Monday, April 15 • 11:50am - 12:30pm
Contrail Project: Federation and its Security aspects

Sign up or log in to save this to your schedule and see who's attending!

Contrail (http://contrail-project.eu) is a running FP7 EU research project. The main achievement of the project will be a tightly integrated software stack in open source including a comprehensive set of system, runtime and high level services providing standardized interfaces for supporting cooperation and resource sharing over Cloud federations. The main contribution of CONTRAIL is an integrated approach to virtualization, offering Infrastructure-as-a-Service, services for IaaS Cloud Federation, and Platform-as-a- Service. It aims at equalling current commercial Clouds, and surpassing them in a number of selected key domains to facilitate industrial up-take of Federated Cloud computing.

We would like to present the current status of the project as well as expected final results, focusing on Cloud Federation and security aspects.

In the first part of the presentation, architecture of the Contrail software stack is given, with short introduction to each of the main components and their interaction/role in the overall picture. These include the description of: 

  • Federation Web, API, DB, components
  • Security services,
  • SLA Manager,
  • Provisioning Manager,
  • VIN,
  • VEP,
  • Monitoring & Accounting,
  • GAFS.

In the second part of the presentation a more detailed workflow of information is provided with the focus on the role and the benefits of the Federation. We will provide an overview how deployment documents (like SLA and OVF) are used, how providers are selected and SLA negotiation process is started. The deployment document is then pushed to the provider's layer where it is deployed to the reserved/free infrastructure. Last, we touch how the application is being monitored and how SLA violations are being handled.

In the last, third part, we focus on security issues that need to be solved when Cloud Federation is introduced. Our approach has been to make use of external components (such as an XACML implementation, SAML, OAuth and OpenID libraries), combined with components developed by the project when no external component is available. By maintaining modularity and loose coupling, we ensure maximal reusability of components, as well as leave the option to replace components. Together, these components form a framework for federated identity management and delegation framework in federated environment. We are promoting the reuse of this framework with other projects, as well as the reuse of individual components. Broadly, the security components in Contrail consist of: federation database provided through federation API, identity provider and attribute authority, CA Server, OAuth components, Virtual Infrastructure Network’s certificate agency, and Usage Control Authorization Service.

During the presentation we will also focus on technical problems we encountered during the development, such as the integration of the developed components, and remaining technical open issues yet to be solved, e.g. aggregation of monitoring/accounting (big) data, and delegation process within Virtual Infrastructures Networks (Contrail’s SDN solution). 


avatar for Ales Cernivec

Ales Cernivec

developer and researcher, XLAB
Ales Cernivec received his B.Sc. degree in 2007 at the Faculty of Computer and Information Science, with title "Framework for Implementation of Distributed Algorithms in PlanetLab". In 2007 he joined XLAB research team and started with junior research programme at the Faculty of Computer... Read More →

Luka Zakrajsek

Luka Zakrajsek is a Computer Science student at Faculty of computer and information science at University of Ljubljana. In 2012 he graduated with honors from High School of Electrical and Computer Technologies in Ljubljana.From 2007 to 2009 he worked as a web developer at computer... Read More →

Monday April 15, 2013 11:50am - 12:30pm
A106 (Portland Convention Center) 777 NE Martin Luther King Jr Blvd Portland, OR 97232

Attendees (0)