ibercloud orchestrating services to provide virtualized
play

Ibercloud: orchestrating services to provide virtualized access to - PowerPoint PPT Presentation

Aug 29, 2022 •149 likes •370 views

Ibercloud: orchestrating services to provide virtualized access to IberGrid C. Fernandez, A. Simn (CESGA) I. Campos, E. Fernndez, A. Lopez Garcia, J. Marco De Lucas, M.A. Nuez Vega (IFCA) C. Alfonso, I. Blanquer, M. Caballer, G. Molto

  1. Ibercloud: orchestrating services to provide virtualized access to IberGrid C. Fernandez, A. Simón (CESGA) I. Campos, E. Fernández, A. Lopez Garcia, J. Marco De Lucas, M.A. Nuñez Vega (IFCA) C. Alfonso, I. Blanquer, M. Caballer, G. Molto (GRyCAP) G. Borges, M. David, J. Gomes (LIP)

  2. IberGrid Protugal & Spain NGIs joint operations 24,000 cores and 20PBytes storage available to Grid user community Wide usage of virtualization techniques 21/09/12 EGI Technical Forum 2012 2

  3. Ibercloud Objectives — Investigate the requirements of scientific users of cloud technologies — Deploy a federated cloud IaaS testbed for scientific computing within the Ibergrid collaboration ◦ based on existing local deployments — Provide a unique user friendly interface for the services 21/09/12 EGI Technical Forum 2012 3

  4. Ibercloud Sites 21/09/12 EGI Technical Forum 2012 4

  5. Authorization — Users should be able to use a single identity at all sites — Grid experience ◦ VOMS J ◦ User certificates L — We want a working solution fast ◦ working across cloud implementations ◦ easy enough to be quickly deployable ◦ Flexible for different models of federation (country, site) 21/09/12 EGI Technical Forum 2012 5

  6. Architecture — Start with centralized LDAP authentication: 1. Cloud service portal adds users do main LDAP instance 2. Sites can read LDAP records and authenticate against LDAP server Read Write LDAP SERVER (NCG) CLOUD PORTAL (IFCA) Read only certain fields CLOUD SITES 21/09/12 EGI Technical Forum 2012 6

  7. Registration Portal (I) — Web portal to add users to the infrastructure — http://cloud.ibergrid.eu 21/09/12 EGI Technical Forum 2012 7

  8. Registration Portal (II) — Registration consists on filling a survey with intended usage ◦ Not needed if already part of IBERGRID — Each request is evaluated and approved independently 21/09/12 EGI Technical Forum 2012 8

  9. LDAP tree and namespaces (I) — Tree with country and site branches cn=readonly ou=roles cn=… general users ou=users c=pt ou=lip LIP users dc=ibergrid, dc=eu general ES users ou=users CESGA users ou=cesga o=cloud c=es IFCA users ou=ifca UPV users ou=upv uid=aaa@xxx.pt, ou=users, c=pt, o=cloud, dc=ibergrid, dc=eu uid=bbb@yyy.es, ou=users, c=es, o=cloud, dc=ibergrid, dc=eu uid=ccc@cesga.es, ou=cesga, c=es, o=cloud, dc=ibergrid, dc=eu 21/09/12 EGI Technical Forum 2012 9

  10. LDAP tree and namespaces (II) • Users are “uniquely” identified by e-mail with a common suffix: uid=xxxx@yyyy.pt, o=cloud, dc=ibergrid, dc=eu • Internal remapping within the openldap server • All users remapped to o=cloud,dc=ibergrid,dc=eu • uid=xxxx@yyyy.pt is also a valid DN • We get the advantages of a hierarchical namespace with the simplicity of a flat namespace 21/09/12 EGI Technical Forum 2012 10

  11. LDAP Support — OpenStack: ◦ Authentication is performed by a dedicated service named “keystone” – Changed architecture while deploying our testbed – LDAP support required particular schema ◦ IFCA has extended it for LDAP authentication – LDAP + LDAPS support – No restrictions on DN or LDAP schema — OpenNebula: ◦ Common DN for all users à remapping at the LDAP server ◦ Secure LDAPS needed tweaks but worked ◦ LDAP authentication with the APIs – Does not work à major show-stopper for us ! 21/09/12 EGI Technical Forum 2012 11

  12. VOMS AuthN — IFCA+CNRS Started to develop VOMS AuthN in OpenStack Keystone ◦ Ibercloud will evaluate if it fits the deployment OpenStack HTTPD Keystone Client VOMS mapping HTTPS request Checks proxy Maps VO & with RFC proxy validity attributes to tenants and roles Code on github: https://github.com/alvarolopez/keystone/tree/voms_auth Docs: http://keystone-voms.readthedocs.org/en/latest/voms.html 21/09/12 EGI Technical Forum 2012 12

