Date post: | 17-Jan-2016 |
Category: |
Documents |
Upload: | stanley-blankenship |
View: | 212 times |
Download: | 0 times |
http://www.inquisitr.com/wp-content/clouds1s-300x198.jpg
SIMPLIFYING THE CLOUD– the case for federation
Dr. Terry GrayAssoc VP, Technology StrategyUniversity of Washington
Microsoft CIO Summit25 Feb 2010
http://learnandgrowtv.files.wordpress.com/2009/05/kingdom-keys1.jpg
http://www.jewishworldreview.com/images/key_clouds.jpg
HYPOTHESIS
Federation & Interoperabilityare key
to effective collaborationin complex environments
http://blog.host1plus.com/wp-content/uploads/2009/08/Cloud-computing013-300x300.jpg
Agenda
1. Context
2. Why the Cloud?
3. Why not?
4. Why Federation?
5. Why SAML?
6. UW case study
CONTEXT: Research Universities
Mission: discovery & innovation
Means: extreme collaboration– - Globally, at scale
Culture: decentralized; diffuse authority
– – Collections of many independent businesses
– – A microcosm of “the Internet”
“Corporations turn ideas into money; Universities turn money into ideas.” --Craig Hogan
http://liu.english.ucsb.edu/wiki1/im
ages/4/4c/Collaboration.gif
http://gypsycharm.com/cloud_flying_keys_bg.gif
PROBLEM
http://www.constratega.com/Editor/images/Jigsaw-piece_full.png
← Too many accounts
→ Too little interoperability
Business need: improve collaborationBarrier: complexityTrap: collaboration exacerbates complexity
COPING WITH COMPLEXITY
In diverse collaborations:--homogeneity is not an option
-accounts become an N*N problem
Therefore, we need: -integration via interoperability
-fewer things to think about
-at least...
the illusion of simplicity and coherence!
WHY THE CLOUD?
It's where our people are going
Allows easier (self-service) collaboration
Leverages market agility, advances
Allows better use of scarce IT resources
→ IT Goal: any time / place / device access & collaboration→ Cloud computing supports this goal
CLOUD CONCERNS
Institutional view Operational risk Financial risk Compliance risk
User view Reliability Privacy, safety, security Simplicity, interoperability
http://www.loc.gov/exhibits/bobhope/images/vcvg20.jpg
INTEROPERABILITY example: the calendaring problem
Outlook/ExchangeUser IT
Staff
GoogleCalendarUser
INTEROPERABILITY SCENARIO
USERS: Mary: Outlook + BPOS-D
Joe: TBird + Outlook Live
Ann: Mac/Safari + Google
TASKS:Schedule a meeting
Create an access group
Co-edit a document
ISSUES:Discovering authoritative server
Access or account provisioning
Protocol compatibility (IMAP, CalDav)
EXAMPLES:Zoho via Yahoo or Google credentials
Digg via Facebook credentials
EduRoam via InCommon (local creds)
INTEROPERABILITY ELEMENTS
Data structures
Transfer Protocols
Discovery Protocols
Identity & Access Managementhttp://www.tcmpage.com/image/5elements_en.gif
Metal
WHY FEDERATION? Supports interoperability
Best defense against account/password proliferation
Leverages institutional identity for reputation/branding
Improved security: can reduce password attack surface*
Convenience: helpful for both migration & steady state
* cf. Thick Client Issues
CHOICES WS Federation / Trust Information Card OpenID OAuth Open Social SAML
+ Shibboleth + InCommon
http://farm1.static.flickr.com/237/446791372_ec19181a63.jpg?v=0
FEDERATION ELEMENTS
Protocol Spec: e.g. SAML
Software: e.g. Shibboleth– + Geneva, others
Trust Fabric: e.g. InCommon– + Nat'l Federations in 25
countries
http://www.vestaingredients.com/files/building_blocks.bmp
WHY SAML? Security Assertion Markup Language
Industry standard, with input from H-E Good support for user attributes (claims) Supports scalable multi-party trust fabrics Used in many sectors for many years Dominant in H-E sector; Big science; K12 Part of mature federation ecosystem
– (SAML + Shibboleth + InCommon)
THICK CLIENT PROBLEM
Many federation protocols designed only for web apps
For web apps, service provider need not store passwords
Supporting existing non-web apps means: Continuing to store passwords on cloud service, or ... Exposing enterprise passwords on cloud service via proxy
Convenience often trumps security
UW meets the Cloud
CLOUD APPS @ UW
64K UW users
50% of students ALREADY forward their UW email!50% of students ALREADY forward their UW email!
STRATEGIC PREMISES
Cloud computing is a big deal
UW should encourage it, modulo compliance obligations
Compliance risk is reduced via partner contracts
A single-vendor strategy will not work for UW
Integrating faculty/staff with students is essential
THE PLAYING FIELD
OutlookLive
GoogleApps
BPOS-DService
DepartmentalExchange/SP
Servers
CentralExchange/SP
Servers
CentralIMAP & Web
Servers
Other cloudservices
The IT challenge: make collaboration work in this context!
Otheruniversities
LESSONS from a Dawg
Free services are not freeMoving targets, startup problems, service cultureCloud Conundrum: Integration adds value & cost
Collaboration BarriersMultiple account madnessLack of interoperabilityLack of group support
PushbackStudents: “Where's the beef” (vs. existing
options)Faculty: privacy, security, data ownership/mining
NEXT STEPS
Enhancing Cloud Services– Group management features
– Improved calendar interoperability
– SAML SSO for Outlook Live
• → via MS/UW Partnership
Retiring On-Premise Services– Student email services
– Central Exchange/Sharepoint services
• → via move to Microsoft BPOS-D
http://www.census.gov/history/img/LessonPlanimage.jpg
UW – MICROSOFT PARTNERSHIP
Initial Focus on SAML/Shib support for Live@edu
Assisting MS in tackling BPOS + Live@edu integration
Crucial to our multi-platform service strategy & migration
Unlike with some companies, it's a true partnership...
SUMMARY
→ The cloud enables more collaboration→ Therefore we need to enable the cloud And make it work better
Federated cloud services essentialUse is soaring despite concerns
Questions
http://www.geo.me/images/cloud.jpg?1249871890
Special thanks to RL “Bob” Morgan,UW's Middleware Maven!