Internet2 Technology Exchange 2018 October, 2018 Kris Steinhoff

Similar documents
TEN LAYERS OF CONTAINER SECURITY

Fixing the "It works on my machine!" Problem with Docker

/ Cloud Computing. Recitation 5 September 26 th, 2017

Geant4 on Azure using Docker containers

EVERYTHING AS CODE A Journey into IT Automation and Standardization. Raphaël Pinson

A curated Domain centric shared Docker registry linked to the Galaxy toolshed

/ Cloud Computing. Recitation 5 February 14th, 2017

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

RENKU - Reproduce, Reuse, Recycle Research. Rok Roškar and the SDSC Renku team

/ Cloud Computing. Recitation 5 September 27 th, 2016

DEPLOYMENT MADE EASY!

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

Using DC/OS for Continuous Delivery

ArcGIS for Server: Administration and Security. Amr Wahba

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

Container in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

5 reasons why choosing Apache Cassandra is planning for a multi-cloud future

The four forces of Cloud Native

Employing HPC DEEP-EST for HEP Data Analysis. Viktor Khristenko (CERN, DEEP-EST), Maria Girone (CERN)

AWS Integration Guide

Allowing Users to Run Services at the OLCF with Kubernetes

Sunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS Mesosphere, Inc. All Rights Reserved.

Unify DevOps and SecOps: Security Without Friction

Continuous integration & continuous delivery. COSC345 Software Engineering

Beyond 1001 Dedicated Data Service Instances

Remote Workflow Enactment using Docker and the Generic Execution Framework in EUDAT

Lessons Learned: Deploying Microservices Software Product in Customer Environments Mark Galpin, Solution Architect, JFrog, Inc.

DevOps in the Cloud A pipeline to heaven?! Robert Cowham BCS CMSG Vice Chair

Investigating Containers for Future Services and User Application Support

CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE

LAB EXERCISE: RedHat OpenShift with Contrail 5.0

The computing architecture for the ISOLPHARM_Ag project. Lisa Zangrando. Lisa Zangrando INFN-PD

Data Ingestion at Scale. Jeffrey Sica

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Table of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2

ACCELERATE APPLICATION DELIVERY WITH OPENSHIFT. Siamak Sadeghianfar Sr Technical Marketing Manager, April 2016

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

HCM Instructions. Tip: Use the Magnifying Glass to search for values. Click the Add button to start a new request. 2/5/16 Page 1 of 8

Implementation of Continuous Integration for Linux Images

GFence Integration. with Aruba ALE Configuration guide

Kuber-what?! Learn about Kubernetes

AGILE DEVELOPMENT AND PAAS USING THE MESOSPHERE DCOS

Kubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA

U-M Network Background Information Network Automation Strategy Network Automation Execution

Social Science Text Analysis with Python (&..)

70-532: Developing Microsoft Azure Solutions

INDIGO-DataCloud Architectural Overview

IBM Bluemix compute capabilities IBM Corporation

BUILDING MICROSERVICES ON AZURE. ~ Vaibhav

USING DOCKER FOR MXCUBE DEVELOPMENT AT MAX IV

XSEDE s Campus Bridging Project Jim Ferguson National Institute for Computational Sciences

Canadian Access Federation: Trust Assertion Document (TAD)

Developing and Testing Java Microservices on Docker. Todd Fasullo Dir. Engineering

Containers. Pablo F. Ordóñez. October 18, 2018

What I ll be talking about. About me & bol.com The CI/CD bol.com Current setup. The future in the cloud

Container Orchestration on Amazon Web Services. Arun

ITBraindumps. Latest IT Braindumps study guide

Continuous Integration using Docker & Jenkins

Build an open hybrid cloud and paint it red and blue

LSST software stack and deployment on other architectures. William O Mullane for Andy Connolly with material from Owen Boberg

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect

Deploying Applications on DC/OS

Multi-Arch Layered Image Build System

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform.

