CLOUD POWER NREN collaboration on service delivery and adoption in - - PowerPoint PPT Presentation

CLOUD POWER

NREN collaboration on service delivery and adoption in GÉANT GN3plus SA7

TF-MSP March 18, Amsterdam

FOUNDATION AREAS ADOPTION

Collaborate, to enable and facilitate our community to use online services

• n a large scale, with the right conditions

https://intranet.geant.net/sa7/

Service Line Opportunities

MEET THE NEEDS OF OUR COMMUNITY RIGHT TIME TO ACT CLOUD IS HAPPENING NOW COMMUNITY DEMAND WILLINGNESS TO WORK TOGETHER COMMON APPROACH

COLLABORATION AREAS

YEAR 1 INPUT (QUESTIONNAIRE)

COLLABORATION SUITES

REALTIME

COMMUNICATION

FILE STORAGE AND SYNC INFRASTRUCTURE AS AS SERVICE

TRUST ST SAFE FE CONTROL TROL GÉANT and the NRENs are the trusted

ADVISORS BROKERS PROVIDERS

for the R&E community

Online services should be

accessible, safe, integrated, affordable, predictable, easy to use

through aggregating demand and expertise, aligning roadmaps and joint efforts.

Organisational, technical and financial structures in Research and Education institutions

• ften don't map on the

way cloud providers

• ffer their services

GET IN Assure data is handled safely and meets European and national regulations. Acquire services through the institutions’ purchasing structures: Predictable cost models (prevent bill shock) Limit network traffic costs Log in with institutional account GET OUT Be able to to move data (to another provider)

SA7 DOES NOT BUILD OR OPERATE A CLOUD INFRASTRUCTURE OTHERS DO, R&E ORGANISATIONS AND COMMERCIAL PROVIDERS

SERVICE DELIVERY GATEWAY HYBRID APPROACH

OUTSOURCED CLOUDS IN-HOUSE CLOUDS

MAKE AND BUY ADDED VALUE FROM NRENS = RIGHT CONDITIONS FOR COMMUNITY

OUTSOURCED CLOUDS IN-HOUSE CLOUDS

SERVICE DELIVERY GATEWAY HYBRID APPROACH

CLOUDS DELIVERED THROUGH GÉANT & NRENS

Enable joint delivery and adoption

FOUNDATION

FOR ONLINE SERVICES

CONNECTION COMPONENTS

TERMS & CONDITIONS BROKERAGE PROCUREMENT FEDERATED IDENTITY MANAGEMENT & SINGLE SIGN-ON NETWORK PEERINGS

REQUIREMENTS CATALOGUE STRATEGY STANDARDS

COLLABORATION SUITES REALTIME COMMUNICATION FILE STORAGE AND SYNC INFRASTRUCTURE AS A SERVICE

ADOPTION

FOUNDATION AREAS MAKE & BUY IN-HOUSE & OUTSOURCED

Collaborate, to enable and facilitate our community to use online services

• n a large scale, with the right conditions

support to clouds

FOUND NDATION TION str trategy ategy

Brings a joint organizational approach to transition to the cloud distribution model.

• What Cloud services should NRENs consider?
• Which deployment models e.g. Public, Private, Hybrid, Community?
• Build & Buy and the role of Brokering.
• Operational model e.g. own resources, outsourced managed service.
• Collaboration with other NRENs.
• What will be the impact on the organisation e.g. resources and skillsets.
• Business case and financial model, e.g., funding requirements.

18/03/2015 23

Strategy guide for NRENs

Workshops on service delivery and business development, to

improve our capabilities in value propositions, provider interactions, portfolio management, procurement and service distribution. establish a common language and approach as NRENs.

