DFED1 - DiRAC

Cloud Road-testing for UKRI Workloads

Cloud Road-testing for UKRI Workloads

Objective

To explore how DiRAC could share its infrastructure with scientists from a wide range of UKRI funded activities, with a focus on those that cannot currently make use of DiRAC resources today.

Based on the above storyboards, how DiRAC could use the Scientific OpenStack digital assets to help reach users that are not currently well served by a shared Slurm cluster was explored.

Summary of work undertaken

Interviews were undertaken with a selection of key stakeholders from Astrophysics and Medical Sciences to understand themes around People, Dashboards, Data and Workflows.

Building on the storyboarding work and user interviews, two new Science Platforms were created and several usability improvements were made to the Azimuth Cloud Portal.

Outputs

By jamblay, 10 months4 months ago

Security Protocols

Security Protocols

Objective

To provide a design study for the necessary components of a Federated DiRAC Information Security Management process.

Summary of work undertaken

The design study was delivered through lessons learned at IRIS and other experience, and with the support of the STFC Distributed Research Trust and Security team acting in an advisory role. The design study included examples where trials could begin immediately. The areas for the study were;

Risk management
Security coordination at DiRAC site- and federation-level
Local and federated policy frameworks, learning directly from IRIS policy experience
Training and Documentation
Security Monitoring
Incident response and relationships with existing Security Teams including DiRAC site teams and the IRIS Computer Security Incident Response Team (CSIRT)
Security Procedures at DiRAC site- and federation-level Security Exercises and Penetration Testing

Outputs

Security Design Study – Final Report

By jamblay, 10 months4 months ago

IRIS-IAM (Authentication and Authorisation)

IRIS-IAM (Authentication and Authorisation)

Objective

To provide an infrastructure for authentication and authorisation which followed the AARC Blueprint Architecture model of a hub (implemented through IRIS-IAM) managing identities and user attributes.

Summary of work undertaken

This work related to identity and access management (IAM) and specifically to connect the IRIS proxy (IRIS Indigo IAM, or IRIS-IAM for short). A trial of a PAM module was run which enabled login to an ssh server using accounts from IRIS-IAM, with test results from Cambridge, Durham, and RAL.

Outputs

Use of IRIS-IAM for Authentication – Final Report

By jamblay, 10 months4 months ago

Open Stack Training

Open Stack Training

Objective

To produce a set of training materials which would assist those who operate or run a heterogeneous Cloud-Native Supercomputer architecture afforded by a Dev(Res) Ops Toolkit.

Summary of work undertaken

Provision of training materials for people who operate OpenStack. Feedback was collected and responded to from a range of stakeholders around this material. A subset of these was then used to provide a 3 hour intensive introduction to OpenStack for those looking to operate Scientific OpenStack. Positive feedback was received from the attendees. Materials were provided for those wanting to build platforms on OpenStack, particularly for those looking to build on the reference platforms provided by Scientific OpenStack.

Outputs

OpenStack 3hr Introduction for OpenStack Operators
OpenStack User training (e.g. a Platform Operator such as a Slurm Operator or JuypterHub Operator):
OpenStack Operator training

By jamblay, 10 months4 months ago