multi-tenant resource management for instruments, applications, and services (the evolution of...

Multi-tenant Resource Management for Instruments, Applications, and Services

(The evolution of infrastructure consortiums…)

Dean FlandersFMI / SystemsX

VAMP / FIM4R in HelsinkiSept. 30th, 2013

OverviewAbout SystemsXProblem / Proposed SolutionResource Management @ FMIMulti-Institutional / Community Resource Sharing ToolAzure AD Collaboration with MicrosoftSummary

Overview

Overview

We live in a brave new world...

Overview

Mission«SystemsX.ch is determined to become a world-leading initiative in quantitative Systems Biology.»SystemsX.ch is open to any Swiss university or research institution.http://www.systemsx.ch

About SystemsX

http://www.systemsx.ch/

http://www.systemsx.ch/

Some Numbers and Facts...

About SystemsX

1000 scientists200 research groups11 universities and research institutesWork together inter-disciplinarily

About SystemsX

Problem – Current FIM possibilities are not meeting the needs of researchers, and this problem becomes more critical as more pressure is given to share resources and to collaborate across disciplines, as well as with industry.Solution – A robust inter-institutional self-federation and rights management approach is needed. In this way all users and resource providers can easily participate in resource sharing and collaborations.

Obstacle

Problem / Proposed Solution

Enabling science/education as a service!

These are shared resources...


Why share resources in research?

Increasing complexity of the tools required to perform research puts more pressure on hardware and people resources.Increased competitive pressure forces greater efficiency.No one institution can house all of different types of resources their researchers need.Under utilization of resources.Lack of expertise to operate complex systems causes the need for better cooperation between institutions.


Lots of very basic problems are not easily solvable by current academic federations, e.g. existing institutional security groups cannot be easily seen within or across federations.Many challenges can also be faced with current academic federations, such as bringing in new federation members and new users can be difficult, heterogeneous national solutions.

Unmet needs of current federations


1000’s of Users 1000’s of Resources

Huge Collection of:Entitled users

& rights to use

Access rights&

Reservations

Researchers

Companies

Students

How to ensure that the right people will the right access?

Problem Analysis


Institutions’ Users

Individuals

synchronize

Self ServiceSocial ID

Active Directories User & ResourceCollection

Institutions’ Resources

Publish&

Provision

User group Formation Resource AllocationSelf Service

Projects&

Communities

Self ServiceResource Selection

Owners’ Approval or Automated allocation

ResearchNet

Man

agem

ent

Infra

stru

ctur

eU

sage

Log on with own ID Single Sign On

+

+

+

Leader Self Service

Δ

Δ

Δ

Overview

High Level Solution = IDMaaS / Rights Management


InstrumentsMeeting roomsClustersSample analysisSoftwareBikesEtc.

What resources do we have in mind?


Resource Sharing at the FMI...

Resource Management @ FMI

15

Resource Overview


Resource Request


Resource Assigment Interface


Reservation Request


(Results reviewed periodically to ensure correct use.)

Resource Review


(We have now also integrated this approach also into web based applications.)

Expert List


Misuse Reporting


Free for everyone (commercial and academic users)Cloud hostedMulti-institutional Multi-communityFully self-service (institutions, communities, research groups, users, providers)New resource types: app store, work orders, storeDesigned the system to facilitate national / international resource sharing.Designed the system to facilitate business development and startups, as well as large companies.

Essential for inter-institutional collaborations and resource sharing.

New Multi-tenant Cloud Version

Multi-Institutional / Community Resource Sharing

SystemDesign:

One common platform shared by participating institutions (there can be many of these shared platforms).Exposes resources across institutions and facilitate sharing of resources & expertise.Provides Controls to prevent misuse and insight to optimize usage.

It must be:Simple to use (we cannot train 1000’s of users) and appealing (users must love it!)Self-service driven (administrative interference would cause a new bureaucracy)Pervasive use (right to use encompasses access to resources or information, as well as reservations to use resources)No impediments to start using the platform (just get started)Integrated authentication (SSO to minimize helpdesk support)


Federation with ETH over Auth0 / Azure AD

ADFS (IdP)

Webapp / Instrument / Service (SP)

Auth0 / Azure AD

Claim RulesEngine

ADFS (IdP)

Social (IdP)

Resource Management


non-integrated

integratedInstitutional email verification

Enrollment


Resulting Claims for Integrated User

Scheduler


Applications


Services


Directories


Setting up a Resource Provider


Resource Rights Management


IDMaaS to provision SaaS on IaaS


Windows Azure Active Directory: The Vision

A modern, cloud based identity management service providing federation, directory services, device registration, user provisioning, application access control & data protection. A natural extension to your on premise directory, the combination of Windows Server AD and Windows Azure AD let’s you secure today’s hybrid enterprise.• On-premises and cloud Active Directory

managed as one• Consistent identities for on-prem and

cloud applications. • Easy user experience with single sign

on

Azure AD Collaboration with Microsoft

Keith Brintzenhofe - Group Program Manager | Windows Azure Active Directory Identity & Access Management

Windows Azure Active Directory and the Hybrid Enterprise - Today

Active Directory

AD DS , ADFS, FIM

Third Party Apps

Windows AzureActive Directory

Microsoft Apps

Identity Management Your Apps

On-premises andprivate cloud

Other apps HR sources

Other Directories

Self-Service

Microsoft Account



Identity & Access Management Scenarios

• Instant productivity with SaaS applications• Access from any device, anywhere• Connecting and collaborating with partners & customers• Rapidly develop and deploy new enterprise capabilities• Security monitoring and alerting for cloud services



It is free.We are all Microsoft customers anyway….Many institutions use AD already and Microsoft has a vision of “one AD” in terms of cloud and on-premise integration.Ready made integration into soon to be hundreds of existing cloud services.Multi-factor capabilities.Many possible federation partners.Azure is a robust multi-national infrastructure.

Azure AD Benefits

Azure AD Collaboration

Azure AD Testing Plan

Work within a collaborative team interested in investigating Azure AD as a possible part of the FIM puzzle.Map and test use cases. Define a roadmap with Microsoft which has an open flexible architecture for Azure AD usage.Define action items for Microsoft (e.g. improve SAML interoperability, tighter social identity integration).If you have ideas, issues, or complaints about Azure AD feel free to join the collaboration, .

Azure AD Collaboration

SummaryThe lack of good FIM solutions in academia is one of the biggest technical impediments to research and education currently.We need to take a Zendesk like approach to resource providers so they are empowered to share resources. FIM is crucial for this.We need to look at research groups as if they were their own small company, and stop focusing on the national and institutional level.There are simple approaches to federation that can be used to meet the needs of researchers and research communities.The self-federation concept is vital to an all inclusive federation necessary for research.A platform such as Azure AD can play an important role in an effort to improve FIM for research.

Summary

multi-tenant resource management for instruments, applications, and services (the evolution of...

Documents

shared resources

people resources

utilization of resources

users rights

research institution

different types of resources

research instituteswork

new users