Speaker
Dr
Gergely Sipos
(EGI)
Description
EGI uses and offers a portfolio of services for communities to federate and operate distributed compute and storage sites. These services - called operation services - include both online technical elements and distributed support teams. The technical elements comprise of a Configuration Database, a Monitoring system, an Operations portal, various Security systems, an Information discovery tool, a Helpdesk, a Software validation pipeline and repository and a Messaging broker.
The talk will cover the recent advancements in these technical elements, with a focus on the Check-in security service, a recent addition to simplify security for both resource providers and users. Check-in is a security proxy service that operates as a central hub to connect federated Identity Providers (IdPs) with service providers. Check-in allows users to select their preferred IdP so that they can access and use EGI and external services in a uniform and easy way.
Check-in is a response to a long-standing need of research communities: be able to interact with distributed computing infrastructures using username-passwords that carry the same level of trust as X.509 certificates. Check-in was designed according to the AARC blueprint architecture and it’s compatible with various academic and social identity providers, as well as various types of service providers. One of these service providers is OpenStack, a key building block of the EGI Cloud service.
The EGI Cloud service was designed in 2014 and was put into production in 2015. The service is implemented as a ‘federated Cloud’ of Openstack sites. The federation is built of Infrastructure as a Service (IaaS) cloud providers, where each IaaS is operated by different institutes according to collaboratively agreed principles and operational regulations. These principles and regulations require OpenStack providers to connect their site with the EGI Operation services, and expose their cloud to users through commonly agreed interfaces. During the 2018 - thanks to the new Check-in service - the EGI Cloud was made accessible with username-password that not only lowered the barrier of access, but also opened up possibilities for new types of interfaces.
One of these new interfaces is the AppDB VMOps Dashboard, a web interface that can be used to instantiate virtualised applications on any connected OpenStack cloud site through a single GUI. The VMOps Dashboard complements the existing features of AppDB and now serves as a front-end for both application providers and application managers & users. Through AppDB application providers can replicate virtualised applications (Virtual Machine Images) to the federated cloud sites, while application managers & users can intantite and use those applications.
Another new interface that Check-in enabled in the EGI Cloud is the Jupyter-based EGI Notebooks. The EGI Notebooks service provides browser-based, scalable tool for interactive data analysis supporting different programming languages and computational software by using the Open Source Jupyter and JupyterHub software packages. EGI Notebooks is a multi-user environment that offers communities a one-click experience without software setup to run data analysis tasks (e.g. data cleaning and transformation, numerical simulation, statistical modelling, data visualisation, machine learning). Jupyter is a cross-domain computational platform that has raised interest from various research communities, such as environmental sciences, life sciences, food research, mathematics and physics.
The presentation will describe these new EGI elements and will show to resource providers and researchers in the Asia Pacific region how the Check-in, Federated Cloud and Notebooks services can be adopted to local use.
Summary
This presentation introduces the EGI Operations services with a focus on their recent advancements in the area of security, and showing how these advancements improved the operation of the EGI cloud federation. The EGI Cloud federation is a collaboration of cloud providers with a growing emphasis on federating OpenStack IaaS resources as well as higher level services offered on top.
Primary author
Dr
Gergely Sipos
(EGI)
Co-authors
Baptiste Grenier
(EGI Foundation)
Enol Fernandez
(EGI Foundation)
Mr
Giuseppe La Rocca
(EGI Foundation)
Nicolas Liampotis
(GRNET)
