SlideShare a Scribd company logo

OpenStack Paris 2014 - Federation, are we there yet ?

Download as PPTX, PDF
Tim Bell
Tim Bell
Technology
1 of 29
CLOUD FEDERATION Are We There Yet?
Why Do We Federate? Tim Bell - CERN
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 3 CERN Users – A World Wide Community
LHC Computing is a World Wide Federation Tier 0 (CERN) – Data recording – Initial data reconstruction – Data distribution Tier 1 (11 + KISTI,Korea In Progress) – Permanent storage – Re-processing – Analysis – 10Gbit/s links Tier 2 (~150 centres) – Simulation – End-user analysis Overall – Approx 160 sites, 39 countries – 300,000 cores – 200PB storage – 2 million jobs/day RACKSPACE® HOSTING | WWW.RACKSPACE.COM 4 Tier-2 sites (about 150) Tier-1 sites - - - - 10 Gbit/s links
How Could CERN & WLCG Use Federated Clouds? • Revise computing models – More flexibility than current hierarchical approach – Address software sustainability • Identity federation – Single account and password usable in other clouds – Managed by your home institute • Resources on demand within pledges – Project based accounting and quotas –Common APIs for experiment workflows • Competitive marketplace between Private, Public or Hosted clouds –Need to consider all cost factors (including networking and support) RACKSPACE® HOSTING | WWW.RACKSPACE.COM 5
CERN OpenLab in a Nutshell • A science – industry partnership to drive R&D and innovation started in 2001 • Evaluate state-of-the-art technologies in a challenging environment and improve them • Test in a research environment today what will be used in many business sectors tomorrow • Train next generation of engineers/employees • Disseminate results and outreach to new audiences RACKSPACE® HOSTING | WWW.RACKSPACE.COM 6
The Future For Federation Chris Jackson - Rackspace @chriswiggy www.rackspace.co.uk/devops
•Explore the feasibility of federation of OpenStack clouds •Demonstrate federation of: –Rackspace Private to Rackspace Public –Rackspace Private to 3rd Party OpenStack –Rackspace Public to 3rd Party OpenStack • Delivered: –Rackspace Private to 3rd Party OpenStack –De-Scoped Public Cloud due to a delay in our Keystone v3 launch RACKSPACE® HOSTING | WWW.RACKSPACE.COM 8 Our CERN OpenLab Project Summary RAX Public RAX Private CERN Private
Working With CERN •Shared passion for Open Source •A great partner and ally • Full perspective of problems • Aligned a community •Learned about BIG Big Data • Full geek out in the LHC! RACKSPACE® HOSTING | WWW.RACKSPACE.COM 9
Why Federate? 10
What Do We Want To Enable? • Identity is just step one… • Imagine if: – You could define multi-cloud in a Heat template – Glance images we’re available to all your endpoints – Business rules could define where work was done – Scheduling was done based on cost or features • What if you could: – Resell spare capacity in your cloud? – Build spot trading platforms for cloud capacity? FEDERATION COMPLETES THE COMMODITIZATION OF INFRASTRUCTURE RACKSPACE® HOSTING | WWW.RACKSPACE.COM 11 Service Catalogue Template Repos Rules Engine ORCHESTRATION … Cloud 1 Cloud 2 Cloud n IDENTITY & REPORTING Image Library Identity Provider Quota Logging
•Discussing OpenLab 2015 with CERN –Proof of Concept for Federated Heat Templates –Glance Image availability to all federated endpoints –Discuss options and impact of service catalogue aggregation –Aim for code to be available in Kilo release LOOKING FOR ENTHUSIASTS AND INTERESTED PARTIES TO JOIN US! RACKSPACE® HOSTING | WWW.RACKSPACE.COM 12 What Are We Doing Next?
Technical Deep Dive Marek Denis - CERN
Hybrid Cloud & Federation As a user I want to use my single set of existing credentials to access services across multiple clouds.
Single local account Multiple cloud services RACKSPACE® HOSTING | WWW.RACKSPACE.COM 15 Hybrid cloud & Federation Identity Provider (corporate LDAP/SQL) Service Provider (remote cloud) Service Provider (remote cloud) Service Provider (remote cloud) TRUST Service Provider (remote cloud)
Federation In Icehouse • Design Flows – Based on open standard federated protocol SAML2 – Service Provider - OpenStack Identity Service (Keystone) – Identity Provider - SAML2 compatible Identity Management service – Authentication and authorization split – IdP has information about the user, not Keystone – Federated users are ephemeral • Requirements (OpenStack) – >=OpenStack Icehouse – >=python-keystoneclient 0.11.0 – >=python-openstackclient 0.5 – Identity API v3 Service Provider (authZ) Keystone Identity Provider (authN) -Microsoft ADFS -IBM FIM -Shibboleth IdP