  13. Accessing the Resources sunstone hybridfox horizon Web Interfaces Compatibility Layer deltacloud libcloud Cloud XML-RPC OCCI EC2 EC2 OpenStack Middleware OpenNebula 21/09/12 EGI Technical Forum 2012 13

  14. Site Capabilities (I) CESGA Name small medium large small-kvm small-occi Number of Cores 1 4 8 1 1 Memory (RAM) 1024 4096 8192 1024 1024 Disk 40GB 60GB 80GB 40GB 40GB Intranet Network 10G Eth. Public/Private IP Pool of public IPs with a maximum of 254 IFCA Name m1.tiny m1.small m1.medium m1.large m1.xlarge Number of Cores 1 1 2 4 8 Memory (RAM) 512 2048 4096 8192 16384 Disk 0 20 40 80 160 Intranet Network GB Eth Public/Private IP VLAN and VPN per project, no public IPs currently 21/09/12 EGI Technical Forum 2012 14

  15. Site Capabilities (II) LIP Name small medium large Number of Cores 1 2 4 Memory (RAM) 512 1024 4096 Disk 10 40 100 Intranet Network GB Eth Public/Private IP VLAN and VPN per project, no public IPs currently GRyCAP Name tiny small medium large Number of Cores 1 1 2 4 Memory (RAM) 512 1024 2048 4096 Disk 20 40 80 80 Intranet Network GB Eth Public/Private IP Pool of public IPs with a maximum of 32 21/09/12 EGI Technical Forum 2012 15

  16. Use case: MPI Applications — Good I/O performance with PCI Passthrough Intel MPI Benchmark - Reduce Test (16 processes) Intel MPI Benchmark - PingPong Test (02 processes) 100000 10000 Bare metal iband Bare metal iband VM iband VM iband 10000 1000 Time in Microseconds Time in Microseconds 1000 100 100 10 10 1 1 1 10 100 1000 10000 100000 1e+06 1e+07 1 10 100 1000 10000 100000 1e+06 1e+07 Number of Bytes Transferred Number of Bytes Transferred 21/09/12 EGI Technical Forum 2012 16

  17. Use Case: PROOF as a Service (I) — PROOF is a parallel mode for ROOT (HEP analysis software) — PROOF requires the deployment of a set of services on the executing hosts ◦ Not trivial for users ◦ Dynamic demand of resources — PaaS on top of the IaaS service ◦ Builds PROOF cluster automatically from the ROOT interface 21/09/12 EGI Technical Forum 2012 17

  18. Use Case: PROOF as a Service (II) (1) start PROOF Proof as a Service (II) Proof Master instantiate NFS Server (IV) Workers PROOF session (III) attach Cloud Volume (analysis data) CLOUD RESOURCES 21/09/12 EGI Technical Forum 2012 18

  19. Use Case: Mathematica — Used at IFCA for physics phenomenology simulations — Very specific machine configuration ◦ not grid friendly ◦ too heavy for desktops — Researchers start VMs with Mathematica as needed ◦ hardware independent environment ◦ ability to test and execute various software configurations ◦ better reliability and availability 21/09/12 EGI Technical Forum 2012 19

  20. Next steps… — Continue working on federated identity ◦ VOMS ◦ SAML — Investigate user interfaces/API compatibility ◦ OCCI now also available in OpenStack — Open infrastructure to pilot users ◦ Get feedback and requirements — VM Image Management ◦ Image catalogues & repositories — Monitoring & Accounting ◦ following the EGI Cloud TF developments 21/09/12 EGI Technical Forum 2012 20

  21. Thanks Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Orchestrating the Deployment of Computations in the Cloud with Conductor Alexander Wieder

Orchestrating the Deployment of Computations in the Cloud with Conductor Alexander Wieder

Orchestrating the Deployment of Computations in the Cloud with Conductor Alexander Wieder Pramod Bhatotia Ansley Post Rodrigo Rodrigues NSDI 2012 27.04.2012 1 Options for Processing Data in the Cloud Client What's the best Web Services

384 views • 23 slides
Workshop on Monitoring PhD Student Progress, June 22-23, 2017, Vigo, Spain Fast visio vision al

Workshop on Monitoring PhD Student Progress, June 22-23, 2017, Vigo, Spain Fast visio vision al

The technology of telecommunication The mechanism of multimedia networks has been evolving in the last communication has to be developed: years. Provide new services for 4G and 5G Design a "Virtualized Media Server"

