Integrating Science Gateways with Secure Cloud Computing Resources: An Examination of Two Deployment Patterns and Their Requirements
TimeWednesday, 11 November 20205pm - 5:30pm EDT
DescriptionThis paper examines scenarios in which science gateways can facilitate access to cloud computing resources to support scientific research using regulated or protected data stored on clouds. Specifically, we discuss the use of science gateways to access Controlled Unclassified Information (CUI), a US regulatory standard that covers a broad range of US federal government-owned or regulated data, and that also provides a useful proxy for other types of sensitive data, such as private sector intellectual property. We focus on the impact of CUI requirements on science gateway platforms for creating and managing science gateway instances. Gateway platforms are centrally operated by gateway platform providers who create and control gateway instances on behalf of gateway providers. Broadly, platforms operate following either a multi-tenant or a multi-instance pattern. Multi-tenanted science gateway platforms are designed to support multiple science gateways simultaneously, with each gateway as a tenant to a single operational instance of the platform middleware. Multi-instance platforms, on the other hand, provide and manage an entire instance of the science gateway software for each gateway. This paper reviews these two scenarios from the perspective of the Science Gateways Platform as a service (SciGaP), a multi-tenanted gateway platform based on the open-source Apache Airavata software. We examine requirements for providing multi-tenanted platforms for CUI gateways and also for providing the same software as a multi-instance platform. In both cases, we assume the use of CUI-compatible resources from commercial cloud providers. Both approaches are technically feasible but have trade-offs that must be considered.