• Join or create your federation (administrative work involved) • Exchange Service Providers’ and Identity Providers’ metadata • Configure Apache webserver and Shibboleth Service Provider (NEW) • Enable federation extension in Keystone (NEW) • Prepare: – projects/domains – groups – create and/or assign roles to projects/domains and groups • Add & Configure: (NEW) – Trusted Identity Providers – Mappings – Protocols RACKSPACE® HOSTING | WWW.RACKSPACE.COM 17 Cloud Federation – How?
Federated Authentication • No user in the cloud backend • Dynamic assertion processing • User’s roles are resolved by group membership • Once authenticated, an unscoped token is returned with a list of groups user is a member of • Token must be scoped to a project or domain • CADF as a way for accounting • (Still) No user in the cloud backend Identity Provider
Real Life Use Case CERN Active Directory TRUST IdP: CERN Mapping: CERN Protocol: saml2 Peers metadata exchanged (shibboleth) Projects: developers Groups: developers ROLES group: developers project: developers GROUPS: developers: admin USERS: madenis USERS: admin
DEMO/VIDEO
• Modules like mod_shib/mod_mellon/others do the hard work for us: – parse SAML/OpenID Connect/ABFAB assertion – validate the signature – store the assertion attributes in environment • Keystone parses it’s own environment and applies mapping rules on it RACKSPACE® HOSTING | WWW.RACKSPACE.COM 22 Mapping
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 23 Mapping Engine Saml Assertion Keystone credentials LOGIN: madenis LANGUAGE: EN DEPARTMENT: IT/OIS FULLNAME: Marek Denis BLDGS:31;513;40 [ { "local”: [ { "user": { "name”: "{0}" } } ], "remote”: [ { "type": "LOGIN" } ] }, { "local”: [ { "group": { "id": „devs" } } ], "remote”: [ { "type":“BLDGS”,"any_one_of":["1", "2", "31"] } ] } ] { “user_id”: “madenis” “groups”: [“devs”] }
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 24 Mapping Rules – A Closer Look [ { "local": [ { "user": {"name": "{0}"} } ], "remote": [ { "type": "ADFS_LOGIN” } ] }, { "local": [ { "group": { "id": "developers” } } ], "remote":[ { "type": "ADFS_DEP”, "any_one_of": ["IT/OIS"] }, { "type": "ADFS_LANGUAGE", "any_one_of": ["PL", "EN"] } ] } ] Rule Map 0th attribute from ‘remote’ Use ADFS_LOGIN Rule Assign group “developers” If ADFS_DEP is “IT/OIS”… .... and ADFS_LANGUAGE is either “PL” or “EN”
• JSON • List of rules • Rule is a dictionary • Each rule has two items: – local – remote • Rules can be concatenated • One rule must map user id – Required for federated users identification – Keystone fails with HTTP 401 (Unauthorized) if username is not defined • Assertion attributes can be ‘;’ separated (e.g. list of users groups) • Mapping keywords: any_one_of, not_any_of • Mapping rules must be changed to reflect group/projects changes RACKSPACE® HOSTING | WWW.RACKSPACE.COM 25 Mapping Rules { "local": [ { "user": {"name": "{0}"}}, {"group": { "id": "developers"}} ], "remote":[ { "type": "ADFS_DEP", "any_one_of": ["IT/OIS"] }, ] }
• An Identity Provider can use only one mapping rules list • A mapping rules list can be used for many Identity Providers • It is a protocol that ties mapping and Identity Provider together • Make one rule for mapping unique username – user_id is the only way to distinguish your users and apply some accounting/metering/billing on them – make sure ids are unique across your IdPs RACKSPACE® HOSTING | WWW.RACKSPACE.COM 26 Mapping Rules – Good Practices
• One federated token per cloud • Apache modules to handle federated protocols • No inter-cloud metering, image sharing, virtual networks Come and help with development, testing, evangelizing, documenting! RACKSPACE® HOSTING | WWW.RACKSPACE.COM 27 Identity Federation Is Not Perfect (yet)
•Keystone2Keystone •Enhance mapping engine •Better token handling in keystoneclient •Explore OpenStack services? –nova –glance –neutron –heat RACKSPACE® HOSTING | WWW.RACKSPACE.COM 28 What Next?
PLEASE JOIN OUR FEDERATION DESIGN SESSION! Wednesday, Nov 5th 16:30 – 17:30 Corot

