 16: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/16.jpg)
Use case – New employee
![Page 17: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/17.jpg)
Use case – New employee
HR
![Page 18: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/18.jpg)
Use case – New employee
HR
IDM
![Page 19: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/19.jpg)
Use case – New employee
DB Application
DB
HR
IDM
LDAP
UNIX
![Page 20: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/20.jpg)
Use case – New project
DB Application
DB
HR
IDM
LDAP
UNIX
Project
![Page 21: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/21.jpg)
Use case – New component
OpenStack
DB Application
DB
HR
IDM
LDAP
UNIX
Project
![Page 22: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/22.jpg)
MidPoint and OpenStack together?
● Connector
● Run/Stop VM
● User management
● Tenant Management
● User (in Role) for Tenant
ConnectorDB
HR
IDM
LDAP
UNIX
![Page 23: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/23.jpg)
Demo
● New Employee
● New Project
● midPoint – OpenStack integration
● Different views
![Page 24: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/24.jpg)
Pre-configured demo resources
● OpenLDAP
– User management
– Group management – based on project
– Group membership management
● OpenStack
– User management
– Tenant management
– User to Tenant (in Role)
![Page 25: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/25.jpg)
Demo Organizational Structure
● Project
– Create new tenant in OpenStack, run/stop virtualmachine
– Define project structure – LDAP groups
● Organization
– Different divisions of organization
● Cooperation
– Partners, Customers,...
![Page 26: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/26.jpg)
Demo Roles
● LDAP Roles
– Create users
– Create groups
● OpenStack Roles
– Tenant
– Virtual Machine
![Page 27: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/27.jpg)
Demo Resources for new VM
● LDAP – installed inside new VM
● Unix – users to the VM
![Page 28: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/28.jpg)
What are the benefits?
● One tool
● All about organization under one roof
● Global view of organization
– Resource
– VMs
– Users
– Projects
– ...
One tool All information under one roof
![Page 30: Infrastructure Provisioning in the context of organization](https://reader033.fdocuments.us/reader033/viewer/2022050614/58ad9f911a28abde5e8b5a27/html5/thumbnails/30.jpg)
Summary
● MidPoint and OpenStack
● Reusing existing information
● Global view of organization
● Automation of some processes
● Security
● Flexibility
● Adaptability
● Reliability
Web Application
HR
IDM
LDAP
UNIX