Process for joining to the FIWARE Lab
Download as PPTX, PDF0 likes1,078 views
The document outlines the process for joining a new node to the FIWARE Lab federation. It involves: 1. Deploying the necessary infrastructure which includes connecting to the GEANT backbone through the local NREN, procuring hardware, installing OpenStack cloud infrastructure, deploying necessary GEs and monitoring tools. 2. Integrating the cloud portal which allows federated management of FIWARE Lab platforms and requires creating accounts and connecting to the MD-VPN and Keystone Proxy. 3. Configuring the Keystone Proxy which provides access to the federated identity management and requires updating the catalogue service and configuring firewall policies. 4. Setting up the MD-VPN connectivity across nodes which provides privacy,
Process for joining to the FIWARE Lab
- 1. Process for joining Fernando López, Cloud Architect, TID fernando.lopezaguilar@telefonica.com, @flopezaguilar
- 2. Agenda • Geographical Partition • XIFI Federation Process • Deployment Steps • Cloud portal • Keystone Proxy • MD-VPN
- 3. FIWARE Lab Federation Process 3 • Manages the introduction of a new node in the FIWARE Lab federation, an important step of this phase is the deployment. • Deployment of a new node in FIWARE Lab stands before the node production phase. • In order to successfully finish the deployment of a new node, some constraints has to be satisfied: – Connection to GEANT (or P2P internet VPN as backup solution). – Hardware procurement. • The deployment ends when the FIWARE Lab node is on production (when a node in on production is not a new node anymore !) and is managed by FIWARE Lab support
- 4. Deployment Steps Deployment has been partitioned as follows: • Connectivity to FIWARE Lab Core Backbone: MD-VPN connectivity through the local NREN. • HW procurement: It means hardware procured and deployed with the base operating system. • Cloud Infrastructure Installation: this is basically the OpenStack installation (included in ITBox). • Cloud Management (GE): This step is inside ITBox, otherwise a manually installation of the needed GEs is required. • Monitoring: This step is inside ITBox, otherwise a manually installation of the needed Nagios plugins is required. • FIWARE Lab Joining: This is essentially the installation and configuration of the Keystone Proxy module. Note: Connectivity to FIWARE Lab backbone is mandatory for Monitoring and FIWARE Lab Joining but not for Cloud Installation and Management. 4
- 5. Cloud Portal - Integration • Provides the federation portal that allows to manage FIWARE Lab platforms in federated mode. • It requires to create user accounts on FIWARE Lab. – https://account.lab.fi-ware.org/ • Other requirements: – MD-VPN connectivity (firstly it could be connected without this functionality). – Keystone Proxy connectivity. – DCRM GE installed (otherwise a simple OpenStack installation should be enough). 5
- 6. Keystone Proxy - Integration • The keystone proxy provide the access to federation IdM. • Actually one instance of Keystone Proxy is running in the Spanish node. • Requirements – Update the catalogue service (impacts all nodes). – Configure the Firewall policies to allow communications with remote nodes. 6
- 7. Keystone Proxy - Integration • Impacts – Data on the local keystone (users, tenants, …) is unused. – VMs and their configuration remains but are not using the configuration parameters of the FIWARE Lab portal. – Horizon component should be stopped. It could be up and running but we encourage to stop it in order to prevent possible. 7
- 8. MD-VPN - Integration • Provides the federation connectivity across the nodes – Privacy – Security – Traffic Engineering on the backbone possible • MD-VPN is created on top of the NREN connection – Typically delivered on a VLAN – Dedicated VRF should be used – BGP is used to exchange routing across the nodes 8
- 9. MD-VPN - Integration • The setup must be discussed with local NRENs • Federation IP addressing plan – per node configuration available on public XiFi documents Deliverable 5.2 – must be implemented on the network in which all the federation related hosts are connected • It is possible to provide backup solutions based on P2P VPN. – important delay of deployment of the NREN – if the NREN do not provide MD-VPN service – the Infrastructure can’t get NREN connectivity 9
- 10. 10
- 11. Thanks!Thanks!