SURFnet IaaS developments Federating commercial IaaS Photo: Paul Dekkers Paul Dekkers, June 27th 2012
SURFnet & cloud Taskforce cloud - Cloud landscape, strategy - Community cloud - Various vendors/operators Experience with own infrastructure, services, public cloud providers Where s the glue for our community Some institutions expect to phase out on-campus DC 2
the Cloud spectrum Traditional IT IaaS PaaS SaaS You manage Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking You manage Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking You manage Managed by vendor Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Managed by vendor Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Managed by vendor Microsoft 3
SURFnet & IaaS cloud Experiments with community IaaS, try use-cases, find enablers for community - SURFnet provided - Commercial operator Secure - Consider legal implications: European Economic Area Stimulate Green IT 4
Cloud deployment models Community Cloud: external part (optimal, made available) for specific usergroup 5
Community cloud drivers Demand for IaaS services Service improvement - Ease of use - Federated authentication (use moonshot even?) - No vendor lock-in Cost reduction efficiency, procurement Legal aspects Integration with network Emphasis on Green computing For full or hybrid use, disaster recovery, Customize to our community 6
SURFnet institutions and continuity This scared many in 2002: It s still a hot topic (How do we ensure continuity best?) 7
IaaS pilots Little commitment to use existing overcapacity (and legally complicated?) Pilot with institutions - in the Netherlands: - VMware vcloud director - Use platform from GreenQloud - Commercial cloud outside Netherlands (GreenQloud) - Different characteristics / use-cases - Focus on Green energy, cooling, equipment - Network aspects (inter domain, latency) 8
IaaS use-cases tested Failover primary website to Iceland for Royal Library, planned downtime, automated via GSLB Full website failover with replicated data for University of Groningen Integration of servers in campus network, Open University Integrate in curriculum, final report = results in a VM DNA Genome research @Inholland hogeschool Provide VMs to 160 CS students (deprovisioning anyone?) Use for various lab-work @SURFnet: ADFS, Sharepoint, filesender, secure texting, unhosted, mail-scanning, DNS, DNS traffic analysis, optic fiber network modeling... 9
Brokered model Institution A IaaS provider X Institution B IaaS Broker / Operator IaaS provider Y Institution C 10
Ease of use: authentication SAML authentication in GreenQloud (not just for SURFnet) Run GreenQloud instance in the Netherlands SAML in open source Use groups, VOs (unique to our community?) Integrate in SURFconext gadget Use existing tools (GreenQloud is Amazon compatible) 11
SAML authentication 12
GreenQloud, friendly portal 13
Integration with institution portal
Network integration Networking to commercial IaaS cloud - Via Netherlight, NORDUnet, - Use NREN-network capabilities (lightpaths) - Start machines behind own firewall? - Use NREN IP-space? Reduce networking cost Investigate latency impact
Influence on applications Applications run outside network, different firewall or behind own firewall Latency VLE? graph from Equinix 16
Green IT (1) Efficiency of cloud services (containers, pay-per-use stimulus) Power source / mix is important, not only about PUE Consider the GreenPeace report on Clouds 17
Green IT (2) GreenQloud s focus on Green (not just energy source) Use other countries strengths 18
Some countries get energy from water In NL, water costs energy better bring bits to the energy, than energy to bits?
http://bit.ly/gsr2010 figures for 2010 electro, not heating Proportion renewable 100% (70% hydro, 30% geo) (and cheap) 54% 62%
DC risk assessment Cushman & Wakefield research Energy security, bandwidth, tax, political stability, education, water,...
GreenQloud (report on energy)
European Economic Area Personal data must stay inside Iceland = OK Important for Dutch privacy law! so what about US suppliers
Conclusion Federated access lowers the barrier Setting an example - other IaaS providers - institutions - NRENs This is just a start... a lot do be done (eg. groups) Where is your DC in... years? 24
Questions? (Before you fly away...) Paul Dekkers. paul.dekkers[at]surfnet.nl