contrail security open computing infrastructures for elastic services
Download
Skip this Video
Download Presentation
CONTRAIL Security Open Computing Infrastructures for Elastic Services

Loading in 2 Seconds...

play fullscreen
1 / 14

CONTRAIL Security Open Computing Infrastructures for Elastic Services - PowerPoint PPT Presentation


  • 127 Views
  • Uploaded on

CONTRAIL Security Open Computing Infrastructures for Elastic Services. Call FP7-ICT-2009-5 Proposal Number FP7-257438. Dr Jens Jensen jens.jensen.at.stfc.ac.uk STFC e-Science Centre, Oct 2010. CONTRAIL project - background. EU funded “Internet of Services” programme Three year project

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' CONTRAIL Security Open Computing Infrastructures for Elastic Services' - rowdy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
contrail security open computing infrastructures for elastic services

CONTRAIL SecurityOpen Computing Infrastructures for Elastic Services

Call FP7-ICT-2009-5

Proposal Number FP7-257438

Dr Jens Jensen

jens.jensen.at.stfc.ac.uk

STFC e-Science Centre, Oct 2010

contrail project background
CONTRAIL project - background
  • EU funded
    • “Internet of Services” programme
    • Three year project
    • Started 01 Oct 2010
  • Goals:
    • Open Source PaaS and IaaS
      • Workflow, MapReduce,
    • Federation: flexible provider/consumer boundaries
contrail partners

Netherlands

Genias

VUA

Slovenia

XLAB

UK

Constellation Tech

STFC

CONTRAIL partners
  • France:
    • INRIA – Lead
    • Edge-IT
  • Germany
    • ZIB
  • Italy
    • CNR
    • HP Italy
    • Tiscali
main innovations and contributions
Main Innovations and Contributions
  • Enhanced platform scalability, performance and security
    • Complete software stack for IaaS
    • Scalable fault-tolerant storage for Clouds
    • Self-optimizing, self-healing properties
    • Secure private network
  • QoS integrated within infrastructure (storage, network, VMs)
  • Efficiency through vertical integration of PaaS and IaaS
    • e.g. Map/Reduce on GAFS file system
  • Seamless integration of (external) user resources
  • European, Open approach to Cloud Federation
      • Federations as an evolving market for IaaS
      • Contribute to the standardization process

4

contrail subprojects and partners

STFC

TISC

CNR

CONTRAIL Subprojects and Partners

INRIA

INRIA

GENIAS

TISC

CONST

EDGE

TISC

HP-IIC

ZIB

VUA

STFC

VUA

CNR

INRIA

STFC

HP-IIC

ZIB

CONST

INRIA

XLAB

contrail output iaas
Contrail Output: IaaS
  • Cloud Buzzword: PaaS, IaaS, (DaaS)
  • Network: VIN – Virtual Infrastructure Networks
  • Virtualisation:
    • Hardware (Xen, KVM,…)
    • Process (OpenVZ, chroot) – sort of like pilot jobs
    • Booting images
  • Storage:
    • Global Autonomous File System (GAFS)
    • Built on XtreemFS
    • “Open Source cloud storage not cloudy” – lack elasticity
contrail output paas
Contrail Output: PaaS
  • Structured data services
    • Eg databases
    • Distributed Key/Value store
  • Runtime environments
    • MapReduce
    • Dynamic allocation of resources
      • “Independent services scale differently”
  • “Tightly coupled stack”
    • “Increase performance and integration”
contrail security
CONTRAIL Security
  • Security Work package
    • Lead: STFC
    • Main collaborators: INRIA, XLAB, CNR
    • Minor collaborators: Tiscali, HP, EDGE-IT
  • Use of formal methods
    • verify architecture and implementation
    • Cf. B, Z, Event-B
    • Learning from other EU-funded projects such as DEPLOY
  • Accounting
  • SLAs
    • QoS – Quality of Service
    • QoP – Quality of Protection
contrail security loose ends
CONTRAIL – Security Loose Ends
  • Role of security in federation
    • Managing policies and resource sharing
  • Authentication
    • Planned to use XtreemOS (X.509 sans GSI)
    • Also compare RESERVOIR (also X.509 but non-IGTF currently)
  • QoS is also security
    • Eg availability
  • QoP is security
    • Eg integrity
    • Securing (virtual) networks
    • Securing VM images
contrail security loose ends1
CONTRAIL – Security Loose Ends
  • Does “traditional” security apply to clouds
  • Understand and mitigate risks
    • Users and trust
    • Cf CSA threats
    • Moving data outside trusted boundary
    • Legal issues with moving data
  • Security of VM images
    • Cf. current work from HEPiX, JSPG, JSPG++
service provider ddos
Service Provider – DDoS
  • RESERVOIR: “DDoS is greatest risk”
    • Methods for dealing with attack
  • Compare scaling existing services
    • “Cloud bursting”
    • Risk of billing user
  • However, most “attacks” we see are “unintentional”
    • Neither malicious, nor needing scaling
    • Dodgy scientist code
    • Users who don’t understand pitfalls of dist’d comp
contrail standards
CONTRAIL - Standards
  • Recognise OCCI as the “most promising”
    • Did not consider CDMI (not available when proposal was written)
  • Commitment to standardisation
    • Not clear what, yet
    • Need to aim up-front, though
  • Need to liaise/collaborate with EGI and EMI?
  • SLAs from [email protected] and others
    • Not standardised
    • “Can standardise underlying model”
  • “Concertation”proposed standards bodies
    • ETSI, W3C, OASIS, OGF, OMG
contrail use cases
CONTRAIL – Use Cases
  • Distributed Provision of Geo-Referenced Data
    • Tourist data on digital globe
  • Multimedia Processing Service Marketplace
    • Content provider, licences
  • Clouds for High Performance Real-Time Data Analysis
    • Analysis of beamline data, fitting models
  • Large Scale Code Analysis
    • doc4.mandriva.org
  • High Throughput Electronic Drug Discovery
    • Pharma use cases, genomics, NGS
more information
More information
  • http://www.contrail-project.eu/
  • jens.jensen.at.stfc.ac.uk
ad