A VOSpace deployment: interoperability and integration in big infrastructure

Similar documents
Integrating Anonymous & Authenticated Access to VO Services. Patrick Dowler Canadian Astronomy Data Centre

Designing the Future Data Management Environment for [Radio] Astronomy. JJ Kavelaars Canadian Astronomy Data Centre

Part2: Let s pick one cloud IaaS middleware: OpenStack. Sergio Maffioletti

2. HDF AAI Meeting -- Demo Slides

THE EUCLID ARCHIVE SYSTEM: A DATA-CENTRIC APPROACH TO BIG DATA

Authentication & Authorization systems developed for CTA

AAI in EGI Current status

Data Centres in the Virtual Observatory Age

INDIGO AAI An overview and status update!

Guidelines on non-browser access

The EGI AAI CheckIn Service

VIRTUAL OBSERVATORY TECHNOLOGIES

AARC Blueprint Architecture

A VO-friendly, Community-based Authorization Framework

Best practices and recommendations for attribute translation from federated authentication to X.509 credentials

TAP services integration at IA2 data center

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

European Grid Infrastructure

Office 365 and Azure Active Directory Identities In-depth

The challenges of (non-)openness:

DEEP DIVE: OPENSTACK COMPUTE

Building on Existing Communities: the Virtual Astronomical Observatory (and NIST)

HPE HELION CLOUDSYSTEM 9.0. Copyright 2015 Hewlett Packard Enterprise Development LP

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

BRKDCT-1253: Introduction to OpenStack Daneyon Hansen, Software Engineer

Sentinet for Microsoft Azure SENTINET

Grid computing with IVOA standards and VOTech components

Research Data Management & Preservation: A Library Perspective

GSI Online Credential Retrieval Requirements. Jim Basney

Mining Massive Data Sets With CANFAR and Skytree. Nicholas M. Ball Canadian Astronomy Data Centre National Research Council Victoria, BC, Canada

OPENSTACK PRIVATE CLOUD WITH GITHUB

THE EUCLID ARCHIVE SYSTEM: A DATA-CENTRIC APPROACH TO BIG DATA

Unified Secure Access Beyond VPN

The LDAP plugin for Fuel documentation

Enabling Cloud-Native Applications with Application Credentials in Keystone

Single Sign-On for PCF. User's Guide

CernVM-FS. Catalin Condurache STFC RAL UK

Vendor: Microsoft. Exam Code: Exam Name: Administering Office 365. Version: DEMO

Red Hat OpenStack Platform 10 Product Guide

Technology for the Virtual Observatory. The Virtual Observatory. Toward a new astronomy. Toward a new astronomy

Grid services. Enabling Grids for E-sciencE. Dusan Vudragovic Scientific Computing Laboratory Institute of Physics Belgrade, Serbia

Outline. Infrastructure and operations architecture. Operations. Services Monitoring and management tools

How to use or not use the AWS API Gateway for Microservices

The LGI Pilot job portal. EGI Technical Forum 20 September 2011 Jan Just Keijser Willem van Engen Mark Somers

Red Hat Quay 2.9 Deploy Red Hat Quay - Basic

Intro to Oracle Web Services Manager

API Security Management with Sentinet SENTINET

ASTRONOMY & PARTICLE PHYSICS CLUSTER

Cloud Computing. Amazon Web Services (AWS)

DIRAC distributed secure framework

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Prototype DIRAC portal for EISCAT data Short instruction

OpenStack Mitaka Release Overview

Deliverable DJRA1.1. Use-Cases for Interoperable Cross- Infrastructure AAI

The Canadian CyberSKA Project

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

WP JRA1: Architectures for an integrated and interoperable AAI

MCSA Office 365 Bootcamp

An integrated IaaS and PaaS architecture for scientific computing

Federated AAI and the World of Tomorrow. Rion Dooley

Tutorial: Building the Services Ecosystem

SLCS and VASH Service Interoperability of Shibboleth and glite

SailPoint IdentityIQ 6.4

SafeNet Authentication Manager

USING OPENSTACK TO INTEGRATE NON-OPENSTACK SERVICE JUNHO YOON, ANDREW LIU, JACK NING

OpenStack Technology Review & Demo

Ivanti User Workspace Manager

Liferay Security Features Overview. How Liferay Approaches Security

Research Data Repository Interoperability Primer

glite Grid Services Overview

Open mustard seed. Patrick Deegan, Ph.D. ID3

SA1 CILogon pilot - motivation and setup

The Computation and Data Needs of Canadian Astronomy

OpenStack and OpenDaylight, the Evolving Relationship in Cloud Networking Charles Eckel, Open Source Developer Evangelist

Fencing the Cloud. Roger Casals. Senior Director Product Management. Shared vision for the Identity: Fencing the Cloud 1

VMware Horizon 7 Administration Training

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Load Balancing Microsoft Remote Desktop Services. Deployment Guide v Copyright Loadbalancer.org

OpenStack Lab on VMware Workstation Setting up the All-In-One VM

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

Euclid Archive Science Archive System

AMGA metadata catalogue system

"Charting the Course... H8Q14S HPE Helion OpenStack. Course Summary

Storage Virtualization. Eric Yen Academia Sinica Grid Computing Centre (ASGC) Taiwan

SafeNet Authentication Service

John Heimann Director, Security Product Management Oracle Corporation

Federated access to e-infrastructures worldwide

Google Cloud Platform for Systems Operations Professionals (CPO200) Course Agenda

