— Back to the Cloud Forum Schedule

May 20th Presentations

Five Years of Cloud at Penn State and the Road Ahead

Rick Rhoades, Penn State University
9:45 am | Slides

Navigating a 29-year career in higher education presents its own unique challenges, but the last five years working with Cloud have been filled with achievements, setbacks, opportunities, and unexpected moments. Let’s take a brief look back at our journey with Cloud at Penn State over the past five years, and then shift our focus to the exciting challenges that lie ahead in the coming years.

Visualizing Cloud Spend at UT

Margaret Spangenberg, The University of Texas at Austin
10:30 am | Slides
UT Austin will share an update on their FinOps journey. As UT’s cloud adoption has continued growing, doubling since our last presentation in 2023, we have opened up access to spend visualizations to units across campus. We’ll discuss how units are using these resources for planning, including strategic use of savings plans and reserved instances. We’ll share the steps we took to iteratively improve these tools and ways we plan to enhance them in the near future.

Migration Misfortunes: How FinOps Saved the Day (and costs)

Jonathan White, University of Central Florida
11:00 am | Slides
Through the lens of a single workload, The University of Central Florida will explore the challenges faced during their expedited migration to the cloud and how they were able to apply FinOps principles to significantly reduce wasteful spending. Discover how modern cloud technologies and a FinOps culture can transform financial management and drive substantial savings.

Key topics include the initial migration and unexpected high costs, detailed cost and performance analysis, immediate and long-term optimization strategies, and the impact of FinOps on financial accountability and collaboration.

Counting Clouds to maximize cloudy returns: How to not let cloud accounting rain on your cloud team’s parade

Lucrecia Kim-Boswell, Stanford University
11:30 am | Slides
What happens when the lofty ideals of higher education meet the down-to-earth realities of cloud accounting? Hear from 3 different schools (Carnegie Mellon University, University of Pittsburgh and Stanford University) as they share how they have created a cloud funding model, clear the fog of managing research credits and forecasting usage for committed spend agreements.

Find the Causes of Rare Pediatric Genetic Diseases

Gilad Evrony, New York University School of Medicine
1 pm | Slides
Approximately half of children with suspected genetic diseases never receive a definitive diagnosis– the specific mutation causing their disease is not identified. These families often suffer through years of diagnostic odysseys, never knowing what the future may hold or whether a targeted treatment may be available. Our NYU Undiagnosed Diseases Program has used advanced genomics and cloud computing pipelines to find answers for these families across New York State, many of whom are in underserved communities without access to advanced genetics research.

The First 1000 Days: Creating Cloud-Based Systems for Collecting and Analyzing a Big Naturalistic Dataset to Study Human Development

Uri Hasson, Hadas Raviv, Liat Hasenfratz, and Irene Kopaliani, Princeton University
1:45 pm | Slides
Across all social science disciplines, human behavior occurs in complex and multidimensional real-world environments that are challenging to capture through controlled experiments or surveys. To understand how human behavior and cognition really comes about we need naturalistically big datasets of video and audio. 

In disciplines such as biology and physics, the application of Big Data, coupled with advanced analytical tools, has challenged established epistemologies and yielded groundbreaking discoveries (Sejnowski et al., 2015). Fields related to cognitive behavioral research struggle to develop an extensive dataset that can be used for model and theory development, primarily due to the specific nature of the data required: human social interactions, in all their richness.

Scaling up to naturalistic Big Data of human behavior sets unprecedented challenges: The challenges surrounding privacy and data quality are daunting. Big naturalistic data is difficult to collect and too large to manually annotate. The noise to signal ratio is high and automated tools have to be fine tuned to analyse the data in a scientifically-reliable way. The infrastructure must be reimagined to handle vast amounts of data. It requires innovative approaches in aggregation and analysis, ensuring that meaningful insights can be extracted from an ocean of information. Another challenge is that Big Data is on the one hand virtually impossible to anonymize, which implies that it cannot be shared. At the same time, Big Data research is impossible to conduct as an isolated lab in a closed-off environment. It requires collaborative teams that span multiple domains, fields and approaches. All of these challenges push the limits of existing frameworks and roadmaps for non-clinical human subject research. The One Thousand Days (1kD) 1kD project seeks to pioneer data collection, analysis methods, and collaborative frameworks, and to set new standards for large-scale, naturalistic behavioral research. 

