Coordination of Cooperative Cloud Computing Platforms Mathieu Lavallée Michel Mayrand Elisa Shahbazian Prepared by: OODA Technologies Inc. 4580 Circle Rd Montréal, QC H3W 1Y7 PWGSC Contract Number: W7707-145677/001/HAL Technical Authority: Anthony W. Isenor Contractor’s Publication Date: April 2017 The scientific or technical validity of this Contract Report is entirely the responsibility of the Contractor and the contents do not necessarily have the approval or endorsement of the Department of National Defence of Canada. Contract Report DRDC-RDDC-2017-C118 May 2017 Template in use: (2010) SR Advanced Template_EN (051115).dotm © Her Majesty the Queen in Right of Canada, as represented by the Minister of National Defence, 2017 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 2017 Coordination of Cooperative Cloud Computing Platforms B316<=:=573A Mathieu Lavall´ee Michel Mayrand Elisa Shahbazian Prepared By: OODA Technologies Inc. 4580 Circle Rd Montr´eal(Qc), H3W 1Y7 514.476.4773 Prepared For: Defence Research & Development Canada, Atlantic Research Centre 9 Grove Street, PO Box 1012 Dartmouth, NS B2Y 3Z7 902-426-3100 Scientific Authority: Anthony W. Isenor Contract Number: W7707-145677/001/HAL Call Up Number: 17 Project: Design, develop, manage, test and/or implement specific software or data source modules Report Delivery Date: April 7, 2017 The scientific or technical validity of this Contract Report is entirely the responsibility of the contractor and the contents do not necessarily have the approval or endorsement of Defence R&D Canada. This page is intentionally left blank. Executive Summary Cloud computing has infiltrated multiple aspects of technology solutions for industry as well as everyday life. It provides many benefits: fault tolerance to hardware failure, automatic update and backup, scalability, flexibility, accessibility, facilitation of collaboration, and many more. The cloud provides the resources to process real-time commercial/financial transactions, social network analysis, data mining and all kinds of algorithms which benefit from a large farm of processors or need to process a large quantity of data or both. The tools for managing/monitoring a cloud have evolved to a point that it is now possible for an individual to build his or her own cloud at home, thanks to state-of-the-art open-source software. Now, the new trend is to understand how to coordinate resources across multiple homogeneous or heterogeneous clouds and to create the stan- dards and the tools to achieve intercloud communication. In the context of a maritime operation regrouping a fleet where each ship has its own private cloud, the utility of intercloud communica- tion becomes obvious: automatic database exchange or merge, remote hardware resource sharing, redundancy, remote service providers, identity authentication, etc. The first part of this report addresses literature and tools review on cloud environments, their frameworks and the standards used to connect them for exchanging resources. The second part of this report describes the installation of two clouds using OpenStack framework and the config- uration necessary to allow intercloud communication. The next step is the investigation on how to use intercloud capability for exchanging information between two clouds. In that context, we describe what are the possibilities for intercloud communication in the context of an OpenStack federation at different levels: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). The main goal of this study is to assess the existing capabilities of the state-of-the-art cloud environments for at-sea interoperability assuming none of the constraints and limitations that at-sea environments may impose. A short description of such constraints and limitations is included at the end of this report. i OODA Technologies Inc. The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. Final Report for RISOMIA Call-up 17 This page is intentionally left blank. ii The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. Contents Executive Summary i Contents iii List of Figures vii List of Tables ix List of Acronyms xi 1 Introduction 1 1.1 Background . 1 1.2 Document Overview . 2 2 Literature Review 3 2.1 Research Methodology . 3 2.1.1 Keywords . 4 2.1.2 Glossary . 6 2.2 Standards . 10 2.2.1 Standard Inventory . 10 2.2.2 Relevant Standards . 10 2.2.2.1 Cloud Data Management Interface (CDMI) . 10 2.2.2.2 Open Cloud Computing Interface (OCCI) . 10 2.3 Cloud environments . 12 iii Final Report for RISOMIA Call-up 17 2.3.1 Cloud levels of services . 12 2.3.2 Cloud software review . 14 2.4 Tool recommendation . 15 2.5 Other recommended books and articles . 16 2.5.1 Books . 16 2.5.2 Articles . 16 3 Multicloud Existing Applications 19 3.1 Success Stories . 19 3.1.1 The Interop challenge . 19 3.1.2 European Grid Infrastructure (EGI) . 19 3.1.3 NeCTAR . 20 3.2 On-going experiences and projects . 20 3.2.1 Project Tricircle . 20 3.2.2 Project Trio2o . 21 3.2.3 Inter Cloud Resource Federation . 22 4 OpenStack Components and Federation Architecture 25 4.1 Components roles . 25 4.2 OpenStack Federation . 28 4.2.1 Definition . 28 4.2.2 Architecture . 29 4.3 Federation architecture and mechanisms . 29 4.3.1 Discovery . 30 4.3.2 Management and monitoring . 30 5 Installation Guide 31 5.1 Centos installation . 32 5.1.1 Installation . 32 iv The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. CONTENTS 5.2 OpenStack installation . 33 5.2.1 Architecture . 34 5.2.2 Installation . 34 5.2.2.1 Every computer node . 34 5.2.2.2 On the controller node . 36 5.3 Federation configuration . 37 5.3.1 Architecture . 38 5.3.2 Configuration Identity Provider (IdP) . 38 5.3.3 Configuration Service Provider (SP) . 40 6 Applications of Communication Between Federated OpenStack Cloud 43 6.1 Federated OpenStack Features . 43 6.2 IaaS application examples . 43 6.2.1 Workload transfer . 44 6.3 PaaS application examples . 44 6.3.1 Database synchronization . 44 6.3.2 Application provisioning . 44 6.4 SaaS application examples . 45 6.4.1 Exchange of services . 45 7 At-sea Environment Limitation 47 8 Conclusion and Future Work 51 Bibliography 53 Appendix A Installation Internet references A-1 A.1 OpenStack . A-1 A.2 OpenStack Federation . A-1 A.3 Shibboleth . A-2 v OODA Technologies Inc. The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. Final Report for RISOMIA Call-up 17 A.4 Keystone . A-2 A.5 Wiki and Blogs . A-2 vi The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. LIST OF FIGURES List of Figures 2.1 OCCI Architecture . 12 2.2 Types of cloud services . 13 3.1 Tricircle Architecture . 21 3.2 Trio2o Architecture . 22 3.3 Inter Cloud Resource Federation Architecture . 23 4.1 OpenStack component architecture . 25 4.2 OpenStack component interaction . 27 4.3 Single sign-on using SAML in a Web browser . 29 5.1 Cloud federation proposed architecture . 34 5.2 Identity Provider Configuration . 38 5.3 Service Provider Configuration . 40 7.1 DoD Enterprise Cloud Environment. Source: [15] . 48 vii OODA Technologies Inc. The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. Final Report for RISOMIA Call-up 17 This page is intentionally left blank. viii The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. LIST OF TABLES List of Tables 2.1 Primary search Keywords. 4 2.2 Secondary Search Keywords . 5 2.3 Glossary of cloud related definitions. 6 2.4 Cloud standard list by Cloud Standards Customer Council (CSCC) . 11 2.5 Available cloud software . 14 2.5 Available cloud software . 15 5.1 Configuration modification for each cloud controller . 42 ix OODA Technologies Inc. The use or disclosure of the information on this sheet is subject to the restrictions on the title page of this document. Final Report for RISOMIA Call-up 17 This page is intentionally left blank. x The use or disclosure of the information on this sheet is subject to the restrictions on the title page.