Architecture
Puhuri provides resource allocation and authentication infrastructure for service providers.
Puhuri AAI is part of MyAccessID authentication and authorisation infrastructure (AAI) services based on GEANT eduTEAMS.
The diagram below summarises the architecture of the Puhuri consisting of two layers: identity layer and Infrastructure Service Domain (ISD) layer, which is where Puhuri lives.
The identity layer is responsible for delivering consistent identity information across clients and services of Puhuri. The registration creates a unique identifier (Community Unique Identifier, CUID) for the user in MyAccessID registry, which is used for referencing and linking user identity across the different components. The user registration process can be started from the existing portal of Resource Allocators (e.g. national allocation portal) or from a Puhuri Portal, which is provided as a reference solution. Identity layer also assures that supported identity providers release the attributes about user identity in a common way so that services could be built with end-to-end user authentication.
Users can optionally register SSH public keys with their MyAccessID profile, in which case they become available to the service providers that user gets access to.
On the Infrastructure Service Domain layer, Puhuri Core, operated by University of Tartu, is the resource allocation service exposing API for Resource Allocators and Service Providers for managing Projects, Members (using CUID of Puhuri users as references) as well as passing information on Resource Allocations, their usage and lifecycle.
The Puhuri services deal with personal data and have been analysed from the perspective of GDPR compliance. Required contracts have to be signed prior to access to the production environment of Puhuri Core.
On the service provider side, Puhuri supports different integrations:- Slurm Workload Manager - one of the most popular job schedulers
- OpenStack - open-source IaaS solution for running on-premise cloud
- Rancher Kubernetes to run K8s on top of OpenStack virtual machines
- CSCS FireCREST - API for job submission on top of SLURM
- HEAppE - RESTAPI for controlled execution of workloads on the HPC cluster
- Open OnDemand - easy-to-use web portal for accessing supercomputers