Your SlideShare is downloading. ×
0
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Moonshot-enabled Federated Access to Cloud Infrastructure
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Moonshot-enabled Federated Access to Cloud Infrastructure

565

Published on

Managing cloud infrastructure across many organisations can be complex. One area of complexity is in the management of identities. These include identities of people who build and provision cloud …

Managing cloud infrastructure across many organisations can be complex. One area of complexity is in the management of identities. These include identities of people who build and provision cloud infrastructure, as well as the end consumers of the services running on it. Eduserv is building a cloud for the UK education community. This session shows how we are tackling the problems of identity provision to cloud infrastructure using federated login. Our approach uses traditional SAML login to a web-based console to manage infrastructure, as well as Moonshot-enabled login to infrastructure. This means we can achieve end-to-end management of cloud infrastructure from provisioning right through to access to services, using solely federated credentials. The result is the ability to rapidly scale infrastructure, while knowing that the right people can seamlessly gain access to it. The session discusses our experiences of building and managing clouds using VMWare vCloud, as well as how we are using Mooshot now, and its potential for the future.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
565
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Moonshot-enabled FederatedAccess to Cloud InfrastructureTerena Networking Conference, Reykjavik.May 2012David Orrell, Eduserv
  • 2. ObjectivesEnable end-to-end federated access to cloudinfrastructure.Ease the management of cloud infrastructure.Path to federated cloud platform services. o Federated access by default.
  • 3. EduservNot for profit IT services company o Based in Bath, UK. o 115 staff. o New datacentre.Key business areas o IAM software and services. o Web hosting and development for government.Charitable mission to encourage the effective use of ICT in‘public good’ organisations.
  • 4. Eduserv cloud platformInfrastructure as a Service (IaaS) for UK Educationcommunity o Currently offered as a beta serviceInfrastructure to support existing products andservices
  • 5. Eduserv Education Cloud: HardwareCisco UCS blade infrastructure o Dual 6-core 3.06GHz processors with 64GB RAM. o Initial deployment will scale to >1,500 cores, 8 TB of RAM.Isilon storage o Clustered NAS solution with near-SAN performance. o Initial deployment will scale to 10 PB usable.Connectivity o 2-tier Cisco switched network (core and distribution). o Fully resilient with no single point of failure (including dual path to JANET PoP). o All ports running at 10 Gbit/s.
  • 6. Eduserv Education Cloud: SoftwareVMWare vCloud Compute o Good fit with vSphere provision. o Provides burst capacity at times of high demand.File/object storagevCloud Director o vCloud REST APIs.Eduserv Cloud Portal o Billing, usage etc.
  • 7. vCloud Architecture Virtual OrganisationVirtual Datacentre Virtual Datacentre Catalog Public Catalog(vDC) (vDC) vApp Template vApp TemplatevApp vApp vApp vApp vApp vApp vApp Template vApp Template ISO media ISO media Network Users + Network groups
  • 8. vAppsPackage of multiple VMs (as an OVF).How VMs connect to the network(s).Boot sequence.vApp networks vApp o NATed, firewalled. VM VM VM VM o May be fenced. Network
  • 9. Federated SSO via UKAMF 3rd party applications Eduserv Education vCloud Director Cloud Web Portal vCloud APIVirtual Organisation Virtual Organisation Virtual Organisation …
  • 10. MoonshotJANET-led project.Federated access to any application.Builds on eduroam technologies o RADIUS for federated authentication. o EAP for mutual authentication.Integrates with standard OS security APIs o GSS-API (RFC 2078 – Other OS). o SASL (RFC 4422 – Windows + Other OS). o SSPI (Windows).
  • 11. SSH using Moonshot (1) Credentialing (6) SSH session (3) Authentication (5) Attributes (2) SSH negotiation (4) RADIUS SSH client SSH server RADIUS server OpenSSH used as example of application; many others also apply11
  • 12. Moonshot on Education CloudDeploy Moonshot-ready appliances.Linux server as an example o CentOS 6.2. o Moonshot-enabled SSHD.
  • 13. Moonshot on Education CloudAutomatic allocation of ‘local’ Linux users.NSS module o Automatic user/group allocation.PAM module o Auditing.moonbind daemon.
  • 14. Education Cloud PortalSAML vApp User/group allocation VM moonbind PAM NSS module module RADIUS SSHD serveruser +group(s)
  • 15. vApp Instantiation Education Cloud Portal Catalog Network configuration Custom script(s) vApp Template Configure moonbind vApp Template ISO media Guest customisation Virtual Organisation vApp VM VM VM VM
  • 16. Future workProper authorisation.Integration with vApp OVF descriptor.Integration with file/object storage o Via WebDAV.Windows/ExchangePaaS o Cloud Foundry.
  • 17. Thanks to…Eduserv colleagues Andy Powell, Richard Annett, Charlie Llewellyn, Tim LawrenceJANETEducation Cloud blog + furtherinformationhttp://support.cloud.eduserv.org.ukwww.eduserv.org.uk@eduservdavid.orrell@eduserv.org.uk

×