experiences of working on the gÉant project representing ... boro, vladislav, s… · experiences...
TRANSCRIPT
Experiences of working on the GÉANT project representing MARnet:Testimonials
www.geant.org
Boro Jakimovski (NA1T4, NA3T3, JRA3T1)
Vladislav Bidikov (SA1T4, NA1T4)
Sonja Filiposka (JRA2T2 TL)
GÉANT Info day, Skopje, Macedonia, 06.06.2018
Public
2 www.geant.org
Boro Jakimovski
Part of the GÉANT projects
since 2009
GN3
•SA - testing software developed under Multi-Domain Network Operations Services (AutoBAHNand cNIS)
GN3+
•SA - development and implementation of High Availability clustering of GEANT services (CROWD)
•NA - Campus best practices
GN4-1
•JRA - Development of GÉANT trust broker measurements and statistics
•SA - establishment of AAIEDU.mk in Macedonia
GN4-2
•NA1 – IT support
•NA3 – international liaison
•JRA3 – Campus and Federation
3 www.geant.org
• Involved in GÉANT since for more than 9 years• Early tasks involved mainly SA tasks (GÉANT 3, GÉANT 3 plus
and GÉANT 4 phase 1):• testing software developed under Multi-Domain Network
Operations Services (AutoBAHN and cNIS)• development and implementation of High Availability clustering of
GÉANT services (CROWD)• Establishment of AAIEDU.mk in Macedonia
• Contributed to work in NA tasks (GÉANT 3 plus):• Campus best practices producing documents based on our
experience with different topic like cloud computing, AAI service integration with Office365
• Later involved in JRA tasks (GÉANT 4 phase 1):• Development of GÉANT trust broker measurements and statistics
Involvement in past projects and activities
4 www.geant.org
GN4P2 Involvement
• Currently involved in NA and JRA activities
• NA activities:• NA1T4 – IT support (leading MARNet’s team for GÉANT Linux
IT support
• NA3T3 – International liaison (involved in developing inter-project liaison between GÉANT and EGI)
• JRA activities:• JRA3T1 - Campus and Federation (subtask: Measurements and
statistics)
5 www.geant.org
NA activities
• Networking Activities (NAs) support the operation and management of all GN4-2 activities including project management, internal and external communications and promotion, international liaison, and business development.
• NA1T4: Information Systems• task covers all the aspects of ICT services – infrastructure, platforms, systems, software
and tools – required for the project to work efficiently. • This includes, among other components, virtual machines, intranets/extranets, security,
content management system, document management system, communication and collaboration tools, customer relationship management (CRM) system, reporting tools, meeting and events registration and facilitation, contacts database and calendars.
• UKIM NA1T4 activities• involved in maintaining the monitoring Nagios portal• developing new metrics and measurements for the services• involved in deployment of new Linux VMs and services• migration of Puppet configurations
6 www.geant.org
NA activities
• NA3T3: e-Infrastructure Liaison• coordinates the support provided by GÉANT, the NRENs and global
partners to e-infrastructures to develop alignment of service portfolios, co-ordination of engagement and joint initiatives.
• this Task will also seek to develop and implement GÉANT's role in the emerging integrated e-infrastructure landscape and coordinate the different strands of integration and consolidation work
• UKIM NA3T3 activities• involved in liaising activities for GÉANT JRA (JRA1) activities
concerning integration of Cloud services and Networking services with EGI Federated cloud
• locating possible use cases for GÉANT service portfolio to be used by different EU projects and communities
7 www.geant.org
JRA activities
• Joint Research Activities (JRAs) are targeted at critical analyses of future network and application technologies with a view to future deployment of emerging technologies across the network and services.
• JRA3T1: Campus and Federation• This Task delivers developments aimed at federations and
campus identity providers, based on the existing federated identity and eduGAIN models and technologies.
• It aims to make federated identity on a pan-European scale easier for federations and campus IdPs to adopt, more scalable to cope with significant growth of entities via eduGAIN, and more secure in complex operating environments.
