Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Federated Cloud resource providers support"

From EGIWiki
Jump to navigation Jump to search
Line 4: Line 4:
== Overview  ==
== Overview  ==


EGI Federated Cloud resource providers are institutions and companies that contribute to the FedCloud ''providing access to their cloud infrastructure via the Federation''.  
EGI Federated Cloud resource providers are institutions and companies that contribute ''providing access to their cloud infrastructure via the Federation''.


Resource providers are free to use any '''Cloud Management Framework''' (OpenNebula, OpenStack, etc...) exposing interfaces compliant with the [[Federated_Cloud_Architecture|Federated Cloud Architecture]].  
Resource providers are free to use any '''Cloud Management Framework''' (OpenNebula, OpenStack, etc...) exposing interfaces compliant with the [[Federated_Cloud_Architecture|Federated Cloud Architecture]].  


At the moment this compliance is guaranteed by the following CMFs:  
At the moment this compliance is guaranteed by the following CMFs:  
* OpenStack (with/without OCCI)
* OpenNebula with OCCI
* Synnefo with OCCI


* OpenStack
The IaaS service is extended with:
* OpenNebula
* Federated AAI, so federated users can access and use your services
* Synnefo
* Accounting, to expose usage information to the central EGI accounting database
* VM Image Management, to enable VM images from the supported communities to be replicated at the sites automatically
* Information Discovery, to expose information about the available resources


They all are able to exploit the following '''features''':
Optionally, sites can expose a OCCI-compliant interface to provide access to their IaaS features via this standard interface.


* Federated AAI
* Information Discovery
* Monitoring
* Accounting
* VM Image Management
* OCCI


If you have any comments on the content of these pages, please contact '''operations @ egi.eu'''.
If you have any comments on the content of these pages, please contact '''operations @ egi.eu'''.

Revision as of 11:27, 19 April 2018

Overview For users For resource providers Infrastructure status Site-specific configuration Architecture



Overview

EGI Federated Cloud resource providers are institutions and companies that contribute providing access to their cloud infrastructure via the Federation.

Resource providers are free to use any Cloud Management Framework (OpenNebula, OpenStack, etc...) exposing interfaces compliant with the Federated Cloud Architecture.

At the moment this compliance is guaranteed by the following CMFs:

  • OpenStack (with/without OCCI)
  • OpenNebula with OCCI
  • Synnefo with OCCI

The IaaS service is extended with:

  • Federated AAI, so federated users can access and use your services
  • Accounting, to expose usage information to the central EGI accounting database
  • VM Image Management, to enable VM images from the supported communities to be replicated at the sites automatically
  • Information Discovery, to expose information about the available resources

Optionally, sites can expose a OCCI-compliant interface to provide access to their IaaS features via this standard interface.


If you have any comments on the content of these pages, please contact operations @ egi.eu.

Join the EGI Federated Cloud as resource provider

Research institutions and companies are very welcome to join the EGI Federated Cloud as resource providers becoming Resource Centres (RC), and to get members of the Federated Cloud Task Force, contributing directly to the design, the creation and the implementation of the clouds federation.

The steps you will follow to join as RP are:

1. first contact with EGI; you can contact the EGI operations team (operations at egi.eu), expressing interest in joining EGI as a RP, and providing few details about

  • the projects you are involved in
  • the user communities you want to support (a.k.a. Virtual Organisations, VO)
  • the technologies (Cloud Management Framework) you want to provide (see the Federated Cloud Architecture for more details)
  • the services you would like to support (virtual machine management, storage...)
  • details on the current status of your deployment (to be installed or already installed, already used or not, how it is used, who uses the services...)

EGI will reply to you providing proper guidance through all the following steps until the RP gets certified.

2. start the integration with the EGI infrastructure, with the help of the EGI operations team; to do this, the RP administrators will follow the two steps below, which can go in parallel.

  • the EGI Cloud RP Installation Manual, installing and configuring the necessary connectors on top of the CMF, to get integrated into the EGI infrastructure
  • the Resource Centre Registration and Certification procedure, providing the steps to register and certify the RP. In particular, the registration makes the EGI infrastructure aware of the new resources you offer, while the certification takes care of validating the registration itself and testing the behaviour of the services. In the context of the registration, you will become part of a Resource Infrastructure such as a National Grid Initiative (NGI), an EIRO, or a multi-country Resource Infrastructure.

Questions and Answers

Do I lose control on who can access my resources if I join federated cloud?

No

EGI uses the concept of Virtual Organisation (VO) to group users. The resource provider has complete control on which VOs wants to allow into the resources and which quotas or restrictions to assign to each VO. In the case of OpenStack, each VO is mapped to a regular OpenStack project that can be managed as any other and are isolated to other projects as you have configured in your system. Although not recommended, you can even restrict the automatic access of users within a VO and manually enable individual members.

How many components do I have to install?

Depending on your cloud management framework and the kind of integration this will vary.

In general, there are components for:

  • Federated AAI
  • Information Discovery
  • Accounting
  • VM Image Management, and
  • OCCI interface

For OpenStack information discovery, accounting and VM Image management components can be run on a single VM that encapsulates them for convenience. Federated AAI requires installation of a plugin in Keystone, and OCCI interface is provided by ooi, which is installed alongside nova-api.

Which components of my private cloud will interact with the federated cloud components?

For OpenStack they are:

  • Keystone
  • Nova
  • Ceilometer (optional)
  • Glance

How my daily operational activities will change?

For the most part daily operations will not change.

A resource centre part of the EGI Federation, and supporting international communities, needs to provide support through the EGI channels. This means following up GGUS tickets submitted through helpdesk.egi.eu. This includes requests from user communities and tickets triggered by failures detected by the monitoring infrastructure.

A resource centre needs to maintain the services federated in EGI properly configured with the EGI AAI, this means that the IGTF trust anchors CA distribution to enable the X509 authentication have to be updated in a timely manner. Usually a new CA release is available every month.

The resource centre will have to comply with the operational and security requirements. All the EGI campaigns aim at implementing service provisioning best practices and common requirments. Mitigate security vulnerabilities, and update unsupported operating system and software are part of the activities of a resource centre anyways (also for the non-federated ones), EGI and the Operations Centres coordinate these activities in order to have them implemented in a timely manner.

In summary, most of the site activities that are coordinated by EGI and the NGIs are already part of the work plan of a well-maintained resource centre, the additional task for a site manager is to acknowledge to EGI that the task has been performed.