Contrail (http://contrail-project.eu) is a running FP7 EU research project. The main achievement of the project will be a tightly integrated software stack in open source including a comprehensive set of system, runtime and high level services providing standardized interfaces for supporting cooperation and resource sharing over Cloud federations. The main contribution of CONTRAIL is an integrated approach to virtualization, offering Infrastructure-as-a-Service, services for IaaS Cloud Federation, and Platform-as-a- Service. It aims at equalling current commercial Clouds, and surpassing them in a number of selected key domains to facilitate industrial up-take of Federated Cloud computing.
We would like to present the current status of the project as well as expected final results, focusing on Cloud Federation and security aspects.
In the first part of the presentation, architecture of the Contrail software stack is given, with short introduction to each of the main components and their interaction/role in the overall picture. These include the description of:
In the second part of the presentation a more detailed workflow of information is provided with the focus on the role and the benefits of the Federation. We will provide an overview how deployment documents (like SLA and OVF) are used, how providers are selected and SLA negotiation process is started. The deployment document is then pushed to the provider's layer where it is deployed to the reserved/free infrastructure. Last, we touch how the application is being monitored and how SLA violations are being handled.
In the last, third part, we focus on security issues that need to be solved when Cloud Federation is introduced. Our approach has been to make use of external components (such as an XACML implementation, SAML, OAuth and OpenID libraries), combined with components developed by the project when no external component is available. By maintaining modularity and loose coupling, we ensure maximal reusability of components, as well as leave the option to replace components. Together, these components form a framework for federated identity management and delegation framework in federated environment. We are promoting the reuse of this framework with other projects, as well as the reuse of individual components. Broadly, the security components in Contrail consist of: federation database provided through federation API, identity provider and attribute authority, CA Server, OAuth components, Virtual Infrastructure Network’s certificate agency, and Usage Control Authorization Service.
During the presentation we will also focus on technical problems we encountered during the development, such as the integration of the developed components, and remaining technical open issues yet to be solved, e.g. aggregation of monitoring/accounting (big) data, and delegation process within Virtual Infrastructures Networks (Contrail’s SDN solution).