Apereo Incubation Proposal · cites-illinois/cloud-broker Wiki

https://github.com/cites-illinois/cloud-broker/wiki/Apereo-Incub...

Apereo Incubation Proposal Project Name Cloud Broker

Mailing List Prefix cloud-broker

Project Leads Tim Carroll, University of Illinois Technology Services ([email protected]) Mark Nye, University of Illinois Technology Services ([email protected])

Apereo Foundation Member Recommendations David Ackerman - New York University Lucy Appert - Columbia University

Initial Contributors University of Illinois

Project Overview Higher Educational IT providers are accelerating their deployment of cloud-based services, and many of these projects involve integration programming with cloud provider APIs in order to facilitate user account provisioning, configuration, and deprovisioning. Though the APIs for vended cloud services are often straightforward to use, each come with their set of business requirements and technical concerns. With multiple local services potentially needing access to cloud provisioning APIs, the staff time and expertise required to manage these integrations can become significant. This project seeks to reduce cloud API integration complexity and related organizational risk by developing a centralized API service to broker provisioning and configuration interactions with major cloud services. Significant features of the Cloud Broker will include: A Cloud Broker API that can be leveraged by local services to make standardized account creation, configuration, deactivation, and removal requests for major cloud services. A shared trust mechanism for authorizing API requests. Queued job management with retry facility. A cloud provisioning / deprovisioning business rules engine. Campus Directory integration hooks for performing user service authorization. Terms of Use engine. Centralized logging and notification. Modular architecture supporting addition of new services.

1 of 4

Technology Overview Architecture

6/10/15, 10:30 AM

Apereo Incubation Proposal · cites-illinois/cloud-broker Wiki

https://github.com/cites-illinois/cloud-broker/wiki/Apereo-Incub...

Technology Overview Architecture This is a proposed high-level service architecture for a cloud broker service with enrollment dashboard, the first iteration of which would handle Google Apps Faculty/Staff enrollment. The "backend services" area shows the proposed Cloud Broker architecture, while the "user facing services" outlines a hypothetical user-facing enrollment dashboard.

Cloud Broker API Example Endpoints Account Manage provisioning of a user account to a cloud service. Resource DELETE account/:uin/:service_name

Description Deletes a users account from the vendor and from the local datastore.

GET

Request status of an account being

account/status/:uin/:service_name

provisioned directly from the vendor.

POST account

PUT account/:id

Request an account be provisioned with a cloud service. Updates a users account status. Primarily used for deprovision and reprovision.

Service Service data matches service names with versions of terms of service.

2 of 4

Resource

Description

DELETE service/:id

Deletes (expires) the Service with the specified id parameter.

GET service/:id

Returns an effective Service with the given id.

6/10/15, 10:30 AM

Apereo Incubation Proposal · cites-illinois/cloud-broker Wiki

https://github.com/cites-illinois/cloud-broker/wiki/Apereo-Incub...

Service data matches service names with versions of terms of service. Resource

Description

DELETE service/:id

Deletes (expires) the Service with the specified id parameter.

GET service/:id

Returns an effective Service with the given id.

POST service

Saves a new Service.

JSON Types Account Request Object containing data used for requesting an account be provisioned with a cloud service. Field

Description

id

The id for this Account Request.

service_name

The name of the service an account is being requested for.

uin

The UIN for the user (the institutional Id).

user_id

The user identifier (EPPN) for the target system. (optional).

fname

The user's first name (optional).

lname

The user's last name (optional).

tos_version_id

The id of the version of terms of service being accepted.

status

Indicates the change of status desired for this user's account.

Service Object that describes a service. Field

Description

id

Unique identifier for this service.

effective_version_id

Unique identifier for the TosVersion that is currently in effect.

href

URI direct to the service (optional).

name

Text identifier for this service.

tos_versions

Container of all TosVersion objects associated with this service.

Message Queuing The Cloudbroker API queues requests for changes to a user's status. The messages in the queue are processed asynchronously by ActiveMQ worker services.

3 of 4

6/10/15, 10:30 AM

Apereo Incubation Proposal · cites-illinois/cloud-broker Wiki

https://github.com/cites-illinois/cloud-broker/wiki/Apereo-Incub...

Current User Base The Cloud Service Broker is currently in development at the University of Illinois, and is not yet being used in production. We expect that an initial release of the software will be available by June 1, 2015. Overview of How the Project or Community relates to other parts of Apereo The Cloud Broker product uses the Name-Value Pair API (also being proposed for incubation) to persist data.

Project Website http://cites-illinois.github.io/cloud-broker (This document is based on the Apereo project proposal guidelines found here: https://www.apereo.org/content/s3-core-process)

4 of 4

6/10/15, 10:30 AM