Networks ∙ Services ∙ People www.geant.org

Peter Szegedi

APAN45

From concept to reality...Collaboration on Enterprise File Sync & Share

29 March 2018

GÉANT

Networks ∙ Services ∙ People www.geant.org 2

Where we started

Networks ∙ Services ∙ People www.geant.org

• More than 112.000 licenses purchased all together by 2015. We are about 500k licenses now!

3

GÉANT-ownCloud agreement

Networks ∙ Services ∙ People www.geant.org 4

Pricing

Name Package UsersPackage Annual Base Price

Extra users price user per year 1st ownbrander

additional ownbrander, per

SAML Branding Calendar Contacts

Entry 1,000 € 4,500 € 5.00 Yes X € 4,000 € 2,000 € 2,000 Volume 5,000 € 9,250 € 1.85 Yes € 3,000 € 4,000 € 2,000 € 2,000 NREN 20,000 € 32,950 € 1.48 Yes € 1,000 Yes € 2,000 € 2,000 Site License 40,000 € 46,250 X Yes X Yes € 2,000 € 2,000

Min. 7,500 Euro approx. 4000 Users (1.85 Eur/user/year) plus 7,500 Eur branding (Collabora option) 2017

2018

Networks ∙ Services ∙ People www.geant.org 5

Pricing

Min. 7,500 Euro approx. 4000 Users (1.85 Eur/user/year) plus 7,500 Eur branding, SAML included 2017

2018New packages are expected...

Networks ∙ Services ∙ People www.geant.org 6

Larger picture

On-premise Cloud EU Cloud Global

Networks ∙ Services ∙ People www.geant.org 7

OpenCloudMesh API – Community Standard

Networks ∙ Services ∙ People www.geant.org

• Open Cloud Mesh (OCM) is a joint international initiative under the umbrella of the GÉANT Association that is built on the open Federated Cloud Sharing application programming interface (API) - first initiated and implemented by ownCloud Inc.

• Taking Universal File Access beyond the borders of individual clouds and into a globally interconnected mesh of research clouds without sacrificing any of the advantages in privacy, control and security an on-premises cloud provides.

• OCM defines a vendor-neutral, common file access layer across an organization and/or across globally interconnected organizations, regardless of the user data locations and choice of clouds.

8

Interconnected Private Clouds for Universities and Researchers

Networks ∙ Services ∙ People www.geant.org

• Code v.0.002 has been released on 27 July 2015 by ownCloud Inc.

• Kick-off meeting: 22 October, 2015 in Vienna, Austria

• OpenCloudMesh = ownCloudMesh• USE CASE: Uni Münster server-to-server sharing

• During the OCM demonstration, users were able to sync and share files and folders between independent service domains operated by University Münster in Germany, University Vienna in Austria, SWITCH, the national research and education networking (NREN) organisation of Switzerland and AARNet the NREN of Australia.

9

OCM Phase I.

CS3 Workshop, 18-19 January 2016 in Zurich, Switzerland

Networks ∙ Services ∙ People www.geant.org 10

OCM Phase I.

Networks ∙ Services ∙ People www.geant.org

• March, 2016 - Charles du Jeu and David Gillard from Pydio(https://pydio.com/) joined the OCM project.

• Discussion with others: Zettabox, PowerFolder, Nextcloud, ...

• OpenCloudMesh• USE CASE: AARNet (Australia)

uses ownCloud and ASNET-AM (Armenia) uses Pydio.

• DEMONSTRATION ownCloud, Pydio: Interoperability demo at GÉANT booth

• TNC - 13 June 2016

11

OCM Phase II.

Networks ∙ Services ∙ People www.geant.org

This vision is that the OCM spec should be:• compliant: with standard practices of the http world (error codes, conventions,…)• described: using industry-strength documentation/testing system (e.g. swagger.io)• neutral: should not have any artifacts or assumptions stemming directly from particular

implementation or implementation language• modular: allow providers to implement minimal functionality and add optional components of the

spec as they please (or not)• minimal: offload as much as possible of additional functionality to existing mechanisms in the

network, especially for optional modules (e.g. lookup)• secure: compliant with modern security frameworks (e.g. OAuth2, JWT, …) For the modules, I would

consider at first: - auth/autz negotiation - sharing of files - synchronization of files - user discovery (optional)

• robust: implementations should continue to deliver their service even when interacting with a failed implementation/service or malicious intended attempts at federation as attack vector

12

OCM Phase II.

Networks ∙ Services ∙ People www.geant.org

• We found a professional protocol designer(APIwise) who described OCM in a more formalized way (using OpenAPI/Swagger Framework).

• To establish a reference infrastructure and test environment where the implementations can be validated against.

• Implementations at ownCloud, Pydio and Nextcloud (PowerFolder in the pipeline).

• Meeting with Apiwise on 12/07/2016• Make it happen: AARNet, Nextcloud, Sciebo,

ownCloud, Uni Vienna, CESNET, GWDG and CERN• GitHUB: https://github.com/GEANT/OCM-API• API reference documentation

https://rawgit.com/GEANT/OCM-API/v1/docs.html

13

OCM Phase III.

Delivered by 10 February 2017CS3 Workshop in Amsterdam

CALL FOR IMPLEMENTATIONSAND USE CASES

Networks ∙ Services ∙ People www.geant.org

Outcome: What’s next?

1. sharing and federated sharing (this is the CORE)

2. synchronisation and accessing the file using WebDAV or other file transfer protocol (this could be only a starting point for discussion)

3. service/user discovery (next thing)

4. what to do with the files/folders after sharing... (outside of scope)

14

OCM Phase III.

Networks ∙ Services ∙ People www.geant.org

Where we are

Networks ∙ Services ∙ People www.geant.org

• Phase IV. aims at paving the way towards standardization.• Explore patent and IPR issues, as well as the potential fora for initiating the

standardization discussion (IETF, IEEE Intercloud, ...).• Need a reference installation (proxy) fully complaint with the latest specs.

• GÉANT SIG-CISS in Amsterdam• Build a reference proxy/gateway implementation of the agreed OpenCloudMesh

(OCM) federated sharing protocol specification to support the on-boarding of closed-source EFSS solutions as well as the compliance of the current open-source products.

• Being investigated...

16

OCM Phase IV.

Networks ∙ Services ∙ People www.geant.org

File Sync & Share space as we know it...

OCM Natives

Networks ∙ Services ∙ People www.geant.org

File Sync & Share space as we know it...

OCM Natives

Networks ∙ Services ∙ People www.geant.org 19

File Sync & Share space as we know it...

OCM Natives

Networks ∙ Services ∙ People www.geant.org 20

OPTION A. – Become native

OCM Natives

Networks ∙ Services ∙ People www.geant.org 21

OPTION B. – Use a proxy

OCM Natives

OCM Proxy

Networks ∙ Services ∙ People www.geant.org

Thank you and any questions

Networks ∙ Services ∙ People www.geant.org

22