Scalr[1]
Scalr User Hierarchy
At Hokkaido University, we are developing a prototype web-based single sign-on inter-cloud
management portal called the Simple Heterogeneous INter-CLoud Manager (SHINCLOM).
Our objective is to give users the ability to easily configure and launch VPCs, HPC clusters,
and autonomic applications and services across disparate clouds. We employ a model-based
approach in which the management functions requirements of the project are mapped to the
layers of a proposed autonomic model and implemented using Free Open Source Software
(FOSS).
Management Functions Requirements
1. Coordinated Authentication: Actualize Single Sign-On (SSO), issue API keys for web
services, and coordinate reserved resources authentication information.
2. Users and Groups: Ability to automate user registration and access, and to coordinate
resource access and utilization by groups.
3. Resource Utilization: Ability to list available resources by site, in detail, with minimal
administration for actions like starting/stopping virtual systems.
4. Virtual Systems: Ability for users to launch and manage VPCs, HPC clusters, virtual
networks, virtual storage, etc., and satisfy QoS levels.
5. Billing and Budget: Ability to show estimated billing and budget for single cloud,
overall system, groups, and projects.
6. Information Disclosure, Sharing, and Querying: Ability to share and make public
information about resources, billing systems, and service levels.
7. Administration, Resource Registration, and Provisioning: System functions for
monitoring and managing the entire inter-cloud system.
Proposed Autonomic Multi-Cloud Model
Ansible[3]
Ansible is designed to be minimal in nature, consistent, secure, and highly reliable, with an extremely low
learning curve for administrators, developers, and IT managers. The core Ansible project manages systems
by connecting to them over SSH, either using paramiko (a Python library), or by using native OpenSSH
(parameter: -c ssh). When using OpenSSH, connection reuse features are enabled by default if supported by
the SSH client, and in either case, SSH is used as a transport, but is not treated as a shell. Instead, modules
(small Ansible programs containing baked-in arguments) are transferred over SCP or SFTP to a temporary
directory on the remote machine, executed, and then removed in one action. The modules return JSON over
standard output, and this return data is processed by the Ansible program on the controlling machine.
Application Defined Networking (ADN)[5]
Application Defined Networking (ADN) is all about applications directly controlling and adapting the
networking environment using API’s, so that application delivery and performance across public and private
cloud networks are optimized without compromising on portability or security. ADN centers on an
application’s goals and immediate needs. Instead of controlling the forwarding of individual packets within
the network infrastructure, like SDN, ADN focuses on orchestrating the application flows, accelerating and
streamlining the movement of data throughout the entire virtual infrastructure of each application.
User-Deployed VOI Implemented using VDE
FOSS: Mapping to Requirements and Model
Identity Management using Shibboleth
1. Scalr[1]: Provides a skeleton (base) framework for SHINCLOM. Partially satisfies Reqs. 2
through 7. Maps to CPSL, VOIL, and ADNL (provides basic functions).
2. Virtual Distributed Ethernet (VDE)[2]: Provides virtual networking components. Helps
to satisfy Req. 4. Maps to VOIL (integral component).
3. Ansible[3]: Provides easily understandable dynamic and automated configuration
management. Helps to satisfy Reqs. 3 and 4. Maps to VOIL (integral component).
4. Shibboleth[4]: Provides SSO capabilities and allows sites to make informed
authorization decisions for individual access in a privacy-preserving manner. Helps
to satisfy Reqs. 1, 2, and 6.
5. CloudWeaver*[5]: Provides information on application infrastructure performance,
network flows, and data exchange between cloud resources. Helps to satisfy Reqs. 3,
6, and 7. Maps to ADNL and CASL.
References
1.
2.
3.
4.
5.
Scalr, http://wiki.scalr.com/display/docs/Home.
R. Davoli, “VDE: Virtual distributed Ethernet,” TRIDENTCOM'05, pp. 213–
220, 2005.
Ansible, http://www.ansibleworks.com/.
Shibboleth, http://shibboleth.net/.
CloudWeaver, http://lyatiss.com/.
Information Initiative Center, Hokkaido University
North 11, West 5, Sapporo 060-0811, Japan
Tel, Fax: +81-11-706-2923
http://www.iic.hokudai.ac.jp/
1. User logs in to the SHINCLOM portal.
2. SHINCLOM authenticates user via Shibboleth
using X.509 certificate to confirm identity.
3. Certificate is distributed to cloud providers
(Hokudai, Kyushu, and Tokyo Tech, in this
scenario) via MyProxy.
4. Shibboleth request is received in SAML by
Resource ACL, which functions as a bridge to
issue URL API requests to cloud platforms and
accept responses.