1,301 research outputs found

    Authentication and Authorization Considerations for a Multi-tenant Service

    Get PDF
    Distributed cyberinfrastructure requires users (and machines) to perform some sort of authentication and authorization (together simply known as "auth"). In the early days of com- puting, authentication was performed with just a username and password combination, and this is still prevalent today. But during the past several years, we have seen an evolution of approaches and protocols for auth: Kerberos, SSH keys, X.509, OpenID, API keys, OAuth, and more. Not surpris- ingly, there are trade-offs, both technical and social, for each approach. The NSF Science Gateway communities have had to deal with a variety of auth issues. However, most of the early gateways were rather restrictive in their model of access and development. The practice of using community credentials (certificates), a well-intentioned idea to alleviate restrictive access, still posed a barrier to researchers and challenges for security and auditing. And while the web portal-based gate- way clients offered users easy access from a browser, both the interface and the back-end functionality were constrained in the flexibility and extensibility they could provide. Design- ing a well-defined application programming interface (API) to fine-grained, generic gateway services (on secure, hosted cyberinfrastructure), together with an auth approach that has a lower barrier to entry, will hopefully present a more welcoming environment for both users and developers. This paper provides a review and some thoughts on these topics, with a focus on the role of auth between a Science Gateway and a service provider.National Science Foundation, Grant Numbers 1339774 and 1234408

    Multi-tenant Data Management in Collaborative Zero Defect Manufacturing

    Full text link
    [EN] This research paper describes different patterns and best practices to effectively implement multi-tenancy of production sensor data in collaborative applications. The paper explains the design considerations taken to support multi-tenancy in the Zero Defects Manufacturing Platform (ZDMP), using concrete collaborative use cases as an example. The main objective is to provide an overview of multi-tenancy as an enabler of collaborative use cases in digital manufacturing platforms, describe the different design patterns, the main trade-offs, and best practices.This work was supported in part by the European Commission under the Grant Agreement 825631. The author María Ángeles Rodríguez was supported by the Generalitat Valenciana (Conselleria de Educación, Investigación, Cultura y Deporte) under Grant-Agreement ACIF/2019/021.Fraile Gil, F.; Montalvillo, L.; Rodríguez-Sánchez, MDLÁ.; Navarro, H.; Ortiz Bas, Á. (2021). Multi-tenant Data Management in Collaborative Zero Defect Manufacturing. IEEE. 464-468. https://doi.org/10.1109/MetroInd4.0IoT51437.2021.948853446446

    Migration of an On-Premise Single-Tenant Enterprise Application to the Azure Cloud: The Multi-Tenancy Case Study

    Get PDF
    Kokkuvõte Pilvearvutuse edu muudab radikaalselt tavasid kuidas edaspidi infotehnoloogia teenuseid arendatakse, juurutatakse ja hallatakse. Sellest tulenevalt on sõnakõlks „pilve migratsioon“ vägagi aktuaalne paljudes ettevõtetes. Tänu sellele tehnoloogiale on paljud suured ja väikesed ettevõtted huvitatud enda tarkvara, andmebaasi süsteemide ja infrastruktuuri üleviimisest pilve keskkonda. Olemasolevate süsteemide migreerimine pilve võib vähendada kulutusi, mis on seotud vajamineva riistvara, tarkvara paigaldamise ning litsentseerimisega ja samuti selle kõige haldamiseks vajaminevate inimeste palkamisega. Rakenduse ja selle andmete hoidmine pilves, mis teenindab mitmeid üürnike (ik. tenants) võib osutuda kalliks kui ei kasutada jagatud lähenemist üürnike vahel. Sellest tulenevalt on teadlikult disainitud rakenduse ning andme arhitektuur äärmiselt oluline organisatsioonile, mis kasutab mitme-üürniku (ik. multi-tenant) lähenemist. Käesolevas magistritöös kirjeldatakse juhtumiuuringut (ik. case study) ning saadud kogemusi eraldiseiseva majasiseselt paigaldatava rakenduse migreerimisel Azure pilve keskkonda. Töö kirjeldab juristidele mõeldud tootlikkuse mõõtmise tarkvara andmekihi migreerimist Azure pilvekeskkonda. Majasisese ühe tarbijaga tarkvara andmekihi üleviimine efektiivsele mitme-üürniku andmekandja süsteemi pilve keskkonnas nõuab lisaks ka kõrgetasemelise autentimis-mehhanismi disainimist ning realiseerimist. Töö põhirõhk on turvalise skaleeruva ning mitme-üürniku efektiivse andmekandja süsteemi arhitektuuri disainimine ning realiseerimine pilve-keskkonda. Projektis kasutatakse SQL Database’i (endine SQL Azure) poolt pakutavat sisse ehitatud võimekust (SQL Federations) selleks, et tagada turvaline andmete eraldatus erinevate üürnike vahel ja andmebaasi skaleeruvus. Tarkvara andmekihi migreerimine pilve keskkonda toob kaasa kulude vähenemis, mis on seotud tarkvara tarnimisega, paigaldamise ning haldamisega. Lisaks aitab see ettevõttel laieneda uutele turgudele, mis enne migreerimist oli takistatud kohapeal teostava tarkvara paigaldamisega. Tänu pilves olevale andmekihile nõuab uuele kliendile süsteemi paigaldamine väga väikest kulutust.The success of cloud computing is changing the way how information technology services are developed, deployed, maintained and scaled. This makes the ‘migration to the cloud’ a buzzword in the industry for most of the enterprises today. Observing so many advantages of this phenomenon technology, enterprises from small to large scales are interested in migrating their software applications, database systems or infrastructures to cloud scale solutions. Migrating existing systems to a cloud scale solution can reduce the expenses related to costs of the necessary hardware for servers, installation of the operating system environment, license costs of the operating system and database products, deployment of the database products and hiring professional staff for keeping the system up and running. However, storing the application data to a back-end that serves multiple tenants on the cloud will be also costly if the resources on the cloud platform are not shared fairly among tenants. Thus, a carefully designed multi-tenant architecture is essential for an organization that serves multiple tenants. In this master thesis, we will describe a case study and lessons learned on the migration of an enterprise application from an on-premise deployment backend to the Azure Cloud. More specifically, the thesis describes the migration of a productivity tool specialized for legal professionals to a multi-tenant data storage back-ends on Azure Cloud. Moving an on-premise, single-tenant software backend to a multi-tenant data storage system on the cloud will also require design and implementation of authentication mechanisms. The core focus of the work consists of the design and implementation of a secure, scalable and multi-tenant efficient data storage system and application architecture on the cloud. SQL Database (formerly SQL Azure) offers native features (SQL Federations) for the secure isolation of the data among tenants and database scalability which has been used inside the project. Furthermore, the basic application authentication mechanism is enhanced with identity providers such as Google Account and Windows Live ID by embedding native functionality of Windows Azure called Azure Access Control Service to the login mechanism. Migration of the software backend to a cloud scale solution is expected to reduce the costs related to delivery, deployment, maintenance and operation of the software for the business. Furthermore, it will help the business to target new markets since it is a cloud based solution and requires very little initial effort to deliver the software to the new customers

    EOSC Authentication and Authorization Infrastructure (AAI) : Report from the EOSC Executive Board Working Group (WG) Architecture AAI Task Force (TF)

    Get PDF
    The EOSC Architecture Working Group has assigned the AAI Task Force (AAI TF) the task to establish a common global ecosystem for identity and access control infrastructures for the European Open Science Cloud (EOSC). Since the EOSC is part of an international environment of research and education, the principles established by the EOSC AAI subtask must be globally viable. The EOSC AAI TF has produced a set of deliverables: - EOSC AAI First Principles & Requirements - EOSC AAI Baseline Architecture - EOSC AAI Federation participation guidelines (participation policy and technical framework) - EOSC AAI Best Practise

    On The Privacy Of Cloud Computing

    Get PDF
    Cloud computing is a model for providing on-demand access to computing service via the Internet.  In this instance, the Internet is the transport mechanism between a client and a server located somewhere in cyberspace, as compared to having computer applications residing on an “on premises” computer.  Adoption of cloud computing practically eliminates two ongoing problems in IT service provisioning: the upfront costs of acquiring computational resources and the time delay of building and deploying software applications.  The technology is not without a downside, which in this case is the privacy of business and personal information.  This paper provides a conspectus of the major issues in cloud computing privacy and should be regarded as an introductory paper on this important topic. &nbsp

    Multi-tenant hybrid cloud architecture

    Get PDF
    This paper examines the challenges associated with the multi-tenant hybrid cloud architecture and describes how this architectural approach was applied in two software development projects. The motivation for using this architectural approach is to allow developing new features on top of monolithic legacy systems – that are still in production use – but without using legacy technologies. The architectural approach considers these legacy systems as master systems that can be extended with multi-tenant cloud-based add-on applications. In general, legacy systems are run in customer-operated environments, whereas add-on applications can be deployed to cloud platforms. It is thus imperative to have a means connectivity between these environments over the internet. The technology stack used within the scope of this thesis is limited to the offering of the .NET Core ecosystem and Microsoft Azure. In the first part of the thesis work, a literature review was carried out. The literature review focused on the challenges associated with the architectural approach, and as a result, a list of challenges was formed. This list was utilized in the software development projects of the second part of the thesis. It should be noted that there were very few high-quality papers available focusing exactly on the multi-tenant hybrid cloud architecture, so, in the end, source material for the review was searched separately for multi-tenant and for hybrid cloud design challenges. This factor is noted in the evaluation of the review. In the second part of the thesis work, the architectural approach was applied in two software development projects. Goals were set for the architectural approach: the add-on applications should be developed with modern technology stacks; their delivery should be automated; their subscription should be straightforward for customer organizations and they should leverage multi-tenant resource sharing. In the first project a data quality management tool was developed on top of a legacy dealership management system. Due to database connectivity challenges, confidentiality of customer data and authentication requirements, the implemented solution does not fully utilize the architectural approach, as having the add-on application hosted in the customer environment was the most reasonable solution. Despite this, the add-on application was developed with a modern technology stack and its delivery is automated. The subscription process does involve certain manual steps and, if the customer infrastructure changes over time, these steps must be repeated by the developers. This decreases the scalability of the overall delivery model. In the second project a PDA application was developed on top of a legacy vehicle maintenance tire hotel system. The final implementation fully utilizes the architectural approach. Support for multi-tenancy was implemented using ASP.NET Core Dependency Injection and Finbuckle.MultiTenancy-library. Azure Relay Hybrid Connection was used for hybrid cloud connectivity between the add-on application and the master system. The delivery model incorporates the same challenges regarding subscription and customer infrastructure changes as the delivery model of the data quality management tool. However, the manual steps associated with these challenges must be performed only once per customer – not once per customer per application. In addition, the delivery model could be improved to support customer self-service governance, enabling the delegation of any customer environment installations to the customers themselves. Even further, the customer environment installation could potentially cover an entire product family. As an example, instead of just providing access for the PDA application, the installation could provide access for all vehicle maintenance family add-on applications. This would make customer environment management easier and developing new add-on applications faster
    corecore