Moonshot-enabled Federated Access to Cloud Infrastructure
-
Upload
eduserv -
Category
Technology
-
view
488 -
download
1
description
Transcript of Moonshot-enabled Federated Access to Cloud Infrastructure
![Page 1: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/1.jpg)
Moonshot-enabled Federated Access to Cloud Infrastructure Terena Networking Conference, Reykjavik.May 2012
David Orrell, Eduserv
![Page 2: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/2.jpg)
Objectives
Enable end-to-end federated access to cloud infrastructure.Ease the management of cloud infrastructure.Path to federated cloud platform services.o Federated access by default.
![Page 3: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/3.jpg)
Eduserv
Not for profit IT services companyo Based in Bath, UK.o 115 staff.o New datacentre.
Key business areaso IAM software and services.o Web hosting and development for government.
Charitable mission to encourage the effective use of ICT in ‘public good’ organisations.
![Page 4: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/4.jpg)
Eduserv cloud platform
Infrastructure as a Service (IaaS) for UK Education community
o Currently offered as a beta service
Infrastructure to support existing products and services
![Page 5: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/5.jpg)
Eduserv Education Cloud: HardwareCisco UCS blade infrastructure
o Dual 6-core 3.06GHz processors with 64GB RAM.o Initial deployment will scale to >1,500 cores, 8 TB of RAM.
Isilon storageo Clustered NAS solution with near-SAN performance.o Initial deployment will scale to 10 PB usable.
Connectivityo 2-tier Cisco switched network (core and distribution).o Fully resilient with no single point of failure
(including dual path to JANET PoP).o All ports running at 10 Gbit/s.
![Page 6: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/6.jpg)
Eduserv Education Cloud: SoftwareVMWare vCloud Compute
o Good fit with vSphere provision.o Provides burst capacity at times of high demand.
File/object storage
vCloud Directoro vCloud REST APIs.
Eduserv Cloud Portalo Billing, usage etc.
![Page 7: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/7.jpg)
Virtual Organisation
vCloud Architecture
Virtual Datacentre (vDC)
vApp
vApp
vApp
Virtual Datacentre (vDC)
vApp
vApp
vApp
CatalogvApp Template
vApp Template
ISO media
Network
NetworkUsers + groups
Public Catalog
vApp Template
vApp Template
ISO media
![Page 8: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/8.jpg)
vApps
Package of multiple VMs (as an OVF).How VMs connect to the network(s).Boot sequence.vApp networkso NATed, firewalled.o May be fenced.
vAppVM VM VM VM
Network
![Page 9: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/9.jpg)
Virtual Organisation
vCloud Director Eduserv Education Cloud Web Portal
vCloud API
Federated SSO via UKAMF
…Virtual Organisation Virtual Organisation
3rd party applications
![Page 10: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/10.jpg)
Moonshot
JANET-led project.
Federated access to any application.
Builds on eduroam technologieso RADIUS for federated authentication.o EAP for mutual authentication.
Integrates with standard OS security APIso GSS-API (RFC 2078 – Other OS).o SASL (RFC 4422 – Windows + Other OS).o SSPI (Windows).
![Page 11: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/11.jpg)
11
SSH client SSH server RADIUS server
(2) SSH negotiation (4) RADIUS
(3) Authentication
(1) Credentialing
(5) Attributes(6) SSH session
OpenSSH used as example of application; many others also apply
SSH using Moonshot
![Page 12: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/12.jpg)
Moonshot on Education Cloud
Deploy Moonshot-ready appliances.Linux server as an example
o CentOS 6.2.oMoonshot-enabled SSHD.
![Page 13: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/13.jpg)
Moonshot on Education Cloud
Automatic allocation of ‘local’ Linux users.NSS module
o Automatic user/group allocation.PAM module
o Auditing.moonbind daemon.
![Page 14: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/14.jpg)
vApp
VM
PAM module
NSS module
moonbind
Education Cloud Portal
User/group allocation
SSHD RADIUSserver
SAML
user + group(s)
![Page 15: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/15.jpg)
Virtual Organisation
Education Cloud Portal
Guest customisation
vApp Instantiation
vApp
VM VM VM VM
CatalogvApp Template
vApp Template
ISO media
Network configurationCustom script(s)Configure moonbind
![Page 16: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/16.jpg)
![Page 17: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/17.jpg)
![Page 18: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/18.jpg)
![Page 19: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/19.jpg)
![Page 20: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/20.jpg)
![Page 21: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/21.jpg)
![Page 22: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/22.jpg)
![Page 23: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/23.jpg)
![Page 24: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/24.jpg)
![Page 25: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/25.jpg)
![Page 26: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/26.jpg)
![Page 27: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/27.jpg)
![Page 28: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/28.jpg)
![Page 29: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/29.jpg)
![Page 30: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/30.jpg)
Future work
Proper authorisation.Integration with vApp OVF descriptor.Integration with file/object storage
o Via WebDAV.
Windows/ExchangePaaS
o Cloud Foundry.
![Page 31: Moonshot-enabled Federated Access to Cloud Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022062510/549ecf42b37959b9618b47f2/html5/thumbnails/31.jpg)
www.eduserv.org.uk @[email protected]
Thanks to…
Eduserv colleaguesAndy Powell, Richard Annett, Charlie Llewellyn, Tim Lawrence
JANET
Education Cloud blog + further information
http://support.cloud.eduserv.org.uk