The Materials Data Facility

Microservices and Container Development

MQ High Availability and Disaster Recovery Implementation scenarios

BUILDING A GPU-FOCUSED CI SOLUTION

Ingress Kubernetes Tutorial

Openshift: Key to modern DevOps

Using the Self-Service Portal

INSTALLATION RUNBOOK FOR Iron.io + IronWorker

Microservices with Red Hat. JBoss Fuse

CONTAINERS AND MICROSERVICES WITH CONTRAIL

Cloud Managed Campus, Cloudifying Network Management. Huawei Cloud Managed Campus Solution

Singularity tests at CC-IN2P3 for Atlas

Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)

The ATLAS Software Installation System v2 Alessandro De Salvo Mayuko Kataoka, Arturo Sanchez Pineda,Yuri Smirnov CHEP 2015

DevOps Tooling from AWS

Windocks Technical Backgrounder

SBB. Java User Group 27.9 & Tobias Denzler, Philipp Oser

Developing Kubernetes Services

From development to production

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

Accelerate at DevOps Speed With Openshift v3. Alessandro Vozza & Samuel Terburg Red Hat

Tenant Onboarding. Tenant Onboarding Overview. Tenant Onboarding with Virtual Data Centers

Request Manager User's Guide

SMART CAMPUS, BUILDING AND VENUES

GitLab-CI and Docker Registry

Kuberiter White Paper. Kubernetes. Cloud Provider Comparison Chart. Lawrence Manickam Kuberiter Inc

AWS Reference Design Document

Continuous Integration and Delivery with Spinnaker

Simplify WAN Service Discovery for Mac Users & Eliminate AppleTalk

A DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West

Developing Enterprise Cloud Solutions with Azure

70-532: Developing Microsoft Azure Solutions

AZURE CONTAINER INSTANCES

Microsoft SharePoint Server

Who is Docker and how he can help us? Heino Talvik

Transcription:

Internet2 Technology Exchange 2018 October, 2018 Kris Steinhoff

Goals: An Ethical, Privacy Preserving Platform Enable researchers to ask aggregate questions across multiple data sets in a ethical, privacy-preserving manner. Allow for a privacy and ethics body review to ensure that only appropriate, aggregate questions are asked. Allow researchers to ask aggregate questions across multiple data sets while no researcher has direct access to the data sets. Enable U-M ITS to support such queries in a scalable, effective manner.

Wi-Fi Mobility Data DEVICE LOCATION IDENTITY AP LOCATION MULTIPLE APs TRIANGULATION MAC ADDRESS UNIQUE ID TIME BUILDING SUB- CAMPUS AP NAME ROLE ROOM DEVICE MAC ADDRESS SIGNAL STRENGTH HOME BASE PATH AP DIRECTION COLLISION COHORT GIS GIS GIS GIS GIS DEVICE LOCATION/TIME SERIES (AT REST/IN TRANSIT) GIS GIS GIS GIS GIS CAMPUS GIS (X, Y, Z) GIS

PrivaScope 1.0 Portal

Overview Data Sources People direct query Wifi Researcher... request study Running code Sandbox Database anonymized subset Data Loader schedule code run Enclave Database Privascope Secure Enclave Privascope Infrastructure Running code - Study request - Study approval - Code run scheduling - approval results reviewed before release

Technical Architecture Data Sources People direct query Wifi Researcher... request study Running code Sandbox Database anonymized subset Data Loader schedule code run Enclave Database Privascope Secure Enclave Privascope Infrastructure Running code - Study request - Study approval - Code run scheduling - approval results reviewed before release

Technical Architecture Docker

Technical Architecture Docker Web application written in Django using the django-fsm library to manage workflow. Deployed outside the PrivaScope Enclave, currently in an on-prem OpenShift cluster.

Technical Architecture Docker queueing is handled with the Celery python library using.

Technical Architecture Docker s are run in Docker containers to achieve process isolation.

Horizontal Scaling Kubernetes Cluster HPC VM This architecture allows for horizontal scaling at the processing node level.

