HOME / ARCHITECTURE

Architecture

Puhuri provides resource allocation and authentication infrastructure for service providers.

Puhuri AAI is part of MyAccessID authentication and authorisation infrastructure (AAI) services based on GEANT eduTEAMS.

The diagram below summarises the architecture of the Puhuri consisting of two layers: identity layer and Infrastructure Service Domain (ISD) layer, which is where Puhuri lives.

Architecture PNG

The identity layer is responsible for delivering consistent identity information across clients and services of Puhuri. The registration creates a unique identifier (Community Unique Identifier, CUID) for the user in MyAccessID registry, which is used for referencing and linking user identity across the different components. The user registration process can be started from the existing portal of Resource Allocators (e.g. national allocation portal) or from a Puhuri Portal, which is provided as a reference solution. Identity layer also assures that supported identity providers release the attributes about user identity in a common way so that services could be built with end-to-end user authentication.

Users can optionally register SSH public keys with their MyAccessID profile, in which case they become available to the service providers that user gets access to.

On the Infrastructure Service Domain layer, Puhuri Core, operated by University of Tartu, is the resource allocation service exposing API for Resource Allocators and Service Providers for managing Projects, Members (using CUID of Puhuri users as references) as well as passing information on Resource Allocations, their usage and lifecycle.

The Puhuri services deal with personal data and have been analysed from the perspective of GDPR compliance. Required contracts have to be signed prior to access to the production environment of Puhuri Core.

On service provider side, Puhuri supports different integrations:
  • Slurm Workload Manager
  • OpenStack
  • Rancher Kubernetes
  • CSCS FireCREST