The cloud ingredients of the ASCLEPIOS Testbed
The ASCLEPIOS Project took on the management of accounts and resources across a mix of private and public clouds, collectively called the ASCLEPIOS Testbed. The Testbed comprises an OpenStack cluster at the University of Westminster (UoW) and a private cloud hosted at the Norwegian Centre for E-health Research (NSE). The initial Testbed also included a single public cloud: Amazon Web Services (AWS) – but that changed quickly. Investigations into Trusted Execution Environments saw the project add a Microsoft Azure tenancy to the Testbed, making Intel SGX-enabled instances available via Azure Confidential Computing resources.
Challenges of deploying across clouds
The ability to quickly extend the Testbed with new clouds speaks to the flexibility and on-demand nature of the cloud. However, getting users and their applications set up and deployed on such a variety of clouds is not without challenges. A manual approach, where sub-accounts are created for developers who can then create their own cloud resources to host their applications, comes with a steep learning curve. These developers are expected to work not only with numerous programming languages, configuration syntaxes and database technologies, but several different cloud service providers too. One alternative to this was for UoW to take on management and allocation of cloud resources such as compute nodes and managed databases, and simply provide the demonstrator application developers with the necessary endpoints and access.
DevOps with MiCADO to the rescue
Still, though, the manual approach has been largely superseded in recent years by the DevOps approach, which embraces Infrastructure-as-Code, Configuration Management, Containers and Orchestration to automate many of the historical System Administrator tasks. To ease management of the Testbed and support developers with a better interface for deploying their applications, the ASCLEPIOS Project adopted MiCADO – an execution engine supporting the automated provision of cloud resources and the automated deployment of complex microservices in containers.
MiCADO empowers each application demonstrator developer to describe their application and any required cloud resources in a descriptor file, using generic Infrastructure-as-Code based on the OASIS TOSCA Specification. Once authored, these so-called Application Description Templates can be re-used to deploy the same complex application to any cloud in the ASCLEPIOS Testbed, without the requirement for any manual steps.
The ASCLEPIOS Testbed plays a key role in the ASCLEPIOS Project, supporting the demonstrator application developers to create meaningful examples and testcases for the core security components being developed for the platform. In a project where the cloud takes centre stage, it is important to have a large pool of different service providers and middleware to ensure support across multiple platforms. Working on such a Testbed is not a trivial undertaking, but with the help of good software and good people, we can simplify the task.