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access

Troubleshooting Grid authentication from the client side

Sentinet for BizTalk Server SENTINET

Electronic Service Provider Standard

ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS

Overview SENTINET 3.1

Qualys Cloud Platform (VM, PC) v8.x Release Notes

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Access Policy Manager v with Oracle Access Manager

OpenStack. Architecture and Operation. OpenStack Tutorial Day 2. Kasidit Chanchio Vasabilab, Thammasat University

Europe and its Open Science Cloud: the Italian perspective. Luciano Gaido Plan-E meeting, Poznan, April

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

Transcription:

ASTERICS DADI ESFRI Forum A VOSpace deployment: interoperability and integration in big infrastructure S. Bertocco Trieste 13-14 December 2017

Scope Provide our users with a local data storage and computation infrastructure compliant with a world wide Virtual Observatory vision astronomical standards based to be widely accessible especially with astronomical tools interoperable with other similar storage services to increase the accessible sets of data integrated with other big software infrastructures 2

CANFAR Infrastructure CANFAR, the Canadian Advanced Network for Astronomical Research combines: the Canadian national research network (CANARIE), cloud processing and storage resources (Compute Canada) an astronomy data center (Canadian Astronomy Data Center CADC) hosting a very large data set specialized in data mining, data processing, data distribution and data transferring providing a lot of sophisticated tools to support and enhance the research efforts of Canadian and international astronomers 3

CANFAR Infrastructure 4

OpenCADC Repository 5

IVOA Standards https://github.com/opencadc Modules: vos ac cdp reg uws core CADC VOSpace standard implementation Access Control (including GMS) Credential Delegation Protocol implementation Registry Interface implementation (including VOSI) Universal Worker Service Pattern implementation core utilities and logging IVOA Standards and recommendations based (http://ivoa.net/) 6

Storage and VOSpace IVOA recommendation VOSpace recommendation: VOSpace is the IVOA interface to distributed storage. It specifies how VO agents and applications can use network attached data stores to persist and exchange data in a standard way. A VOSpace web service is an access point for a distributed storage network. Through this access point, a client can: add or delete data objects in a tree data structure manipulate metadata for the data objects obtain URIs through which the content of the data objects can be accessed VOSpace does not define how the data is stored or transferred, only the control messages to gain access. Thus, the VOSpace interface can readily be added to an existing storage system. When we speak of "a VOSpace", we mean the arrangement of data accessible through one particular VOSpace service. 7

Storage Service VOSpace: IVOA VOSpace recommendation Metadata management (Node) Message exchange Web service VOSpace front-end https://github.com/opencadc/vos https://github.com/oats-cadc/oats-vospace-web VOSpace back-end Storage solution management Record links stored file metadata node Web service SQL DataBase https://github.com/oats-cadc/oats-vospace-backend https://github.com/oats-cadc/oats-vospace-backend-web Physical storage Posix OpenStack Swift Others https://github.com/oats-cadc/oats-vospace-backend-developers-guide 8

Access Control Access permissions stored in VOSpace database VOSpace access policy based on group membership Access Control Service (https://github.com/opencadc/ac) Manage users Manage groups Has info about group memberships Manage more user s identities: username/password cookies numeric X.509 certificates 9

Credential Delegation Protocol IVOA recommendation The credential delegation protocol allows a client program to delegate a user's credentials to a service such that the service may make requests of other services in the name of that user. Credential Delegation Service https://github.com/opencadc/cdp https://github.com/oats-cadc/oats-cred-web 10

Interoperability INAF-OATs CANFAR Storage Storage 3 Cloud portal Cloud portal 4 Access Control Credential Service 5 Access Control 2 1 Credential Service 1) INAF-OATs user Bertocco delegates her x509 credentials to CANFAR Credential Service 2) user Bertocco asks for data of her INAF-OATs group to CANFAR storage service 3) CANFAR storage service checks the group affiliation of the user in the INAF-OATs group management service 4) CANFAR storage service gets the user's delegated credentials from the CANFAR Credential Delegation Service to be able to make calls to each other service on behalf of the initial user 5) CANFAR storage service returns data to the INAF-OATs user Bertocco 11

OATs-INAF Cloud Site OATs-INAF hosts a cloud site: OpenStack Mitaka based Storage: 10TB VM storage (cinder) 50 TB user s data storage Authentication: Keystone backend ldap Plus keystone-voms module 12

EGI FedCloud Compliance & interoperability Cloud Management Framework: OpenStack (compliant with EGI federated cloud architecture) Common Authentication and interoperability: Using VOMS-proxy Request a cloud authorization token Connect to the OpenStack console Manage virtual machines Authenticate in VOSpace and other IVOA base services Using username/password log-in into VMs log-in into OATs cloud portal authenticate in VOSpace and other IVOA base services 13

Summarizing: wath we have Services IVOA recommendation based VOSpace, Access Control and Credential Interoperable with CANFAR Services (VOSpace, Credential Service, Registry) Cloud resources EGI federation compliant and accessible by EGI users (X.509) Cloud access to data stored in VOSpace (both OATs and CANFAR hosted) 14

Concluding: wath we need An integrated approach to our services exploitation A common authentication (will be provided by EOSC Pilot?) and authorization model (will it be an IVOA recommendation on group-based auth?) 15

Thanks! 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback