Trust delegation in Openstack using Keystone trusts

In one of our blog posts we presented a basic tool which extends the Openstack Nova client and supports executing API calls at some point in the future. Much has evolved since then: the tool is not just a wrapper around Openstack clients anymore and instead we rebuilt it in the context of the Openstack Mistral project which provides very nice workflow as service capabilities – this will be elaborated a bit more in a future blog post. During this process we came across a very interesting feature in Keystone which we were not aware of – Trusts. Trusts is a mechanism in Keystone which enables delegation of roles and even impersonation of users from a trustor to a  trustee; it has many uses but is particularly useful in an Openstack administration context. In this blog post we will cover basic command line instructions to create  and use trusts.

Continue reading

Global ICT Module: Swiss Students in China

chinesearchitectureSupported by Huawei’s Seeds for the Future programme, 16 students from Swiss universities of applied sciences are spending a couple of education and project days at production and research facilities in China which cover the broad topics of telecommunications equipment, enterprise computing solutions and mobile handhelds. Among the participants, two study Computer Science and Business Information Technology, respectively, at Zurich University of Applied Sciences (ZHAW). Their study programmes are complemented well by the technical and business contents of this on-site module.

Continue reading

Juan Francisco Ribera Laszkowski

FrancoJuan Francisco Ribera Laszkowski is a Software Engineering student at Universidad Privada de Santa Cruz de la Sierra UPSA. He’s currently in his final year of his bachelor of engineering degree and working on his thesis on Cloud-native Vehicle Control System using License Plate Recognition.

His research interests include cloud native applications, cloud orchestration, cloud incident management and service-oriented architectures.

He was a world finalist in the ACM-ICPC Programming Contest in 2015 in Marrakech. Moreover, Francisco showed remarkable participation in many school events as well as regional, national and international competitions. His university awarded him the Institutional Scholarship for Outstanding Performance for 3 consecutive years.

He joined the ICCLab through the IAESTE internship program and will be working on the Cloud Orchestration initiative team. Prior to joining ZHAW he worked as an intern for the international oil company OXY Bolivia in 2015 and was also an Algebra assistant at his university from 2013 to 2016.

 

Multi-Tenant Process Management as Single User

Operating system process management has traditionally been an activity at the system level. An init system starts processes at boot time, at random events, and at the user’s (well, root’s) request. Well-known init systems are systemd, openrc and the venerable sysvinit. Without the boot-time component, supervisor processes such as supervisord, runit, daemontools or r6 form another related set of applications with emphasis on automated restart which we have covered already in previous blog posts.

In PaaS environments, multi-tenancy is crucial and process managers need to support it beyond just showing the users owning the processes. While multiple tenants can be perfectly mapped to multiple system users, and information from these users can be aggregated with automation tools, the permission management can quickly become complex and, first and foremost, already requires root permissions to create new users. Therefore, we have explored in the context of the cloud robotics research initiative how to manage processes purely as an ordinary user, but still for multiple tenants. A real need to do so is the fact that by running applications on ROS, dozens of ROS nodes get spawned quickly, many spawning further subprocesses and, due to early terminations, additionally causing fully detached and zombie processes which, when also changing their process group id, do not share a relation anymore to the original application.

Continue reading

Testing PyMongo applications with MockupDB

In one of our projects, we needed to test some mongo based backend functionality: we wrote a small application which comprised of a mongo backend and a python app which communicated with the backend via pymongo. We like the flexibility of mongo in a rapid prototyping context and did not want to go with a full fledged ORM model for this app. Here we describe how we used MockupDB to perform some unit testing on this app. Continue reading

Tobias Lötscher

IMG_2080

Tobias is an assistant researcher at ZHAW Service Prototyping Lab.
He has completed his bachelor in computer science at ZHAW in 2016.
Now he is working on the cloud robotics initiative,
which aims to connect the world of robotics with cloud computing.

