HEAppE for OpenStack

HEAppE performs the mapping of LEXIS Users to functional (non-privileged) accounts for the HPC and OpenStack infrastructures in each centre. Due to this security-critical functionality, it is always deployed in a centre ́s private network.

HEAppE Middleware was primarily developed for an HPC infrastructure but in the scope of the LEXIS project the same security mechanism can be utilized also for an OpenStack environment. While the HEAppE Middleware encapsulates most of the HPC-related functionality for an HPC infrastructure the same authentication mechanism and the mapping functionality can be easily extended also for an OpenStack environment. For the OpenStack the HEAppE will use the same Keycloak authentication method but instead of mapping the LEXIS User accounts to internal HPC cluster accounts it will provide the LEXIS Users with a valid Keystone token to be used via standard OpenStack APIs. The following Figure (see below) presents mapping procedure between the Keycloak JWT token and the OpenStack Keystone token.