Ready for cloud service delivery?

(1)

Networks · Services · People www.geant.org TF-MSP Berlin, 11 January

Status and next steps

Ready for

cloud service delivery?

GN4-1, SA7 Andres Steijaert

(2)

Which

services

are

- available

- incoming

Progress on specific components

Delivery approach

Network peerings

Tender

Progress in specific service areas

How will NRENs

deliver

these services (adoption)?

NREN collaboration on service delivery

Agenda & topics

(3)

Networks · Services · People www.geant.org 3

INTRODUCTION

(4)

Organisational, technical and financial structures in Research and Education institutions often don't map on the way cloud providers offer their services

GET IN

Assure data is handled safely and meets

European and national regulations

Acquire and use services through the

institutions’ structures:

• Affordable and predictable cost and

purchasing models

(prevent bill shock)

• Limit network traffic costs

and provide network integration

• Log in with institutional account

GET OUT

Be able to move data

(to another provider)

(5)

5

Meeting user needs

Cloud collaboration areas

COLLABORATION

SUITES COMMUNICATIONREALTIME

FILE STORAGE AND SYNC

INFRASTRUCTURE AS A

(6)

6

Suppliers

Several suppliers are explicitly mentioned by NRENs; that they either have an agreement with this provider or are interested in establishing an agreement. The vast majority is the latter, NRENs seeking a (framework) contract which establishes the right conditions of use. Suppliers named by multiple NRENs: - Amazon Web Services - BOX - Google Apps - Microsoft Azure and Office 365 - OwnCloud 39 19 ₁₇ 0 10 20 30 40 50 Infrastructure as a

Service File storage and backup Software as a Service, collaboration services and video conferencing

Most popular service types

Number of NRENs working in these areas

NRENs and clouds

GÉANT compendium 2015 data (draft) from NRENs in and outside of Europe

Most popular providers

as mentioned by NRENs

- Amazon Web Services

- BOX

- Google Apps

- Microsoft Azure and Office 365

- OwnCLoud

(7)

7

Service delivery

OUTSOURCED

CLOUDS

IN-HOUSE

CLOUDS

The NRENs and GÉANT

connect

demand and supply

Providers with right

capabilities

- Bring

choice

to the research and education

community

MAKE & BUY, COMMUNITY CLOUD & PUBLIC CLOUD (commercial) OFFERINGS

Added value from NRENs: TRUSTED ADVISORS, BROKERS, PROVIDERS

(8)

Involved with clouds 69% Not involved with clouds 31% NREN cloud involvement

NRENs and clouds

GÉANT compendium 2015 data (draft) from NRENs in and outside of Europe

Hybrid approach

13 NRENs have adopted a hybrid cloud strategy and are both building and brokering clouds.

(9)

9

NRENs cloud approach, clusters of compatible data

GÉANT compendium 2015 data (draft)

build NRENs which (have plans to) offer cloud services not obtained through a vendor, are marked orange

broker NRENs which (have plans to) broker agreements with cloud service providers, are labeled blue

(10)

• NRENs deliver to

institutions.

NRENs are the visible

‘brands’ in their respective

countries.

• GÉANT supports the

NRENs to be successful,

with an underlying

delivery framework

(building blocks for the

NRENs to use).

Our collaborative approach

(11)

11

Our collaborative approach

Joint NREN efforts, to enable and facilitate the European Research and Education

community

to use online services on a large scale,

with the right conditions

1. NRENs use

‘

one voice

’,

GÉANT, towards providers (both commercial and from communtity)

resulting in agreements and connections to our infrastructure

2. for NRENs to adopt and deliver

locally

,

3. to institutions, for

consumption

GÉANT INSTITUTE _Z INSTITUTE Y 1 2 3 NATIONAL LEVEL PAN-EUROPEAN LEVEL

(12)

Cloud services status

Listed in Cloud Catalogue

Stating capabilities

Educational discount /

preferential pricing

For use below tender thresholds

Framework agreements

Results of a pan-European tender / tender compliant

16 providers listed

Cloud Suppliers in the Catalogue

C O D E 4 2

IaaS tender, over 30 providers interested.