18/03/2015 24

Skill development

Cloud adoption

Purpose

Gathering and sharing the experience and best practices: Related to offering the cloud services to the users Documenting the cloud adoption process based on real-life cases Improving the community cloud services take-up

GÉANT  NRENs  institutions

EduStorage at HEAnet Okeanos at GRNET OwnCloud at ACONET Refining Cloud strategy at SURFnet Cloud services at JISC Cloud services in NORDUnet Cloud services at SWITCH Cloud services at PSNC Cloud services at CESNET

18/03/2015 27

Case studies

support to clouds

FOUND NDATION TION sta tandar ndards ds

Cloud standards WIKI

T echnical standards

• CDMI (Cloud Data Management Interface)
• CIMI (Cloud Infrastructure Management Interface)
• CPIP (Guide for Cloud Portability and Interoperability Profiles)
• ISO 27001
• OAuth
• OCCI (Open Cloud Computing Interface)
• OpenSocial
• OVF (Open Virtualization Format)
• SAML (Security Assertion Markup Language)
• SCIM (System for Cross-domain Identity Management)
• SIIF (Standard for Intercloud Interoperability and Federation)
• SMI-S (Storage Management Initiative Specification)
• SPML (Service Provisioning Markup Language)
• SUoM (Standard Units of Measure)
• TOSCA (T
• pology and Orchestration Specification for Cloud Applications)
• WebDAV (Web Distributed Authoring and Versioning)
• X.509

support to clouds

FOUND NDATION TION requi uirements ements & & cata talo logue gue

Branko Radojević GÊ ÊANT NT SA7, , CARNe Net

• Acting together, as European NRENs in GÉANT makes a big difference

– opens doors

• Bringing scale, size, efficient route to market

(NRENs are trusted advisors for the R&E community – business metrics and data-points)

• Learned ‘what makes providers tick’ and how to navigate the internal

structures and decision making processes at providers

• Our Pitch: How do we approach, talk to providers? What is our

simple clear message? What problems are we solving for them (provider viewpoint)

• Found our voice, the right recipe

Suppliers interaction

Compact set of pre-conditions which cloud providers are expected to meet

Intellectual property rights and ownership, legal aspects, security, continuity, confidentiality, communication, billing, technical requirements

Providers’ responses are made available in the GÉANT Cloud Catalogue online services directory

• Provide clarity
• to cloud providers, regarding the requirements
• f the Research and Education community
• to the Research and Education community,

regarding capabilities of cloud providers

• Provide choice

18/03/2015 35

Essential conditions of use – bring trust

Cloud requirements Six pages; easily readable

available at:

http://services.geant.net/clouds/Activities/Pages/Supporting_Suppliers.aspx

Intellectual property rights and

• wnership, legal aspects,

security, continuity, confidentiality, communication, billing, technical requirements

catalogue.clouds.geant.net

• Collaboration suites, realtime communication
• Microsoft Office 365
• EduZone EZ-Moodle
• Pending: Google Apps
• Infrastructure as a Service
• Advania
• CloudSigma
• Eduzone EZ-Infrastructure
• Okeanos
• Microsoft Azure
• Pending: Amazon
• File storage and sync
• BOX
• Crashplan
• Shareplan
• Other
• EduZone EZ-AntiSPAM
• Netskope Cloud Access Security Brokerage

18/03/2015 39

Current services in the cloud catalogue

Advania

Advania is a Nordic IT company with staff of 1.100 people and 20 offices in three

• countries. The company is built on a solid foundation that spans over 70 years of

information technology service to both the private and public sectors. Services offered: IaaS - Modern, top-quality cloud services for compute and storage.

ANNOUNCED INDIRECT

Cloud Suppliers in the Catalogue

Box is the secure way to share content and improve collaboration for over 275,000 organisations and 32 millions users as we believe that technology should never limit the invention and productivity of enterprising minds. Services offered: Remote data storage and document management

ANNOUNCED DIRECT

Cloud Suppliers in the Catalogue

CloudSigma is a pure-cloud Infrastructure-as-a-Service provider that offers highly available, flexible, enterprise-class cloud servers and cloud hosting solutions. Services offered: Highly available IaaS

For NREN users signing in with eduGAIN = 15% immediate discount For NREN users with large public data sets, we ​will be providing up to a 100% discount on data storage if the data is of value to other users. For ESA TEP projects we will be providing a 100% discount under a pending ESA contract.

