Scanning the Internet for External Cloud Exposures via SSL Certs
EGI Federated Cloud
1. www.egi.eu
EGI-Engage is co-funded by the Horizon 2020 Framework Programme
of the European Union under grant number 654142
Cloud Technologist, EGI Foundation
EGI Federated Cloud
Enol Fernandez
2. 224/08/2017
EGI Cloud Federation
• Multi-cloud IaaS with
Single Sign-On via Check-
in
– Technology agnostic,
supports OpenStack,
OpenNebula and Synnefo
• Extra features
– Virtual Appliance
catalogue
– Unified GUI dashboard
– Centralised accounting
– Resource discovery
– SLA monitoring
3. 324/08/2017
The infrastructure
EGI Federated Cloud
20 resource centres
• 15 OpenStack
• 4 OpenNebula
• 1 Synnefo
5 centres under integration
2 centres expressed interest
on joining
4. 424/08/2017
Usage
EGI Federated Cloud
+500 users
1.6M users
2 VREs
Piloting / testingVO
+80 users
AoD
12 SLAs
> 10 M CPU hours
> 500 K VMs
*Data and figure extracted from accounting portal Apr 2017 – Apr 2018
5. 524/08/2017
Roadmap: evolution of the architecture
• Lighter federation (Q4 2018)
– Minimising interference with providers operations
• Native tooling and APIs for interacting with providers
• Use orchestration tools to deal with heterogeneity
• New options for federation to attract providers:
– Based around marketplace with common AAI
• Application Services: SaaS federation
• IaaS Alliance: Lightweight IaaS federation
• Applications Platforms: ready-to-deploy applications on IaaS
alliance providers
– Check the proposal at http://go.egi.eu/egi-cloud-
expansion
EGI Federated Cloud
6. 624/08/2017
Architecutre: moving towards
orchestration
EGI Federated Cloud
EGI Federation services:
Accounting, Monitoring, Configuration Database, Information Discovery, VM Marketplace
EGI AAI
Cloud Management
Framework
IaaS API
Cloud Management
Framework
IaaS API
Cloud Management
Framework
IaaS API
IaaS Federated Access Tools
Community PlatformsAppDB VMOps
7. 824/08/2017
Roadmap: federation components
• AAI
– Transition to OpenID Connect, sites already starting to
support both VOMS and OIDC (Q2 2018)
• Information Discovery
– New GlueSchema version (Q2 2018) and transport
mechanism (rely on ARGO Messaging System) (Q4
2018)
• AppDB/VA Management
– Improved security checks for VAs
• Integration with SECANT (in production now)
• Security dashboard (Q4 2018)
• Endorser dashboard (Q2 2019)
– Push-based mechanisms for VA Management (Q4
2018) EGI Federated Cloud
8. 924/08/2017
Roadmap: Orchestration/VMOps
• Promote the use of orchestration services instead
of IaaS APIs directly whenever possible
– Document existing solutions (Q2 2018)
– EGI Operated Infrastructure Manager (Q4 2018)
– Better Kubernetes integration (Q4 2018)
– Clients migration (Q4 2018)
• VMOps
– OpenID Connect support (Q2 2018)
– Improved information from providers (Q4 2018)
– Native API support (Q2 2019)
EGI Federated Cloud
9. 1024/08/2017
New Service: EGI Notebooks
• Offer Jupyter notebooks
‘as Service’
– One-click solution, just
login and start using
• EGI Features:
– Login with Check-in
– Persistent storage
– Bring your own
environments/kernels
– Use EGI computing and
storage resources from
your notebooks
EGI Federated Cloud
10. 1124/08/2017
EGI Notebooks: service options
• Catch-all / AoD
– Available via the marketplace
– Limited resources (computing + storage), sponsored
access
– Kills notebooks after 1 hour of inactivity
• VO/Community deployment
– Tailored to specific VO with custom computing/storage:
• access to GPUs, fat nodes
• access to Spark, other BigData/ML environments
• auto-mount filesystems on notebooks
• …
EGI Federated Cloud
11. www.egi.eu
Thank you for your attention.
Questions?
This work by Parties of the EGI-Engage Consortium is licensed under a
Creative Commons Attribution 4.0 International License.