Technical Architecture Docker

Workflow 1. 2. 3. 4. 5. 6. Researcher: submits algorithm/code through PrivaScope portal PrivaScope Review Board: reviews privacy protection attributes of the code IF APPROVED PrivaScope staging processing: queues algorithm for execution in secure enclave PrivaScope query engine: runs algorithm in secure enclave PrivaScope Review Board: reviews the output to ensure privacy protection compliance IF APPROVED Output is released to researcher for publishing

Technical Architecture runner Docker submitted Build Run Collect released

Workflow runner Docker submitted Build Run Collect Researcher submits job code and dependencies. released

Workflow runner Docker submitted Build Run Collect Code is reviewed by the PrivaScope team. released

Workflow runner Docker submitted Build Run Collect If, the job is queued for execution. released

Workflow runner Docker submitted Build Run Collect The runner retrieves job from the queue and builds the image in Docker. released

Format Dockerfile (required) analysis.py FROM python3:latest import os from mongo import Connection import pandas as pd RUN mkdir /usr/src/app WORKDIR /usr/src/app wifi = Connection(os.getenv('MONGODB_URL')).wifi COPY. /usr/src/app/ CMD venv/bin/python3 analysis.py df = pd.dataframe(list(wifi.find())) #... analysis df.to_csv('results.csv')

Format Dockerfile (required) analysis.py FROM python3:latest import os from mongo import Connection import pandas as pd RUN mkdir /usr/src/app WORKDIR /usr/src/app wifi = Connection(os.getenv('MONGODB_URL')).wifi COPY. /usr/src/app/ CMD venv/bin/python3 analysis.py df = pd.dataframe(list(wifi.find())) #... analysis df.to_csv('results.csv') The Dockerfile is used by PrivaScope to create a Docker image.

Format Dockerfile (required) analysis.py FROM python3:latest import os from mongo import Connection import pandas as pd RUN mkdir /usr/src/app WORKDIR /usr/src/app wifi = Connection(os.getenv('MONGODB_URL')).wifi COPY. /usr/src/app/ CMD venv/bin/python3 analysis.py df = pd.dataframe(list(wifi.find())) #... analysis df.to_csv('results.csv') The researcher can include dependencies with their job to support their analysis code.

Format Dockerfile (required) analysis.py FROM python3:latest import os from mongo import Connection import pandas as pd RUN mkdir /usr/src/app WORKDIR /usr/src/app wifi = Connection(os.getenv('MONGODB_URL')).wifi COPY. /usr/src/app/ CMD venv/bin/python3 analysis.py df = pd.dataframe(list(wifi.find())) #... analysis df.to_csv('results.csv') PrivaScope will populate several variables into the environment of the running container to allow the analysis code to connect to data in the enclave.

Format Dockerfile (required) analysis.py FROM python3:latest import os from mongo import Connection import pandas as pd RUN mkdir /usr/src/app WORKDIR /usr/src/app wifi = Connection(os.getenv('MONGODB_URL')).wifi COPY. /usr/src/app/ CMD venv/bin/python3 analysis.py df = pd.dataframe(list(wifi.find())) #... analysis df.to_csv('/srv/data/results.csv') The analysis code can output results to a standard location which will be collected by PrivaScope for review.

Workflow runner Docker submitted Build Run Collect The job is run in a Docker container. The container not given any network access outside the PrivaScope enclave. released

Workflow runner Docker submitted Build Run Collect The job results are returned to the web application workflow. released

Workflow runner Docker submitted Build Run Collect The results are reviewed by the PrivaScope team to ensure that they only contain aggregate results. released

Workflow runner Docker submitted Build Run Collect If, the results are made available to the researcher. released

Future Plans Refine PrivaScope 1.0 workflows and administration. Integration with Git (GitLab merge requests and/or CI/CD). Our goal for PrivaScope 2.0 is to build an API that allows users to query arbitrarily and have the API enforce privacy preservation.

Questions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback