Eucalyptus Identity and         Access Management         (IAM) in the Enterprise         Govind Rangasamy         Directo...
Eucalyptus Leadership                                      Agility is Key…Flexibility                  Automation         ...
An Enterprise Open Source, On-premise Cloud        Infrastructure as a Service (IaaS) Software Platform    Web services AP...
Eucalyptus IaaS Deployment (non HA)• Cloud Controller    • Cloud level - Virtual Resource System    • AWS EC2 Compatible• ...
Eucalyptus IAM© 2012 Eucalyptus Systems, Inc.
Eucalyptus IaaS: Identity ManagementFeatures:•   Users, groups and accounts management•   Security credentials management•...
Example: Dev/test/staging IAM Scenarios• Dev/test/staging use of shared infrastructure• Dynamic scale-out and scale-in usi...
IAM and LDAP integration• Sync and manage  groups and users                                                LDAP/AD        ...
IAM Policy Language• Effect: Decision to  allow/deny• Action-noAction: “API”• Resource: “specific  resource” arn:aws:s3• C...
Exercise Control Over Dev/Test Cloud with Policies                                                                        ...
Flexible, Fine-grained Policies    eucalyptus                    dev        support             sales                     ...
IAM Policy Enforcement Logic                                                 Account admin                                ...
Third Party Integration PossibilitiesExtensibility                                         Cloud Services                 ...
Resources• Documentation: http://www.eucalyptus.com/eucalyptus-cloud/documentation• Eucalyptus Compatibility Matrix: http:...
Euca IaaS Support StackSaaS / PaaS Providers      Third Party     Management                                           Iaa...
Demo© 2012 Eucalyptus Systems, Inc.
Thank you.                                   Govind Rangasamy                                  govind@eucalyptus.com© 2012...
Eucalyptus Identity and Access Management (IAM) in the Enterprise - Lightning Webinar #2
Upcoming SlideShare
Loading in...5
×

Eucalyptus Identity and Access Management (IAM) in the Enterprise - Lightning Webinar #2

1,357

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,357
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
61
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Eucalyptus Identity and Access Management (IAM) in the Enterprise - Lightning Webinar #2

  1. 1. Eucalyptus Identity and Access Management (IAM) in the Enterprise Govind Rangasamy Director, Product Management© 2012 Eucalyptus Systems, Inc.
  2. 2. Eucalyptus Leadership Agility is Key…Flexibility Automation Speed Trust ResourceSelf-Service Self-Service Dynamic Chargeback Resource Resource Resource andConfiguration Provisioning Management Reporting © 2012 Eucalyptus Systems, Inc.
  3. 3. An Enterprise Open Source, On-premise Cloud Infrastructure as a Service (IaaS) Software Platform Web services API to enable Self-serviceable infrastructure Cloud compute, network, storage and identity resources are accessible as servicesVirtual resource management orchestrates disposablevirtual cloud resources placement, handles security & traffic isolation, identity and storage Physical resource management tools interface with hypervisor, storage, and network infrastructure © 2012 Eucalyptus Systems, Inc.
  4. 4. Eucalyptus IaaS Deployment (non HA)• Cloud Controller • Cloud level - Virtual Resource System • AWS EC2 Compatible• Walrus Storage Node Controller • Persistent data store VM • Bucket-based, like S3 VM VM Resource Admin Cluster Controller VM• Cluster Controller SAN • Node level - Virtual Resource System Cloud Controller • Manage Virtual Network Storage Controller• Storage Controller IAM Walrus Storage ESX • Block accessed network storage Enforcement ESXi Cluster Controller • Like EBS NAS• Node Controller VMware Broker • VM management Storage Controller • Instance management• VMware Broker • ESX, ESXi management • vCenter server compatibleEucalyptus Systems, Inc. © 2012
  5. 5. Eucalyptus IAM© 2012 Eucalyptus Systems, Inc.
  6. 6. Eucalyptus IaaS: Identity ManagementFeatures:• Users, groups and accounts management• Security credentials management• Flexible policy based resource access management• Authenticate instances using existing AD/LDAP systems• Flexible policy based resource utilization managementBenefits:• Centralized efficient management of self- service infrastructure access• Centralized efficient utilization control of infrastructure resources © 2012 Eucalyptus Systems, Inc.
  7. 7. Example: Dev/test/staging IAM Scenarios• Dev/test/staging use of shared infrastructure• Dynamic scale-out and scale-in using Application Lifecycle Management systems WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB WEB App DB Dev Zone 1 Dev Zone 2 Stage Zone 1 Test Zone 1 Shared Infrastructure © 2012 Eucalyptus Systems, Inc.
  8. 8. IAM and LDAP integration• Sync and manage groups and users LDAP/AD ou=groups,dc=foo,dc=com – Configurable – Use LIC files• User Authentication against AD/LDAPEucalyptus• Special user accounts LIC• Policies, access keys, certs association with eucalyptus dev test support AD/LDAP users © 2012 Eucalyptus Systems, Inc.
  9. 9. IAM Policy Language• Effect: Decision to allow/deny• Action-noAction: “API”• Resource: “specific resource” arn:aws:s3• Condition: Additional Constraints on resource access © 2012 Eucalyptus Systems, Inc.
  10. 10. Exercise Control Over Dev/Test Cloud with Policies Lease instances to Dev groups• Allow or deny API and Resource* access WEB App DB WEB App DB• Allow or deny specific API/User actions WEB App DB WEB App DB• Specify resource access time limits WEB App DB Built-in policy enforcement WEB App DB engine Dev Zone 1 * Extension to AWS IAM © 2012 Eucalyptus Systems, Inc.
  11. 11. Flexible, Fine-grained Policies eucalyptus dev support sales { "Version":"2012-02-12", "Statement":[{ "Sid":"2", quota "Effect":“Limit",EC2 image permission "Action":"ec2:RunInstances", "Resource":"*", "Condition":{S3 bucket ACL "NumericLessThanEquals":{ "ec2:quota-vminstancenumber": quota "256" } } }] } © 2012 Eucalyptus Systems, Inc.
  12. 12. IAM Policy Enforcement Logic Account admin or Account-level IAM policy Allocating ExceedingRunInstances Sys admin? Permission Satisfied? allowed? resources? Quota? Accept No Yes Yes Yes No Yes No No No Yes Accept Reject Reject Accept Reject Cloud Controller © 2012 Eucalyptus Systems, Inc.
  13. 13. Third Party Integration PossibilitiesExtensibility Cloud Services Cloud Service Management• AWS IAM compatible API (SaaS, PaaS) GUI AWS IAM API Reporting Integration Integration Eucalyptus Identity Authorization and Management Web Services Virtual Cloud Resources Compute Network Storage Identity Enhanced Accounts, Groups, Users, High Availability IaaS Resources Virtual Resource System Policies, Certs, Keys, Images, VMs, Reports Virtual and Physical Resource Administration Physical Resource Management Company Confidential © 2012 Eucalyptus Systems, Inc.
  14. 14. Resources• Documentation: http://www.eucalyptus.com/eucalyptus-cloud/documentation• Eucalyptus Compatibility Matrix: http://www.eucalyptus.com/eucalyptus-cloud/iaas/compatibility• AWS IAM Policy Generator: http://awspolicygen.s3.amazonaws.com/policygen.html• AWS IAM Documentation: http://docs.amazonwebservices.com/IAM/latest/UserGuide/IAM_Conce pts.html © 2012 Eucalyptus Systems, Inc.
  15. 15. Euca IaaS Support StackSaaS / PaaS Providers Third Party Management IaaS Web Services Cloud ResourcesVirtual Resource ManagementPhysical Resource Management © 2012 Eucalyptus Systems, Inc.
  16. 16. Demo© 2012 Eucalyptus Systems, Inc.
  17. 17. Thank you. Govind Rangasamy govind@eucalyptus.com© 2012 Eucalyptus Systems, Inc.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×