Federated Cloud resource providers support
|Overview||For users||For resource providers||Infrastructure status||Site-specific configuration||Architecture|
EGI Federated Cloud resource providers are institutions and companies that contribute to the FedCloud providing access to their cloud infrastructure via the Federation.
Resource providers are free to use any Cloud Management Framework (OpenNebula, OpenStack, etc...) exposing interfaces compliant with the Federated Cloud Architecture.
At the moment this compliance is guaranteed by the following CMFs:
They all are able to exploit the following features:
- Federated AAI
- Information Discovery
- VM Image Management
If you have any comments on the content of these pages, please contact operations @ egi.eu.
Join the EGI Federated Cloud as resource provider
Research institutions and companies are very welcome to join the EGI Federated Cloud as resource providers becoming Resource Centres (RC), and to get members of the Federated Cloud Task Force, contributing directly to the design, the creation and the implementation of the clouds federation.
The steps you will follow to join as RP are:
1. first contact with EGI; you can contact the EGI operations team (operations at egi.eu), expressing interest in joining EGI as a RP, and providing few details about
- the projects you are involved in
- the user communities you want to support (a.k.a. Virtual Organisations, VO)
- the technologies (Cloud Management Framework) you want to provide (see the Federated Cloud Architecture for more details)
- the services you would like to support (virtual machine management, storage...)
- details on the current status of your deployment (to be installed or already installed, already used or not, how it is used, who uses the services...)
EGI will reply to you providing proper guidance through all the following steps until the RP gets certified.
2. start the integration with the EGI infrastructure, with the help of the EGI operations team; to do this, the RP administrators will follow the two steps below, which can go in parallel.
- the EGI Cloud RP Installation Manual, installing and configuring the necessary connectors on top of the CMF, to get integrated into the EGI infrastructure
- the Resource Centre Registration and Certification procedure, providing the steps to register and certify the RP. In particular, the registration makes the EGI infrastructure aware of the new resources you offer, while the certification takes care of validating the registration itself and testing the behaviour of the services. In the context of the registration, you will become part of a Resource Infrastructure such as a National Grid Initiative (NGI), an EIRO, or a multi-country Resource Infrastructure.
Questions and Answers
Do I lose control on who can access my resources if I join federated cloud?
EGI uses the concept of Virtual Organisation (VO) to group users. The resource provider has complete control on which VOs wants to allow into the resources and which quotas or restrictions to assign to each VO. In the case of OpenStack, each VO is mapped to a regular OpenStack project that can be managed as any other and are isolated to other projects as you have configured in your system. Although not recommended, you can even restrict the automatic access of users within a VO and manually enable individual members.
How many components do I have to install?
Depending on your cloud management framework and the kind of integration this will vary.
In general, there are components for:
- Federated AAI
- Information Discovery
- VM Image Management, and
- OCCI interface
For OpenStack information discovery, accounting and VM Image management components can be run on a single VM that encapsulates them for convenience. Federated AAI requires installation of a plugin in Keystone, and OCCI interface is provided by ooi, which is installed alongside nova-api.
Which components of my private cloud will interact with the federated cloud components?
For OpenStack they are:
- Ceilometer (optional)
How my daily operational activities will change?
For the most part daily operations will not change.
A resource centre part of the EGI Federation, and supporting international communities, needs to provide support through the EGI channels. This means following up GGUS tickets submitted through helpdesk.egi.eu. This includes requests from user communities and tickets triggered by failures detected by the monitoring infrastructure.
A resource centre needs to maintain the services federated in EGI properly configured with the EGI AAI, this means that the IGTF trust anchors CA distribution to enable the X509 authentication have to be updated in a timely manner. Usually a new CA release is available every month.
The resource centre will have to comply with the operational and security requirements. All the EGI campaigns aim at implementing service provisioning best practices and common requirments. Mitigate security vulnerabilities, and update unsupported operating system and software are part of the activities of a resource centre anyways (also for the non-federated ones), EGI and the Operations Centres coordinate these activities in order to have them implemented in a timely manner.
In summary, most of the site activities that are coordinated by EGI and the NGIs are already part of the work plan of a well-maintained resource centre, the additional task for a site manager is to acknowledge to EGI that the task has been performed.