The 1kD project follows 18 infants from 15 diverse families in the U.S. East Coast, recording their home environments for 12 hours a day, 7 days a week, over 1000 days. The collection and analysis of this dataset was made possible by our scalable, cloud-based systems, built within the AWS environment. These systems continuously retrieves, processes, and securely stores recordings, operating 24/7 with automated retry mechanisms to ensure data completeness. The 1kD infrastructure is leveraging hundreds of machines, enabling the application of any desired machine learning algorithm—whether pre-built, fine-tuned, or custom-developed for annotating and analyzing the data.  So far we have amassed 230 years of rich, diverse, and ecologically valid data encompassing natural human behaviors and interactions within real-life family contexts. We will illustrate the application of our solution by presenting research results gained with this dataset.

Rapid Detection of Wildfires from Satellite Observations and the importance of Cloud Computing in support of Open-Source Science

Steve Dutcher, University of Wisconsin, Space Science & Engineering Center
10:15 am | Slides
As wildfires escalate in frequency and severity, early detection becomes paramount for effective suppression. At the University of Wisconsin, we created the Ultra Low Latency (ULL) project with the goal of processing satellite data within 60 seconds of observation. Initially developed on-premises in a Kubernetes cluster, the deployment was replicated in the Cloud thanks to credits from AWS. Once deployed, we explored swapping out components for native AWS services to achieve both improved cost efficiency and reliability. A valuable outcome of this prototype was the insight gained, enabling us to accurately forecast costs in future proposals.

Furthermore, we are using this knowledge to explore how operational processing systems can be deployed in a cloud environment, adhering to Open-Source Science requirements. The Cloud is a critical element as it offers a shared platform that can be reused by other projects, giving developers more time to focus on new and innovative solutions.

Building the Cloud Foundation: Empowering Higher Ed with Terraform templates, Security risk assessments, and Collaboration

Kelly Rivera, University of Wisconsin-Madison
4:30 pm | Slides
In this session, we’ll explore how universities can streamline their cloud adoption journey by leveraging modular Terraform templates (“Lego blocks”) for efficient infrastructure deployment. Learn how to conduct thorough security risk assessments to protect sensitive data and ensure compliance with institutional policies. Discover best practices for fostering collaboration through architecture consultations and interactive office hours, enabling your cloud team to deliver tailored solutions for academic, research, and administrative needs. Whether you’re just beginning your cloud journey or looking to enhance your existing strategies, this presentation will provide actionable insights to build a secure, scalable, and collaborative cloud foundation.

May 21st Presentations

Designing the Next-generation Cloud Service

Chris Manly, Cornell University
9 am | Slides
When Cornell started in the cloud a decade ago, the focus was entirely on enabling cloud adoption.  We were training, building community, and encouraging innovation. Our service model was lightweight and focused on getting out of people’s way.  Over time, cloud usage has expanded and matured, costs have risen, and security has become an increasing concern. It is no longer purely the domain of early adopters. What are the factors we need to consider as we design a cloud support service for our campus that will lead us through the next five (or ten) years, and how do we craft a service that meets those challenges?

OCRE2024, the cloud tender for 39 European countries

Michel Wets, SURF, the Dutch NREN
9:30 am | Slides
In 2024, the GÉANT association, the collaboration organization of the Pan European NRENs, ran the third iteration of a joint public procurement for IaaS+ cloud services. The European common procurement legislation allows for cross-border joint procurements: a single tender enables R&E institutes in 39 countries to procure and consume these services from leading European and US cloud platforms. Without having to tender individually, fully compliant and with excellent terms and conditions meeting the R&E needs. The contract value over five years was set at 1.8 billion USD. 

The presentation will focus on following aspects:

• The history of the European collaboration on cloud services procurement
• The legal framework of the tender and the contracts
• Tender scope and requirements used
• Scoring this “monster tender” which received hundreds of bids: scoring process, created automation and the international scoring team

Cloud Security Maturity Model Workshop: Advancing Your Institution’s Readiness

James Monek, Lehigh University; Ken Hoover, Microsoft; Kevin Murakoshi, Amazon; Jeff Nessen, Google
10:15 am | Slides

Security is everyone’s responsibility, but institutions are at different stages in their cloud security journey. This interactive workshop explores the Cloud Security Maturity Model (CSMM) and what it takes to progress through its levels.

Through real-world insights from our partners, hands-on discussions in breakout groups, and a collaborative report-out, we’ll identify actionable steps to strengthen cloud security across diverse institutional needs. Whether you’re focused on securing research data or protecting institutional assets, this session will provide practical strategies and peer-driven solutions to help you move forward.

Join us to assess your current state, share challenges, and leave with a roadmap for advancing your cloud security maturity.

