1 / 39

Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortium

Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortiums…). Dean Flanders FMI / SystemsX VAMP / FIM4R in Helsinki Sept. 30 th , 2013 . Overview. Overview About SystemsX Problem / Proposed Solution

wesley
Download Presentation

Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortium

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-tenant Resource Management for Instruments, Applications, and Services(The evolution of infrastructure consortiums…) Dean Flanders FMI / SystemsX VAMP / FIM4R in Helsinki Sept. 30th, 2013

  2. Overview • Overview • About SystemsX • Problem / Proposed Solution • Resource Management @ FMI • Multi-Institutional / Community Resource Sharing Tool • Azure AD Collaboration with Microsoft • Summary

  3. We live in a brave new world...

  4. Mission«SystemsX.ch is determined to become a world-leading initiative in quantitative Systems Biology.» • SystemsX.ch is open to any Swiss university or research institution. • http://www.systemsx.ch

  5. Some Numbers and Facts... • 1000 scientists • 200 research groups • 11 universities and research institutes • Work together inter-disciplinarily

  6. Obstacle • Problem – Current FIM possibilities are not meeting the needs of researchers, and this problem becomes more critical as more pressure is given to share resources and to collaborate across disciplines, as well as with industry. • Solution – A robust inter-institutional self-federation and rights management approach is needed. In this way all users and resource providers can easily participatein resource sharing and collaborations.

  7. These are shared resources... Enabling science/education as a service!

  8. Why share resources in research? • Increasing complexity of the tools required to perform research puts more pressure on hardware and people resources. • Increased competitive pressure forces greater efficiency. • No one institution can house all of different types of resources their researchers need. • Under utilization of resources. • Lack of expertise to operate complex systems causes the need for better cooperation between institutions.

  9. Unmet needs of current federations • Lots of very basic problems are not easily solvable by current academic federations, e.g. existing institutional security groups cannot be easily seen within or across federations. • Many challenges can also be faced with current academic federations, such as bringing in new federation members and new users can be difficult, heterogeneous national solutions.

  10. Problem Analysis 1000’s of Users 1000’s of Resources Huge Collection of: Entitled users & rights to use Researchers Companies Students Access rights & Reservations How to ensure that the right people will the right access?

  11. High Level Solution = IDMaaS / Rights Management ResearchNet Resource Allocation User group Formation Self Service Projects & Communities Management Self Service Resource Selection Owners’ Approval or Automated allocation Institutions’ Resources Institutions’ Users Individuals Active Directories synchronize User & Resource Collection Infrastructure Publish & Provision Self Service Social ID Δ + Δ + Usage Δ + Single Sign On Overview Log on with own ID Leader Self Service

  12. What resources do we have in mind? • Instruments • Meeting rooms • Clusters • Sample analysis • Software • Bikes • Etc.

  13. Resource Sharing at the FMI...

  14. Resource Overview Resource Management @ FMI

  15. Resource Request

  16. Resource Assigment Interface

  17. Reservation Request Resource Management @ FMI

  18. Resource Review (Results reviewed periodically to ensure correct use.)

  19. Expert List (We have now also integrated this approach also into web based applications.)

  20. Misuse Reporting Resource Management @ FMI

  21. New Multi-tenant Cloud Version • Free for everyone (commercial and academic users) • Cloud hosted • Multi-institutional • Multi-community • Fully self-service (institutions, communities, research groups, users, providers) • New resource types: app store, work orders, store • Designed the system to facilitate national / international resource sharing. • Designed the system to facilitate business development and startups, as well as large companies. Essential for inter-institutional collaborations and resource sharing. Multi-Institutional / Community Resource Sharing

  22. System Design: • One common platform shared by participating institutions (there can be many of these shared platforms). • Exposes resources across institutions and facilitate sharing of resources & expertise. • Provides Controls to prevent misuse and insight to optimize usage. It must be: • Simple to use (we cannot train 1000’s of users) and appealing (users must love it!) • Self-service driven (administrative interference would cause a new bureaucracy) • Pervasive use (right to use encompasses access to resources or information, as well as reservations to use resources) • No impediments to start using the platform (just get started) • Integrated authentication (SSO to minimize helpdesk support) Multi-Institutional / Community Resource Sharing

