Embed Size (px)
Citation preview
Tokai Academic Cloud: An Experimental Intra And Inter-institutional Cloud Infrastructure
among National Universitiesin The Tokai Region of Japan
Shoji Kajita, Ph.DIT Planning Office, Institute for Information
Management and CommunicationAcademic Center for Computing and Media Studies
Kyoto University
Kyoto University• One of the seven key national universities in Japan• About 10,000 faculty, researcher & admin. staff• About 23,000 under-graduate & graduate students
Tokyo
NagoyaOsaka
Kyoto
500km500km
Tokai Area = Central Part of JapanTokai Area = Central Part of Japan
Nagoya
5,00016,000
NagoyaInstitute of Technology
Shizuoka UniversityMie University
Gifu University
NagoyaUniversity
ToyohashiInstitute of Technology
※ Google Maphttp://maps.google.com
Tokai Academic Cloud ConsortiumA Virtual Consortium Among Six ITCs in National Universities
Contributions to ICA Community1. Describe the current experiences of Tokai
Academic Cloud under development2. Propose a proxy type of Federated Shibboleth
Authentication Handler for Identity Management of Consortium Cloud
3. Present our current activities on the use of VCL for teaching and learning at Nagoya U
Emphasizing cultural aspects on implementing intra and inter-institutional cloud infrastructure
from the view of Japanese H.E.
Emphasizing cultural aspects on implementing intra and inter-institutional cloud infrastructure
from the view of Japanese H.E.
Tokai Academic Cloud
Challenges for Higher Educational Institutions
• Severe Competition among H.E. institutions in the world– Due to the globalization of economics supported
by Information and Communication Technologies
• Severe Budget Cuts– Due to the economic downturn caused by the
world’s economic crisis of 2008
Each institution must strengthen its organizational power
with clear foresight and strategic visions
Each institution must strengthen its organizational power
with clear foresight and strategic visions
“Academic Cloud”
• We need to develop ``Academic Cloud'' as cloud computing of the academia, by the academia and for the academia
• The aim is to fulfill diverse needs from constituencies and to accommodate the complexity of academic and administrative computing requirements with affordable costs
Academic Cloud Environment
Users in X UniversityUsers in X University
ZZ
CC
KK
EE
TT
PP
RR
BB
XX
AA
JJ
X Univ PortalX Univ Portal
データ
データ
データ
データ
ZZ
CC
KK
EE TT
PP
RR
BB
XX
AA
JJ
ZZ
CC
KK
EE
TTPP
RR
BB
XX
AA
JJXX
ZZBB
AA
ZZ
CC
PP
JJ
XX
ZZBB
AA
ZZ
CC
PP
JJ XX
ZZBB
AA
ZZ
CC
PP
JJ
XX
ZZBB
AA
ZZ
CC
PP
JJ
Green ITGreen ITHigher PrivacyHigher Privacy
Disaster RecoveryDisaster
Recovery
Higher SecurityHigher
Security
IT HR Develomen
t
IT HR Develomen
tHigher TCOHigher TCO
データ
データ
データ
データ
データ
データ
Users in Y University
Users in Nagoya University
Y Univ PortalY Univ Portal
DistributedComputing Resources
Nagoya UnivPortal
Nagoya UnivPortal
KK
Collaborative Academic Service Platform to proved wide range services from HPC to Teaching and Learning
on Large-scale Virtualized Computing Resources
Research Theme
Cloud-type Academic Services on Widely Distributed and Virtualized
Information Service Platform
Research Theme
Cloud-type Academic Services on Widely Distributed and Virtualized
Information Service Platform
8
NagoyaInstitute of Technology
Shizuoka University
Mie University
Gifu University
NagoyaUniversity
ToyohashiInstitute of Technology
※ Google Maphttp://maps.google.com
Tokai Academic Cloud ConsortiumA Virtual Consortium Among Six ITCs in National Universities
• June, 2009– Having a meeting with the directors
(or the delegation) from each ITC• October, 2009
– Slected as a research project in the grant program of Joint Usage/Research Center for Interdisciplinary Large-scale Informa-tion Infrastructure
– PI: The Director of Nagoya Institute of Technology
– Center: Nagoya U• September, 2009
– IBM Shared University Award• April, 2010
– Grant-in-Aid for Scientific Research for 3 Yrs. (200K US$)
Background Started as a Research
• Most of national universities in Japan, a lot of faculty in IT Center have been getting involved in these operational issues
• Operation itself is the matter of Cloud Computing
• Best practices are still unclear and research issues must be there
11
Tokai Academic Cloud Architecture Vision
Nagoya
University
Nagoya
University
Nagoya
Institute of Technology
Nagoya
Institute of Technology
ToyohashiInstitute ofTechnology
ToyohashiInstitute ofTechnology
Mie
University
Mie
University
Gifu
UniversityG
ifuU
niversity
ShizuokaU
niversityShizuoka
University
XXX U
niversityXXX
University
YYYYU
niversityYYYY
University
Authentication InfrastructureAuthentication Infrastructure
Data & Storage Infrastructure
Virtual Computing Laboratory
….
