Tokai Academic Cloud: An Experimental Intra And Inter- institutional Cloud Infrastructure among...

Tokai Academic Cloud: An Experimental Intra And Inter-institutional Cloud Infrastructure

among National Universitiesin The Tokai Region of Japan

Shoji Kajita, Ph.DIT Planning Office, Institute for Information

Management and CommunicationAcademic Center for Computing and Media Studies

Kyoto University

Kyoto University• One of the seven key national universities in Japan• About 10,000 faculty, researcher & admin. staff• About 23,000 under-graduate & graduate students

Tokyo

NagoyaOsaka

Kyoto

500km500km

Tokai Area = Central Part of JapanTokai Area = Central Part of Japan

Nagoya

5,00016,000

NagoyaInstitute of Technology

Shizuoka UniversityMie University

Gifu University

NagoyaUniversity

ToyohashiInstitute of Technology

※ Google Maphttp://maps.google.com

Tokai Academic Cloud ConsortiumA Virtual Consortium Among Six ITCs in National Universities

Contributions to ICA Community1. Describe the current experiences of Tokai

Academic Cloud under development2. Propose a proxy type of Federated Shibboleth

Authentication Handler for Identity Management of Consortium Cloud

3. Present our current activities on the use of VCL for teaching and learning at Nagoya U

Emphasizing cultural aspects on implementing intra and inter-institutional cloud infrastructure

from the view of Japanese H.E.

Emphasizing cultural aspects on implementing intra and inter-institutional cloud infrastructure

from the view of Japanese H.E.

Tokai Academic Cloud

Challenges for Higher Educational Institutions

• Severe Competition among H.E. institutions in the world– Due to the globalization of economics supported

by Information and Communication Technologies

• Severe Budget Cuts– Due to the economic downturn caused by the

world’s economic crisis of 2008

Each institution must strengthen its organizational power

with clear foresight and strategic visions

Each institution must strengthen its organizational power

with clear foresight and strategic visions

“Academic Cloud”

• We need to develop ``Academic Cloud'' as cloud computing of the academia, by the academia and for the academia

• The aim is to fulfill diverse needs from constituencies and to accommodate the complexity of academic and administrative computing requirements with affordable costs

Academic Cloud Environment

Users in X UniversityUsers in X University

ZZ

CC

KK

EE

TT

PP

RR

BB

XX

AA

JJ

X Univ PortalX Univ Portal

データ

データ

データ

データ

ZZ

CC

KK

EE TT

PP

RR

BB

XX

AA

JJ

ZZ

CC

KK

EE

TTPP

RR

BB

XX

AA

JJXX

ZZBB

AA

ZZ

CC

PP

JJ

XX

ZZBB

AA

ZZ

CC

PP

JJ XX

ZZBB

AA

ZZ

CC

PP

JJ

XX

ZZBB

AA

ZZ

CC

PP

JJ

Green ITGreen ITHigher PrivacyHigher Privacy

Disaster RecoveryDisaster

Recovery

Higher SecurityHigher

Security

IT HR Develomen

t

IT HR Develomen

tHigher TCOHigher TCO

データ

データ

データ

データ

データ

データ

Users in Y University

Users in Nagoya University

Y Univ PortalY Univ Portal

DistributedComputing Resources

Nagoya UnivPortal

Nagoya UnivPortal

KK

Collaborative Academic Service Platform to proved wide range services from HPC to Teaching and Learning

on Large-scale Virtualized Computing Resources

Research Theme

Cloud-type Academic Services on Widely Distributed and Virtualized

Information Service Platform

Research Theme

Cloud-type Academic Services on Widely Distributed and Virtualized

Information Service Platform

8

NagoyaInstitute of Technology

Shizuoka University

Mie University

Gifu University

NagoyaUniversity

ToyohashiInstitute of Technology

※ Google Maphttp://maps.google.com

Tokai Academic Cloud ConsortiumA Virtual Consortium Among Six ITCs in National Universities

• June, 2009– Having a meeting with the directors

(or the delegation) from each ITC• October, 2009

– Slected as a research project in the grant program of Joint Usage/Research Center for Interdisciplinary Large-scale Informa-tion Infrastructure

– PI: The Director of Nagoya Institute of Technology

– Center: Nagoya U• September, 2009

– IBM Shared University Award• April, 2010

– Grant-in-Aid for Scientific Research for 3 Yrs. (200K US$)

Background Started as a Research

• Most of national universities in Japan, a lot of faculty in IT Center have been getting involved in these operational issues

• Operation itself is the matter of Cloud Computing

• Best practices are still unclear and research issues must be there

11

Tokai Academic Cloud Architecture Vision

Nagoya

University

Nagoya

University

Nagoya

Institute of Technology

Nagoya

Institute of Technology

ToyohashiInstitute ofTechnology

ToyohashiInstitute ofTechnology

Mie

University

Mie

University

Gifu

UniversityG

ifuU

niversity

ShizuokaU

niversityShizuoka

University

XXX U

niversityXXX

University

YYYYU

niversityYYYY

University

Authentication InfrastructureAuthentication Infrastructure

Data & Storage Infrastructure

Virtual Computing Laboratory

….

