Cloud Broker - Managing Cloud Ecosystem for Education and Research Institutions

By: 
Jamcracker

Choosing from myriad services and also allowing a user to consume without administrators' intervention is a big plus while consuming cloud services.

Jamcracker Cloud Service Brokerage Solution used for - quick, easy, and cost-effective way to deliver Cloud & Education services, solutions and implementation services around it.

Overcoming Challenges with Jamcracker Platform

  • Aggregating services through a Community Service Hub including Education Services, commercial services targeting Education Institutes & Universities within SaaS, IaaS and PaaS kind of services.
  • Supports most popular public clouds to Offer IaaS: AWS, Azure CSP, Microsoft CASA etc.
  • Support most popular public provider to offer SaaS : O365, G-suite, Adobe & other education applications.
  • Secure access to self-service portal and services by integrating with Federated Identity system. Enabling SSO to securely access services from the portal.
  • Enriching sell through partnerships to sell Commercial and Educational services.
  • Multi-tenant, multi-tiered marketplaces with local language, content support for members of various academia users (Students, Professors etc).

With the introduction of the service catalog, users are consuming services from marketplace portal having aggregated services. This enables to deliver a simplified way of consuming cloud than ever before. The beneficiaries of this are not limited to administrators and end users - typically students and professors , but it benefits the entire value chain. Administrators not only get the flexibility to create re-usable templates for different Business Units but also get risk free mechanisms to control shadow IT. Various Cloud Management Platform (CMP) features such as templatization of IaaS resources, BU or Department level catalogs, Governance through Policies, approval workflows along with controlled privileges to the users and administrators has augmented the entire CMP capabilities to the next level of service delivery management.

Self-Assignment of Services through the CMP Portal

  • The marketplace will be able to publish a specific catalog to each of these Education Institutes.
  • Admin of the Education Institute will be able to order the required services for the institute.
  • Users of the education institute will be able to view the list of available services for their institute.
  • Users will be able to select the required service and perform self-assignment.
  • Charges are levied for the consumption of paid services used by the users of the educational institute.
  • Admin of the Education Institute can view and manage the consumption of his institute.

Self-Assignment of SaaS Services for End Users

  • End user of the institute will have the ability to self-assign services available in the catalog if the license available.
  • End user of the institute will have the ability to request services available in the catalog if the license is not available.
  • The user will be able to view the services that he has subscribed in his workspace.
  • The user should be able to perform the SSO to the services for all supported services from the platform.

License Request Workflow

  • Administrator of the education institute will have the ability to view all the license requests from end users.
  • The administrator will be able to add more licenses.
  • The administrator can approve/reject the license requests.
  • Notification will be sent to the user on the request status.

Self-Launch of IaaS resources for End Users

  • A catalog visible to end users shall have the required IaaS services.
  • The user will be able to launch within the budget.
  • The option to select network, subnets and security groups shall be guided by the policies.
  • The user should be able to provide the required configuration details to launch the stack.

Federated Identity Management

Federated Identity management facilitates the management of access to services, as well as resources within the organization.

Organizations across the world are gradually realizing that in addition to collaboration within the organizations there is an increasing need to set-up federated secured environment for users with the primary objective of intra/inter-organizational collaboration. Primarily the need to authenticate users and determine their authorization level. In order to do this, the service/resource provider organization will have to integrate with multiple and varied Identity providers of other organizations in order to provide access to the service/resource which can prove to be quite complex and time consuming. This business problem can be solved by using federated identity management.

Shibboleth based Federated Identity Management

Federated Identity management enables the sharing of information about users in one organization to other organizations in the federation. Shibboleth is a standards based, open source, federated Identity management software package that works across and within organizational boundaries. Shibboleth based federations are often used in universities or public service organizations.

Shibboleth is among the world’s most widely deployed federated Identity solutions, connecting users to applications both within and between organizations. It addresses the concern of privacy by allowing the identity provider to define which attributes of the user will be released to which service provider. Service providers can define the policy to determine what information about the user will be accepted from the identity provider.

Jamcracker Integration with Shibboleth

Jamcracker integrated with Shibboleth software to authenticate and authorize users and provide federated single sign-on capabilities. When a user logs into a Jamcracker platform that has been integrated with Shibboleth, the user is authenticated by his/her home organization Identity Provider. The user attributes returned by the home organization is used by the Jamcracker Platform to determine the authorization of the user. The user is directed to the appropriate marketplace within the platform based on the attributes returned by the home organization. Once the user logs into the system successfully, s/he can subscribe to cloud services based on their authorization. S/he will also be able to single sign-on to all the cloud services that have subscribed to.

Conclusion

Jamcracker Cloud Service Brokerage offers cloud services to education and research institutions through a consumer-based model. The Platform web interface allows meeting the needs of ICT managers, researchers, teachers, and students to access the services provided in a single environment that is secure and easy to access.