Tokai Academic Cloud
advertisement
Tokai Academic Cloud: An Experimental Intra And Interinstitutional Cloud Infrastructure among National Universities in The Tokai Region of Japan Shoji Kajita, Ph.D IT Planning Office, Institute for Information Management and Communication Academic Center for Computing and Media Studies Kyoto University Nagoya Kyoto University • One of the seven key national universities in Japan • About 10,000 5,000 faculty, researcher & admin. staff • About 16,000 23,000 under-graduate & graduate students Kyoto Osaka Nagoya Tokai Area = Central Part of Japan 500km Tokyo Tokai Academic Cloud Consortium A Virtual Consortium Among Six ITCs in National Universities Nagoya Institute of Technology Gifu University Nagoya University Shizuoka University Mie University Toyohashi Institute of Technology ※ Google Map http://maps.google.com Contributions to ICA Community 1. Describe the current experiences of Tokai Academic Cloud under development 2. Propose a proxy type of Federated Shibboleth Authentication Handler for Identity Management of Consortium Cloud 3. Present our current activities on the use of VCL for teaching and learning at Nagoya U Emphasizing cultural aspects on implementing intra and inter-institutional cloud infrastructure from the view of Japanese H.E. Tokai Academic Cloud Challenges for Higher Educational Institutions • Severe Competition among H.E. institutions in the world – Due to the globalization of economics supported by Information and Communication Technologies • Severe Budget Cuts – Due to the economic downturn caused by the world’s economic crisis of 2008 Each institution must strengthen its organizational power with clear foresight and strategic visions “Academic Cloud” • We need to develop ``Academic Cloud'' as cloud computing of the academia, by the academia and for the academia • The aim is to fulfill diverse needs from constituencies and to accommodate the complexity of academic and administrative computing requirements with affordable costs Academic Cloud Environment Green IT デー タ A Cloud-type Academic Services on Widely Distributed and Virtualized Information Service Platform Z B Disaster Recovery J C P X Higher TCO J C A C Z B C A Z P デー タ B T R X Univ Portal B IT HR Develoment Z B Y Univ Portal J C Distributed Computing Resources X Z J Z E K A J J X P A P Higher Security X J R デー タ T E K デー タ Z B Z C Higher Privacy A K X Z B デー タ Research Theme C X X P P Z Nagoya Univ Portal Z R K T P A E Users in Y University Users in X University Users in Nagoya University Collaborative Academic Service Platform to proved wide range services from HPC to Teaching and Learning 8 on Large-scale Virtualized Computing Resources Tokai Academic Cloud Consortium A Virtual Consortium Among Six ITCs in National Universities • June, 2009 – Having a meeting with the directors (or the delegation) from each ITC • Nagoya Institute of Technology Gifu University Nagoya University – Slected as a research project in the grant program of Joint Usage/Research Center for Interdisciplinary Large-scale Information Infrastructure – PI: The Director of Nagoya Institute of Technology – Center: Nagoya U Shizuoka University Mie University Toyohashi Institute of Technology ※ Google Map http://maps.google.com October, 2009 • September, 2009 – IBM Shared University Award • April, 2010 – Grant-in-Aid for Scientific Research for 3 Yrs. (200K US$) Background Started as a Research • Most of national universities in Japan, a lot of faculty in IT Center have been getting involved in these operational issues • Operation itself is the matter of Cloud Computing • Best practices are still unclear and research issues must be there Tokai Academic Cloud Architecture Vision Tokai Academic Cloud Consortium Portal Calendar Service Student Information Service …. Course Management Service Virtual Computing Laboratory ePortfolio Service Data & Storage Infrastructure Consortium Cloud Challenges on Inter-Cloud (1) Operation Coordination (2) Data Coordination (3) Automation Authentication Infrastructure YYYY University XXX University Shizuoka University Gifu University Mie University Toyohashi Institute of Technology Nagoya Institute of Technology Nagoya University Private Cloud 11 Three Tier Architecture based on Open Source Products Software-as-a-Service (SaaS) Service A Service Z Service B Middleware Infrastructure Platform-as-a-Service (PaaS) Computing Infrastructure Infrastructure-as-aService (IaaS) Institutional Private Cloud Consortium Cloud Data Storage Infrastructure Public Cloud Tokai Academic IaaS 2TB 2001:DF:…./48 Nagoya University Campus Network SINET L2-VPN YAMAHA RTX1200 Gakuzoh Osaka 133.6.47.253 YAMAHA RTX1200 mysql spider2 DNS DNS spider1 VCL Front-end Gakuzoh Kyoto LAN2: 133.6.47/24 TAG 451 Gakuzoh Nagoya VMWare ESX VMWare ESXi VMWare ESXi VMWare ESXi LAN3: 192.168.80/24 LAN1: 192.168.70/24 2GB mem, 73GB HDD VMWare ESXi Gakuzoh Kyushu 192.168.70.253 VMWare ESX IBM x3350 VMWare ESXi Gakuzoh Hokkaido IBM BladeCenter E HS22 x 5 16GB mem 146GB HDD Service Mgmt Network LAN4: 10.0.70/22 VMWare ESX VMWare ESX VMWare ESX VMWare ESX VMWare