He likes to challenge himself and try out all sorts of new technologies like
the Google Tango platform which he used in his bachelor thesis.
In his Bachelor Study he learned the bases of cloud computing and is now eager to
dive into the details.
Beside the work he is a passionate skier and loves to be in the mountains.

Manuel Ramirez Lopez

Manuel was born in El Burgo, a nice village in Málaga, Spain. He studied a bachelor in Computer Sciences and a bachelor and MSc in Mathematics, both in the university of Málaga.

He started to work in ARPA solutions, a company from Málaga where he worked inside Augmented reality projects. In May 2015, Manuel arrived to Switzerland with an IAESTE internship in the university FHNW and he was working for one year in the research projects FLARECAST and HELIO.

In June 2016, Manuel finished his studies and he joined to the SPLab as a scientific assistant where he solves software design problems in the cloud-native applications research initiative with a special interest in elasticity and stateful microservices. Within the initiative, Manuel initially started working in the ARKIS project where he designed and implemented a cloud-native microservices application which offers several multi-tenancy options or a testbed to compare cloud-native database. Currently, Manuel is working in the MOSAIC project to ease the onboarding of cloud applications in container platforms. 

Recent activities include:

Creating PDF/A Documents for Long-Term Archiving

In the Service Engineering research area, we aim at producing high-quality output in terms of software, publications, lecture materials and other results. From time to time, this implies departing from old habits and taking a bit of extra effort to reach new quality levels. For publications, there are excellent tools like LaTeX to achieve a compelling layout and typesetting. Using the standard templates and the rubber tool is enough to produce a distributable PDF quickly. Now, quality and effort are seemingly in a good balance.

Continue reading

ARKIS

Title: ARKIS – Architectural Renovation of Kendox InfoShare

Industry Partner: Kendox AG

Research Partner: SPLab, ZHAW

Funded ByCommission for Technology and Innovation

Summary: ARKIS aims at going beyond the current trend of “just” moving data and document management into the cloud by defining a cloud-native architecture for managing documents reliably and with scale in an ecosystem of third-party services around a document management system. Business-critical aspects such as fully compliant and auditable document access procedures are made service-oriented by rating and billing them on a per-use basis. Cloud features such as differentiated storage and surge pricing are analysed for their suitability in this particular domain.

The project will deliver, among other results, a multi-tenant prototype for managing documents in the cloud including revenue sharing for participating entities and a testbed for comparing relational and document databases, both locally and commercial services.

This transfer and innovation project combines the previous work of the Service Prototyping Lab (SPLab) and ICCLab in Cloud-Native Applications, augmented by an extended consideration of Cloud-Native Databases as stateful microservices, with Rating-Charging-Billing and Service Tooling.

Orchestrate your network service with Netfloc plugin for OpenStack Heat

Stitching virtual network functions (VNFs) together in a so called Network (Service) Function Chain is not a novelty any longer. Described in our previous post, the SDN team had already worked on creating SFC library support for OpenStack in our SDK for SDN. In this blog we describe the advances made towards integrating Netfloc services with both, Heat Orchestration Template (HoT) – based orchestrators and Network Function Virtualization (NFV) – based orchestrators.

To do so, and also to make a step towards automatizing the SFC management with Netfloc, we created a Heat plugin for Netfoc. It is based on the Netfloc API library for managing network service chains in OpenStack clouds. The parameters required to create the service include: OpenDaylight credentials, the IP and the port of the Netfloc node, along with the Neutron port IDs of the VNF instances.

For a network service operator, applying the plugin makes it very simple to deploy multiple chains in OpenStack cloud infrastructure. An example includes a packet inspection VNF that determines if the traffic is video and the type of the video service, and sends it further to a virtual transcoding unit VNF for quality adjustment. If data traffic is detected, packets are steered to a virtual security appliance acting as a virtual firewall, which sends them further to a virtual proxy VNF and a deep packet inspection VNF.

Continue reading