Contrail security open computing infrastructures for elastic services
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

CONTRAIL Security Open Computing Infrastructures for Elastic Services PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on
  • Presentation posted in: General

CONTRAIL Security Open Computing Infrastructures for Elastic Services. Call FP7-ICT-2009-5 Proposal Number FP7-257438. Dr Jens Jensen jens.jensen.at.stfc.ac.uk STFC e-Science Centre, Oct 2010. CONTRAIL project - background. EU funded “Internet of Services” programme Three year project

Download Presentation

CONTRAIL Security Open Computing Infrastructures for Elastic Services

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Contrail security open computing infrastructures for elastic services

CONTRAIL SecurityOpen Computing Infrastructures for Elastic Services

Call FP7-ICT-2009-5

Proposal Number FP7-257438

Dr Jens Jensen

jens.jensen.at.stfc.ac.uk

STFC e-Science Centre, Oct 2010


Contrail project background

CONTRAIL project - background

  • EU funded

    • “Internet of Services” programme

    • Three year project

    • Started 01 Oct 2010

  • Goals:

    • Open Source PaaS and IaaS

      • Workflow, MapReduce,

    • Federation: flexible provider/consumer boundaries


Contrail partners

Netherlands

Genias

VUA

Slovenia

XLAB

UK

Constellation Tech

STFC

CONTRAIL partners

  • France:

    • INRIA – Lead

    • Edge-IT

  • Germany

    • ZIB

  • Italy

    • CNR

    • HP Italy

    • Tiscali


Main innovations and contributions

Main Innovations and Contributions

  • Enhanced platform scalability, performance and security

    • Complete software stack for IaaS

    • Scalable fault-tolerant storage for Clouds

    • Self-optimizing, self-healing properties

    • Secure private network

  • QoS integrated within infrastructure (storage, network, VMs)

  • Efficiency through vertical integration of PaaS and IaaS

    • e.g. Map/Reduce on GAFS file system

  • Seamless integration of (external) user resources

  • European, Open approach to Cloud Federation

    • Federations as an evolving market for IaaS

    • Contribute to the standardization process

4


Contrail subprojects and partners

STFC

TISC

CNR

CONTRAIL Subprojects and Partners

INRIA

INRIA

GENIAS

TISC

CONST

EDGE

TISC

HP-IIC

ZIB

VUA

STFC

VUA

CNR

INRIA

STFC

HP-IIC

ZIB

CONST

INRIA

XLAB


Contrail output iaas

Contrail Output: IaaS

  • Cloud Buzzword: PaaS, IaaS, (DaaS)

  • Network: VIN – Virtual Infrastructure Networks

  • Virtualisation:

    • Hardware (Xen, KVM,…)

    • Process (OpenVZ, chroot) – sort of like pilot jobs

    • Booting images

  • Storage:

    • Global Autonomous File System (GAFS)

    • Built on XtreemFS

    • “Open Source cloud storage not cloudy” – lack elasticity


Contrail output paas

Contrail Output: PaaS

  • Structured data services

    • Eg databases

    • Distributed Key/Value store

  • Runtime environments

    • MapReduce

    • Dynamic allocation of resources

      • “Independent services scale differently”

  • “Tightly coupled stack”

    • “Increase performance and integration”


Contrail security

CONTRAIL Security

  • Security Work package

    • Lead: STFC

    • Main collaborators: INRIA, XLAB, CNR

    • Minor collaborators: Tiscali, HP, EDGE-IT

  • Use of formal methods

    • verify architecture and implementation

    • Cf. B, Z, Event-B

    • Learning from other EU-funded projects such as DEPLOY

  • Accounting

  • SLAs

    • QoS – Quality of Service

    • QoP – Quality of Protection


Contrail security loose ends

CONTRAIL – Security Loose Ends

  • Role of security in federation

    • Managing policies and resource sharing

  • Authentication

    • Planned to use XtreemOS (X.509 sans GSI)

    • Also compare RESERVOIR (also X.509 but non-IGTF currently)

  • QoS is also security

    • Eg availability

  • QoP is security

    • Eg integrity

    • Securing (virtual) networks

    • Securing VM images


Contrail security loose ends1

CONTRAIL – Security Loose Ends

  • Does “traditional” security apply to clouds

  • Understand and mitigate risks

    • Users and trust

    • Cf CSA threats

    • Moving data outside trusted boundary

    • Legal issues with moving data

  • Security of VM images

    • Cf. current work from HEPiX, JSPG, JSPG++


Service provider ddos

Service Provider – DDoS

  • RESERVOIR: “DDoS is greatest risk”

    • Methods for dealing with attack

  • Compare scaling existing services

    • “Cloud bursting”

    • Risk of billing user

  • However, most “attacks” we see are “unintentional”

    • Neither malicious, nor needing scaling

    • Dodgy scientist code

    • Users who don’t understand pitfalls of dist’d comp


Contrail standards

CONTRAIL - Standards

  • Recognise OCCI as the “most promising”

    • Did not consider CDMI (not available when proposal was written)

  • Commitment to standardisation

    • Not clear what, yet

    • Need to aim up-front, though

  • Need to liaise/collaborate with EGI and EMI?

  • SLAs from [email protected] and others

    • Not standardised

    • “Can standardise underlying model”

  • “Concertation”proposed standards bodies

    • ETSI, W3C, OASIS, OGF, OMG


Contrail use cases

CONTRAIL – Use Cases

  • Distributed Provision of Geo-Referenced Data

    • Tourist data on digital globe

  • Multimedia Processing Service Marketplace

    • Content provider, licences

  • Clouds for High Performance Real-Time Data Analysis

    • Analysis of beamline data, fitting models

  • Large Scale Code Analysis

    • doc4.mandriva.org

  • High Throughput Electronic Drug Discovery

    • Pharma use cases, genomics, NGS


More information

More information

  • http://www.contrail-project.eu/

  • jens.jensen.at.stfc.ac.uk


  • Login