Post on 31-Dec-2015
description
e-Science CentralJBug
Paul WatsonHugo Hiden
Simon Woodman12th March 2013
Funders: RCUK Digital Economy Programme, Red Hat, Microsoft, EU, TSB
Multi-Disciplinary Projects
DigitalResearch
Cloud Computing• Opportunity to revolutionise IT (and Science)
– Resources on-demand– Scalability– Collaboration
Video
Clinician’sReport
Information for
Users
Methodology section for
papers
Analysis
Sleep Activity Stability Grip … …
Clinician’sReport
Information for
Users
Methodology section for
papers
Analysis
Sleep Activity Stability Grip … …
Cloud
Cloud Computing• Opportunity to revolutionise IT (and Science)
– Scalable resources on-demand– Scalability– Collaboration
• But Major Barriers– Building Cloud-based systems– Security– Governance
Cloud Computing• Opportunity to revolutionise IT (and Science)
– Scalable resources on-demand– Scalability– Collaboration
• But Major Barriers– Building Cloud-based systems– Security– Governance
• Our work to overcome these barriers:
Cloud Infrastructure:Storage & Compute
Ap
p 1
....
Ap
p n
Building on Cloud Infrastructure
Problems
Cloud Infrastructure:Storage & Compute
Ap
p 1
....
Ap
p n
Science requires apps to be:scalable,
reliable, secure
This requires: expertise
time, money,
Cloud Infrastructure: Storage & Compute
Cloud Platform
App 1 .... App n
Cloud Infrastructure:Storage & Compute
Ap
p 1
....
Ap
p n
App ....
Workflow Enactment
API
Social Networking
Security
Processing Storage
App
Analysis Services
Cloud Infrastructure: Amazon, Azure, Private Clouds
Provenance/Audit
Metadata<expt>9127</expt><smiles>CHC3</smiles>
Cloud Barrier #2: Security
A. Smith378456729
Anonymize Analyzep = 30%q = 27.4r = 34
d0 s1 d2 s3 d4
Patient DataAccelerometer
Data Results
Cloud Federation
Public Cloud
External Services
Internal ITOrganization
Internal Services
Federated Cloud Options
Application
Public Cloud
Private Cloud
Risk?Yes No
Problem
Can’t exploit multiple clouds in one workflow
A. Smith378456729
Anonymize Analyzep = 30%q = 27.4r = 34
d0 s1 d2 s3 d4
Patient DataAccelerometer
Data Results
Partitioning an Application
A. Smith378456729
Anonymize Analyzep = 30%q = 27.4r = 34
Patient DataHeart-rate
Data Results
Public Cloud
Private Cloud
Method(P. Watson, “A Multi-Level Security Model for Partitioning Workflows over Federated Clouds” J. Cloud Computing, Vol. 1(1))
1. Assign Security Level to each Workflow Block2. Check conforms to Bell-LaPadula3. Assign Security Level to each Cloud4. Determine possible allocations of blocks to clouds5. Determine candidate workflow partitioning6. Add inter-cloud data transfers7. Filter8. Apply Cost Model to Rank candidate solutions
1. Assign Security Level to each Workflow Block
A. Smith378456729
Anonymize Analyzep = 30%q = 27.4r = 34
d0 s1 d2 s3 d4
Patient Data
Heart Rate Data Results
Location: 1 0 0 0 0
Clearance: 1 0
3. Assign Security Level to each Cloud
Private Public
C1 C0
Location: 1 0
Extend Bell-LaPadula so a block cannot be deployed on a cloud with a lower security level
pa
d0 s1 d2
pb pc
Valid Workflows
8. Apply Cost Model to Rank candidate solutions
Transfer Costs
Workflow Costs #13 4 6 5 2 1
Workflow Costs #21 2 5 6 3 4
Cloud Barrier #3: Loss of Governance
• Barrier to the organisation, not to end-users• “I am very worried about controlling costs, IP
and managing our data assets when so many of our staff are building their own cloud solutions”Director of Major Company, 2012
IT Resources
Governance Policy:Quotas
SustainabilityQoS:
DependabilitySecurity
Performance
Organisation
IT ResourcesOrganisation
Addressing Governance
• Users access the cloud through e-Science Central, not directly
• e-Science Central can enforce governance
Organisation IT Resources
QuotasCostSecurityAudit
Summary
• e-Science Central aims to realise potential of clouds– overcome barriers:
• Scalability, Security, Audit, Governance
• currently supporting £20M research projects• we are very interested in new users and
collaborators– open-source (find us on source-forge)