211 views • 9 slides
CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas

CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas

CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas Droux, Thirumalai Srinivasan, Kais Belgaied Aug 17 th . 2009 Sigcomm VISA 2009, Barcelona Sunay Tripathi, Distinguished Engineer, Sun Microsystems Inc

289 views • 24 slides
How to Tame your VM: an Automated Control System for Virtualized Services Akkarit Sangpetch

How to Tame your VM: an Automated Control System for Virtualized Services Akkarit Sangpetch

How to Tame your VM: an Automated Control System for Virtualized Services Akkarit Sangpetch Andrew Turner Hyong Kim asangpet@andrew.cmu.edu andrewtu@andrew.cmu.edu kim@ece.cmu.edu Department

261 views • 22 slides
Active Learning Strategies ORCHESTRATING LEARNER PARTICIPATION IN EDUCATIONAL ACTIVITIES The

Active Learning Strategies ORCHESTRATING LEARNER PARTICIPATION IN EDUCATIONAL ACTIVITIES The

Active Learning Strategies ORCHESTRATING LEARNER PARTICIPATION IN EDUCATIONAL ACTIVITIES The overall goal of this presentation is to provide faculty with information and strategies to enhance learner participation in educational activities.

532 views • 52 slides
Orchestrating Proxysql with OCP Avi Apelbaum, Wix aviap@wix.com linkedin/aviapelbaum

Orchestrating Proxysql with OCP Avi Apelbaum, Wix aviap@wix.com linkedin/aviapelbaum

Orchestrating Proxysql with OCP Avi Apelbaum, Wix aviap@wix.com linkedin/aviapelbaum github.com/wix Hi. I am Eyal DBA Team Leader @WIx.com Wix in a Minute Our main production DBs Version 5.6.x & 5.7.x 3.2.12 3.0.9 DB instances

597 views • 37 slides
The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to automate NSX to provide virtualized networking and security services using both ESXi and KVM based hypervisor hosts as well as container networking and

1.68k views • 150 slides
AdaptSize: Orchestrating the Hot Object Memory Cache in a CDN Daniel S. Mor Ramesh K. Berger

AdaptSize: Orchestrating the Hot Object Memory Cache in a CDN Daniel S. Mor Ramesh K. Berger

AdaptSize: Orchestrating the Hot Object Memory Cache in a CDN Daniel S. Mor Ramesh K. Berger Harchol-Balter Sitaraman USENIX NSDI. Boston, March 28, 2017. CDN Caching Architecture Content providers 1% 1% 1% 1% DC HOC CDN 100% 100%

473 views • 20 slides
Orchestrating Collaboration Visual Collaboration Suggestions in Large Research Clusters Andr

Orchestrating Collaboration Visual Collaboration Suggestions in Large Research Clusters Andr

Orchestrating Collaboration Visual Collaboration Suggestions in Large Research Clusters Andr Calero Valdez Denis zdemir, Mohammed Amin Yazdi, Anne Kathrin Schaar and Martina Ziefle Agenda The Aachen House of Production The Scientific

310 views • 20 slides
Affect PROPRIETARY & CONFIDENTIAL March 4, 2010 Strategies MANAGING A HACK: Orchestrating

Affect PROPRIETARY & CONFIDENTIAL March 4, 2010 Strategies MANAGING A HACK: Orchestrating

Affect PROPRIETARY & CONFIDENTIAL March 4, 2010 Strategies MANAGING A HACK: Orchestrating Incident Response to Preserve Brand Reputation Cyber Security Summit Chicago Sept 26-27 th , 2018 Sandra Fathi President, Affect Email:

572 views • 26 slides
Orchestrating the student experience with social media tools Jessie Paterson & Kirsty Hughes

Orchestrating the student experience with social media tools Jessie Paterson & Kirsty Hughes

Orchestrating the student experience with social media tools Jessie Paterson & Kirsty Hughes (Paul Anderson, Hamish Macleod, Catherine Shields) Funded by The Principals Teaching Award Scheme (PTAS) Hypothesis Can we classify types

381 views • 14 slides
Building a Fast, Virtualized Building a Fast, Virtualized Data Plane with Data Plane with

Building a Fast, Virtualized Building a Fast, Virtualized Data Plane with Data Plane with

Building a Fast, Virtualized Building a Fast, Virtualized Data Plane with Data Plane with Programmable Hardware Programmable Hardware Bilal Anwer Nick Feamster 1 Network Virtualization Network Virtualization Network virtualization enables

299 views • 27 slides
Impact of server dynamic allocation on the response time for energy-efficient virtualized web

Impact of server dynamic allocation on the response time for energy-efficient virtualized web

Impact of server dynamic allocation on the response time for energy-efficient virtualized web clusters energy-efficient virtualized web clusters Carlos Oliveira, Vinicius Petrucci, Orlando Loques {cjunior, vpetrucci, loques} @ic.uff.br

