Blog Article:

OpenNebula with 2-Factor Authentication

Cristian Scurtescu

Dec 17, 2018

UntitledThe Scientific IT Services (SIS) of ETH Zurich offers  scientific computing, research data management and analysis support, as well as software engineering expertise to ETH researchers.

To support the personalized health research community, the SIS built and actively develops further “Leonhard Med”: a secure and powerful high-performance platform designed for computing, storage, management, interoperability and controlled sharing of confidential research data (e.g., biomedical patient data). Leonhard Med is operated by the Scientific IT Services (SIS) of ETH Zurich and it is part of the emerging BioMedIT national network whose role is to provide secure and interoperable data and computing infrastructures for research projects in the Swiss personalized health programs

While being in production use since beginning of 2018, Leonhard Med must be constantly developed further to keep up with new and changing requirements within a rapidly, evolving scientific environment. For example, our customers needed additional services that could not be hosted on a regular HPC infrastructure (e.g., databases, terminal servers, webapps or data management applications). This brought us to the idea of providing a cloud solution. We had some previous experience running vCloud Director (VMware) and we also had a close look to OpenStack but both came with a high price tag either in terms of license costs or manpower. Luckily one of our consultants introduced OpenNebula to us and after a few weeks of testing we fell in love with it. It met all our requirements and we found it quite intuitive and easy to maintain and support. We were actually looking for a lightweight but powerful product that is easy to maintain with few IT personnel resources and on the other hand we were aware of the challenges lying ahead of us when integrating OpenNebula into the secure environment of Leonhard Med.

We began deploying and integrating OpenNebula almost 4 months ago, using 2 physical hosts from the cluster (new hardware) and set-up the OpenNebula and 2x KVM nodes on them. We now have a fully functional and productive installation ready to serve our consumer needs and we achieved this with only a few sysadmins working on the project part time time over the four months. Our private cloud running OpenNebula sits in a restricted zone without Internet access. The access is done via proxy servers using 2 factor authentication and Sunstone is only reachable via socks proxy. For reproducibility purposes, the installation and all processes running inside the cloud has been automated with Ansible.

Challenges: We did face a couple of challenges during installation and later on during the upgrade to v5.6. For example, we had to search for a couple of ruby gems, built rpms and move them into our secured environment. These were mostly related to our network security restrictions. Nevertheless, as a “nice to have” I’d include all dependencies required during installation or upgrade within OpenNebula’s repository for RH/CentOS platforms.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *