Identity management for the TUB Cloud. T. Hildmann, O. Kao, C. Ritter tubit, CIT EUNIS 2013

Similar documents
Deploying and extending on-premise cloud storage based on owncloud

Nubo on premise POC requirements for VMWare ESXi

VMware vsphere Customized Corporate Agenda

DSI Optimized Backup & Deduplication for VTL Installation & User Guide

FileCruiser VM Quick Configuration Guide For Trial Version V1.0

Introduction to Virtualization. From NDG In partnership with VMware IT Academy

Microsoft Office 365 (O365) and Office 2016 ProPlus Download FAQs For Students

LO2 Be able to design virtualisation deployments.

Installing Cisco Virtual Switch Update Manager

Preparing Virtual Machines for Cisco APIC-EM

Preparing Virtual Machines for Cisco APIC-EM

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

HARDWARE UMET / OCIT Private Cloud

Installing Cisco MSE in a VMware Virtual Machine

Managing ReadyClones

Release Notes for Cisco UCS Platform Emulator, Release 2.1(1aPE3)

Veeam Backup & Replication on IBM Cloud Solution Architecture

Introducing Cisco Cloud Administration CLDADM v1.0; 5 Days; Instructor-led

V.I.B.E. Virtual. Integrated. Blade. Environment. Harveenpal Singh. System-x PLM

FUJITSU Storage ETERNUS AF series and ETERNUS DX S4/S3 series

What s next in Nextcloud. Frank Karlitschek

System Requirements for Cisco DCNM, Release 11.0(1)

Version 1.26 Installation Guide for On-Premise Uila Deployment

Using a Virtual Machine for Cisco IPICS on a Cisco UCS C-Series Server

FIRST EXPERIENCE WITH SEAFILE SYNC & SHARE SOLUTION

IOPStor: Storage Made Easy. Key Business Features. Key Business Solutions. IOPStor IOP5BI50T Network Attached Storage (NAS) Page 1 of 5

1.6 March /A. Polycom RealPresence Capture Server - Virtual Edition Getting Started Guide

Microsoft SharePoint Server 2010 on Dell Systems

Compatibility and Support Information Nasuni Corporation Boston, MA

Installing vrealize Network Insight. VMware vrealize Network Insight 3.7

UCS-ABC. Cisco Unified Computing System Accelerated Boot Camp. Length: 5 Days. Format: Lecture/Lab. Course Version: 5.0. Product Version: 2.

Installing vrealize Network Insight. VMware vrealize Network Insight 3.6

Soft Gateway Installation. Velocity

Installing vrealize Network Insight. VMware vrealize Network Insight 3.5

Cisco VDS Service Broker Software Installation Guide for UCS Platforms

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

ISILON SUPPORTABILITY AND COMPATIBILITY GUIDE

Exam Name: VMware Certified Professional on vsphere 5 (Private Beta)

HCP Anywhere. By Storage & Cloud Services. Quick Start Guide Nov 2017 HCP ANYWHERE

System Requirements. System Requirements for Cisco DCNM, Release 10.4(1), page 1. System Requirements for Cisco DCNM, Release 10.

System Requirements for Cisco DCNM, Release 10.4(2)

SnapCenter Software 4.0 Concepts Guide

Next Gen Storage StoreVirtual Alex Wilson Solutions Architect

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Cisco UCS Director Tech Module EMC XtremIO

Installing Cisco CMX in a VMware Virtual Machine

EZ Cloud Reference Material EZ Cloud Type 1: Release 1 Use Cases

Zoptymalizuj Swoje Centrum Danych z Red Hat Virtualization. Jacek Skórzyński Solution Architect/Red Hat

HiveManager NG Virtual Appliance

Installing and Upgrading Cisco Network Registrar Virtual Appliance

On demand People Productivity. Architecture - functional view

Performance issues in Cerm What to check first?

System Design and Trade-offs

Huawei Agile Controller. Agile Controller 1

Vblock Architecture. Andrew Smallridge DC Technology Solutions Architect

Overview of the Self-Service Portal

HPC File Systems and Storage. Irena Johnson University of Notre Dame Center for Research Computing

VMware vcloud Director Evaluator s Guide TECHNICAL WHITE PAPER

What is included with the Office 365 ProPlus subscription license? Office 365 ProPlus for PC (Office 2016 ProPlus base applications)

Introduction to Virtualization

VMware vfabric Data Director Installation Guide

Oracle Virtual Desktop Infrastructure

owncloud Android App Manual

Cisco Virtual Application Container Services 2.0 Lab v1

Preinstallation Requirements Guide

This section discusses the protocols available for volumes on Nasuni Filers.

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Release Notes for Cisco UCS Platform Emulator, Release 3.1(1ePE1)

Wixie Implementation. Tech4Learning, Inc

Version 1.26 Installation Guide for SaaS Uila Deployment

Aledo ISD VMware View Design Reference Implementation. Sr. Systems Engineer Sigma Solutions

NEXGEN N5 PERFORMANCE IN A VIRTUALIZED ENVIRONMENT

School of Computing Science Gitlab Platform - User Notes

VMware vrealize Log Insight Getting Started Guide

VMware vcloud Air User's Guide

Deploying the Cisco Tetration Analytics Virtual

Developing Enterprise Cloud Solutions with Azure

Acronis Backup Advanced Version 11.5 Update 6

VMware vsphere with ESX 4.1 and vcenter 4.1

Cisco Powered Cloud Solutions. Vladimir Joshevski

G/On. G/On is available for Windows, MacOS and Linux (selected distributions).

