UKC - Msc Project - Providing Moonshot access to OpenStack

674 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
674
On SlideShare
0
From Embeds
0
Number of Embeds
46
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

UKC - Msc Project - Providing Moonshot access to OpenStack

  1. 1. Providing Moonshot access to OpenStackVincent Giersch - vg66MSc Computer Security - University of Kent MoonshotSupervisor: David Chadwick
  2. 2. Contents • Moonshot overview • OpenStack overview • Providing Moonshot access to OpenStack • Federated Keystone • How it will work ? • Technical architecture • Roadmap • Questions
  3. 3. Moonshot Overview Moonshot
  4. 4. Moonshot Federated authentication and authorization For web and non-web services and applications
  5. 5. Example: IE à Apache MoonshotSource: Janet
  6. 6. Example: PuTTY à OpenSSH MoonshotSource: Janet
  7. 7. Moonshot technologiesMoonshot is built on: • Strong authentication: EAP/RADIUS • Strong authorisation: SAML • Easy service/application integration: SASL/GSS-APIStandardisation approaching completion within theInternet Engineering Task Force (IETF) Moonshot
  8. 8. OpenStack Overview
  9. 9. Starting the virtualization... Source: OpenStack Foundation
  10. 10. Starting the virtualization... Host 1 Host 2 Host 3 Host 4, etc. Hypervisor (VMWare ESX, Citrix XEN Server, KVM, etc.) Hardware abstraction for each server Source: OpenStack Foundation
  11. 11. ... but how to manage the resources ? Provisioning ? User management ?
  12. 12. Add the missing cloud management layer APIs Self-service for users Creates Automates Pools of Resources deployment
  13. 13. Main components of OpenStack Applications APIs Identity Compute Storage Network Keystone Nova Swift Quantum Standard Hardware
  14. 14. Moonshot +
  15. 15. Federated Keystone Allows to use external Identity Providers (IdP) Easy user provisioning Provides Single Sign On (SSO) to the users Developed as a Keystone middleware
  16. 16. How it will work ?
  17. 17. How it will work ? Asks a list of Identity providers User Keystone
  18. 18. How it will work ? Returns the Identity Providers available User Keystone
  19. 19. How it will work ? Chooses a IdP (Moonshot) User Keystone
  20. 20. How it will work ? Returns Moonshot details User Keystone
  21. 21. How it will work ? Chooses the identity that he will use User Keystone
  22. 22. How it will work ? Negotiate authentication User Keystone Identity Provider
  23. 23. How it will work ? Returns list of tenants User Keystone
  24. 24. How it will work ? Chooses a tenant User Keystone
  25. 25. How it will work ? Returns a tenant token User Keystone
  26. 26. How it will work ? User Keystone
  27. 27. Technical architectureOpenStack Client OpenStack Keystone Identity Provider
  28. 28. Technical architectureFederated Keystone Federated Keystone HTTPOpenStack Client OpenStack Keystone Identity Provider
  29. 29. Technical architectureMoonshot module Moonshot moduleFederated Keystone Federated Keystone HTTPOpenStack Client OpenStack Keystone Identity Provider
  30. 30. Technical architecture GSS-API GSS-API AAA AAA GSS AAAMoonshot module EAP mech Moonshot module transportFederated Keystone Federated Keystone HTTPOpenStack Client OpenStack Keystone Identity Provider
  31. 31. Technical architecture EAP method EAP peer EAP server GSS-API GSS-API AAA AAA GSS AAAMoonshot module EAP mech Moonshot module transportFederated Keystone Federated Keystone HTTPOpenStack Client OpenStack Keystone Identity Provider
  32. 32. Project roadmap • Study of the existing Moonshot implementations (e.g. Apache / Firefox). • Fork the PyKerberos library to add flexibility in the usage of the GSS-API C library. • Study of the potential needed improvements of the Keystone Federated protocol. • Implement the authentication / authorization Moonshot module. • Validation testing using a OpenStack client (e.g. python-swiftclient).
  33. 33. Questions ? MoonshotVincent Giersch - vg66

×