INFN-Cloud is a distributed, federated infrastructure built on top of heterogeneous and geographically distant cloud sites, offering compute and storage resources that are locally managed by frameworks like OpenStack, Apache Mesos and Kubernetes. The resources, spread across different administrative boundaries, are federated at the PaaS level through the AAI system, based on INDIGO-IAM, and the INDIGO PaaS Orchestrator. This ensures transparent, flexible and efficient access to the distributed resources.
A rich collection of services can be self-instantiated by the INFN-Cloud end users, ranging from the provisioning of pure IaaS services (e.g. virtual machines and block or object storage) to the deployment of complex services and virtualized clusters using e.g. Kubernetes, Spark, Mesos or HTCondor. The deployment workflow is managed by the INDIGO-DataCloud Orchestrator that coordinates the selection of the best provider/site to allocate the needed resources, depending on the available SLAs, the monitoring metrics and the user requirements.
The topology of the services to be instantiated is defined through TOSCA, the standard templating language used to describe services and applications deployed in cloud environments. TOSCA templates can be submitted using the Orchestrator REST API or via the command-line tool orchent. However, handling TOSCA templates is not a simple task, since you need to be familiar with the TOSCA language and know some technical details that most researchers and scientific community users are not necessarily interested in. To overcome this, the INFN-Cloud Dashboard provides a simple and user-friendly graphical web interface that allows users to 1) authenticate with INFN-Cloud, 2) select the service to deploy from a catalogue of pre-defined templates, 3) configure and customize the deployment through a simple form, 4) monitor and manage the deployments through dedicated menus and views, and finally 5) get notified as soon as the deployment is complete.
When submitting a deployment request through the dashboard, a user can also decide to bypass the automatic scheduling mechanism implemented by the INFN-Cloud Orchestrator and send the request to a specific site, chosen from a drop-down list. Among the advanced features implemented in the dashboard, a notable feature is the integration with the Secrets Manager based on Hashicorp Vault, allowing to safely store user data such as ssh-keys and credentials.
The talk will describe and show in practice the actual working of the INFN-Cloud Dashboard, highlighting its flexibility in particular with regard to the incorporation and customization of new services, and discussing its possible within INFN-Cloud and beyond.