TWiki
>
LCG Web
>
WLCGCommonComputingReadinessChallenges
>
WLCGOperationsWeb
>
CloudStorageIntegration
(2020-03-30,
MaartenLitmaath
)
(raw view)
E
dit
A
ttach
P
DF
---+ Integration of public cloud storage and CDNs into WLCG The following advice results from a discussion on these matters in March 2020 between the IGTF chair, the WLCG Security Officer and WLCG Ops Coordination. Using public (cloud) storage and content delivery networks as part of our federated storage solutions can add both resilience as well as capacity in a simple way. To make these 'truly ours' requires a bit of thought around their naming, persistency, and authenticity. Many professional solutions offer ready-made solutions for this, of course usually as part of a managed (enterprise-class) solution. These include services like Google Cloud Storage, Cloudflare, &c. Since you want your storage to be persistent, also choose (DNS) labels that are persistent and are yours. Use a (subdomain of) your own domain name, or register a 'CDN domain' that you own. Like "npohosting.nl" if you're "npo.nl", "wpcdn.com" if you're !WordPress, or 'ncsa-security.net' if you are NCSA. Some services, including Google Cloud Storage, allow you to use a subdomain you can assign to your Layer-7 load balancer, like "bucketstore.npps.bnl.gov". Providers of load balancers like GCP also offer you fixed external IP addresses for your loadbalancer. A good idea, since you can port these addresses to different instances and you will not have to deal with the DNS expiration issue (it saves you hours in case you migrate to a different endpoint with the same provider). Once you have your own dedicated IP address and domain, providers will also allow you to attach your own certificate to it. This gives you organization-validated domains so that your cloud endpoint - which would otherwise be an easy target for phishing, for instance - becomes yours, and becomes interoperable with the rest of the federation. You can request a certificate yourself following your standard process (e.g. get an !InCommon IGTF Server CA cert, or a GEANT TCS server cert) and upload that to your cloud provider. Taking Google Cloud Storage and its load balancer as an example, see [[https://deliciousbrains.com/wp-offload-media/doc/how-to-set-up-a-custom-domain-cdn-for-google-cloud-storage/][here]]. For Cloudflare, you actually host the zone with them, and then upload your custom SSL certificate: see [[https://support.cloudflare.com/hc/en-us/articles/200170466-Managing-Custom-SSL-certificates][here]].
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r1
|
B
acklinks
|
V
iew topic
|
WYSIWYG
|
M
ore topic actions
Topic revision: r1 - 2020-03-30
-
MaartenLitmaath
Log In
LCG
LCG Wiki Home
LCG Web Home
Changes
Index
Search
LCG Wikis
LCG Service
Coordination
LCG Grid
Deployment
LCG
Apps Area
Public webs
Public webs
ABATBEA
ACPP
ADCgroup
AEGIS
AfricaMap
AgileInfrastructure
ALICE
AliceEbyE
AliceSPD
AliceSSD
AliceTOF
AliFemto
ALPHA
Altair
ArdaGrid
ASACUSA
AthenaFCalTBAna
Atlas
AtlasLBNL
AXIALPET
CAE
CALICE
CDS
CENF
CERNSearch
CLIC
Cloud
CloudServices
CMS
Controls
CTA
CvmFS
DB
DefaultWeb
DESgroup
DPHEP
DM-LHC
DSSGroup
EGEE
EgeePtf
ELFms
EMI
ETICS
FIOgroup
FlukaTeam
Frontier
Gaudi
GeneratorServices
GuidesInfo
HardwareLabs
HCC
HEPIX
ILCBDSColl
ILCTPC
IMWG
Inspire
IPv6
IT
ItCommTeam
ITCoord
ITdeptTechForum
ITDRP
ITGT
ITSDC
LAr
LCG
LCGAAWorkbook
Leade
LHCAccess
LHCAtHome
LHCb
LHCgas
LHCONE
LHCOPN
LinuxSupport
Main
Medipix
Messaging
MPGD
NA49
NA61
NA62
NTOF
Openlab
PDBService
Persistency
PESgroup
Plugins
PSAccess
PSBUpgrade
R2Eproject
RCTF
RD42
RFCond12
RFLowLevel
ROXIE
Sandbox
SocialActivities
SPI
SRMDev
SSM
Student
SuperComputing
Support
SwfCatalogue
TMVA
TOTEM
TWiki
UNOSAT
Virtualization
VOBox
WITCH
XTCA
Welcome Guest
Login
or
Register
Cern Search
TWiki Search
Google Search
LCG
All webs
Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use
Discourse
or
Send feedback