Presentation on theme: "Sponsored by the National Science Foundation Strategies for Cyber-Infrastructure Integration Marshall Brinn, GPO Brecht Vermeulen, iMinds GEC22: March."— Presentation transcript:
Sponsored by the National Science Foundation Strategies for Cyber-Infrastructure Integration Marshall Brinn, GPO Brecht Vermeulen, iMinds GEC22: March 24, 2015
Sponsored by the National Science Foundation2 Outline Introduction Speakers Open Discussion, Q&A
Sponsored by the National Science Foundation3 Introduction This GEC presents the capabilities of a wide range of cyber-infrastructure (CI) services and resources including: –Individual resources (computation, network, storage) –CI Resource Test-beds –Cloud Servers –“Meta-cloud” Servers In this session, we hope to review lessons-learned and best practices around enabling integration across these platforms and resources/services provided by these platforms.
Sponsored by the National Science Foundation4 Platform Design Trade-offs Each CI platform is designed to position itself somewhere in might be termed the “Convenience vs. Confidence” trade-off space –Convenience: How easy is it for providers to maintain the systems including security, accountability How easy is it for consumers to gain access to resources –Confidence: How sure is the resource provider that no harm will come to these resources by letting people use them? How sure are the resource consumers that they will receive reliable, secure computing/networking environments? This trade-off space is a critical feature of a platform: Too much convenience may make it too unreliable for anyone to want to use Too much confidence may make it too difficult for anyone to be able to use
Sponsored by the National Science Foundation5 The Challenge of CI Integration Lots of care has gone into these design decisions –There are many platforms, many represented in this room, that provide both convenience and confidence to resource providers and consumers. In recent years, there has been a marked increase in the desire to build topologies or services requiring collaboration/integration across such platforms I contend that less time and care has gone into assessing the convenience/confidence trade-offs in these CI integration scenarios. Yet as the demand for integration grows, the criticality of these design issues grows as well.
Sponsored by the National Science Foundation6 CI Integration at Two Levels Control Framework Level –Supporting common sense of identity for AuthN, policies for AuthZ, Accountability for forensics –Adopting common (or compatible) APIs for provisioning and managing resources Allocated Resource Level –Allow separately allocated resources (in different ‘slices’ from different CI platforms) to interoperate
Sponsored by the National Science Foundation7 Some Models for CI Integration: Platforms Federation: One common (very strong) approach is to establish formal trust relationships (sharing trust roots, negotiating policies) between CI authorities. Tools: Building tools to speak to different platforms and give the appearance of seamless interoperation Ad-hoc AuthN interfaces. Setting up specific point-to-point interfaces to pass along required identity/credential information between otherwise incompatible systems. (E.g. OAuth, OpenID)
Sponsored by the National Science Foundation8 Some Models for CI Integration: Resources Software-defined Exchange (SDX): Placing explicit exchange points (with storage, computation, network control) between one or more entities Ad-hoc Connectivity: Setting up links between separate slices (e.g. public IP, Stitch Points, Shared VLANs)
Sponsored by the National Science Foundation9 Questions for Discussion How do you maintain control, while providing access, in the context of integrating with other systems? What are your experiences with these convenience/confidence trade-offs and how have you addressed these challenges? What are your requirements before supporting integration? Do you care about integration between the allocated resources? Or is that beyond the scope of your design interest?
Sponsored by the National Science Foundation10 Speakers Brecht Vermeulen, iMinds Rob Ricci, CloudLab Kate Keahey, Chameleon Vinod Mishara, ARL Michiaki Hayashi, KDDI R&D Labs Plus (informally)… –Anita Nikolich, NSF ACI –Representatives of the GLIF and GRID communities