Ready in July 2016

OwnCloud available

(13)

Networks · Services · People www.geant.org USER NEEDS TERMS & CONDITIONS BROKERAGE & PROCUREMENT CLOUD MANAGEMENT & BILLING ADOPTION FEDERATED IDENTITY MANAGEMENT & SINGLE SIGN-ON NETWORK PEERINGS

(14)

NETWORK

(15)

Networks · Services · People www.geant.org

By establishing network peerings with cloud service

providers, GÉANT and the NRENs:

• deliver a

high quality service

in terms of

performance, security and end-to-end service

assurance.

• make it possible to

minimize or remove the data

transport related costs

, which cloud providers

currently charge our community.

These data ingress and egress charges are a barrier to

the adoption of cloud services by institutions. By

directly peering, no commercial network routes need

to be used, removing the need for providers to

charge transport costs.

The GÉANT Board approved the launch of the GÉANT

cloud service peering ‘opt in’ trial.

15

Network peerings with cloud providers

(16)

Already existing cloud network peerings

• Providers that are part of Helix Nebula (CloudSigma, ATOS, Interoute, T-systems).

• IaaS providers are connected in response to CERN’s recent IaaS tender.

Upcoming new peering

• Peer with Microsoft for Azure and Office 365.

It is expected there will be more requests for peerings

• Amazon Web Services (AWS).

• Outcomes of SA7 IaaS tender.

• Providers listed in the GÉANT Cloud catalogue are all candidates for future

connections to GÉANT:

https://catalogue.clouds.geant.net/

.

• The HNiSCiCloud project, led by CERN with a number of research laboratories

participating, will launch in 2016 and will require connectivity to even more

cloud providers.

• It is expected that the EC’s Open Science Cloud initiative will require

connections to cloud service providers.

(17)

A - NREN scenario Cloud service provider connects to the NREN in the country or countries it is located in. The NREN(s) will take responsibility to give other NRENs access to this provider, via GÉANT, via: • IP transit to GÉANT. • A L2/p2p circuit connection to a GÉANT PoP or GÉANT Open exchange. • A L2 circuit to an open exchange where an IP peering with GÉANT can be established. NREN recovers from the cloud service provider, the costs involved in providing connectivity to GÉANT. B - GÉANT PoP scenario Cloud service providers connect directly to a GÉANT PoP or GÉANT Open exchange in the following cases: • When the ToR of the NREN does not allow transit to GÉANT, or when the NREN has no means of recovering costs from the provider, the NREN can agree to this scenario. • At least 3 NRENs who will be using the cloud service provider, explicitly request a direct connection to GÉANT. The cloud service provider is responsible for the connectivity to the most suitable GÉANT PoP. C - Open Exchanges Cloud service providers connect at an Open Exchange Transit between cloud service providers via GÉANT for their sole benefit will not be allowed. 17

Peering models

(18)

GÉANT

Contractual

Agreement

For cloud

network peering

Establishing the connection: contract

(19)

GÉANT Institutes Institutes Institutes

Technical

implementation

Establishing the connection: technical implementation

(20)

Institute NREN Microsoft Azure or Office 365

NRENs use

ExpressRoute

Management

Interface to set-up

the connections

Using the connection: Microsoft ExpressRoutes

Secure, dedicated private connections: Layer 2 or managed Layer 3.

(21)

IaaS

(22)

IaaS tender

Legal basis for joint NREN procurement activity

EC Procurement Directive (2014/24/EU)

New Directive sets out key provisions; key to the success of the planned GEANT IaaS tender and Frameworks: • Framework Agreement use • Cross-border procurements • Centralised Purchasing Bodies

Member State Procurement Legislation

To be implemented by Member States no later than 18th April 16

(23)

IaaS tender

Timeline

Te

nd

er

is

su

ed

Fi

na

l B

id

s

Co

nt

ra

ct

s a

w

ar

de

d

Oct

15 Nov

15 Dec

15 Jan

16 Feb

16 Mar

16 Apr

16 May

16 Jun

16 Market engagement

(24)

PAN-EUROPEAN LEVEL GÉANT runs the tender and establishes framework agreements with suitable IaaS providers. The tender does not have a ‘winner takes all’ approach, but instead, involves framework agreements with all IaaS providers who qualify as a result of this tender. This will allow NRENs and their connected institutions the flexibility to choose the services that best fit NRENs’ needs and the needs of their users. NATIONAL LEVEL NRENs adopt the frameworks and act in one of the following roles:

Referrer Reseller Underwriter

An NREN will act as intermediary by making

the Framework

Agreements available in its respective country and

facilitating connected

institutions to buy from Providers. (Direct delivery model)

Expanding the Referrer role, an NREN is also involved in the contracting and billing of (some of) its Institutions’ service orders.