  23. Federation with ETH over Auth0 / Azure AD Resource Management ADFS (IdP) Auth0 / Azure AD ADFS (IdP) Claim Rules Engine Social (IdP) Webapp / Instrument / Service (SP) Multi-Institutional / Community Resource Sharing

  24. Enrollment non-integrated integrated Institutional email verification Multi-Institutional / Community Resource Sharing

  25. Resulting Claims for Integrated User

  26. Scheduler Multi-Institutional / Community Resource Sharing

  27. Applications Multi-Institutional / Community Resource Sharing

  28. Services Multi-Institutional / Community Resource Sharing

  29. Directories Multi-Institutional / Community Resource Sharing

  30. Setting up a Resource Provider Multi-Institutional / Community Resource Sharing

  31. Resource Rights Management Multi-Institutional / Community Resource Sharing

  32. IDMaaS to provision SaaS on IaaS Multi-Institutional / Community Resource Sharing

  33. Windows Azure Active Directory: The Vision A modern, cloud based identity management service providing federation, directory services, device registration, user provisioning, application access control & data protection. A natural extension to your on premise directory, the combination of Windows Server AD and Windows Azure AD let’s you secure today’s hybrid enterprise. On-premises and cloud Active Directory managed as one Consistent identities for on-prem and cloud applications. Easy user experience with single sign on 3rd party apps Microsoft’s Cloud Apps in Azure Windows Azure Active Directory Windows Server Active Directory Keith Brintzenhofe - Group Program Manager | Windows Azure Active Directory Identity & Access Management Azure AD Collaboration with Microsoft

  34. Windows Azure Active Directory and the Hybrid Enterprise - Today Other Directories On-premises and private cloud Active Directory AD DS , ADFS, FIM Microsoft Apps Windows Azure Active Directory Third Party Apps Your Apps Self-Service Identity Management Other apps HR sources Microsoft Account Keith Brintzenhofe - Group Program Manager | Windows Azure Active Directory Identity & Access Management Azure AD Collaboration with Microsoft

  35. Identity & Access Management Scenarios Instant productivity with SaaS applications Access from any device, anywhere Connecting and collaborating with partners & customers Rapidly develop and deploy new enterprise capabilities Security monitoring and alerting for cloud services Keith Brintzenhofe - Group Program Manager | Windows Azure Active Directory Identity & Access Management Azure AD Collaboration with Microsoft

  36. Azure AD Benefits • It is free. • We are all Microsoft customers anyway…. • Many institutions use AD already and Microsoft has a vision of “one AD” in terms of cloud and on-premise integration. • Ready made integration into soon to be hundreds of existing cloud services. • Multi-factor capabilities. • Many possible federation partners. • Azure is a robust multi-national infrastructure. Azure AD Collaboration

  37. Azure AD Testing Plan • Work within a collaborative team interested in investigating Azure AD as a possible part of the FIM puzzle. • Map and test use cases. • Define a roadmap with Microsoft which has an open flexible architecture for Azure AD usage. • Define action items for Microsoft (e.g. improve SAML interoperability, tighter social identity integration). • If you have ideas, issues, or complaints about Azure AD feel free to join the collaboration, . Azure AD Collaboration

  38. Summary • The lack of good FIM solutions in academia is one of the biggest technical impediments to research and education currently. • We need to take a Zendesk like approach to resource providers so they are empowered to share resources. FIM is crucial for this. • We need to look at research groups as if they were their own small company, and stop focusing on the national and institutional level. • There are simple approaches to federation that can be used to meet the needs of researchers and research communities. • The self-federation concept is vital to an all inclusive federation necessary for research. • A platform such as Azure AD can play an important role in an effort to improve FIMfor research. Summary

More Related