The pilot has been completed!
TERENA Trusted Cloud Drive is a pilot experiment developing a personal data storage service that builds on a flexible Cloud Broker Platform. The unique features of the platform are:
- Federated access to the service
- Metadata and storage data are kept separate
- Storage data is encrypted and stored in the cloud
- Metadata stored in a trusted place.
- Various cloud storage back-ends can be brokered
- Flexible WebDAV front-end and web app.
- Different user platforms (Windows, MacOS, iOS, Android) are supported
- Code and documentation is fully open-source
April 2012 - May 2012
June 2012 - April 2013
23 April 2012 - New pilot project to extend TERENA's cloud activities
The aim of the pilot
The aim of this pilot is to explore possible deployment scenarios for a trusted personal storage service for academia. The pilot will be built upon a federated software platform (i.e. the Cloud Broker Platform) that offers the ability to easily connect different storage back-end (both private and public cloud storage back-end are supported) and store users data in a secure and privacy preserving way (thanks to the separation of storage data and metadata as well as the built-in encryption functionality) in the cloud.
The following aspects will also be explored as part of the pilot:
(i) Longer term sustainability for a potential service (i.e. the community);
(ii) Legal aspects and perceived trust issues related to the storage and management of the encryption keys and metadata (i.e. the service model);
(iii) Software scalability and performance (i.e. the code);
Although the software already offers capabilities to test different front-end applications too, this aspect will not be fully explored during the pilot. However, requirements will be collected during the pilot lifetime and recommendations on how to further improve the front-end (end-users) functionalities will be provided.
Take a look at the pilot's success measures.
Main technical characteristics of the pilot
The pilot will be prototyping and operating the Cloud Broker Platform, the open software developed by UNINETT Sigma in 2010 as part of the NEON project, at TERENA and some selected NRENs, Universities, and other institutes.This prototype software has been built with the basic idea of separating the storage data (i.e. encrypted content) from the metadata (i.e. encryption keys, filenames, size, date, etc). By keeping the metadata store “on premises” data confidentiality is guaranteed under the assumption that the premises are inside a “trusted domain” – e.g. TERENA.
Delivering the pilot
The technical part of the pilot will consist of installing all the components depicted in the picture above: namely a centralized cloud broker for the TERENA’s community (the green box depicted in the picture above), the web portal to access the system (front-end) and the storage back-end. The pilot will be carried out in two phases:
- Phase i - Local installation of the platform at the TERENA office. During this phase the cloud broker (the elements in the green box above) will be installed and connected to a limited storage back-end offered by TERENA. A simple web portal and the necessary support for the federated access will also be developed. For this phase TERENA will sub-contract the software developer, Maarten Koopmans who will provide the necessary support for the installation. The platform will be evaluated and tested by a limited number of NRENs’ experts coordinated by TERENA.
- Phase ii - Upon successful test of Phase i, NRENs will be invited to participate in the pilot (NRENs that have already expressed their interest in participating are HEAnet, NIIF, BELNET, PSNC, and CARNet/Srce) either adding their own cloud storage back-end and/or developing new front-end applications to the cloud broker. An additional public storage back-end will also be added. During this phase it is envisage that NRENs will offer a limited number of end-users to provide feedback on the usability of the system. Although most of the user requirements will not implemented during the pilot phase, they will help shape and understand the type of service users would be looking for.
The pilot Phase ii will be operated for a 9-month period after which an evaluation will follow to assess the success of the pilot and to agree on the following steps.
There will be three deliverables produced as part of the pilot:
- May 2012 – Pre-installation: System installation and technical documentation concerning the installation process (phase i).
- Jan 2013 – Describe possible service models: This document will describe what service(s) can be deployed and how and will detail the service scenario recommended to phase ii and the related metrics to asses the pilot. The scenario of TERENA offering this as a (sharing) service will be considered.
- March 2013 – Final report: Provide an evaluation of the pilot and recommendations for the next steps, based on the success of the pilot. Technical recommendations for NRENs that wish to run a local instance of the software will also be provided.
Full project description
Measure of success
Explore possible deployment scenarios for a trusted personal storage service for academia.
Longer term sustainability for a potential service
Knowledgeable and reliable software development community around the open-source code.
Significant number of user communities, specific use cases.
Platform developer as single point of failure. Lack of development and support efforts.
No significant take up of the service platform.
Legal aspects and perceived trust issues related to the storage and management of the encryption keys and metadata
The service model
Cloud platform is widely used to clearly separate the Personal Data Controller role from the Storage Data Manager role.
Organizations can pick the service model and delivery scenario that better fits to their environment and use cases.
(Legal) benefits of the platform is not understood. Perceived as yet an other personal cloud storage service.
One single service model does not fit to all organisations.
Software scalability and performance
|Platform code is robust, secure, and scalable.||Platform code is weak, insecure, and rigid.|