Federated Cloud resource providers support

From EGIWiki
Jump to: navigation, search
Overview For users For resource providers Infrastructure status Site-specific configuration Architecture



Contents

Overview

EGI Federated Cloud resource providers are institutions and companies that contribute providing access to their cloud infrastructure via the Federation.

Resource providers are free to use any Cloud Management Framework (OpenNebula, OpenStack, etc...) exposing interfaces compliant with the Federated Cloud Architecture.

At the moment this compliance is guaranteed by the following CMFs:

The IaaS service is extended with:

Optionally, sites can expose a OCCI-compliant interface to provide access to their IaaS features via this standard interface.


If you have any comments on the content of these pages, please contact operations @ egi.eu.

Join the EGI Federated Cloud as resource provider

IaaS providers are very welcome to join the EGI Federated Cloud becoming Resource Centres (RC) and joining the Federated Cloud Task Force to contribute to the design, creation and implementation of the federation.

The steps you should follow to join are:

1. Contact EGI operations team (operations at egi.eu) , expressing interest in joining EGI and providing few details about:

EGI will reply to you providing proper guidance through all the following steps until the RC gets certified.

2. Perform technical integration with EGI, following these two steps (can go in parallel):

Questions and Answers

Do I lose control on who can access my resources if I join federated cloud?

No

EGI uses the concept of Virtual Organisation (VO) to group users. The resource provider has complete control on which VOs wants to allow into the resources and which quotas or restrictions to assign to each VO. In the case of OpenStack, each VO is mapped to a regular OpenStack project that can be managed as any other and are isolated to other projects as you have configured in your system. Although not recommended, you can even restrict the automatic access of users within a VO and manually enable individual members.

How many components do I have to install?

Depending on your cloud management framework and the kind of integration this will vary.

In general, there are components for:

For OpenStack information discovery, accounting and VM Image management components can be run on a single VM that encapsulates them for convenience.

Federated AAI for VOs depending on VOMS requires the installation of the Keystone-VOMS plugin in Keystone, while for newer VOs, ir requires configuration of the Federated Keystone to accept EGI identities. OCCI interface is provided by ooi, which is installed alongside nova-api.

Which components of my private cloud will interact with the federated cloud components?

For OpenStack they are:

How my daily operational activities will change?

For the most part daily operations will not change.

A resource centre part of the EGI Federation, and supporting international communities, needs to provide support through the EGI channels. This means following up GGUS tickets submitted through helpdesk.egi.eu. This includes requests from user communities and tickets triggered by failures detected by the monitoring infrastructure.

A resource centre needs to maintain the services federated in EGI properly configured with the EGI AAI. For VOMS-based access, this means that the IGTF trust anchors CA distribution to enable the X509 authentication have to be updated in a timely manner. Usually a new CA release is available every month.

The resource centre will have to comply with the operational and security requirements. All the EGI policies aim at implementing service provisioning best practices and common requirements. EGI operations may promote campaigns targeted to mitigate security vulnerabilities and to update unsupported operating system and software. These activities are part of the regular activities of a resource centre anyways (also for the non-federated ones). EGI and the Operations Centres coordinate these actions in order to have them implemented in a timely manner.

In summary, most of the site activities that are coordinated by EGI and the NGIs are already part of the work plan of a well-maintained resource centre, the additional task for a site manager is to acknowledge to EGI that the task has been performed.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export