Building infrastructure for sensitive data workloads
Michael Mallon1,2, John Perry1,2, Stephen Bird2 1The University of Queensland 2Queensland Cyber Infrastructure Foundation
Abstract
Security of infrastructure is an increasingly important domain. Obligations and requirements from users, organisations and governments are ever increasing. As this trend continues, these obligations will morph into more formal certification requirements. Over the past two years, the Queensland Cyber Infrastructure Foundation (QCIF) in partnership with The University of Queensland (UQ) have been developing a platform for the analysis of sensitive data, Keypoint. In this talk I will discuss the OpenStack restricted region that we have built in partnership with the Australian Research Data Commons (ARDC) to support this platform.
Regions are a method of dividing up resources in an OpenStack cloud. Regions are full OpenStack deployments with their own set of endpoints, however, they share a common identity service (Keystone). What makes this new region restricted is the choices we have made with regards to who has access, how they access it and what services we provide in the region, as compared with the standard ARDC Research Cloud region. These choices were made with the aim of reducing the burden of achieving certifications, such as the ISO27000 family, for the platforms that run in this region. While this talk will be grounded in the context of an OpenStack environment, the core concepts that we grappled with are applicable to any cloud or virtual environment.
Biography
Michael has been working for the Research Computing Centre at UQ since 2011. His primary focus is working with QCIF to deliver QRIScloud services, primarily, the Queensland node of the ARDC Research Cloud. Michael’s areas of expertise include virtualisation, high performance storage systems, high performance networking and systems automation.