An NREN makes purchases from Providers (on behalf of its connected institutions) and distributes the acquired resources across its community (institutions and end-users). Institutions consume the service facilitated by their NREN, without the need to run a tender themselves. Depending on the role of their NREN (referrer, reseller, underwriter) an institution can, at its discretion: Directly procure and use the IaaS services from the Providers Procure and use the IaaS

services through its NREN. Use the IaaS services made available through its NREN Run a mini competition amongst all capable providers granted

a framework agreement, in accordance with the instructions

Commission / cost recovery fee for the NRENs

(25)

One NREN conducts tender

Other NRENs are listed (if they want to) and can benefit; adopt the outcomes.

First cases

• Jisc, software for secure document management for board meetings

• SURFnet, cloud management portal

25

Other tender opportunities

(26)

• Computing and Storage IaaS • Developed by GRNET, 100% Open Source • Compatible with OpenStack • Aim: Simplicity and Getting Things Done • In production for several years • Also adopted outside GRNET in Europe, US, Asia, … • Integrated with eduGAIN

• Making

~okeanos available to GN4 project

http://okeanos.grnet.grand http://okeanos-global.grnet.gr

~okeanos

(27)

Networks · Services · People www.geant.org • Most popular Open Source cloud software and API • Several NRENs are interested in offering cloud services using OpenStack • A group has been set up to share knowledge and experience • OSO: OpenStack Operators • Mailing list and bi-weekly chats http://www.openstack.org 27

OpenStack

(28)

FILE STORAGE

(29)

• Open Source file sync and share provider

• Popular choice for on-premises online file storage

• TERENA negotiated favoured pricing for members

• Several NRENs incorporate ownCloud

into the services offered to their members and

users

• OpenCloudMesh: allow file sharing between different ownCloud installations; to-date 14

organisations have signed up to participate

• Federated cloud sharing aims at an interconnected mesh of research clouds

http://owncloud.org https://owncloud.com/lp/opencloudmesh/

29

ownCloud

(30)

SA7 is discussing educational pricing and conditions with four file storage providers:

• BOX

• Code42 (CrashPlan, SharePlan)

• Dropbox

• Zettabox

All of these providers are listed in the GÉANT Cloud Catalogue.

BOX, use in GN4 project?

File storage

(sync & share)

C O D E 4 2

(31)

WEB CONFERENCING

(32)

• Multi-party video conferencing developed by RENATER • Powered by jitsi.org • Simple to use • No plugins or downloads (uses WebRTC) • Open Source • Very resource efficient (thousands of conferences on single server) • Deploy videobridges on the GEANT network • Orchestrate updates • Deploy monitoring and discovery services http://rendez-vouz.renater.fr

rendez-vous

(33)

CLOUD MANAGEMENT

(34)

• Many NRENs have adopted a

hybrid cloud strategy,

offering a mix of community cloud (built and operated within R&E)

and commercial (public cloud) offerings.

• These services have different interfaces, pricing models, reporting and billing

mechanisms.

A new layer is required to abstract the underlying complexity and to manage these

different systems and resources.

• SA7 facilitates joint efforts by the NRENs in this area, including engagement with

providers that can deliver these cloud management portal capabilities.

• Opportunity: SURFnet procurement – offer to list other NRENs

(35)

Cloud Management - Institution Requirements

Single University Scenario – 30,000 students, significant cloud adaption

• hundreds of end users of cloud accounts – IT admin, Researchers, Lecturers, Students

with many different use cases

• Tens of departments / budget holders

• Tens of IAAS cloud accounts

• Multiple IAAS services

IT Department (service owner) Requirements :

• How can I ensure users access to services is appropriate and report on usage –

compliance /governance

• How do I allocate IaaS service usage to budgets ?

• How do I manage invoices e.g. consolidated billing

(36)

Cloud Management – Institution Requirements

Billing / Management

• Cloud account management – creating, allocating to budget holders

• User management – enabling, controlling, reporting access to cloud accounts

• Allocating users to cloud accounts i.e. enabling access

• Allocating cloud accounts to budget holders

• Consolidate billing - managing & tracking POs & invoices

• Cost management – quotas

• Export / integration potential to external billing systems ?

• Functionality

(37)