ESX VMWare ESXi Gbit Hub MGMT1 MGMT3 IBM BladeCenter E HS22 x 12 IBM BladeCenter E HS21/22 x 14 16GB mem 146GB HDD 16GB mem 146GB HDD Gbit Hub 2TB+20TB VMWare ESXi VMWare ESXi VMWare ESXi VMWare ESXi VMWare ESXi VMWare ESXi VMWare ESXi Campus Network Nagoya University NAREGI Computation Nodes Fujitsu HX600× 16 Fujitsu PRIMERGY RX200 ×6 Tokai IPv6 Academic Network Tokai Academic Portal Tokai Academic Calendar Tokai VCL +100 Concurrent Uses Available Potentially on About 30 IBM BladeCenters (2) Identity Management within Consortium Cloud Tokai Academic Cloud Authentication Infrastructure Tokai Academic Portal uPortal4 Enable SSO for Services within Consortium Cloud CAS Server CAS App1 CAS App2 CAS App3 CAS App4 CAS App5 Tokai LDAP NU Shib NITech Shib CAS App6 For orphan users XXX Shib For institutional users Three Main Reasons 1. CAS is better than Shibboleth within organization – Various services provided through Consortium Cloud require fine-grained authentication and authorization rather than application container delegated authentication 2. LDAP authentication is not allowed for outside services (Shibboleth Authentication only) – Strict security policy in Japanese institutions 3. VCL cannot use other authentication method (Shib and LDAP) when using CAS FederatedShibbolethAuthenticationHandler as A Proxy Authentication org.jasig.cas.authentication.AuthenticationManagerImpl.authenticationHandler PW Authentication Authentication Request Public Key (X.509) Federated Shib Authentication Attribute Processing Result Person Attribute Group Service LDAP Person Directory Service RDB MS 20 Its Implementation Access 200 (OK) 300 (NG) ID Password A Shib SP Protected by Nagoya U Shib 300 (OK) ID Password Nagoya U Shib IdP • Still under development • Could be an issue against security policy because it may create a man-in-the-middle security hole (3) Current Activities on Use of VCL for Teaching and Learning at Nagoya University Tokai VCL +100 Concurrent Uses Available Potentially on About 30 IBM BladeCenters Nagoya University VCL Pilot • Currently, five professors have been investigating the use in 2012 semesters: – Mathematics (Mathematica on Linux) – Signal Processing (Scilab on Linux) – Image Processing (Scilab and OpenCV on Linux) – Bio Informatics (PyMOL and Yasara on Linux) – Media Literacy (OpenCast on Linux) • See Paper for detailed background and scenarios PyMOL on Ubuntu Cultural Aspects on Pilot 1. A Very Small Pilot – Again, due to the lack of operation staff and budgets 2. Use of Linux only – A strong opposition to enter Campus Agreement for dominant OS product 3. Use of Open Source and Shareware-based Applications – Limit of Budget – Scalability In Summary Tokai Academic Cloud Consortium Portal Calendar Service Student Information Service …. Course Management Service Virtual Computing Laboratory ePortfolio Service (1) Architecture Vision based on OSS Data & Storage(2) Infrastructure IdM for Challenges on Inter-Cloud (1) Operation Coordination (2) Data Coordination (3) Automation AuthenticationConsortium Infrastructure Cloud YYYY University XXX University Shizuoka University Gifu University Mie University Toyohashi Institute of Technology Nagoya Institute of Technology Nagoya University (3) VCL as a private cloud at Nagoya U Consortium Cloud Private Cloud Efforts Continues on Tokai Academic Cloud! Japanese version of EDUCASE has established since February 2011 Alert Notification and Survivor Confirmation as a First Cloud Service by AXIES Cloud SIG Email Addresses (University B) Email Addresses (University A) Encrypted Encrypted Survivor Confirmation Survivor Confirmation Email Addresses (University C) Encrypted LDAP1 LDAP2 DB1 DB2 Survivor Confirmation Reporting Operation (University A) Survivor Confirmation Reporting Operation (University B) Operation (University C) Common Spec and Reference Implementation Lessons Learned Common Spec Common Spec AXIES Feedback Open Source Impl A Impl B Reference Impl. … Feedback System A Procurement Process Opened to All Venders System B Different Impl and System with the same spec システム システム System Customizable The same Impl and System among different institutions Survivor Confirmation at Higher Educational Institutions Survivor Confirmation Service Services Needs Diverse Communities faculty, staff, students and administrators, … A very good testbed to think about Academic Cloud Large Scale Message Notification and Confirmation Service Constituency Register Confirm Social Media Alias Institutional Systems Reachable Address Database Transmit Maintain Author Central ICT Organization Reliable Status Database Detect Social Media Report Stakeholders at Crisis Situation Crisis Situation Institutional Systems Co-Development and Co-Operation among AXIES Institutions AXIES Consortium Kyoto University WG Membership Finance Mgmt Private A University WG Membership Private B University National X University Copyright Mgmt National Y University Public C University System Requirements Co-operation among member institutions Non-member Implement Maintenance Hosting Service Incetance LDAP DB Kyoto University
