Moonshot-enabled Federated Access to Cloud Infrastructure
-
Upload
eduserv -
Category
Technology
-
view
487 -
download
1
description
Transcript of Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure Terena Networking Conference, Reykjavik.May 2012
David Orrell, Eduserv
Objectives
Enable end-to-end federated access to cloud infrastructure.Ease the management of cloud infrastructure.Path to federated cloud platform services.o Federated access by default.
Eduserv
Not for profit IT services companyo Based in Bath, UK.o 115 staff.o New datacentre.
Key business areaso IAM software and services.o Web hosting and development for government.
Charitable mission to encourage the effective use of ICT in ‘public good’ organisations.
Eduserv cloud platform
Infrastructure as a Service (IaaS) for UK Education community
o Currently offered as a beta service
Infrastructure to support existing products and services
Eduserv Education Cloud: HardwareCisco UCS blade infrastructure
o Dual 6-core 3.06GHz processors with 64GB RAM.o Initial deployment will scale to >1,500 cores, 8 TB of RAM.
Isilon storageo Clustered NAS solution with near-SAN performance.o Initial deployment will scale to 10 PB usable.
Connectivityo 2-tier Cisco switched network (core and distribution).o Fully resilient with no single point of failure
(including dual path to JANET PoP).o All ports running at 10 Gbit/s.
Eduserv Education Cloud: SoftwareVMWare vCloud Compute
o Good fit with vSphere provision.o Provides burst capacity at times of high demand.
File/object storage
vCloud Directoro vCloud REST APIs.
Eduserv Cloud Portalo Billing, usage etc.
Virtual Organisation
vCloud Architecture
Virtual Datacentre (vDC)
vApp
vApp
vApp
Virtual Datacentre (vDC)
vApp
vApp
vApp
CatalogvApp Template
vApp Template
ISO media
Network
NetworkUsers + groups
Public Catalog
vApp Template
vApp Template
ISO media
vApps
Package of multiple VMs (as an OVF).How VMs connect to the network(s).Boot sequence.vApp networkso NATed, firewalled.o May be fenced.
vAppVM VM VM VM
Network
Virtual Organisation
vCloud Director Eduserv Education Cloud Web Portal
vCloud API
Federated SSO via UKAMF
…Virtual Organisation Virtual Organisation
3rd party applications
Moonshot
JANET-led project.
Federated access to any application.
Builds on eduroam technologieso RADIUS for federated authentication.o EAP for mutual authentication.
Integrates with standard OS security APIso GSS-API (RFC 2078 – Other OS).o SASL (RFC 4422 – Windows + Other OS).o SSPI (Windows).
11
SSH client SSH server RADIUS server
(2) SSH negotiation (4) RADIUS
(3) Authentication
(1) Credentialing
(5) Attributes(6) SSH session
OpenSSH used as example of application; many others also apply
SSH using Moonshot
Moonshot on Education Cloud
Deploy Moonshot-ready appliances.Linux server as an example
o CentOS 6.2.oMoonshot-enabled SSHD.
Moonshot on Education Cloud
Automatic allocation of ‘local’ Linux users.NSS module
o Automatic user/group allocation.PAM module
o Auditing.moonbind daemon.
vApp
VM
PAM module
NSS module
moonbind
Education Cloud Portal
User/group allocation
SSHD RADIUSserver
SAML
user + group(s)
Virtual Organisation
Education Cloud Portal
Guest customisation
vApp Instantiation
vApp
VM VM VM VM
CatalogvApp Template
vApp Template
ISO media
Network configurationCustom script(s)Configure moonbind
Future work
Proper authorisation.Integration with vApp OVF descriptor.Integration with file/object storage
o Via WebDAV.
Windows/ExchangePaaS
o Cloud Foundry.
www.eduserv.org.uk @[email protected]
Thanks to…
Eduserv colleaguesAndy Powell, Richard Annett, Charlie Llewellyn, Tim Lawrence
JANET
Education Cloud blog + further information
http://support.cloud.eduserv.org.uk