tf-storage overview storage/cloud use cases ‚golden’ nren’s’ version of cloud storage...
TRANSCRIPT
TF-Storage overview Storage/Cloud use cases
Maciej Brzeźniak, Peter Szegedi
TF-Storage<->TF-EMC2 joint session Zurich, Feb 11th, 2014
TF-Storage overview
Source: WikiMedia
http://commons.wikimedia.org/wiki/File:Modern_warehouse_with_pallet_rack_storage_system.jpg
• Group participants and focus:
– NRENs • Provide storage resources/services for:
– Typical NREN services: VoD, email, backup
– Universities, schools, public institutions, libraries
– R&D projects, (inter)national collaborations
– Grid computing/Storage, datacenter/HPC computing
• Develop storage technologies and solutions – Applications: FileSender… etc.
– Distributed storage/computation systems, e.g.:
» GRNET: Okeanos/Synefo,
» PSNC: National Data Storage
• Use and integrate technology
• Build private and broker public storage and IaaS clouds
– Researchers, developers of storage and cloud solutions
– Industry: hardware makers, software companies
TF-Storage overview
• Meetings – see map:
• Participants:
– NRENs
– Companies incl.
• SNIA,
• Google, Amazon
• Cisco, IBM, NetApp, DDN, EMC…
• ownCloud, PowerFolder, SpiderOak…
• T-Systems,
– Academia, research & projects: • FORTH, NTUA, UvA, KTH, UoO
• CERN, STFC
• EUDAT, JIVE, Unhosted…
– More: • http://www.terena.org/activities/tf-storage/meetings/contributors.html
Some facts: meetings and contributors
TF-Storage aims
1. Forum for gathering expertise, exchanging and promoting ideas, experience and knowledge related to next generation/augmented data storage technology, delivery models and services:
a. Technology watch for commercial and open source storage technologies including data centre, clustered and distributed storage systems and solutions;
b. Overview of (national) storage activities and deployments: gathering and publishing (on the wiki and possibly in blogs) the information on projects, activities and deployments of storage systems and services
2. Technical support for the NRENs’ initiatives related to storage infrastructure and services (IaaS):
a. Evaluation, testing and … development of … data storage and mgmt systems following the Infrastructure as a Service (IaaS) delivery model
b. Collecting and publishing cook-books and best-practices documents on storage system evaluation and tendering procedures. Liaison with commercials.
TF-Storage ToR (1)
3. Security and trust in storage systems: legal and technical implications of directives, laws and security best-practices:
a. Liaising with TF-EMC2 on access federations for storage services;
b. Addressing the in-depth security models in cloud storage systems. Liaise with TF-CSIRT;
c. Considering the legal implications of EU directives and national laws and recommendations provided by security … organisations (ENISA, NIST) related to privacy and trust, data handling, transfer, operations in the context of storage services.
TF-Storage ToR (2)
• Federating/building storage services: – Good storage services should deal with security
– Security should not kill usability…
• We are still learning how to manage users – Puzzled with many options and their real status:
• Shibboleth, SAML
• OpenId…
• Moonshot (RADIUS-based), Consec (Contrail’s)…
• Web-world vs Non-Web World
• Server / administrator-side magic vs client-sde tools
• Knowledge transfer would be usefull!
Challenges / aims
• Problem:
– How to let users easily authN/authZ against SSHd
• Easy means: no X.509-derived keys! (conversion, tools…) Can this be federated? How?
• Interactive login vs ‚robot’ login
• Applications:
– SSH access to virtual machines
• Geant3plus SA2 testbeds
• IaaS offerings of NRENs
– SFTP access to storage with support for FedId:
• e.g. National Data Storage in Poland: – Windows virtual disk to be run as a service (auto-mount)
– CryptoFS to be auto-mounted from fstab
Use case 1 – SSH access
• Problem:
– Profile services for the users based on attrs
• Different features available to admins / regular users
• Various data mgmt policies for different user groups
• Applications:
– Fed. access to OpenStack Compute dashboard
• Admins can manage resource pools
• Regular users may use resources within a pool
– Profiling data replication in ‚some storage system’
• Replication scheme to assures data locality
• Integrity control algorithm strength differs depending on the ‚importance’ of the project
Use case 2 – intelligent data mgmt
• Problem: – I want my service to look professional
… and to be secure • AuthN through Internet (web browser) + phone or ‚token’
• Phone with and without data plan
– … while I don’t want to deal with X.509 certs
• Applications: – Interactive (web-based?) access
to ‚golden’ NREN’s’ version of cloud storage
– Access to critical data resources through non-trusted channels (e.g. Internet cafe)
Use case 3 – 2-factor authN
• Problem: – I assume my storage service will be accessed using certs
– Perhaps it runs client-side encryption
– Q: is it good to place certs + keys on tokens or Smart Cards?
– Q: what if we use national identity cards for AuthN? … and derive / protect keys from that?
• Applications: – Secure (however inconvenient) access to critical data
– Admin access to OpenStack Dashboard?
Use case 4 – enterprise-level authN?
Other use cases…
How we can implement knowledge transfer?
• Another common session?
• AAI-related workshop / presentation during next TF-Storage?
• E.g. focused on Moonshot?
• Storage-related talk on the next TF-EMC2?