Recommended

20141103 cern open_stack_paris_v3
20141103 cern open_stack_paris_v320141103 cern open_stack_paris_v3
20141103 cern open_stack_paris_v3Tim Bell
 
TOWARDS Hybrid OpenStack Clouds in the Real World
TOWARDS Hybrid OpenStack Clouds in the Real WorldTOWARDS Hybrid OpenStack Clouds in the Real World
TOWARDS Hybrid OpenStack Clouds in the Real WorldAndrew Hickey
 
Flexible compute
Flexible computeFlexible compute
Flexible computePeter Clapham
 
The OpenStack Cloud at CERN
The OpenStack Cloud at CERNThe OpenStack Cloud at CERN
The OpenStack Cloud at CERNArne Wiebalck
 
Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015Belmiro Moreira
 
10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k cores10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k coresBelmiro Moreira
 
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...OpenStack
 
Openstack Installation (ver. liberty)
Openstack Installation (ver. liberty)Openstack Installation (ver. liberty)
Openstack Installation (ver. liberty)Eggy Cheng
 

Recommended

20141103 cern open_stack_paris_v3
20141103 cern open_stack_paris_v320141103 cern open_stack_paris_v3
20141103 cern open_stack_paris_v3Tim Bell
 
TOWARDS Hybrid OpenStack Clouds in the Real World
TOWARDS Hybrid OpenStack Clouds in the Real WorldTOWARDS Hybrid OpenStack Clouds in the Real World
TOWARDS Hybrid OpenStack Clouds in the Real WorldAndrew Hickey
 
Flexible compute
Flexible computeFlexible compute
Flexible computePeter Clapham
 
The OpenStack Cloud at CERN
The OpenStack Cloud at CERNThe OpenStack Cloud at CERN
The OpenStack Cloud at CERNArne Wiebalck
 
Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015Unveiling CERN Cloud Architecture - October, 2015
Unveiling CERN Cloud Architecture - October, 2015Belmiro Moreira
 
10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k cores10 Years of OpenStack at CERN - From 0 to 300k cores
10 Years of OpenStack at CERN - From 0 to 300k coresBelmiro Moreira
 
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...
Building a GPU-enabled OpenStack Cloud for HPC - Blair Bethwaite, Monash Univ...OpenStack
 
Openstack Installation (ver. liberty)
Openstack Installation (ver. liberty)Openstack Installation (ver. liberty)
Openstack Installation (ver. liberty)Eggy Cheng
 
RedHat OpenStack Platform Overview
RedHat OpenStack Platform OverviewRedHat OpenStack Platform Overview
RedHat OpenStack Platform Overviewindevlab
 
20190620 accelerating containers v3
20190620 accelerating containers v320190620 accelerating containers v3
20190620 accelerating containers v3Tim Bell
 
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014Belmiro Moreira
 
Build public private cloud using openstack
Build public private cloud using openstackBuild public private cloud using openstack
Build public private cloud using openstackFramgia Vietnam
 
OpenStack 101 Presentation
OpenStack 101 PresentationOpenStack 101 Presentation
OpenStack 101 PresentationEVault
 
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)Arne Wiebalck
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 
Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016Belmiro Moreira
 
CERN User Story
CERN User StoryCERN User Story
CERN User StoryTim Bell
 
OpenStack @ CERN, by Tim Bell
OpenStack @ CERN, by Tim BellOpenStack @ CERN, by Tim Bell
OpenStack @ CERN, by Tim BellAmrita Prasad
 
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...Arne Wiebalck
 
The OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack NordicThe OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack NordicTim Bell
 
20170926 cern cloud v4
20170926 cern cloud v420170926 cern cloud v4
20170926 cern cloud v4Tim Bell
 
Learning to Scale OpenStack
Learning to Scale OpenStackLearning to Scale OpenStack
Learning to Scale OpenStackRainya Mosher
 
Introduction To OpenStack
Introduction To OpenStackIntroduction To OpenStack
Introduction To OpenStackHaim Ateya
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...Giuseppe Paterno'
 
Adam Dagnall: Advanced S3 compatible storage integration in CloudStack
Adam Dagnall: Advanced S3 compatible storage integration in CloudStackAdam Dagnall: Advanced S3 compatible storage integration in CloudStack
Adam Dagnall: Advanced S3 compatible storage integration in CloudStackShapeBlue
 
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)Stacy Véronneau
 
Webinar - Introduction to Ceph and OpenStack
Webinar - Introduction to Ceph and OpenStackWebinar - Introduction to Ceph and OpenStack
Webinar - Introduction to Ceph and OpenStackCeph Community
 
Red Hat Enteprise Linux Open Stack Platfrom Director
Red Hat Enteprise Linux Open Stack Platfrom DirectorRed Hat Enteprise Linux Open Stack Platfrom Director
Red Hat Enteprise Linux Open Stack Platfrom DirectorOrgad Kimchi
 
Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSSteve Wong
 
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformOCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformMarc Dutoo
 

More Related Content

What's hot

RedHat OpenStack Platform Overview
RedHat OpenStack Platform OverviewRedHat OpenStack Platform Overview
RedHat OpenStack Platform Overviewindevlab
 
20190620 accelerating containers v3
20190620 accelerating containers v320190620 accelerating containers v3
20190620 accelerating containers v3Tim Bell
 
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014Belmiro Moreira
 
Build public private cloud using openstack
Build public private cloud using openstackBuild public private cloud using openstack
Build public private cloud using openstackFramgia Vietnam
 
OpenStack 101 Presentation
OpenStack 101 PresentationOpenStack 101 Presentation
OpenStack 101 PresentationEVault
 
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)Arne Wiebalck
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack ArchitecturesMirantis
 
Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016Belmiro Moreira
 
CERN User Story
CERN User StoryCERN User Story
CERN User StoryTim Bell
 
OpenStack @ CERN, by Tim Bell
OpenStack @ CERN, by Tim BellOpenStack @ CERN, by Tim Bell
OpenStack @ CERN, by Tim BellAmrita Prasad
 
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...Arne Wiebalck
 
The OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack NordicThe OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack NordicTim Bell
 
20170926 cern cloud v4
20170926 cern cloud v420170926 cern cloud v4
20170926 cern cloud v4Tim Bell
 
Learning to Scale OpenStack
Learning to Scale OpenStackLearning to Scale OpenStack
Learning to Scale OpenStackRainya Mosher
 
Introduction To OpenStack
Introduction To OpenStackIntroduction To OpenStack
Introduction To OpenStackHaim Ateya
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...Giuseppe Paterno'
 
Adam Dagnall: Advanced S3 compatible storage integration in CloudStack
Adam Dagnall: Advanced S3 compatible storage integration in CloudStackAdam Dagnall: Advanced S3 compatible storage integration in CloudStack
Adam Dagnall: Advanced S3 compatible storage integration in CloudStackShapeBlue
 
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)Stacy Véronneau
 
Webinar - Introduction to Ceph and OpenStack
Webinar - Introduction to Ceph and OpenStackWebinar - Introduction to Ceph and OpenStack
Webinar - Introduction to Ceph and OpenStackCeph Community
 
Red Hat Enteprise Linux Open Stack Platfrom Director
Red Hat Enteprise Linux Open Stack Platfrom DirectorRed Hat Enteprise Linux Open Stack Platfrom Director
Red Hat Enteprise Linux Open Stack Platfrom DirectorOrgad Kimchi
 

What's hot (20)

RedHat OpenStack Platform Overview
RedHat OpenStack Platform OverviewRedHat OpenStack Platform Overview
RedHat OpenStack Platform Overview
 
20190620 accelerating containers v3
20190620 accelerating containers v320190620 accelerating containers v3
20190620 accelerating containers v3
 
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
Multi-Cell OpenStack: How to Evolve Your Cloud to Scale - November, 2014
 
Build public private cloud using openstack
Build public private cloud using openstackBuild public private cloud using openstack
Build public private cloud using openstack
 
OpenStack 101 Presentation
OpenStack 101 PresentationOpenStack 101 Presentation
OpenStack 101 Presentation
 
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)
Manila on CephFS at CERN (OpenStack Summit Boston, 11 May 2017)
 
Designing OpenStack Architectures
Designing OpenStack ArchitecturesDesigning OpenStack Architectures
Designing OpenStack Architectures
 
Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016Cern Cloud Architecture - February, 2016
Cern Cloud Architecture - February, 2016
 
CERN User Story
CERN User StoryCERN User Story
CERN User Story
 
OpenStack @ CERN, by Tim Bell
OpenStack @ CERN, by Tim BellOpenStack @ CERN, by Tim Bell
OpenStack @ CERN, by Tim Bell
 
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...
(R)Evolution in the CERN IT Department: A 5 year perspective on the Agile Inf...
 
The OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack NordicThe OpenStack Cloud at CERN - OpenStack Nordic
The OpenStack Cloud at CERN - OpenStack Nordic
 
20170926 cern cloud v4
20170926 cern cloud v420170926 cern cloud v4
20170926 cern cloud v4
 
Learning to Scale OpenStack
Learning to Scale OpenStackLearning to Scale OpenStack
Learning to Scale OpenStack
 
Introduction To OpenStack
Introduction To OpenStackIntroduction To OpenStack
Introduction To OpenStack
 
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...OpenStack Explained: Learn OpenStack architecture and the secret of a success...
OpenStack Explained: Learn OpenStack architecture and the secret of a success...
 
Adam Dagnall: Advanced S3 compatible storage integration in CloudStack
Adam Dagnall: Advanced S3 compatible storage integration in CloudStackAdam Dagnall: Advanced S3 compatible storage integration in CloudStack
Adam Dagnall: Advanced S3 compatible storage integration in CloudStack
 
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
Montreal Linux MeetUp - OpenStack Overview (2017.10.03)
 
Webinar - Introduction to Ceph and OpenStack
Webinar - Introduction to Ceph and OpenStackWebinar - Introduction to Ceph and OpenStack
Webinar - Introduction to Ceph and OpenStack
 
Red Hat Enteprise Linux Open Stack Platfrom Director
Red Hat Enteprise Linux Open Stack Platfrom DirectorRed Hat Enteprise Linux Open Stack Platfrom Director
Red Hat Enteprise Linux Open Stack Platfrom Director
 

Similar to OpenStack Paris 2014 - Federation, are we there yet ?

Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSSteve Wong
 
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformOCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformMarc Dutoo
 
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware
 
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...OW2
 
Community Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UKCommunity Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UKVMUG IT
 
Oracle cloud oagi
Oracle cloud oagiOracle cloud oagi
Oracle cloud oagiMathews Job
 
AWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonAWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonNicole Maus
 
Utah Codecamp Cloud Computing
Utah Codecamp Cloud ComputingUtah Codecamp Cloud Computing
Utah Codecamp Cloud ComputingTom Creighton
 
What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...
What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...
What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...Lucas Jellema
 
Reference architectures shows a microservices deployed to Kubernetes
Reference architectures shows a microservices deployed to KubernetesReference architectures shows a microservices deployed to Kubernetes
Reference architectures shows a microservices deployed to KubernetesRakesh Gujjarlapudi
 
OpenStack at the speed of business with SolidFire & Red Hat
OpenStack at the speed of business with SolidFire & Red Hat OpenStack at the speed of business with SolidFire & Red Hat
OpenStack at the speed of business with SolidFire & Red Hat NetApp
 
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudA1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudDr. Wilfred Lin (Ph.D.)
 
OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...
OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...
OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...Marc Dutoo
 
Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...
Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...
Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...OCCIware
 
Tech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on LinuxTech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on LinuxRalph Attard
 
Cloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudCloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudShapeBlue
 
Database As A Service: OEM + ODA (OOW 15 Presentation)
Database As A Service: OEM + ODA (OOW 15 Presentation)Database As A Service: OEM + ODA (OOW 15 Presentation)
Database As A Service: OEM + ODA (OOW 15 Presentation)Bobby Curtis
 
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, SmileOCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, SmileOCCIware
 
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017Marc Dutoo
 
Building a PaaS Platform like Bluemix on OpenStack
Building a PaaS Platform like Bluemix on OpenStackBuilding a PaaS Platform like Bluemix on OpenStack
Building a PaaS Platform like Bluemix on OpenStackAnimesh Singh
 

Similar to OpenStack Paris 2014 - Federation, are we there yet ? (20)

Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OS
 
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platformOCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
OCCIware@POSS 2016 - an extensible, standard XaaS cloud consumer platform
 
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
 
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
OCCIware: Extensible and Standard-based XaaS Platform To Manage Everything in...
 
Community Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UKCommunity Session: Strategic Private Cloud in SKY UK
Community Session: Strategic Private Cloud in SKY UK
 
Oracle cloud oagi
Oracle cloud oagiOracle cloud oagi
Oracle cloud oagi
 
AWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - HoustonAWS Architecture Fundamentals - Houston
AWS Architecture Fundamentals - Houston
 
Utah Codecamp Cloud Computing
Utah Codecamp Cloud ComputingUtah Codecamp Cloud Computing
Utah Codecamp Cloud Computing
 
What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...
What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...
What is the Oracle PaaS Cloud for Developers (Oracle Cloud Day, The Netherlan...
 
Reference architectures shows a microservices deployed to Kubernetes
Reference architectures shows a microservices deployed to KubernetesReference architectures shows a microservices deployed to Kubernetes
Reference architectures shows a microservices deployed to Kubernetes
 
OpenStack at the speed of business with SolidFire & Red Hat
OpenStack at the speed of business with SolidFire & Red Hat OpenStack at the speed of business with SolidFire & Red Hat
OpenStack at the speed of business with SolidFire & Red Hat
 
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloudA1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
A1 keynote oracle_infrastructure_as_a_service_move_any_workload_to_the_cloud
 
OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...
OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...
OCCIware@CloudExpoLondon2017 - an extensible, standard XaaS Cloud consumer pl...
 
Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...
Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...
Extensible and Standard-based XaaS Platform To Manage Everything in The Cloud...
 
Tech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on LinuxTech-Spark: SQL Server on Linux
Tech-Spark: SQL Server on Linux
 
Cloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloudCloudstack: the best kept secret in the cloud
Cloudstack: the best kept secret in the cloud
 
Database As A Service: OEM + ODA (OOW 15 Presentation)
Database As A Service: OEM + ODA (OOW 15 Presentation)Database As A Service: OEM + ODA (OOW 15 Presentation)
Database As A Service: OEM + ODA (OOW 15 Presentation)
 
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, SmileOCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
OCCIware presentation at EclipseDay in Lyon, November 2017, by Marc Dutoo, Smile
 
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
Model and pilot all cloud layers with OCCIware - Eclipse Day Lyon 2017
 
Building a PaaS Platform like Bluemix on OpenStack
Building a PaaS Platform like Bluemix on OpenStackBuilding a PaaS Platform like Bluemix on OpenStack
Building a PaaS Platform like Bluemix on OpenStack
 

More from Tim Bell

CERN IT Monitoring
CERN IT Monitoring CERN IT Monitoring
CERN IT Monitoring Tim Bell
 
CERN Status at OpenStack Shanghai Summit November 2019
CERN Status at OpenStack Shanghai Summit November 2019CERN Status at OpenStack Shanghai Summit November 2019
CERN Status at OpenStack Shanghai Summit November 2019Tim Bell
 
20190314 cern register v3
20190314 cern register v320190314 cern register v3
20190314 cern register v3Tim Bell
 
20181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v320181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v3Tim Bell
 
20181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v320181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v3Tim Bell
 
OpenStack at CERN : A 5 year perspective
OpenStack at CERN : A 5 year perspectiveOpenStack at CERN : A 5 year perspective
OpenStack at CERN : A 5 year perspectiveTim Bell
 
20161025 OpenStack at CERN Barcelona
20161025 OpenStack at CERN Barcelona20161025 OpenStack at CERN Barcelona
20161025 OpenStack at CERN BarcelonaTim Bell
 
20150924 rda federation_v1
20150924 rda federation_v120150924 rda federation_v1
20150924 rda federation_v1Tim Bell
 
CERN Mass and Agility talk at OSCON 2014
CERN Mass and Agility talk at OSCON 2014CERN Mass and Agility talk at OSCON 2014
CERN Mass and Agility talk at OSCON 2014Tim Bell
 
20140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v320140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v3Tim Bell
 
Open stack operations feedback loop v1.4
Open stack operations feedback loop v1.4Open stack operations feedback loop v1.4
Open stack operations feedback loop v1.4Tim Bell
 
CERN clouds and culture at GigaOm London 2013
CERN clouds and culture at GigaOm London 2013CERN clouds and culture at GigaOm London 2013
CERN clouds and culture at GigaOm London 2013Tim Bell
 
20130529 openstack cee_day_v6
20130529 openstack cee_day_v620130529 openstack cee_day_v6
20130529 openstack cee_day_v6Tim Bell
 
Academic cloud experiences cern v4
Academic cloud experiences cern v4Academic cloud experiences cern v4
Academic cloud experiences cern v4Tim Bell
 
Ceilometer lsf-intergration-openstack-summit
Ceilometer lsf-intergration-openstack-summitCeilometer lsf-intergration-openstack-summit
Ceilometer lsf-intergration-openstack-summitTim Bell
 
Havana survey results-final-v2
Havana survey results-final-v2Havana survey results-final-v2
Havana survey results-final-v2Tim Bell
 
Havana survey results-final
Havana survey results-finalHavana survey results-final
Havana survey results-finalTim Bell
 
20121205 open stack_accelerating_science_v3
20121205 open stack_accelerating_science_v320121205 open stack_accelerating_science_v3
20121205 open stack_accelerating_science_v3Tim Bell
 
20121115 open stack_ch_user_group_v1.2
20121115 open stack_ch_user_group_v1.220121115 open stack_ch_user_group_v1.2
20121115 open stack_ch_user_group_v1.2Tim Bell
 
20121017 OpenStack Accelerating Science
20121017 OpenStack Accelerating Science20121017 OpenStack Accelerating Science
20121017 OpenStack Accelerating ScienceTim Bell
 

More from Tim Bell (20)

CERN IT Monitoring
CERN IT Monitoring CERN IT Monitoring
CERN IT Monitoring
 
CERN Status at OpenStack Shanghai Summit November 2019
CERN Status at OpenStack Shanghai Summit November 2019CERN Status at OpenStack Shanghai Summit November 2019
CERN Status at OpenStack Shanghai Summit November 2019
 
20190314 cern register v3
20190314 cern register v320190314 cern register v3
20190314 cern register v3
 
20181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v320181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v3
 
20181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v320181219 ucc open stack 5 years v3
20181219 ucc open stack 5 years v3
 
OpenStack at CERN : A 5 year perspective
OpenStack at CERN : A 5 year perspectiveOpenStack at CERN : A 5 year perspective
OpenStack at CERN : A 5 year perspective
 
20161025 OpenStack at CERN Barcelona
20161025 OpenStack at CERN Barcelona20161025 OpenStack at CERN Barcelona
20161025 OpenStack at CERN Barcelona
 
20150924 rda federation_v1
20150924 rda federation_v120150924 rda federation_v1
20150924 rda federation_v1
 
CERN Mass and Agility talk at OSCON 2014
CERN Mass and Agility talk at OSCON 2014CERN Mass and Agility talk at OSCON 2014
CERN Mass and Agility talk at OSCON 2014
 
20140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v320140509 cern open_stack_linuxtag_v3
20140509 cern open_stack_linuxtag_v3
 
Open stack operations feedback loop v1.4
Open stack operations feedback loop v1.4Open stack operations feedback loop v1.4
Open stack operations feedback loop v1.4
 
CERN clouds and culture at GigaOm London 2013
CERN clouds and culture at GigaOm London 2013CERN clouds and culture at GigaOm London 2013
CERN clouds and culture at GigaOm London 2013
 
20130529 openstack cee_day_v6
20130529 openstack cee_day_v620130529 openstack cee_day_v6
20130529 openstack cee_day_v6
 
Academic cloud experiences cern v4
Academic cloud experiences cern v4Academic cloud experiences cern v4
Academic cloud experiences cern v4
 
Ceilometer lsf-intergration-openstack-summit
Ceilometer lsf-intergration-openstack-summitCeilometer lsf-intergration-openstack-summit
Ceilometer lsf-intergration-openstack-summit
 
Havana survey results-final-v2
Havana survey results-final-v2Havana survey results-final-v2
Havana survey results-final-v2
 
Havana survey results-final
Havana survey results-finalHavana survey results-final
Havana survey results-final
 
20121205 open stack_accelerating_science_v3
20121205 open stack_accelerating_science_v320121205 open stack_accelerating_science_v3
20121205 open stack_accelerating_science_v3
 
20121115 open stack_ch_user_group_v1.2
20121115 open stack_ch_user_group_v1.220121115 open stack_ch_user_group_v1.2
20121115 open stack_ch_user_group_v1.2
 
20121017 OpenStack Accelerating Science
20121017 OpenStack Accelerating Science20121017 OpenStack Accelerating Science
20121017 OpenStack Accelerating Science
 

Recently uploaded

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

OpenStack Paris 2014 - Federation, are we there yet ?