388 views • 24 slides
Focus Provide contract manufacturing and research services for New Drugs, Generics and

Focus Provide contract manufacturing and research services for New Drugs, Generics and

Focus Provide contract manufacturing and research services for New Drugs, Generics and Biologics. Deploy its unique combination of assets and operational capabilities to provide high quality CMO and CRO services Research &

614 views • 25 slides
Orchestrating a Trauma-Informed Tone from the Beginning: Pre and Post Removal Conferences

Orchestrating a Trauma-Informed Tone from the Beginning: Pre and Post Removal Conferences

Orchestrating a Trauma-Informed Tone from the Beginning: Pre and Post Removal Conferences Presented by Constance Cohen, Retired Juvenile Judge Constance.Cohen@icloud.com The Des Moines Experience: The Way We Were Approximately 80% of

284 views • 5 slides
Orchestrating Robot Swarms with Java / OcadoTechnology < image of food - maybe a basket of

Orchestrating Robot Swarms with Java / OcadoTechnology < image of food - maybe a basket of

Orchestrating Robot Swarms with Java / OcadoTechnology < image of food - maybe a basket of fruit or a christmas hamper > / OcadoTechnology < image of consumer at an empty fridge > / OcadoTechnology < Person getting in car, or

857 views • 67 slides
KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC

KDC LDAP Schema IETF 11/02 Donna Skibbie, IBM Overview KDC LDAP Schema draft: Defines all KDC attributes except for those used to store key data Keys Extension draft: Defines attributes used to store key data Flow of Data to LDAP

798 views • 10 slides
What's New in OpenLDAP Howard Chu CTO, Symas Corp / Chief Architect OpenLDAP FOSDEM'14 OpenLDAP

What's New in OpenLDAP Howard Chu CTO, Symas Corp / Chief Architect OpenLDAP FOSDEM'14 OpenLDAP

What's New in OpenLDAP Howard Chu CTO, Symas Corp / Chief Architect OpenLDAP FOSDEM'14 OpenLDAP Project Open source code project Founded 1998 Three core team members A dozen or so contributors Feature releases every 12-18

627 views • 42 slides
Simulation Engines TDA571|DIT030 Software Engineering Tommaso Piazza 1 Administrative Stuff

Simulation Engines TDA571|DIT030 Software Engineering Tommaso Piazza 1 Administrative Stuff

Simulation Engines TDA571|DIT030 Software Engineering Tommaso Piazza 1 Administrative Stuff Any new arrivals? Have you booked your first supervision? Today is the last day! Do you know in which group you are in? Did you get a

551 views • 53 slides
Towards a Formatting Vocabulary for Time-based Hypermedia Jacco van Ossenbruggen Joost Geurts

Towards a Formatting Vocabulary for Time-based Hypermedia Jacco van Ossenbruggen Joost Geurts

Towards a Formatting Vocabulary for Time-based Hypermedia Jacco van Ossenbruggen Joost Geurts Lloyd Rutledge Lynda Hardman CWI Amsterdam I want multimedia stylesheets Jacco van Ossenbruggen Joost Geurts Lloyd Rutledge Lynda Hardman CWI

463 views • 29 slides
dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit

dCache and LDAP AuthN Ron Trompert SURFsara A :ny Bit of History Number of systems Own user administra:on system Some users had access

519 views • 10 slides
LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com

LDB and the LDAP server in Samba4 Simo Sorce Samba Team idra@samba.org simo.sorce@quest.com http://www.samba.org/~idra What is LDB ? LDB is an LDAP-like database interface LDAP-like data model support LDAP like search expressions but it

1.03k views • 24 slides
Infosys in ARC6 (server) Infosys in ARC6 (server) Confjguration changes: see relevant

Infosys in ARC6 (server) Infosys in ARC6 (server) Confjguration changes: see relevant

Infosys in ARC6 (server) Infosys in ARC6 (server) Confjguration changes: see relevant presentation for detailed description Mandatory blocks: [ i n f o s y s ] [ i n f o s y s / g l u e 2 ] New block names

426 views • 4 slides
What's new in httpd 2.2? 2.1 Paul Querna pquerna@apache.org July 21, 2005

What's new in httpd 2.2? 2.1 Paul Querna pquerna@apache.org July 21, 2005

What's new in httpd 2.2? 2.1 Paul Querna pquerna@apache.org July 21, 2005 http://www.outoforder.cc/presentations/ 2.2? major.minor.patch Versioning Scheme: Even = Stable / General Availability 2.0.x & 2.2.x Odd =

393 views • 37 slides

More recommend