8 www.geant.org
JRA activities
• UKIM JRA3T1 involvement• Involved in Measurements and statistics subtask for
specification of the F-TICKS format in order to measure the amount of authentication events within an Authentication and Authorization Infrastructure (AAI), in particular eduGAIN.
• Developing architecture for collection and analysis of large measurements data
• Visualization of measurements data
• Definition of AAI deployment scenarios for Cloud-based IdP
9 www.geant.org
JRA3T1 activities
Private overlay network
IdP
LDAP
Apache (phpldapadmin)
IdP Swarm Service
Persistent volumes
Private overlay network
IdP
LDAP
Apache (phpldapadmin)
IdP Swarm Service
Persistent volumes
Worker Worker Worker Worker Worker Worker
Manager Manager Manager
Distributed store
HAProxy(Load balancer)
Private overlay network
IdP
LDAP
Apache (phpldapadmin)
IdP Swarm Service
Persistent volumes
GN Web clientAnsible master
Swarm cluster
Persistent volume
Certs, haproxy conf
10 www.geant.org
Vladislav Bidikov
GN4-1
• Campus best practices
GN4-2
• NA1 – IT support
• SA1T4 – Trust and Identity Operations
11 www.geant.org
• CPB-39: Cloud implementation using OpenNebula
• CPB-68: Profile and role-based firewall control for campus classrooms labs
• CPB-17: Integration of Office 365 with existing faculty SSO
• CPB-12: Access Control and Monitoring for Campus Computer Labs
12 www.geant.org
Task 2: Trust and Identity Operations
• This Task will manage and operate Trust and Identity-related services in production as well as other such services from appropriate Activities that are transitioned into production.
• This Task will ensure that relevant procedures are well defined, taken up and followed for all processes involved. It will also ensure that all of the services are operated within their defined operations baseline and requested availability level; that the operational health and usage of the services are monitored; and that second-level support is provided.
13 www.geant.org
Unlocking global research and education collaboration
• eduGAIN – service operations management and development and operations (DevOps) of eduGAINinfrastructure and its supporting services, including but not limited to eduGAIN Metadata Service (MDS) and technical portal with statistics and troubleshooting/verification tools. Also includes operational governance, i.e. coordination and consultation with the eduGAIN Steering Group (SG), who provide technical direction for the service and management of the processes for adding new members.
https://www.geant.org/Services/Trust_identity_and_security/Pages/eduGAIN.aspx
14 www.geant.org
Seamless Wi-Fi access for research and education around the world
• eduroam – service operations management and DevOps of eduroam infrastructure and its supporting services, including but not limited to European top-level RADIUS servers (ETLRs) and the associated monitoring and supporting services suite (eduroam Configuration Assistant Tool (CAT)). Also includes operational governance, i.e. coordination and consultation with the European Confederation eduroam SG, who provide technical direction for the service in Europe, and engagement with the Global eduroam Governance Committee (GeGC).
https://www.geant.org/Services/Connectivity_and_network/Pages/eduroam.aspx
15 www.geant.org
Helping NRENs to build identity federations and deliver AAI services
• Federation as a Service (FaaS) – service operations management and DevOps of FaaS service instances and infrastructure.
https://www.geant.org/Services/Trust_identity_and_security/Pages/FaaS.aspx
16 www.geant.org
eduPKI
• eduPKI – service operations management, including Certification Authority (CA), which issues certificates for GÉANT services where they are not available on the market, and Policy Management Authority (PMA), which maintains existing eduPKI trust profiles, defines new eduPKI trust profiles and accredits interested CAs that want to comply with some existing eduPKI trust profiles.
https://www.geant.org/Services/Trust_identity_and_security/eduPKI/Pages/Home.aspx
17 www.geant.org
Key objectives
• Define operations baseline for all services in production and ensure that all of the services are operated within them and their requested availability level.
• Ensure that the relevant procedures and processes are well defined, taken up and followed.
