SSH-OIDC Technology for Cloud and HPC Integration

bridging cloud hpc ssh oidc n.w
1 / 7
Embed
Share

"Learn about SSH-OIDC, a technology bridging cloud computing with HPC clusters. Explore how it enables seamless access using EGI Check-In credentials, with insights on its current state, benefits, challenges, and future enhancements."

  • SSH-OIDC
  • Cloud Computing
  • HPC Integration
  • EGI Check-In
  • Future Steps
rayaanacharya
csam Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Bridging Cloud & HPC: SSH-OIDC A short summary on current state and future steps. Hakan Bay nd r, Ph.D. TUBITAK ULAKBIM 21.10.2021 EGI Conference Public Dissemination level: TUBITAK ULAKBIM Disclosing Party: Recipient Party: EGI Conference Attendees EGI-ACE receives funding from the European Union's Horizon 2020 research and innovation programme under grant agreement no. 101017567.

  2. The Problem Cloud computing doesn t meet all the user requirements. For some workloads, accessing an HPC cluster is beneficial. HPC sites Authn/Authz systems doesn t work with EGI AAI. Researchers need to access these resources via a single AAI. SSH-OIDC is a technology which aims to solve these problems. Which promises to provide seamless access to remote systems via SSH.

  3. The Solution SSH-OIDC allows OpenID Connect to work with SSH. Users can use their EGI Check-In credentials instead. Flow is identical to other OpenID providers (e.g. Google). Login authorize get token use with service. Service needs additional setup on both ends. While not perfect, it s promising.

  4. Current State of SSH-OIDC How It Works? Sites install a mapper service with a special PAM module. Handles user creation, authorization and authentication. Can validate against (one or many) VOs. Needs an additional port (8080 or 443) to work. Relatively painless to install and run. Clients install a couple of tools to use the service. An OIDC toolkit for account authorization and management An SSH wrapper to be able to communicate with the site Needs a service to be setup on the user level to work. File transfer with SFTP is possible. It all works very well for a human user scenario.

  5. Current State of SSH-OIDC The Good & The Bad Not everything is perfect and smooth. Most importantly it works. Client authorization without a desktop environment is hard. Needs a web browser. Headless (device) flow doesn t work. Authorize on the desktop, copy tokens to server. Accounts need to be unlocked on the client before use. However, service asks for password needlessly sometimes. Another script needs to load the account once. Mapping users on the server is hard. Preferred username is ignored by the toolchain. Automatic user creation is hard for HPC clusters.

  6. Current State of SSH-OIDC What Feels Missing & Next Steps System is not tuned for system-system interaction. No limits on pools, concurrent users. Cannot disable automatic user creation. Client account management is human oriented. Not enough documentation. LDAP capabilities present, but docs fall short. SSH-OIDC is really promising, but needs some work. A flow better suited to be used on headless servers. More flexible user management on the HPC side. Better documentation for installation and management.

  7. Thank you! Contact: egi-ace-po@mailman.egi.eu Website: www.egi.eu/projects/egi-ace EGI Foundation Afbeelding met bijl, vectorafbeeldingen Automatisch gegenereerde beschrijving @EGI_eInfra EGI-ACE receives funding from the European Union's Horizon 2020 research and innovation programme under grant agreement no. 101017567.

Related


Introduction to Unix-like Systems and Shell Interaction

Introduction to Unix-like Systems and Shell Interaction

lilac
Cloud-Optimized HDF5 Files Overview

Cloud-Optimized HDF5 Files Overview

gianni
The Humanitarian Programme Cycle (HPC)

The Humanitarian Programme Cycle (HPC)

todd
Development Process Using SSH, SFTP, EC2 Instances, and Autoscaling Groups

Development Process Using SSH, SFTP, EC2 Instances, and Autoscaling Groups

adelizh
PRACE's Role in Advancing HPC Ecosystem and EuroHPC Integration

PRACE's Role in Advancing HPC Ecosystem and EuroHPC Integration

mmoen
CAS 6.0 Update: Enhancements and New Features

CAS 6.0 Update: Enhancements and New Features

verbeck_l
Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

Online Procurement Auctions for Resource Pooling in Client-Assisted Cloud Storage Systems

addingt
Enhancing Interactive Job Efficiency in DLWorkspace Cloud Computing

Enhancing Interactive Job Efficiency in DLWorkspace Cloud Computing

hael608
The Key Dimensions of SSH Research Societal Impact

The Key Dimensions of SSH Research Societal Impact

rmerr
Scaling Puppet and Foreman for HPC by Trey Dockendorf

Scaling Puppet and Foreman for HPC by Trey Dockendorf

loui_146
Fault-Tolerant MapReduce-MPI for HPC Clusters: Enhancing Fault Tolerance in High-Performance Computing

Fault-Tolerant MapReduce-MPI for HPC Clusters: Enhancing Fault Tolerance in High-Performance Computing

ho_gan
Cloud-Centric Development of Scientific Applications for VPH Community

Cloud-Centric Development of Scientific Applications for VPH Community

dlay
Simplify Label Design with Label.Cloud

Simplify Label Design with Label.Cloud

urso_rz
State-of-the-art Analysis of VM-based Cloud Management Platforms

State-of-the-art Analysis of VM-based Cloud Management Platforms

kolb_926
Unemployment Protection for Self-Employed in Belgium

Unemployment Protection for Self-Employed in Belgium

sconf
Services for Experienced and Starting HPC Tier 3 Users (SES-HPC) Overview

Services for Experienced and Starting HPC Tier 3 Users (SES-HPC) Overview

rotondi_a
Advancing Networks: Cloud Computing and Zero Trust

Advancing Networks: Cloud Computing and Zero Trust

medidoc
VIIRS Cloud Base & Optical Properties Review

VIIRS Cloud Base & Optical Properties Review

lakia
Integrating Apache Big Data Stack with HPC Capabilities

Integrating Apache Big Data Stack with HPC Capabilities

jamesson
Week 10: Berry Phases, SSH Model, Bulk-Edge Correspondence

Week 10: Berry Phases, SSH Model, Bulk-Edge Correspondence

omey498
HPC Business Plan Discussion

HPC Business Plan Discussion

bard_il
The Role of Cloud Services Strategy for HEAnet

The Role of Cloud Services Strategy for HEAnet

zang433

More Related Content