Fermilab Computing Division

CS Document 3925-v4

Authentication, Authorization, and Contextualization in FermiCloud

Document #:
Document type:
Submitted by:
Steven Timm
Updated by:
Steven Timm
Document Created:
19 May 2010, 11:35
Contents Revised:
12 Oct 2010, 16:31
Metadata Revised:
13 Oct 2010, 09:22
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Other Versions:
FermiCloud is an Infrastructure-as-a-Service facility deployed at Fermilab.
The infrastructure includes both single virtual machines, with external
network access, and clusters of virtual machines, optionally
Infiniband-connected, with a single external gateway node.

The developers in the grid and storage areas are the first users of the
facility. Next, we will deploy production servers in the cloud.
At this time, the infrastructure is also used as a testbed for commodity
storage evaluations, which include products such as Hadoop and Lustre.

As part of the FermiCloud project we investigated a number of existing
hypervisor and cloud technologies. We then determined
the additional authentication and authorization measures necessary to deploy
these technologies at Fermilab. We also set up a contextualization
procedure to make sure that virtual machine images are appropriately patched
and do not offer unauthorized services.

In this paper, we will present a summary of the technology and policy
progress that we have made to date, as well as early user experience.

Files in Document:
Associated with Events:
CHEP 2010 held from 18 Oct 2010 to 22 Oct 2010 in Taipei, Taiwan
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.9, contact Document Database Administrators