  • 1. CLOUD FEDERATION Are We There Yet?
  • 2. Why Do We Federate? Tim Bell - CERN
  • 3. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 3 CERN Users – A World Wide Community
  • 4. LHC Computing is a World Wide Federation Tier 0 (CERN) – Data recording – Initial data reconstruction – Data distribution Tier 1 (11 + KISTI,Korea In Progress) – Permanent storage – Re-processing – Analysis – 10Gbit/s links Tier 2 (~150 centres) – Simulation – End-user analysis Overall – Approx 160 sites, 39 countries – 300,000 cores – 200PB storage – 2 million jobs/day RACKSPACE® HOSTING | WWW.RACKSPACE.COM 4 Tier-2 sites (about 150) Tier-1 sites - - - - 10 Gbit/s links
  • 5. How Could CERN & WLCG Use Federated Clouds? • Revise computing models – More flexibility than current hierarchical approach – Address software sustainability • Identity federation – Single account and password usable in other clouds – Managed by your home institute • Resources on demand within pledges – Project based accounting and quotas –Common APIs for experiment workflows • Competitive marketplace between Private, Public or Hosted clouds –Need to consider all cost factors (including networking and support) RACKSPACE® HOSTING | WWW.RACKSPACE.COM 5
  • 6. CERN OpenLab in a Nutshell • A science – industry partnership to drive R&D and innovation started in 2001 • Evaluate state-of-the-art technologies in a challenging environment and improve them • Test in a research environment today what will be used in many business sectors tomorrow • Train next generation of engineers/employees • Disseminate results and outreach to new audiences RACKSPACE® HOSTING | WWW.RACKSPACE.COM 6
  • 7. The Future For Federation Chris Jackson - Rackspace @chriswiggy www.rackspace.co.uk/devops
  • 8. •Explore the feasibility of federation of OpenStack clouds •Demonstrate federation of: –Rackspace Private to Rackspace Public –Rackspace Private to 3rd Party OpenStack –Rackspace Public to 3rd Party OpenStack • Delivered: –Rackspace Private to 3rd Party OpenStack –De-Scoped Public Cloud due to a delay in our Keystone v3 launch RACKSPACE® HOSTING | WWW.RACKSPACE.COM 8 Our CERN OpenLab Project Summary RAX Public RAX Private CERN Private
  • 9. Working With CERN •Shared passion for Open Source •A great partner and ally • Full perspective of problems • Aligned a community •Learned about BIG Big Data • Full geek out in the LHC! RACKSPACE® HOSTING | WWW.RACKSPACE.COM 9
  • 11. What Do We Want To Enable? • Identity is just step one… • Imagine if: – You could define multi-cloud in a Heat template – Glance images we’re available to all your endpoints – Business rules could define where work was done – Scheduling was done based on cost or features • What if you could: – Resell spare capacity in your cloud? – Build spot trading platforms for cloud capacity? FEDERATION COMPLETES THE COMMODITIZATION OF INFRASTRUCTURE RACKSPACE® HOSTING | WWW.RACKSPACE.COM 11 Service Catalogue Template Repos Rules Engine ORCHESTRATION … Cloud 1 Cloud 2 Cloud n IDENTITY & REPORTING Image Library Identity Provider Quota Logging
  • 12. •Discussing OpenLab 2015 with CERN –Proof of Concept for Federated Heat Templates –Glance Image availability to all federated endpoints –Discuss options and impact of service catalogue aggregation –Aim for code to be available in Kilo release LOOKING FOR ENTHUSIASTS AND INTERESTED PARTIES TO JOIN US! RACKSPACE® HOSTING | WWW.RACKSPACE.COM 12 What Are We Doing Next?
  • 13. Technical Deep Dive Marek Denis - CERN
  • 14. Hybrid Cloud & Federation As a user I want to use my single set of existing credentials to access services across multiple clouds.
  • 15. Single local account Multiple cloud services RACKSPACE® HOSTING | WWW.RACKSPACE.COM 15 Hybrid cloud & Federation Identity Provider (corporate LDAP/SQL) Service Provider (remote cloud) Service Provider (remote cloud) Service Provider (remote cloud) TRUST Service Provider (remote cloud)
  • 16. Federation In Icehouse • Design Flows – Based on open standard federated protocol SAML2 – Service Provider - OpenStack Identity Service (Keystone) – Identity Provider - SAML2 compatible Identity Management service – Authentication and authorization split – IdP has information about the user, not Keystone – Federated users are ephemeral • Requirements (OpenStack) – >=OpenStack Icehouse – >=python-keystoneclient 0.11.0 – >=python-openstackclient 0.5 – Identity API v3 Service Provider (authZ) Keystone Identity Provider (authN) -Microsoft ADFS -IBM FIM -Shibboleth IdP
