CERN (European Organization for Nuclear Research) has contributed code to the latest OpenStack release called Icehouse.
Written for federation of identities, it eases the process of managing multi-cloud environments. Inclusion of CERN’s federation code in Icehouse enables OpenStack service providers to consume the code and build federated services on the OpenStack platform.
Identity federation, which was developed by CERN openlab fellow Marek Denis and other members of the OpenStack community, means a private cloud user can manage a multi-cloud environment using only their private cloud sign-in credentials. It’s an important update to both Icehouse and CERN, as it means taking advantage of compute resources in many different centers using a single set of log-in credentials for hybrid cloud.
CERN is a Rackspace cloud customer, relying on the company’s Open Hybrid Cloud to help it discover the origins of the universe. CERN has the largest research environment in the world, as it operates the Large Hadron Collider (LHC), which produces petabytes of data every day.
Rackspace and CERN openlab have been working together on a joint research and development project to federate OpenStack clouds and get them working better together. The CERN production cloud is now being used by 700 physicists for analyzing production data from the LHC recorded over the previous four years.
“People are getting resources in 15 minutes that used to a take a week or months to be delivered,” said CERN IT infrastructure manager Tim Bell. “Federation for CERN is a critical requirement looking forward.”
The LHC is a 27-kilometer ring 100 meters underground on the Franco-Swiss border used to collide beams of particles just below the speed of light. CERN examines these collisions, producing one petabyte of data a second to analyze.
The project is trying to find differences of matter and anti-matter and has contributed a lot to discovery of the Higgs boson.
The identity federation project was initially announced at the OpenStack summit in Hong Kong in November. Rackspace said it will continue to work with CERN openlab to further enhance federation capabilities.
The next steps will be working to enable security validation of the identity federation code with help of graduate students from the University of Texas at San Antonio, who are conducting important research around open cloud computing in academic environments. They will work on the development of clients to leverage the federation code in Icehouse, which is based on the SAML identity standard.
Additionally, work is planned within the image management service called Glance to leverage federation to allow images built in one OpenStack cloud to be imported into other clouds. This planned enhancement to the image service will enable a user of the CERN OpenStack cloud to spin up an image on its own private cloud and import that image into the Rackspace public cloud using only their CERN credentials (Rackspace will already know their identity due to the federation capabilities built into OpenStack).