• Ensure that the timeline and tasks are well defined and coordinated between the various teams involved, such as DevOps, IT, networking, service desk support, security teams, etc., in order to ensure that the production process is carried out smoothly and in line with allocated resources.
• Maintain the services in production, including monitoring of service health, usage and appropriate KPIs.
• Liaise with other 5/SA2 Tasks for efficient preparation of production teams, reporting, software management and services optimisation
18 www.geant.org
Core team – catalyst between Service Managers
• Monitoring Policy (done)
• Backup and archiving policy (draft done, GDPR?)
• Resource Inventory (planned)
• Central monitoring solution (POC & Beta)
• Central Backup and archiving solution (planned)
• Prepare the operational environment for new services (planned)
• Consolidated HSM requirements (drafting)
19 www.geant.org
Central monitoring solution (POC & Beta)
• POC in progress, analysis of each service specific requirements• First test services have been selected• Demo in ~Q3-2018
20 www.geant.org
TCS - Trusted Certificate Service
TCS takes advantage of a bulk purchasing arrangement whereby participating national research and education networking organisations (NRENs) may issue close to unlimited numbers of certificates provided by a commercial CA at a significantly reduced price.
• The five main types of certificates available are:
• SSL certificates – for authenticating servers and establishing secure sessions with end clients.
• Grid certificates – for authenticating Grid hosts and services (IGTF compliant).
• Client certificates – for identifying individual users and securing email communications.
• Code signing certificates – for authenticating software distributed over the internet.
• Document signing certificates – for authenticating documents from Adobe PDF, Microsoft Office, OpenOffice, and LibreOffice.
21 www.geant.org
Sonja Filiposka
Part of the GÉANT projects
since 2013
GN3+
• JRA1-T2 – Network Architectures for Cloud Services
• JRA2-T2 – Network as a Service
GN4-1
• JRA1-T2 – Cloud aware networking architecture and design patterns
•NA3-T3 GreenICT
GN4-2
• JRA2-T2 – Service Provider Architecture
22 www.geant.org
• consolidated connection services
CCS
• service provider architecture
SPA
• GEANT testbed service
GTS
• performance monitoring and verification
PMV
• network management as a service
NMaaS
• firewall on demand
FoD
GN4-2 JRA2 Network Services Development
23 www.geant.org
• Cloud service delivery networks
• GÉANT’s Open Cloud eXchange (gOCX) • architecture solution to run data intensive real-time cloud
applications on top of GÉANT to address the growing demand for cloud services within the R&E environment
Research and Innovation
24 www.geant.org
Research and Innovation cont.
• Zero-touch provisioning• User-controlled automated orchestration and management
25 www.geant.org
26 www.geant.org
Research and Innovation cont.
• Service provider architecture• Customer-centric OSS/BSS based on
• TMF standards
• Interoperability
• Microservices
• Pluggable components
• Business process engine
• System-wide orchestration
Sel f - ser vi ce por t al
ESB
R & S
I nvent or y
Act i vat i on
( T1)
Moni t or i ng
( T4)Faul t s
Net wor k
CRM Or der i ng Cat al ogue Pr obl ems
TMF API
BP
M
27 www.geant.org
28 www.geant.org
Publications
• 1 whitepaper
• 2 demos – Supercomputing and TNC
• 2 posters
• 3 conference papers
GN3+
• 2 demos – Supercomputing and TNC
• 1 poster
• 2 conference papers
GN4-1
• 2 demos – SIG-PMV and TNC
• 2 conference papers
• 1 pilot implementation
GN4-2
29 www.geant.org
Challenges and Opportunities
Highly interactive environment
New friends and colleagues
Different perspectives and knowledge sharing
Training opportunities
• Management
• Software development
• Certification for standards (i.e. ITIL/TMF)
Dynamic teams Cultural diversity
30 www.geant.org
Thank you
www.geant.org
Any questions?
© GÉANT Association on behalf of the GN4 Phase 2 project (GN4-2).The research leading to these results has received funding fromthe European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 731122 (GN4-2).