cloud-access

Author: Riccardo Bruno <riccardo.bruno@ct.infn.it>

cloud-access flow

web portal

A user accesses through any device to a portal requesting access to an interactive application hosted by a Grid/Cloud node.

Then a long polling request waits until the resource will be available

cloud-access flow

App/Protocol

ca_server

web portal

The web portal informs the ca_server about the requested resource

The ca_server maintains a registry containing information about the any requested resource as well as how to access the remote resource once available

Registry

The long-polling(*) request waits until remote access credentials to VNC, SSH and RDP protocols will be available, quering the ca_server

(*) The long-polling consists of an ajax query to the ca_server

cloud-access flow

nth resource pool

App/Protocol

1st resource pool

ca_server

ca_clientca_client

The pool is made by different interactive applications accessible via: SSH,VNC ,RDP

web portal

Under ca_server, one or more ca_clients are always polling for incoming requests

cloud-access flow

ith resource pool

App/Protocol: IP, Port,Usr/Pwd/WkG

ca_server

ca_client

web portal

The ca_client recognizes it can satisfy the request, then it will allocate the resource and update the registry with the necessary access credentialsOther information will be saved such as resource expiration date-time, etc.The instantiating procedure may foresees an I/O sandboxing between user files on the portal and the pool account

Host: xxx.xxx.xxx.xxxPort: yyyyUser: zzzzzPass: xYef6….

cloud-access flow

ith resource pool

proto://user:pass@host

Global Registry

ca_server

ca_client

web portal

The long polling(*) procedure detects the resource availability and configures the Guacamole to access the given credentials. Guacamole will provide an access URL that points to the resource

Guacamole’ noauth-XML

Access URL

(*) The long-polling consists of an ajax query to the ca_server

ith resource pool

cloud-access flow

Expires at: <YYYYMMDDHHmmss>

Global Registry

ca_server

ca_client

web portal

Web portal and Pool’ policies regulates the resource availability.

Access URL

ith resource pool

cloud-access flow

Expires at: <YYYYMMDDHHmmss>

Global Registry

ca_server

ca_client

web portal

ca_server checks for resource validity and updates the registry accordingly

ca_client releases expired resources

Access URL

Tech. Details

• ca_server:• Daemon procedure that provides a RESTful API to maintain remote access

resource requests. This daemon is targeted by both the cloud access portlet and the caclient which manages the resource pool

• It is python code requiring: tornado and MySQLdb• ca_client

• Daemon procedure executing on a remote server providing:• Dynamic allocation of VNC/RDP/SSG connection pools• The script periodically does:

• check for new access requests• applies the site resource policies deallocating expired resource

• It is a python code which does not require special libraries to run• Guacamole

• Clientless remote desktop gateway; supports standards such as VNC,RDP and SSH. The software is installable as a java web application (WAR)

• cloud_access-portlet• To be installed on the portal will manages the user requests and provides the

access URL when available. Portlet 2.0 Java code.

ith resource pool

Use cases/examples (1/3) – WRF

Global Registry

ca_server

ca_client

web portal

WRF community needs a command line interface to manage their simulationsca_client installed on top of a WRF server manages different user accounts.Cloud instantiated WRF servers may be created on-demand or escalated to new cloud nodes when the pool accounts are saturated

Access URL

The Weather Research and Forecasting (WRF) modeling system is a widely used meso-scale numerical weather prediction system designed to serve both atmospheric

research and operational forecasting needs. WRF has a large worldwide community counting more than 20,000 users in 130 countries and it has been specifically designed

to be the state-of-the-art atmospheric simulation system being portable and running efficiently on available parallel computing platforms.

ith resource pool

Use cases/examples (2/3) – MitoTool

Global Registry

ca_server

ca_client

web portal

MitoTool stand-alone application is accessibile through an X-window user interface.

Access URL

MitoTool, provides both a web-based and a stand-alone bioinformatics platform, providing a convenient, user-friendly interface for handling human mtDNA sequence data. It contains multiple modules which cover a wide array of functions.

ith resource pool

Use cases/examples (3/3) – Console UIs

Global Registry

ca_server

ca_client

web portal

Console based UIs are still useful for development environments, to manage PaaS services, Grid user interfaces, etc.

Access URL