SWITCH operates an OpenStack-based Infrastructure as a Service (IaaS) offering called SWITCHengines. This includes virtual machines and storage (based on Ceph). Its intended audience consists primarily of researchers, but also of institutional IT services.
SWITCHengines has been in pilot mode during 2015, but will now become an official service. There is a tariff, which has been communicated to the universities in Fall 2015, and which will be the basis for usage charges starting in January 2016.
While much of the usage will be by researchers, it is expected that institutions, and in particular their IT services, will receive the bills for their respective user communities.
This leads to the need to (a) map cloud resource usage to institutions for billing, (b) provide tools for institutions to control access and usage limits for “their” users, and (c) provide means to “show back” institutional resource usage to administrators (and, to a lesser extent, users) at the institutions for budget planning and other financial/policy uses.
At present, the integration with Federated Identity Management (FIM) solutions is a loose one: There is a “cloud account” management tool that allows SWITCHaai—and, by extension, Swiss edu-ID—account holders to create a SWITCHengines account. Institutions can “opt in” to the service so that anybody from that school can obtain a SWITCHengines account by themselves. The other option is that administrators—currently only at SWITCH—generate a “voucher” that can be used in combination with any valid SWITCHaai credentials to generate a SWITCHengines account.
The system has been working, so far, but has several drawbacks and limitations: Users need separate credentials; SWITCHengines accounts are decoupled from the SWITCHaai accounts that were used to generate them; we cannot easily handle “interfederation”, i.e. eduGAIN.