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Table of Contents DevOps Administrators

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Installing vrealize Network Insight. VMware vrealize Network Insight 3.3

Virtual Appliance Installation Guide

owncloud Android App Manual

SnapCenter Software 4.1 Concepts Guide

Backup Edition Comparison OVERVIEW

Vmware Esx 4.1 Remove Snapshot Stuck At 99

sciebo - die Campus Cloud

VMware vsphere 5.5 Professional Bootcamp

vrealize Network Insight Installation Guide

Red Hat enterprise virtualization 3.0

Booting a Galaxy Instance

Cisco Unified Provisioning Manager 2.2

Operating Systems Concepts

LENS Server Maintenance Guide JZ 2017/07/28

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Hitachi Content Platform Anywhere Deploying an HCP Anywhere VM System

Transcription:

Identity management for the TUB Cloud T. Hildmann, O. Kao, C. Ritter tubit, CIT EUNIS 2013

Agenda The path of the TU Berlin towards integrated service provisioning: Provisioning: Entering the Cloud Role-Management: Authorization IDM & TUB Cloud: Technology Cloud-Storage: owncloud @ TU Berlin Summary: Lessons learned 2

3

Entering the Cloud Provisioning 4

5

TU smart card (student s version) 6

activating the account 7

provisioning for staff members covering letter with employment campus smartcard = staff member identity card students covering letter with matriculation optionally card with or without chip, TAN list, mtan external members of TU Berlin extra-professional lecturer, graduate student studying for a doctorate without employment, foundationer,... user account without smart card (with exceptions) guests pseudonymous accounts for WiFi-usage only no access to personalized TU portal 8

Authorization Role-management 9

Roles, Permissions and Members 10

three layer rbac-model identity organization application 11

12

Technology IDM & tub cloud 13

data-flow: directory services vldap Registration Authority TUBIS Metadir/RBAC LDAP Account Activation User Manageme nt Active Directory Kerberos 14

usage: directory services Typo3 Backend Typo3 Frontend vldap UNIX SSH Mail Moses Moodle... Registration Authority Self-Service Apps Chev CAFM Hard-/Software Portal TUBIS Metadir/RBAC Account Activation LDAP User Manageme nt Exchange Windows Domain WiFi Monitoring vcenter... Active Directory LDAP- Passwords AFS... Kerberos 15

Public & Private Cloud Private Cloud Public Cloud based on VMware ESXi and View all central services (including IDM) running on private cloud mail / exchange typo3 cms storage (AFS / owncloud) campus-management and administration application self-services role-based access to services for university members automatically delegated based on Zimory user authentication based on LDAP prototype for RBAC-integration available 16

UCS technology ( hardware virtualization ) 17

Hardware - basic 1 UCS Chassis 8 x UCS B200 M1 Blades half-size 2x QC Xeon 5540 2.53 GHz 48 GB RAM No HDD boot from SAN 1 Qlogic DualPort CNA 2 x UCS 6120XP Incl. 8 Port FC-Expansion Card VMWare VSphere 4.0 license 18

Hardware-Expansion 2010: 2 chassis 2011: 2 chassis 2 fabric inter connects backup data-center vsphere 5 2012: 2 chassis 19

resources for private cloud Produktiv-Cluster CPU 256 Cores, 602 GHz RAM 2,9 TB SAN 170 TB Hosts 15 VMs 255 Test-Cluster CPU 40 Cores, 79 GHz RAM 384 GB SAN 32 TB Hosts 2 VMs 103 20

Public & Private Cloud Private Cloud Public Cloud based on VMware ESXi and View all central services (including IDM) running on private cloud mail / exchange typo3 cms storage (AFS / owncloud) campus-management and administration application self-services role-based access to services for university members automatically delegated based on Zimory user authentication based on LDAP prototype for RBAC-integration available 21

BCI / Zimory 22

owncloud @ TU Berlin Cloud-Storage 23

storage and sharing @ TUB central storage: Andrew File System (AFS) Quota personal (1 GB for students, 5 GB for staff) for organizational units (250 GB) extensible in 1 TB steps access via AFS-client (Windows, MacOS X, Linux,...) WebAFS SFTP via SSH gateway http://www.user.tu-berlin.de/<nutzername> Subversion (SVN) Sharing: GigaMove using DFN-AAI (shibboleth) 24

growing number Server: very good usability via AFS client module PC/Mac: usability depends on OS system and connectivity Laptop: some issues with client, alternative: WebAFS shrinking usability Tablet: WebAFS only. Bad integration! 25

owncloud @ TUB quota students 10 GB staff members 50 GB organizational units will follow accessibility share WebDAV for stationary devices Sync-Client for Laptops and PCs in remote networks ios / Android-Apps for Smartphones and Tablets Web-GUI for independent access from everywhere sharing of files and folders including corporate work simply using e-mail adresses TU Berlin der TU Berlin 26

27

Summary workflows integrate user provisioning - accounts for all university members RBAC based authorization using self-service user interfaces IDM pulls data from primary sources and pushes to directory services three separated clouds public cloud (user s virtual machines) private cloud (services provided for users and administration) storage cloud (roll-out in March 2013, not mentioned in paper) mobile devices raise the need for cloud services increasing integration in external cloud services needed 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback