0
Moonshot-enabled FederatedAccess to Cloud InfrastructureTerena Networking Conference, Reykjavik.May 2012David Orrell, Edus...
ObjectivesEnable end-to-end federated access to cloudinfrastructure.Ease the management of cloud infrastructure.Path to fe...
EduservNot for profit IT services company   o Based in Bath, UK.   o 115 staff.   o New datacentre.Key business areas   o ...
Eduserv cloud platformInfrastructure as a Service (IaaS) for UK Educationcommunity   o Currently offered as a beta service...
Eduserv Education Cloud: HardwareCisco UCS blade infrastructure   o Dual 6-core 3.06GHz processors with 64GB RAM.   o Init...
Eduserv Education Cloud: SoftwareVMWare vCloud Compute   o Good fit with vSphere provision.   o Provides burst capacity at...
vCloud Architecture                     Virtual OrganisationVirtual Datacentre       Virtual Datacentre    Catalog        ...
vAppsPackage of multiple VMs (as an OVF).How VMs connect to the network(s).Boot sequence.vApp networks           vApp  o N...
Federated SSO via UKAMF                         3rd party                         applications                            ...
MoonshotJANET-led project.Federated access to any application.Builds on eduroam technologies    o RADIUS for federated aut...
SSH using Moonshot                  (1) Credentialing                       (6) SSH session                        (3) Aut...
Moonshot on Education CloudDeploy Moonshot-ready appliances.Linux server as an example  o CentOS 6.2.  o Moonshot-enabled ...
Moonshot on Education CloudAutomatic allocation of ‘local’ Linux users.NSS module  o Automatic user/group allocation.PAM m...
Education Cloud PortalSAML           vApp              User/group                              allocation            VM   ...
vApp Instantiation Education Cloud Portal      Catalog                              Network configuration                 ...
Future workProper authorisation.Integration with vApp OVF descriptor.Integration with file/object storage   o Via WebDAV.W...
Thanks to…Eduserv colleagues     Andy Powell, Richard     Annett, Charlie Llewellyn, Tim     LawrenceJANETEducation Cloud ...
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Upcoming SlideShare
Loading in...5
×

Moonshot-enabled Federated Access to Cloud Infrastructure

572

Published on

Managing cloud infrastructure across many organisations can be complex. One area of complexity is in the management of identities. These include identities of people who build and provision cloud infrastructure, as well as the end consumers of the services running on it. Eduserv is building a cloud for the UK education community. This session shows how we are tackling the problems of identity provision to cloud infrastructure using federated login. Our approach uses traditional SAML login to a web-based console to manage infrastructure, as well as Moonshot-enabled login to infrastructure. This means we can achieve end-to-end management of cloud infrastructure from provisioning right through to access to services, using solely federated credentials. The result is the ability to rapidly scale infrastructure, while knowing that the right people can seamlessly gain access to it. The session discusses our experiences of building and managing clouds using VMWare vCloud, as well as how we are using Mooshot now, and its potential for the future.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
572
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Moonshot-enabled Federated Access to Cloud Infrastructure"

  1. 1. Moonshot-enabled FederatedAccess to Cloud InfrastructureTerena Networking Conference, Reykjavik.May 2012David Orrell, Eduserv
  2. 2. ObjectivesEnable end-to-end federated access to cloudinfrastructure.Ease the management of cloud infrastructure.Path to federated cloud platform services. o Federated access by default.
  3. 3. EduservNot for profit IT services company o Based in Bath, UK. o 115 staff. o New datacentre.Key business areas o IAM software and services. o Web hosting and development for government.Charitable mission to encourage the effective use of ICT in‘public good’ organisations.
  4. 4. Eduserv cloud platformInfrastructure as a Service (IaaS) for UK Educationcommunity o Currently offered as a beta serviceInfrastructure to support existing products andservices
  5. 5. Eduserv Education Cloud: HardwareCisco UCS blade infrastructure o Dual 6-core 3.06GHz processors with 64GB RAM. o Initial deployment will scale to >1,500 cores, 8 TB of RAM.Isilon storage o Clustered NAS solution with near-SAN performance. o Initial deployment will scale to 10 PB usable.Connectivity o 2-tier Cisco switched network (core and distribution). o Fully resilient with no single point of failure (including dual path to JANET PoP). o All ports running at 10 Gbit/s.
  6. 6. Eduserv Education Cloud: SoftwareVMWare vCloud Compute o Good fit with vSphere provision. o Provides burst capacity at times of high demand.File/object storagevCloud Director o vCloud REST APIs.Eduserv Cloud Portal o Billing, usage etc.
  7. 7. vCloud Architecture Virtual OrganisationVirtual Datacentre Virtual Datacentre Catalog Public Catalog(vDC) (vDC) vApp Template vApp TemplatevApp vApp vApp vApp vApp vApp vApp Template vApp Template ISO media ISO media Network Users + Network groups
  8. 8. vAppsPackage of multiple VMs (as an OVF).How VMs connect to the network(s).Boot sequence.vApp networks vApp o NATed, firewalled. VM VM VM VM o May be fenced. Network
  9. 9. Federated SSO via UKAMF 3rd party applications Eduserv Education vCloud Director Cloud Web Portal vCloud APIVirtual Organisation Virtual Organisation Virtual Organisation …
  10. 10. MoonshotJANET-led project.Federated access to any application.Builds on eduroam technologies o RADIUS for federated authentication. o EAP for mutual authentication.Integrates with standard OS security APIs o GSS-API (RFC 2078 – Other OS). o SASL (RFC 4422 – Windows + Other OS). o SSPI (Windows).
  11. 11. SSH using Moonshot (1) Credentialing (6) SSH session (3) Authentication (5) Attributes (2) SSH negotiation (4) RADIUS SSH client SSH server RADIUS server OpenSSH used as example of application; many others also apply11
  12. 12. Moonshot on Education CloudDeploy Moonshot-ready appliances.Linux server as an example o CentOS 6.2. o Moonshot-enabled SSHD.
  13. 13. Moonshot on Education CloudAutomatic allocation of ‘local’ Linux users.NSS module o Automatic user/group allocation.PAM module o Auditing.moonbind daemon.
  14. 14. Education Cloud PortalSAML vApp User/group allocation VM moonbind PAM NSS module module RADIUS SSHD serveruser +group(s)
  15. 15. vApp Instantiation Education Cloud Portal Catalog Network configuration Custom script(s) vApp Template Configure moonbind vApp Template ISO media Guest customisation Virtual Organisation vApp VM VM VM VM
  16. 16. Future workProper authorisation.Integration with vApp OVF descriptor.Integration with file/object storage o Via WebDAV.Windows/ExchangePaaS o Cloud Foundry.
  17. 17. Thanks to…Eduserv colleagues Andy Powell, Richard Annett, Charlie Llewellyn, Tim LawrenceJANETEducation Cloud blog + furtherinformationhttp://support.cloud.eduserv.org.ukwww.eduserv.org.uk@eduservdavid.orrell@eduserv.org.uk
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×