Calendar Service

ePortfolio Service

Course Management Service

Student Information Service

Tokai Academic Cloud Consortium Portal

Consortium Cloud

Private Cloud

Challenges on Inter-Cloud(1)Operation Coordination(2)Data Coordination(3)Automation

Three Tier Architecturebased on Open Source Products

Software-as-a-Service (SaaS)

Platform-as-a-Service (PaaS)

Infrastructure-as-a-Service (IaaS)

InstitutionalPrivateCloud

InstitutionalPrivateCloud

PublicCloudPublicCloud

ConsortiumCloud

ConsortiumCloud

Computing InfrastructureComputing Infrastructure

Middleware InfrastructureMiddleware Infrastructure

ServiceA

ServiceA

ServiceB

ServiceB

ServiceZ

ServiceZ

Data Storage InfrastructureData Storage Infrastructure

IBMBladeCenter

EHS21/22 x 14

16GB mem146GB HDD

IBMBladeCenter

EHS21/22 x 14

16GB mem146GB HDD

YAMAHA RTX1200YAMAHA RTX1200

LAN2: 133.6.47/24

LAN1: 192.168.70/24

133.6.47.253

spid

er1

spid

er1

192.168.70.253

Nagoya UniversityCampus Network

IBMBladeCenter

EHS22 x 1216GB mem 146GB HDD

IBMBladeCenter

EHS22 x 1216GB mem 146GB HDD

MGMT1MGMT1

IBM x33502GB mem, 73GB HDD

IBM x33502GB mem, 73GB HDD

VMWare ESXVMWare ESX

VMWare ESXVMWare ESX

VMWare ESXVMWare ESX

VMWare ESXVMWare ESX

VMWare ESXVMWare ESX

VMWare ESXVMWare ESX

VMWare ESXVMWare ESX

spid

er2

spid

er2

mys

qlm

ysql

LAN3: 192.168.80/24

GakuzohKyoto

GakuzohKyoto

GakuzohHokkaidoGakuzohHokkaido

GakuzohKyushu

GakuzohKyushu

GakuzohOsaka

GakuzohOsaka

Gakuzoh Nagoya

Gakuzoh Nagoya

SINET L2-VPN

2TB+20TB

2TB

YAMAHA RTX1200YAMAHA RTX1200

2001:DF:…./48

TAG 451

Tokai IPv6 AcademicNetwork

MGMT3MGMT3

DN

S

DN

S

VCLFront-end

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXiVMWare ESXiVMWare ESXi

Tokai Academic IaaS

NAR

EGI C

ompu

tatio

n N

odes

Fujit

su H

X600

× 16

Fujit

su P

RIM

ERG

Y RX

200

×6

NAR

EGI C

ompu

tatio

n N

odes

Fujit

su H

X600

× 16

Fujit

su P

RIM

ERG

Y RX

200

×6

Gbit HubGbit Hub

IBMBladeCenter

EHS22 x 516GB mem 146GB HDD

IBMBladeCenter

EHS22 x 516GB mem 146GB HDD

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

VMWare ESXiVMWare ESXi

Gbit HubGbit HubLAN4: 10.0.70/22 Campus NetworkNagoya University

Service Mgmt Network

Tokai Academic Portal

Tokai Academic Calendar

Tokai VCL

+100 Concurrent Uses Available Potentiallyon About 30 IBM BladeCenters

(2) Identity Management within Consortium Cloud

Tokai Academic Cloud Authentication Infrastructure

App1App1App2App2App3App3

App4App4App5App5

App6App6

CAS

CAS

CAS

CASCAS CAS

CASServerCASServer

Tokai Academic PortaluPortal4

Tokai Academic PortaluPortal4

Enable SSO for Services within Consortium Cloud Tokai

LDAPTokaiLDAP

NU ShibNU

Shib

NITech Shib

NITech Shib

XXX ShibXXX Shib

For orphan users

For institutional users

Three Main Reasons

1. CAS is better than Shibboleth within organization– Various services provided through Consortium Cloud

require fine-grained authentication and authorization rather than application container delegated authentication

2. LDAP authentication is not allowed for outside services (Shibboleth Authentication only)– Strict security policy in Japanese institutions

3. VCL cannot use other authentication method (Shib and LDAP) when using CAS

LDAP RDBMS

Person Attribute Group ServicePerson Attribute Group Service

PWAuthentication

Public Key (X.509)Authentication

Attribute Processing

org.jasig.cas.authentication.AuthenticationManagerImpl.authenticationHandler

AuthenticationRequest

Result

Person Directory ServicePerson Directory Service

FederatedShibbolethAuthenticationHandleras A Proxy Authentication

20

Federated ShibFederated Shib

Nagoya U Shib IdP

Nagoya U Shib IdP

A Shib SPProtected by

Nagoya U Shib

A Shib SPProtected by

Nagoya U Shib

IDPassword

Access

300 (NG)200 (OK)

IDPassword

• Still under development • Could be an issue against security policy because it may

create a man-in-the-middle security hole

300 (OK)

Its Implementation

(3) Current Activities on Use of VCL for Teaching and Learning

at Nagoya University

Tokai VCL

+100 Concurrent Uses Available Potentiallyon About 30 IBM BladeCenters

Nagoya University VCL Pilot

• Currently, five professors have been investigating the use in 2012 semesters:– Mathematics (Mathematica on Linux)– Signal Processing (Scilab on Linux)– Image Processing (Scilab and OpenCV on Linux)– Bio Informatics (PyMOL and Yasara on Linux)– Media Literacy (OpenCast on Linux)

• See Paper for detailed background and scenarios

PyMOL on Ubuntu

Cultural Aspects on Pilot

1. A Very Small Pilot– Again, due to the lack of operation staff and budgets

2. Use of Linux only– A strong opposition to enter Campus Agreement for

dominant OS product

3. Use of Open Source and Shareware-based Applications– Limit of Budget– Scalability

In Summary

Nagoya

University

Nagoya

University

Nagoya

Institute of Technology

Nagoya

Institute of Technology

ToyohashiInstitute ofTechnology

ToyohashiInstitute ofTechnology

Mie

University

Mie

University

Gifu

UniversityG

ifuU

niversity

ShizuokaU

niversityShizuoka

University

XXX U

niversityXXX

University

YYYYU

niversityYYYY

University

Authentication InfrastructureAuthentication Infrastructure

Data & Storage Infrastructure

Virtual Computing Laboratory

….

Calendar Service

ePortfolio Service

Course Management Service

Student Information Service

Tokai Academic Cloud Consortium Portal

Consortium Cloud

Private Cloud

Challenges on Inter-Cloud(1)Operation Coordination(2)Data Coordination(3)Automation

(1) Architecture Vision based

on OSS

(1) Architecture Vision based

on OSS

(3) VCL as a private cloud

at Nagoya U

(3) VCL as a private cloud

at Nagoya U

(2) IdM for Consortium

Cloud

(2) IdM for Consortium

Cloud

Efforts Continues on Tokai Academic Cloud!

Japanese version of EDUCASE has established since February 2011

Japanese version of EDUCASE has established since February 2011

Alert Notification and Survivor Confirmationas a First Cloud Service by AXIES Cloud SIG

LDAP2LDAP2

DB1DB1

LDAP1LDAP1

DB2DB2

Email Addresses(University A)

Email Addresses(University A)

Encrypted

Email Addresses(University C)

Email Addresses(University C)

Email Addresses(University B)

Email Addresses(University B)

Encrypted

Encrypted

Operation(University A)

Operation(University A)

Operation(University B)

Operation(University B)

Operation(University C)

Operation(University C)

Survivor Confirmation

Survivor Confirmation

Survivor Confirmation

Survivor Confirmation

ReportingReporting

Common Spec and Reference Implementation

Different Impl and System with the same spec

Impl A Impl B …

CommonSpec

System Ａ

System Ａ System BSystem B

Lessons Learned

ReferenceImpl.

Feedback

CommonSpec

システム

システム

The same Impl and System among different institutions

FeedbackProcurement Process

Opened to All Venders

AXIES

システム

システムSystemSystem Customizable

Open Source

DiverseCommunities

NeedsNeeds

ServicesServices

Survivor Confirmation

Service

Survivor Confirmation at Higher Educational Institutions

faculty, staff, students and administrators, …

A very good testbed to think about Academic Cloud

ConstituencyConstituency

ReachableAddress

Database

ReachableAddress

Database

Reliable Status

Database

Reliable Status

Database

Stakeholders at Crisis SituationStakeholders at Crisis Situation

Transmit

Central ICT OrganizationCentral ICT Organization

Register

Maintain Author

Confirm

Report

Det

ectAlias

InstitutionalSystems

InstitutionalSystems

SocialMediaSocialMedia

InstitutionalSystems

InstitutionalSystems

SocialMediaSocialMedia

Crisis Situation

Large Scale Message Notification and Confirmation Service

Co-Development and Co-Operation among AXIES Institutions

AXIES Consortium

Finance MgmtFinance Mgmt

Copyright MgmtCopyright Mgmt

Kyoto UniversityWG

Membership

National X University

Private A University

Private B University

National Y University Public C University

Kyoto University

ImplementImplement MaintenanceMaintenance

System RequirementsSystem Requirements

WG Membership

Co-operation among member institutions

LDAPLDAP DBDB

IncetanceIncetance

HostingService

Non-member