VESPA: l'e-Health su infrastruttura Cloud Architettura e Servizi Roberto Barbera Responsabile Scientifico - Settore Sviluppo - del progetto VESPA roberto.barbera@ct.infn.it

Outline Introduzione La Cloud di VESPA Conclusioni Stato attuale e potenzialità future Conclusioni

L’evoluzione del Web

Web 2.0 e 3.0 (http://lifeboat.com/ex/web.3.0) Ubiquitous Connectivity: Broadband adoption; Mobile Internet access; Mobile devices; Network Computing: Software-as-a-service business models; Web services interoperability; Distributed computing (P2P, grid computing, cloud computing, […]); Open Technologies: Open APIs and protocols; Open data formats; Open-source software platforms; Open data (Creative Commons, Open Data License, etc.); Open Identity: Open identity (OpenID); Open reputation; Portable identity and personal data (for example, the ability to port your user account and search history from one service to another); The Intelligent Web: Semantic Web technologies (RDF, OWL, SWRL, SPARQL, Semantic application platforms, and statement-based datastores such as triplestores, tuplestores and associative databases); Distributed databases — […] wide- area distributed database interoperability enabled by Semantic Web technologies); Intelligent applications (natural language processing, machine learning, machine reasoning, autonomous agents).”

L’evoluzione del calcolo scientifico Time 00’s-10’s Cloud Computing Cost of hw Cost of networks Power of COTS WAN bandwidth 90’s-00’s Grid Computing 80’s-90’s Cluster Computing Mainframe Computing 5 5

Gli «strati» di una Cloud

IaaS: il sito Cloud del DFA  100 TB  100 core

IaaS: la «Virtual Cloud» di VESPA

MyCloud Current functionalities: Federated authentication Fine-grained authorisation Single/multi-deployment of VMs on a cloud and across clouds Single/multi-move of VMs across clouds Single/multi-deletion of VMs on a cloud and across clouds SSH connection to VMs Direct web access to VMs hosting web services

L’EGI Federated Cloud (https://www.egi.eu/infrastructure/cloud/)

P4SaaS: the Catania Science Gateway Framework (CSGF) http://www.catania-science-gateways.it Born in 2010 to hide Grid – and now Cloud - complexity (especially security-wise) Designed to be: Sustainable (Fully based on standards) Scalable (e.g., through Glassfish) Secure (integrated AAAAI) Interoperable (one system  many infrastructures) Accessible anytime from anywhere (including mobile devices)

CSGF Architecture

Users having different roles and privileges CSGF Components Users having different roles and privileges Portlets AAI Administrators Power users Basic users VRC members etc, Grid&Cloud Engine Thanks to the CSGF, the interoperability of different distributed e-Infrastructures has been successfully demonstrated Grid Cloud HPC 21/02/2019

AAI in the CSGF EGI UMP AuthN/AuthZ … access.egi.eu eid-stork.eu OpenID EGI UMP access.egi.eu Authorization Authentication … AuthN/AuthZ handled separately SAML 2.0 Identity Federations IdP 1 IdP 2 IdP n 2. Select eID or Your institute IdFs 1. Sign In 3. Select your IdF and IdP eid-stork.eu 4. Use IdP to get authorized by IdP

Identity Federations in the world (https://refeds.org) >17 million people worldwide with federated credentials

The GrIDP “catch-all” Federation (http://gridp.garr.it)

Support for the most diverse and widest possible communities of users (1/2)

Hundreds of millions of people can become users of services Support for the most diverse and widest possible communities of users (2/2) Hundreds of millions of people can become users of services

Summary of standards adopted The Catania Science Gateway Framework is fully web-based and adopts official worldwide standards and protocols, through their most common implementations These are: Presentation layer: the JSR 168 and JSR 286 standards (also known as "portlet 1.0" and "portlet 2.0" standards) Authentication: the OASIS Security Assertion Markup Language (SAML) standard and its Shibboleth and SimpleSAMLphp implementations Authorisation: the Lightweight Direct Access Protocol, and its OpenLDAP implementation Management of digital certificates on smartcards: the Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptoki implementation Application interface to the underlying middleware: the Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGA implementation Interface to cloud computing infrastructures: the Open Grid Forum (OGF) Open Cloud Computing Interface (OCCI) standard and its rOCCI implementation

Portlets as bricks Standards Simplicity Easiness of use Re-usability Sc. Gtwy E Sc. Gtwy D Sc. Gtwy C Sc. Gtwy B Sc. Gtwy A

SaaS: il «portale» di VESPA

Gestione pazienti

Gestione task

Gestione sedute riabilitative

Controllo via web delle sedute riabilitative

Controllo via app delle sedute riabilitative

Conclusioni L’infrastruttura di VESPA è un esempio di Cloud per l’e-Health allo stato dell’arte, sia a livello di IaaS che di SaaS L’adozione di standard internazionali, sia «de jure» che «de facto», assicura a tutti i livelli della Cloud di VESPA una completa interoperabilità con infrastrutture nazionali e internazionali di prima classe L’accesso federato, ed il supporto delle più importanti implementazioni dello standard SAML, assicura all’infrastruttura di VESPA la possibilità di avere un enorme bacino di utenti potenziali, ivi inclusi operatori sanitari e Pubbliche Amministrazioni