  • 17. • Join or create your federation (administrative work involved) • Exchange Service Providers’ and Identity Providers’ metadata • Configure Apache webserver and Shibboleth Service Provider (NEW) • Enable federation extension in Keystone (NEW) • Prepare: – projects/domains – groups – create and/or assign roles to projects/domains and groups • Add & Configure: (NEW) – Trusted Identity Providers – Mappings – Protocols RACKSPACE® HOSTING | WWW.RACKSPACE.COM 17 Cloud Federation – How?
  • 18. Federated Authentication • No user in the cloud backend • Dynamic assertion processing • User’s roles are resolved by group membership • Once authenticated, an unscoped token is returned with a list of groups user is a member of • Token must be scoped to a project or domain • CADF as a way for accounting • (Still) No user in the cloud backend Identity Provider
  • 19. Real Life Use Case CERN Active Directory TRUST IdP: CERN Mapping: CERN Protocol: saml2 Peers metadata exchanged (shibboleth) Projects: developers Groups: developers ROLES group: developers project: developers GROUPS: developers: admin USERS: madenis USERS: admin
  • 21.
  • 22. • Modules like mod_shib/mod_mellon/others do the hard work for us: – parse SAML/OpenID Connect/ABFAB assertion – validate the signature – store the assertion attributes in environment • Keystone parses it’s own environment and applies mapping rules on it RACKSPACE® HOSTING | WWW.RACKSPACE.COM 22 Mapping
  • 23. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 23 Mapping Engine Saml Assertion Keystone credentials LOGIN: madenis LANGUAGE: EN DEPARTMENT: IT/OIS FULLNAME: Marek Denis BLDGS:31;513;40 [ { "local”: [ { "user": { "name”: "{0}" } } ], "remote”: [ { "type": "LOGIN" } ] }, { "local”: [ { "group": { "id": „devs" } } ], "remote”: [ { "type":“BLDGS”,"any_one_of":["1", "2", "31"] } ] } ] { “user_id”: “madenis” “groups”: [“devs”] }
  • 24. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 24 Mapping Rules – A Closer Look [ { "local": [ { "user": {"name": "{0}"} } ], "remote": [ { "type": "ADFS_LOGIN” } ] }, { "local": [ { "group": { "id": "developers” } } ], "remote":[ { "type": "ADFS_DEP”, "any_one_of": ["IT/OIS"] }, { "type": "ADFS_LANGUAGE", "any_one_of": ["PL", "EN"] } ] } ] Rule Map 0th attribute from ‘remote’ Use ADFS_LOGIN Rule Assign group “developers” If ADFS_DEP is “IT/OIS”… .... and ADFS_LANGUAGE is either “PL” or “EN”
  • 25. • JSON • List of rules • Rule is a dictionary • Each rule has two items: – local – remote • Rules can be concatenated • One rule must map user id – Required for federated users identification – Keystone fails with HTTP 401 (Unauthorized) if username is not defined • Assertion attributes can be ‘;’ separated (e.g. list of users groups) • Mapping keywords: any_one_of, not_any_of • Mapping rules must be changed to reflect group/projects changes RACKSPACE® HOSTING | WWW.RACKSPACE.COM 25 Mapping Rules { "local": [ { "user": {"name": "{0}"}}, {"group": { "id": "developers"}} ], "remote":[ { "type": "ADFS_DEP", "any_one_of": ["IT/OIS"] }, ] }
  • 26. • An Identity Provider can use only one mapping rules list • A mapping rules list can be used for many Identity Providers • It is a protocol that ties mapping and Identity Provider together • Make one rule for mapping unique username – user_id is the only way to distinguish your users and apply some accounting/metering/billing on them – make sure ids are unique across your IdPs RACKSPACE® HOSTING | WWW.RACKSPACE.COM 26 Mapping Rules – Good Practices
  • 27. • One federated token per cloud • Apache modules to handle federated protocols • No inter-cloud metering, image sharing, virtual networks Come and help with development, testing, evangelizing, documenting! RACKSPACE® HOSTING | WWW.RACKSPACE.COM 27 Identity Federation Is Not Perfect (yet)
  • 28. •Keystone2Keystone •Enhance mapping engine •Better token handling in keystoneclient •Explore OpenStack services? –nova –glance –neutron –heat RACKSPACE® HOSTING | WWW.RACKSPACE.COM 28 What Next?
  • 29. PLEASE JOIN OUR FEDERATION DESIGN SESSION! Wednesday, Nov 5th 16:30 – 17:30 Corot

Editor's Notes

  1. It is becoming increasingly apparent that most organizations will need to use multiple clouds to effectively serve the range of workloads they will run. Whether they want a blend of low-cost, high-performance, secure or optimized for things like GPU work. However, even in the current phase of cloud adoption, we are seeing the complexity businesses are facing to integrate just one cloud into their business. Federation is an opportunity to re-use that initial integration for future clouds you want to run your business on, making multi-cloud a business benefit choice rather than a business cost one.