Lightning Talks

1:30 pm | Slides

1. Engineering Cloud Resources at the Center for Social Media and Politics at NYU – Jason Greenfield, New York University
   The Center for Social Media and Politics (CSMaP) at NYU is a leading interdisciplinary research center dedicated to understanding how social media impacts politics and society. Our work spans diverse topics, including the spread of misinformation, online extremism, and the effects of algorithmic recommendations on democratic discourse. This work is supported by a diverse team that includes three Research Engineers. I will share my experience as one of the Research Engineers and how I manage the data infrastructure for the lab and help build software tools to facilitate our research. Our work requires analyzing vast, complex datasets such as social media posts, news articles, and user interaction data.
   
   This lightning talk will showcase how CSMaP leverages cutting-edge cloud technologies to meet the computational demands of our research. Using a hybrid approach, we integrate Amazon Web Services (AWS) and Google Cloud Platform (GCP) for scalable data storage and data collection and NYU’s High Performance Computing cluster (HPC) for large-scale data processing and computationally intensive tasks.
   
   I’ll discuss the engineering strategies we’ve implemented to optimize data workflows, manage costs, and ensure security across these platforms. Attendees will gain insight into how cloud resources enable innovative research at the intersection of technology and society, as well as lessons learned in building an adaptable infrastructure to support interdisciplinary academic research at scale.
2. Modernizing our AWS environment or “AWS for ITS 3.0” – Nick Marangella – UC San Diego
   This is an update to the “Optimizing Our New AWS Account Creation Process for Time and Cost” presentation I gave at CF 2022.
   
   In late 2024 we met with our AWS team to design a new AWS environment that we would begin to implement in 2025. Internally we called this “AWS for ITS 3.0” and it included new strategies and designs for our multi-account setup, VPCs, connectivity to AWS, and single sign-on. We have made the key design decisions but have not started the implementation yet. By May 2025, I should have a story to tell about what decisions we made, what worked out the way we expected, and what didn’t.
3. GCP: the Augean Stable in the Sky – Cornelia Bailey, University of Chicago
   University of Chicago has been interested in cleaning up it’s 27K+ abandoned projects for awhile. We’d like to start making active use of Google Security Center, but without cleaning up these projects, our cloud security professionals face an unacceptable volume of alerts. Unsurprisingly, the change management aspects have been responsible for our long and unfinished timeline, but it turns out the provided technlogy isn’t doing us any favors. Any advice on re-routing the Alpheus river into GCP is welcome!
4. A tale of two clouds (Not those) – Gabriel Geise, Pennsylvania State University
   How does one keep track of hundreds of accounts, who owns them, and where are they charged to? We’ll take a look at Penn State’s day to day cloud operations and how we’ve worked to reduce manual steps and improve service times for our users.
5. Research Cloud Challenges: Failure to Launch, Failure to Optimize – Rob Fatland, University of Washington
   From experience supporting data-driven research on the cloud at the University of Washington and from further experience on the national level with the CloudBank program: We see a recurring theme of ‘necessary bespoke CI building’ on the part of a team of scientists who typically have a working familiarity with computing environments and a lesser degree of familiarity with the details of cloud computing. The team has applied for and been granted cloud access with some budget. There often follows to two challenges we propose to address in this session. First, once a research group has the green light to begin working on the cloud they often simply do not get started. (CloudBank cites a surprising 30% ‘failure to launch rate’) Second, when a team does get started on the cloud they can easily spend $15 on $1 of cloud computing. With the presumption that academic IT does not scale to meet the demand for cloud cyberinfrastructure building we will discuss three related questions: 1. Is the premise stated above valid? 2. If so: What key pathways address getting started and getting efficient? 3. How will the Cloud Forum community enable these pathways (findable, usable) in practice? And as a bonus, question 4: What has the Cloud Forum attempted to do in the past; and what does the grade sheet look like?
6. Managed Cloud environments for Dutch R&E – Michel Wets, SURF
   Many Dutch institutes would like to offer multi cloud internally but struggle with the skill sets and manpower needed for truly supporting multiple platforms. SURF, the Dutch NREN, wants to lower the barriers for multi-cloud adoption by offering managed AWS environments to its members.
7. Shape-shifting: From Terraform to Ansible – Kevin Muller, Fordham University
   For many years, we’ve leveraged a Cloud Management Platform (CMP) for server builds. The foundation was Terraform, but wasn’t designed for maximum flexibility. As part of a new effort within our Platforms team, we are shifting to include Ansible Automation Platform (AAP) post-processing.
8. Lehigh Valley Hacks – James Monek, Lehigh University
   Results from our student group led 24 hour annual hackathon. While cloud services were not required, AWS was one of the sponsors and they provided AWS Services for students to use for their projects. Many projects leveraged AWS services during the hackathon and there were teams from Lehigh University, Lafayette College, Villanova, Moravian University, and NJIT. I’ll share more details about the hackathon, how AWS provided services, some of the best projects, and how you can get a hackathon started at your institution.

Using Cloud Computing for HPC and Big Data

Shenglong Wang, New York University
2:45 pm | Slides
To support research and teaching at NYU, we have been operating an HPC Slurm cluster and a Dataproc-based big data cluster on Google Cloud for several years. The Slurm cluster, built using GCP’s Cluster toolkit, leverages preemptible instances, customized Lua plugins, and resource monitoring tools to minimize costs. The Dataproc cluster features autoscaling for worker nodes and storage. The components supported are HDFS, MapReduce, Spark, Hive, Trino, Flink, Kafka, Zeppelin & Jupyter Notebooks. A memory limit per user is enforced with cgroup on the login node. A cron job has been developed that controls resource consumption by individuals so that one user could burst their usage for Big Data applications for a short time but can not take over the whole cluster for too long. Over 1,000 students and researchers use these clusters for coursework and projects each semester. Researchers can also request HPC Cloud Bursting resources for urgent needs, accessing large-memory nodes and new GPUs unavailable on-premises.

Saving a Million with AI: How UMBC Built Its Own Enterprise E-Discovery Solution

Jason Paluck, University of Maryland – Baltimore County
3:30 pm | Slides
In response to a Department of Justice settlement requiring an extensive enterprise document search for Title IX-related reports, UMBC faced a daunting challenge: a vendor’s quote of over $1 million to perform the required review. Instead of outsourcing, we built our own scalable, serverless AI-powered document discovery solution using native AWS services and minimal custom Python code—saving the university significant resources.

This presentation will provide a technical overview of the architecture and workflow that enabled this cost- and time-saving solution. We’ll explore how AWS tools, including S3, Glue, Lambda, and Bedrock AI, were orchestrated to automate document ingestion, semantic processing, and analysis. Attendees will gain insights into our AI-driven pipeline, designed for high-volume, accurate document search and analysis, and how it seamlessly outputs actionable results for human review. This solution demonstrates the power of innovation and Generative AI in solving complex institutional challenges while delivering substantial cost savings.

Lightning Talks

4 pm | Slides

1. How I Learned to Stop Worrying and Love Azure Defender – Cornelia Bailey, University of Chicago
   University of Chicago stood up a university-wide accessible AI tool in October 2024. Phoenix AI makes use of Azure’s OpenAI. When the vague question “is it secure?” was asked, the answer was a list of efforts being made at every level of the stack. Turns out that Azure Defender chipped in quite a bit, much to everyone’s delight. Hear briefly about what it might look like for you, as your school figures out its AI.
2. Progress on NIST 800-171 Compliance Reporting – Jake Catlett – University of Minnesota
   A discussion of the progress that the University of Minnesota has made in our efforts to provide customers with reporting on compliance with NIST 800-171 controls. We will discuss what we’ve done, how we’ve matured and updated our initial process, and what our next steps will be.
3. Report from the Trenches: 3 vendors, 3 teams, 3 budgets, 300 integrations, 1 project, oh my! – Nicola Monat-Jacobs – Loyola Marymount University
   An updated report and lessons learned as LMU moves our on-prem data center to the cloud, with special attention on:
   – coordinating three different vendors
   – establishing necessary workstreams and project governance
   – cross-department coordination of testing for applications and integrations
   – moving Banner and its ecosystem
   – organizational changes and staff roles
   – coordinating with end users
4. Cleaning Up Our a Cloud Accounts – Tom Lewis, University of Washington
   At the University of Washington, we have more than 50,000 unmanaged GCP accounts, and in AWS half of our spend is off contract. We are beginning a process to clean this up, and I will share process, progress, and war stories.
5. FinOps when the developers fight back – Tim Champ, University of Maryland Baltimore County
   Streamlining and minimizing cost in the cloud is a critical role of modern infrastructure teams. Sometimes, though, the developers and applications fight to maintain methods and procedures that keep things expensive and inefficient. Our battle for finops growth and efficiency has had many speed bumps, and has had to make a number of compromises along the way. While we’re still working on becoming a mature organization, we’ve learned a few things about how to reduce and manage cost while not impacting the work being done.
6. Aggregating cloud spend across >100 payers – Mike Kilpatrick – University of California Office of the President
   Will review the objective, lessons learned, and roadmap to aggregate cloud spend across 15 campuses, 100s of payers, and 3 cloud providers.
7. Cloud Data Benchmarking – Mining Actionable Intel from Granular Data – Bob Flynn, Internet2
   Could a $0.95 EC2 bill in the eu-west-3 AWS region change your cloud strategy? Alone, maybe not—but imagine if other U.S. R&E institutions were scaling EC2 usage month after month. Could understanding your cloud usage, alongside your peers’, drive smarter decisions or accelerate your learning? Could it help justify additional resources or partnerships? We believe it has that potential.
   This lightning talk will give a brief overview of Internet2’s Cloud Data Benchmarking Service, a project aimed at turning detailed cloud usage data from R&E AWS and GCP customers into actionable insights for the higher education community. By providing visibility not only into your institution’s usage but also into how your peers are using cloud services, this initiative will help institutions benchmark their usage, identify opportunities to improve efficiency, optimize spending, and help cloud enablement teams to judge how efficiently their account holders and their institution are using cloud.
8. Cost Accounting in a Shared Environment – Phil Fenstermacher, College of William & Mary
   It’s not uncommon for multiple containerized workloads to run on a single cloud server, but vendors don’t report fractional costs of servers. Luckily there’s tooling that can track usage and report on those costs for accurate billing and cost accounting. In this lightning talk W&M will discuss how they capture that data for reporting and billing.
9. Rick Rhoades: a retrospective – Cornelia Bailey, University of Chicago
   Let’s review where we’ve been with Rick, and speculate where we’re going. Lightning round includes a 1-minute in depth live interview with the man himself!

May 22nd Presentations

Adapting SecOps to Higher Ed

Matthew Rich, Northwestern University
9:00 am | Slides
You’ve spotted a critical security hole in a researcher’s cloud environment. Now what?

This talk will outline standard security operations (SecOps) practices and responsibilities, and the challenges of implementing them in the highly distributed environment of a university.

Lessons learned from Architecting, Deploying, and Managing a Secure Research Cloud

James Monek, Lehigh University
9:30 pm | Slides
Lehigh University recently implemented a Secure Research Cloud (SRC) on AWS to provide researchers with a secure environment for working with sensitive data. This session delves into the cloud-native services and on-premises tools utilized to safeguard research data in the cloud. We’ll explore the continuous monitoring and compliance mechanisms employed to ensure that security settings within the SRC remain unmodified and intact, such as AWS Security Hub, GuardDuty, and Config. Additionally, we’ll discuss the integration with on-premises tools like ELK SIEM stack for threat detection. The onboarding processes for researchers and data into the cloud environment will be covered, highlighting secure data ingestion pipelines and storage solutions for research data. Attendees will gain insights into the architectural choices, security controls, and operational procedures for maintaining a secure research cloud.

Panel Discussion: Staffing and Training

James Smith, Notre Dame
Damian Doyle, University of Virginia
Todd Haddaway, University of Maryland – Baltimore County
10:00 am
As the use of cloud technology grows, so do the demands on the cloud team’s time and capacity. IT budgets are tight, but even when funding is there, finding and hiring qualified staff is difficult. So, how are institutions dealing with this challenge? In this session we will dive into the lessons learned by multiple universities and how each has approached meeting their cloud staffing demands.

Automated Provisioning and Autonomous IAM Management

Jake Catlett, University of Minnesota
11:00 am | Slides
A walk-through of how the University of Minnesota has used an existing business process to engineer an automated provisioning harness to allow self-service cloud resource requests and to automate and provide autonomy for addition and modification of security roles and users.

Enhancing the Security Posture of Existing Cloud Deployments

John Bailey, Washington University in St. Louis
11:30 am | Slides
Washington University in St. Louis recently concluded a pair of projects to select and implement a new suite of cloud security tools to enhance visibility and security across all WashU cloud subscriptions. Using a platform called Orca Security, WashU now has the capability to easily see assets, misconfigurations, vulnerabilities, the location of sensitive data, and other critical information in a single dashboard. We also use the system to provide a comprehensive inventory of all cloud assets across our institution and easily contact the owner in the event of a security incident.

This presentation will give an overview of our approach to selecting and implementing these tools, as well as showcasing some of the impressive capabilities they provide. We will focus on how we are working to enhance security across existing cloud subscriptions without breaking existing applications and workflows for our campus partners.

Navigating the Cloud: Aligning Essential Roles for UCOP’s Data Center Exit Project

Eric Person, University of California Office of the President
1 pm | Slides
The University of California Office of the President (UCOP) is executing a transformative migration from on-premises infrastructure to the cloud, targeting improved security, cost efficiency, and operational modernization. This presentation highlights UCOP’s phased approach to migrating applications, overcoming challenges like change resistance and skill gaps, and aligning goals with leadership priorities. We’ll share practical lessons, a few stories from the trenches, and tips on how to make cloud migration smoother and more collaborative.