Abstract
While traditional HPC has and continues to satisfy most workows, a new generation of researchers has emerged looking for sophisticated, scalable, on-demand, and self-service control of compute infrastructure in a cloud-like environment. Many also seek safe harbors to operate on or store sensitive and/or controlled-access data in a high capacity environment. To cater to these modern users, the Minnesota Supercomputing Institute designed and deployed Stratus, a locally-hosted cloud environment powered by the OpenStack platform, and backed by Ceph storage. The subscription-based service complements existing HPC systems by satisfying the following unmet needs of our users: a) on-demand availability of compute resources; b) long-running jobs (i.e., > 30 days); c) container-based computing with Docker; and d) adequate security controls to comply with controlled-access data requirements. This document provides an in-depth look at the design of Stratus with respect to security and compliance with the NIH's controlled-access data policy. Emphasis is placed on lessons learned while integrating OpenStack and Ceph features into a so-called “walled garden”, and how those technologies inuenced the security design. Many features of Stratus, including tiered secure storage with the introduction of a controlled-access data “cache”, fault-tolerant live-migrations, and fully integrated two-factor authentication, depend on recent OpenStack and Ceph features.
Original language | English (US) |
---|---|
Title of host publication | Practice and Experience in Advanced Research Computing 2018 |
Subtitle of host publication | Seamless Creativity, PEARC 2018 |
Publisher | Association for Computing Machinery |
ISBN (Print) | 9781450364461 |
DOIs | |
State | Published - Jul 22 2018 |
Event | 2018 Practice and Experience in Advanced Research Computing Conference: Seamless Creativity, PEARC 2018 - Pittsburgh, United States Duration: Jul 22 2017 → Jul 26 2017 |
Publication series
Name | ACM International Conference Proceeding Series |
---|
Other
Other | 2018 Practice and Experience in Advanced Research Computing Conference: Seamless Creativity, PEARC 2018 |
---|---|
Country/Territory | United States |
City | Pittsburgh |
Period | 7/22/17 → 7/26/17 |
Bibliographical note
Publisher Copyright:© 2018 Copyright held by the owner/author(s).
Keywords
- Ceph
- Cloud Computing
- DbGaP
- Docker
- OpenStack
- Private Cloud
- Protected Data
- S3