ANNOUNCED DIRECT

Cloud Suppliers in the Catalogue

CloudSigma is a pure-cloud Infrastructure-as-a-Service provider that offers highly available, flexible, enterprise-class cloud servers and cloud hosting solutions. Services offered: Highly available IaaS

Will also be providing a series of EULA's for some common Big Science tools at large discounts. Finally, we will be providing a "database homogenization" service (and tools) to allow simple access to a large number of public data sets on CloudSigma at no cost.

ANNOUNCED DIRECT

Cloud Suppliers in the Catalogue

Code42 connects people to the files they need on the devices they love, enabling continuous data protection and secure access for people and businesses

• everywhere. 35,000 business and leading educational institutes globally use our

products. Services offered: Cloud Backup solution Cloud Data Storage solution

ANNOUNCED ANNOUNCED

100 trial licences with crypto keys stored in GEANT network, while data stored in CODE42 data center.

Cloud Suppliers in the Catalogue

Dedicated to provide cloud services exclusively to the Research and Education community, through a specially designed platform that follows NRENs and institutions business logic. Services offered: Announced: EZ Videconferencing – Web video conferencing, coming soon

50$

1 month free + 5 months 50%

6 months 50%

AVAILABLE DIRECT

Cloud Suppliers in the Catalogue

The Greek Research and Technology Network provides networking and cloud services to the Greek academic research and education community and beyond. Services offered:

6 months 1 VM free

AVAILABLE MEMBER

Cloud Suppliers in the Catalogue

Microsoft Corporation develops, licenses, markets, and supports software, services, devices and cloud services comprising Office 365, Dynamics CRM Online and Microsoft Azure worldwide. Services offered:

PLANNED INDIRECT

Cloud Suppliers in the Catalogue

Netskope™ is the leader in cloud app analytics and policy enforcement. Services offered: Netskope – Cloud monitoring tool

N/A N/A

Network peerings with cloud providers

Best, most direct connection between providers and R&E community; latency, bandwidth, data protection. Reduce network ingress and egress charges, to achieve more predictable cost models

Currently connected to NRENs

• r directly to GÉANT

HELIX NEBULA providers ATOS connected to REDiris CloudSigma connected to SWITCH Interoute connected to GÉANT in London T-systems connected to GÉANT at VIX BOX eduZONE

18/03/2015 51

Network peerings with cloud providers

In progress Code42 Microsoft (connected to Janet, discussions with SURFnet, scaling up to pan-European level though SA7) Amazon (discussions with Janet, discussions with SA7 about pan-European delivery) Greenqloud (connected to Nordunet, used by SURFnet, can go pan-European) At the moment non-production connections – pilot status Exploring suitable models for production

support to clouds

COLLABO ABORA RATIO TION N AREA

file e sync and share

53

Sync & Share

Strong user demand NRENs provide us with secure online file storage.

• Many NRENs have been or are building ownCloud based

Sync&Share solutions

• Challenges with the product (level of maturity)
• Share
• Document best practices!

Available on Github

http://swit.ch/owncloudBlackBook https://github.com/switch-ch/cloudservice-owncloud https://github.com/switch-ch/owncloud-ansible

support to clouds

COLLABO ABORA RATIO TION N AREA

IaaS

• OpenStack
• Knowledge sharing
• NRENs, CERN

Wider IaaS NREN offerings

• Technical
• Organisational

Bi-weekly meetings

18/03/2015 60

IaaS services

support to clouds

COLLABO ABORA RATIO TION N AREA realtime ltime comm mmuni nication cation

Making Web-conferencing services accessible and affordable

RENDEZ-VOUS Web-Conferencing

Commercial offerings expensive proprietary (lack of interoperability) WebRTC proof of concept pilot

• First analysis beginning 2014
• First proof of concept version deployed in may 2014
• Opened to SA7 community and R&E community in october 2014
• 12000 conferences and 25000 users per month

Scale up

RENATER, Rendez-Vous

Rendez-Vous WebRTC pilot

https ps:/ ://r /rendez endez-vo vous us.r .renate enater.f .fr

support to clouds

COLLABO ABORA RATIO TION N AREA collaboration aboration suites tes

Schools – 500.000 users Office 365 Education E1 Different for students and employees Faculty license for employees Student license for pupils Office web apps, Exchange, Lync, SharePoint, Yammer, OneDrive, Office plus for 5 devices Exchange not enabled by default

18/03/2015 66

CARNet, Office 365 national implementation

Users are not preprovisionded they are created “on-the-fly”

• n first login,

after user accepts EULA

• ffice365.skole.hr - portal for

users

18/03/2015 67

Users provisioning

18/03/2015 68

Users provisioning - performance

Performance in seconds, per user: Creating user accounts (5-10 sec) Adding mailbox (10-15 sec) Creating alternative e-mail address (5-10 sec) OneDrive (20-30 sec)

18/03/2015 69

Offline Office365 – User authentication

18/03/2015 70

Office 365 in the Czech Republic

CESNET's Microsoft Office365 hybrid cloud solution

Basic idea

• Data of “non-critical” users (typically students) are in public cloud (in MS data centers)
• Data of “critical” users (typically staff) are in private part of the cloud (in CESNET data center)
• Data of “very sensitive” users (management) are on local servers

What has been done

• Cooperation on a technical level was established with two universities
• Discussions and technical consulting with Microsoft
• Technological partner was found
• Sample technical solution was defined in cooperation with MS
• Pilot project was started – small technical setup

18/03/2015 71

Exchange SharePoint AD ADFS

University A University B Universities CESNET private cloud Public cloud (Office 365)

AD Exchange SharePoint AAD Exchange Online SharePoint Online

sync (placeholder) FIM auth auth

AD Exchange SharePoint

sync (placeholder) FIM

Variant 4. Multitenant cloud (resource forest)

trust trust

AAD Exchange Online SharePoint Online ADFS

auth auth sync FIM / AADSync / DirSync sync FIM / AADSync / DirSync hybrid mode hybrid mode hybrid mode hybrid mode

Currently No hybrid mode with Exchange and SharePoint at CESNET, because one Exchange can be connected to only one Office 365 tenant. But one can connect to Exchange Online in Office 365 with Exchange on CESNET-level federation, which achieves most of the functionality

• f the hybrid mode.

CESNET's Microsoft Office365 hybrid cloud solution

support to clouds

SE SERVIC VICE E DELIVERY IVERY plans ns & appr proach

• ach

Andres s Steijaert GÊ ÊANT NT SA7, , SURFnet

Investigate suitable and sustainable models for the delivery of cloud services through GÉANT and the NRENs, to the R&E institutions. To get services we have ‘on the shelves’ in our cloud catalogue; ‘off the shelves’, into the hands of our users. We want to

establish the required capabilities: right organizational structures and technical systems; aggregate demand; acquire services together and redistribute those resources across our community

Using skills in SA7 and models already in place Transition from a recommendation role, to a transactional role

18/03/2015 73

Service delivery

GÉANT Institute Z INSTITUTE Y INSTITUTE X

Buy in bulk Redistribute 1 2a 2b

Joint int deman and aggregati egation

• n and procu

cureme ement nt Bring the economies of scale to achieve more favourable conditions of use Started a collective tender for IaaS cloud services

TRANSACTIONS

FOR ONLINE SERVICES Buyi ying ng servi vice ces s is difficul icult Cloud Providers work with ‘end-user credit card models’. Our community operates ‘institutional Purchase Order based’. Institutions are afraid of ‘bill shock’ OPEX can be big, also due to network charges. Costs need to be predictable. We can use our network to reduce data network traffic costs.

REQUIREMENTS CATALOGUE STRATEGY STANDARDS

COLLABORATION SUITES REALTIME COMMUNICATION FILE STORAGE AND SYNC INFRASTRUCTURE AS A SERVICE

ADOPTION

FOUNDATION AREAS MAKE & BUY IN-HOUSE & OUTSOURCED

Collaborate, to enable and facilitate our community to use online services

• n a large scale, with the right conditions

Intranet:

https://intranet.geant.net/SA7/

News and information sharinghttps://www.yammer.com/geantcloud/ Cloud aggregation and procurement project Workshops Bi-weekly online meetings

Next meeting: this Friday February 27, at 10:00 CET

Join us