The CYCLONE system architecture
CYCLONE provides an integrated software stack that enables a wealth of functionality, such as multi-cloud deployment and scaling of federated applications, secure access control using federated identities, as well as software-defined networking functions.
Our project deliverable 4.1 gives you a comprehensive overview about our architecture. You can also contact Mathias for more information in this matter.
Main components
The heart of the CYCLONE stack
Deploy, Scale, and manage your (multi-)cloud applications effortlessly
SixSq Sàrl, Apache 2, Source, Homepage
Slipstream provides many facilities to support multi-cloud application deployment, e.g., it can describe application topologies, connect to different IaaS platform APIs for multi-cloud deployment, and offers a web- and a RESTful interface. It allows end-users to use the OIDCACF for logging in and it can write its log messages to Logstash. Slipstream uses modules to break down application components and uses base images and deployment scripts as an internal application model. Slipstream deployment is highly flexible: any application module can be deployed any number of times to any supported cloud. When deploying applications Slipstream offers further coordination functions, for example, application servers querying Slipstream for the current set of database servers. Appliance and application descriptions can be published and shared between users, providing a “service catalog” that promotes reuse.
Slipstream is a commercial product of SixSq, offered for free through the Nuv.la Online Application Deployment Plattform. However, the core of SlipStream and all of the connectors for open source clouds are released under the Apache 2 license and are freely available. The combination of multi-cloud support, automated deployment, application element coordination, and a user-defined “service catalog” make Slipstream an ideal building block connecting the CYCLONE developments in the cloud layer and those at the application level.
Gain full control over your infrastructure using Software-defined Networking (SDN)
Fundació i2CAT, GPLv3, Source, Homepage
OpenNaaS is an open source platform for provisioning network resources. It allows the deployment and automated configuration of dynamic network infrastructures and defines a vendor-independent interface to access services provided by these resources. OpenNaaS provides support for a variety of resources such as optical switches, routers, IP networks and BoD-domains, but, more importantly, it is easy to add new resources and their capabilities as an extension. OpenNaaS is the outcome of a cooperation between several stakeholders and was born with the goal of creating an open source project fostered by a lively community of contributors, benefactors and beneficiaries. We invite you to join us!
OpenNaaS Extensions See what other users are contributing to OpenNaaS
OpenNaaS Community, Apache 2, Source, Homepage
OpenNaaS is open source and driven by the needs of its community. Whether you are a service or an infrastructure provider, a user or a developer, make it the tool tailored to your requirements!
All OpenNaaS extensions are released under the Apache 2 License.
CYCLONE Networking Services Manager and Orchestrator - CNSMO Integrate network services into your cloud applications using our ready-to-deploy modules in an automated way.
i2CAT, GPLv3, Source
OpenNaaS-CNSMO is a lightweight distributed platform responsible of deploying, configuring and running the networking services in Cyclone project by defining a basic service API and service lifecycle, together with an interservice communication mechanism implementing the actor model and supporting different communication protocols. The system is capable of deploying and running multiple services in both local and remote environments. CNSMO is composed by two components:
- The CNSMO core
- CNSMO agents running networking services
CYCLONE Federation Provider Use federated identities without the complexity
TU Berlin, Apache 2, Source
The Federation Provider implements the OpenID Connect Authentication Code Flow (OIDCACF) to issue uniform JSON Web Token (JWT) user claims to relying applications, e.g., user’s identifier, email addresses, or home organization. In the CYCLONE testbed it is integrated with eduGAIN, allowing easy use of those academic identities for authentication, authorization, and other purposes.
The Federation Provider contains two subcomponents:
- The Identity Broker where end-users specify the identity they want to use for authentication, in our case one of the eduGAIN identity providers (e.g., TUB, CNRS, or UvA).
- The Backend Modules implementing SAML to communicate with the Identity Providers in order to process authentication requests and responses.
CYCLONE Distributed Logging Unify log messages from distributed applications
TU Berlin, Apache 2, Source
Logstash provides remote logging capabilities to unify log messages into a common format. These endpoints comprise of a simple TCP-based and a Syslog-compatible logger. Not shown in the diagram are a Kibana, the Logging Frontend allowing end-users to consume the logs, as well as Elasticsearch to persist the logs.
Open Service Compendium Get help chosing the right cloud service for your application
TU Berlin, Apache 2, Source
The Open Service Compendium is an information system that supports businesses in their discovery, assessment and cloud service selection by offering a simple dynamic service description language, business-pertinent vocabularies, as well as matchmaking functionality. Within CYCLONE we work on integrating the Open Service Compendium with the Slipstream Service Catalog to make it very easy for DevOps to find fitting cloud services for their multi-cloud deployment. This integration is detailed in Deliverable D6.2
Tools and libraries
Extend your solution with these helpers
CYCLONE PAM Module Use federated identities for SSH login
TU Berlin, Apache 2, Source
The PAM Module allows the Linux operating system to authenticate users using their federated identities without the need for a modified SSH client or server. Instead, it provides URLs to the users through the SSH “keyboard-interactive mode”, which they open in their User Agents and carry out the regular OIDCACF. At the end, when the JSON web token is retrieved by the PAM module, it transforms the federated identities into existing or newly created local user accounts.
CYCLONE Client Registration Self-registration of OpenID Connect Clients for federated clouds
TU Berlin, Apache 2, Source
TCTP Gain end-to-end security while using HTTPS proxies
TU Berlin, Apache 2, Source
The Trusted Cloud Transfer Protocol (TCTP) is an application layer encryption protocol for HTTP which provides true end-to-end security, i.e., from the user agent (e.g. browser) to the origin server (e.g. a single PaaS container), even if the communication is performed through intermediaries acting as TLS server connection ends, e.g., cloud load balancers. There are currently two implementations of TCTP, the distributed cloud proxy, and the TCTP Rack middleware for Ruby-based web applications, e.g., Ruby on Rails or Sinatra.
Read more about TCTP in this CloudCom 2013 paper.
CYCLONE network scripts Use our scripts to automate network configuration
CNRS LAL, BSD, Source
CYCLONE data erasure scripts Create ephemeral VMs
CNRS LAL, GPLv3, Source
Demo applications
Learning material and blueprints
CYCLONE Wordpress demo See how easy it is to use Wordpress with federated identities
TU Berlin, GPLv2, Source
CYCLONE Django demo Learn how to use federated identities with Django
CNRS IFB, BSD, Source
Dockerized filtering web proxy using OpenID Connect Apache filter web access based on the federated identities
CNRS IFB, Apache 2, Source
CYCLONE example deployment See all our components in action
TU Berlin, -, Source