Calendar Service
ePortfolio Service
Course Management Service
Student Information Service
Tokai Academic Cloud Consortium Portal
Consortium Cloud
Private Cloud
Challenges on Inter-Cloud(1)Operation Coordination(2)Data Coordination(3)Automation
Three Tier Architecturebased on Open Source Products
Software-as-a-Service (SaaS)
Platform-as-a-Service (PaaS)
Infrastructure-as-a-Service (IaaS)
InstitutionalPrivateCloud
InstitutionalPrivateCloud
PublicCloudPublicCloud
ConsortiumCloud
ConsortiumCloud
Computing InfrastructureComputing Infrastructure
Middleware InfrastructureMiddleware Infrastructure
ServiceA
ServiceA
ServiceB
ServiceB
ServiceZ
ServiceZ
Data Storage InfrastructureData Storage Infrastructure
IBMBladeCenter
EHS21/22 x 14
16GB mem146GB HDD
IBMBladeCenter
EHS21/22 x 14
16GB mem146GB HDD
YAMAHA RTX1200YAMAHA RTX1200
LAN2: 133.6.47/24
LAN1: 192.168.70/24
133.6.47.253
spid
er1
spid
er1
192.168.70.253
Nagoya UniversityCampus Network
IBMBladeCenter
EHS22 x 1216GB mem 146GB HDD
IBMBladeCenter
EHS22 x 1216GB mem 146GB HDD
MGMT1MGMT1
IBM x33502GB mem, 73GB HDD
IBM x33502GB mem, 73GB HDD
VMWare ESXVMWare ESX
VMWare ESXVMWare ESX
VMWare ESXVMWare ESX
VMWare ESXVMWare ESX
VMWare ESXVMWare ESX
VMWare ESXVMWare ESX
VMWare ESXVMWare ESX
spid
er2
spid
er2
mys
qlm
ysql
LAN3: 192.168.80/24
GakuzohKyoto
GakuzohKyoto
GakuzohHokkaidoGakuzohHokkaido
GakuzohKyushu
GakuzohKyushu
GakuzohOsaka
GakuzohOsaka
Gakuzoh Nagoya
Gakuzoh Nagoya
SINET L2-VPN
2TB+20TB
2TB
YAMAHA RTX1200YAMAHA RTX1200
2001:DF:…./48
TAG 451
Tokai IPv6 AcademicNetwork
MGMT3MGMT3
DN
S
DN
S
VCLFront-end
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXiVMWare ESXiVMWare ESXi
Tokai Academic IaaS
NAR
EGI C
ompu
tatio
n N
odes
Fujit
su H
X600
× 16
Fujit
su P
RIM
ERG
Y RX
200
×6
NAR
EGI C
ompu
tatio
n N
odes
Fujit
su H
X600
× 16
Fujit
su P
RIM
ERG
Y RX
200
×6
Gbit HubGbit Hub
IBMBladeCenter
EHS22 x 516GB mem 146GB HDD
IBMBladeCenter
EHS22 x 516GB mem 146GB HDD
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
VMWare ESXiVMWare ESXi
Gbit HubGbit HubLAN4: 10.0.70/22 Campus NetworkNagoya University
Service Mgmt Network
Tokai Academic Portal
Tokai Academic Calendar
Tokai VCL
+100 Concurrent Uses Available Potentiallyon About 30 IBM BladeCenters
(2) Identity Management within Consortium Cloud
Tokai Academic Cloud Authentication Infrastructure
App1App1App2App2App3App3
App4App4App5App5
App6App6
CAS
CAS
CAS
CASCAS CAS
CASServerCASServer
Tokai Academic PortaluPortal4
Tokai Academic PortaluPortal4
Enable SSO for Services within Consortium Cloud Tokai
LDAPTokaiLDAP
NU ShibNU
Shib
NITech Shib
NITech Shib
XXX ShibXXX Shib
For orphan users
For institutional users
Three Main Reasons
1. CAS is better than Shibboleth within organization– Various services provided through Consortium Cloud
require fine-grained authentication and authorization rather than application container delegated authentication
2. LDAP authentication is not allowed for outside services (Shibboleth Authentication only)– Strict security policy in Japanese institutions
3. VCL cannot use other authentication method (Shib and LDAP) when using CAS
LDAP RDBMS
Person Attribute Group ServicePerson Attribute Group Service
PWAuthentication
Public Key (X.509)Authentication
Attribute Processing
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticationHandler
AuthenticationRequest
Result
Person Directory ServicePerson Directory Service
FederatedShibbolethAuthenticationHandleras A Proxy Authentication
20
Federated ShibFederated Shib
Nagoya U Shib IdP
Nagoya U Shib IdP
A Shib SPProtected by
Nagoya U Shib
A Shib SPProtected by
Nagoya U Shib
IDPassword
Access
300 (NG)200 (OK)
IDPassword
• Still under development • Could be an issue against security policy because it may
create a man-in-the-middle security hole
300 (OK)
Its Implementation
(3) Current Activities on Use of VCL for Teaching and Learning
at Nagoya University
Tokai VCL
+100 Concurrent Uses Available Potentiallyon About 30 IBM BladeCenters
