SuperCloud Lite in the Cloud - lightweight, secure, self-service, on-demand mechanisms for creating customizable research computing environments

Kelsie Edie, K. Keville, Lauren Milechin, Chris Hill
{"title":"SuperCloud Lite in the Cloud - lightweight, secure, self-service, on-demand mechanisms for creating customizable research computing environments","authors":"Kelsie Edie, K. Keville, Lauren Milechin, Chris Hill","doi":"10.1109/HPEC55821.2022.10089529","DOIUrl":null,"url":null,"abstract":"We describe and examine an automation for deploying on-demand, OAuth2 secured virtual machine instances. Our approach does not require any expert security and web service knowledge to create a secure instance. The approach allows non-experts to launch web-accessible virtual machine services that are automatically secured through OAuth2 authentication, an authentication standard widely employed in academic and enterprise environments. We demonstrate the approach through an example of creating secure commercial cloud instances of the MIT SuperCloud modern research computing oriented software stack. A small example of a use case is examined and compared with native MIT SuperCloud experience as a preliminary evaluation. The example illustrates several useful features. It retains OAuth2 security guarantees and leverages a simple OAuth2 proxy architecture that in turn employs simple DNS based service limits to manage access to the proxy service. The system has the potential to provide a default secure environment in which access is, in theory, limited to a narrow trust circle. It leverages WebSockets to provide a pure browser enabled, zero install base service. For the user, it is entirely self-service so that a non-expert, non-privileged user can launch instances, while supporting access to a familiar environment on a broad selection of hardware, including high-end GPUs and isolated bare-metal resources. The environment includes pre-configured browser based desktop GUI and notebook configurations. It can provide the option of end-user privileged access to the VM for flexible customization. It integrates with a simplified cost-monitoring and machine management framework that provides visibility to commercial cloud charges and some budget guard rails, and supports instance stop, restart, and pausing features to allow intermittent use and cost reduction.","PeriodicalId":200071,"journal":{"name":"2022 IEEE High Performance Extreme Computing Conference (HPEC)","volume":"124 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE High Performance Extreme Computing Conference (HPEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPEC55821.2022.10089529","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

We describe and examine an automation for deploying on-demand, OAuth2 secured virtual machine instances. Our approach does not require any expert security and web service knowledge to create a secure instance. The approach allows non-experts to launch web-accessible virtual machine services that are automatically secured through OAuth2 authentication, an authentication standard widely employed in academic and enterprise environments. We demonstrate the approach through an example of creating secure commercial cloud instances of the MIT SuperCloud modern research computing oriented software stack. A small example of a use case is examined and compared with native MIT SuperCloud experience as a preliminary evaluation. The example illustrates several useful features. It retains OAuth2 security guarantees and leverages a simple OAuth2 proxy architecture that in turn employs simple DNS based service limits to manage access to the proxy service. The system has the potential to provide a default secure environment in which access is, in theory, limited to a narrow trust circle. It leverages WebSockets to provide a pure browser enabled, zero install base service. For the user, it is entirely self-service so that a non-expert, non-privileged user can launch instances, while supporting access to a familiar environment on a broad selection of hardware, including high-end GPUs and isolated bare-metal resources. The environment includes pre-configured browser based desktop GUI and notebook configurations. It can provide the option of end-user privileged access to the VM for flexible customization. It integrates with a simplified cost-monitoring and machine management framework that provides visibility to commercial cloud charges and some budget guard rails, and supports instance stop, restart, and pausing features to allow intermittent use and cost reduction.
云中的SuperCloud Lite——轻量级、安全、自助、按需机制,用于创建可定制的研究计算环境
我们描述并检查用于部署按需OAuth2安全虚拟机实例的自动化。我们的方法不需要任何安全专家和web服务知识来创建安全实例。该方法允许非专家启动通过OAuth2身份验证自动保护的网络可访问虚拟机服务,OAuth2身份验证标准广泛应用于学术和企业环境。我们通过创建MIT SuperCloud面向现代研究计算的软件堆栈的安全商业云实例的示例来演示该方法。研究了一个小的用例示例,并将其与本地MIT SuperCloud体验进行了比较,作为初步评估。这个例子说明了几个有用的特性。它保留了OAuth2的安全保证,并利用了一个简单的OAuth2代理架构,该架构又使用了简单的基于DNS的服务限制来管理对代理服务的访问。该系统有可能提供一个默认的安全环境,在这个环境中,从理论上讲,访问仅限于一个狭窄的信任圈。它利用WebSockets提供一个纯浏览器支持的、零安装基础的服务。对于用户来说,它完全是自助服务的,因此非专家、非特权用户可以启动实例,同时支持在广泛的硬件选择上访问熟悉的环境,包括高端gpu和隔离的裸机资源。该环境包括预配置的基于浏览器的桌面GUI和笔记本配置。它可以提供最终用户特权访问VM的选项,以实现灵活的定制。它集成了一个简化的成本监控和机器管理框架,提供了对商业云收费和一些预算保护的可见性,并支持实例停止、重新启动和暂停功能,以允许间歇性使用和降低成本。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信