Nagoya University VCL Pilot
• Currently, five professors have been investigating the use in 2012 semesters:– Mathematics (Mathematica on Linux)– Signal Processing (Scilab on Linux)– Image Processing (Scilab and OpenCV on Linux)– Bio Informatics (PyMOL and Yasara on Linux)– Media Literacy (OpenCast on Linux)
• See Paper for detailed background and scenarios
PyMOL on Ubuntu
Cultural Aspects on Pilot
1. A Very Small Pilot– Again, due to the lack of operation staff and budgets
2. Use of Linux only– A strong opposition to enter Campus Agreement for
dominant OS product
3. Use of Open Source and Shareware-based Applications– Limit of Budget– Scalability
In Summary
Nagoya
University
Nagoya
University
Nagoya
Institute of Technology
Nagoya
Institute of Technology
ToyohashiInstitute ofTechnology
ToyohashiInstitute ofTechnology
Mie
University
Mie
University
Gifu
UniversityG
ifuU
niversity
ShizuokaU
niversityShizuoka
University
XXX U
niversityXXX
University
YYYYU
niversityYYYY
University
Authentication InfrastructureAuthentication Infrastructure
Data & Storage Infrastructure
Virtual Computing Laboratory
….
Calendar Service
ePortfolio Service
Course Management Service
Student Information Service
Tokai Academic Cloud Consortium Portal
Consortium Cloud
Private Cloud
Challenges on Inter-Cloud(1)Operation Coordination(2)Data Coordination(3)Automation
(1) Architecture Vision based
on OSS
(1) Architecture Vision based
on OSS
(3) VCL as a private cloud
at Nagoya U
(3) VCL as a private cloud
at Nagoya U
(2) IdM for Consortium
Cloud
(2) IdM for Consortium
Cloud
Efforts Continues on Tokai Academic Cloud!
Japanese version of EDUCASE has established since February 2011
Japanese version of EDUCASE has established since February 2011
Alert Notification and Survivor Confirmationas a First Cloud Service by AXIES Cloud SIG
LDAP2LDAP2
DB1DB1
LDAP1LDAP1
DB2DB2
Email Addresses(University A)
Email Addresses(University A)
Encrypted
Email Addresses(University C)
Email Addresses(University C)
Email Addresses(University B)
Email Addresses(University B)
Encrypted
Encrypted
Operation(University A)
Operation(University A)
Operation(University B)
Operation(University B)
Operation(University C)
Operation(University C)
Survivor Confirmation
Survivor Confirmation
Survivor Confirmation
Survivor Confirmation
ReportingReporting
Common Spec and Reference Implementation
Different Impl and System with the same spec
Impl A Impl B …
CommonSpec
System A
System A System BSystem B
Lessons Learned
ReferenceImpl.
Feedback
CommonSpec
システム
システム
The same Impl and System among different institutions
FeedbackProcurement Process
Opened to All Venders
AXIES
システム
システムSystemSystem Customizable
Open Source
DiverseCommunities
NeedsNeeds
ServicesServices
Survivor Confirmation
Service
Survivor Confirmation at Higher Educational Institutions
faculty, staff, students and administrators, …
A very good testbed to think about Academic Cloud
ConstituencyConstituency
ReachableAddress
Database
ReachableAddress
Database
Reliable Status
Database
Reliable Status
Database
Stakeholders at Crisis SituationStakeholders at Crisis Situation
Transmit
Central ICT OrganizationCentral ICT Organization
Register
Maintain Author
Confirm
Report
Det
ectAlias
InstitutionalSystems
InstitutionalSystems
SocialMediaSocialMedia
InstitutionalSystems
InstitutionalSystems
SocialMediaSocialMedia
Crisis Situation
Large Scale Message Notification and Confirmation Service
Co-Development and Co-Operation among AXIES Institutions
AXIES Consortium
Finance MgmtFinance Mgmt
Copyright MgmtCopyright Mgmt
Kyoto UniversityWG
Membership
National X University
Private A University
Private B University
National Y University Public C University
Kyoto University
ImplementImplement MaintenanceMaintenance
System RequirementsSystem Requirements
WG Membership
Co-operation among member institutions
LDAPLDAP DBDB
IncetanceIncetance
HostingService
Non-member
