Lightning Talks @ Cloud Forum 2026

Lightning Round Rules

NIH My Cloud: One Portal to Rule NIH’s Cloud Portfolio ��Nick Weber, National Institutes of Health

Due up next:

​

David Lacey, The Getty

�NIH My Cloud: �One Portal to Rule NIH’s Cloud Portfolio

Nick Weber

Acting Director, Office of Scientific Computing Services (OSCS) �STRIDES Program Manager

NIH Center for Information Technology (CIT)

Invoicing in a Multi-Cloud Environment

The NIH STRIDES Initiative partners with commercial cloud service providers (CSPs) to enable broader access to the cloud �at NIH.

With 3000+ programs onboarded and $250+ million of spend through the Initiative across three CSPs, connecting 27 NIH Institutes, Centers, and Offices (ICOs) to their financial data came with a few challenges early on.

​

Reporting

Each CSP has its own billing model, terminology, and reporting structure making it difficult to develop unified reports.

Transparency

Limited customer visibility into costs, invoicing, and funding made planning and cost estimation tough.

Data Processing

Data processing and report loading from CSPs was mainly a manual effort, often taking a month+ for customer updates.

Accessibility

Early dashboards improved data access, but the STRIDES team still used manual processes and customers had no self‑service tools.

Tool Cost

Enterprise FinOps tools were evaluated but were either too expensive or not a good fit for a multi-cloud environment at scale.

The Solution

• Integrates requirements from FinOps platform evaluation.
• Built using Microsoft Power Platform components.
• Connects to ServiceNow, Microsoft Forms, and Outlook to exchange information and support workflows.
• Role‑based access lets customers explore spend, usage, and funding.
• Modernized data ingestion pipeline leveraging Azure Data Factory, replacing ~20 legacy SQL scripts, eliminating 2 cross-server linkages, and consolidating 5 custom views used for Dataverse data conditioning.
• Automated invoice data extraction from source repositories, removing prior manual pull processes.

​

CIT Cloud Services developed the STRIDES My Cloud platform to enable better insights for more transparency into cloud portfolios.

My Funding Dashboard

• Multi-level reporting allows designated individuals to view program, division, or institute‑level dashboards to track total cloud spend and funding
• Multi‑cloud visualizations span accounts across all three major cloud providers used in STRIDES
• Click a chart segment to filter table on accounts approaching or exceeding funding
• Right click to “Drill through” and view details about a selected Group

View funding allocation and spend consumption

My Spending Dashboard

• Analyze trends by spending categories or by month
• Determine source of spending surges
• Estimate funding needs, based on spending trends
• Use Filters or select a data point to quickly gain insights into STRIDES account spending

View cloud usage and spending by accounts and groups

Before and After My Cloud

Ad hoc reporting, fragmented invoicing, slow turnaround, limited transparency, high staff involvement, and manual processes became an integrated, scalable platform with…

CENTRALIZED DASHBOARDS

Self‑service spend, usage, and funding dashboards through My Cloud.

AUTOMATED INVOICING

Customer billing flows into My Cloud through standardized, automated processes.

FAST UPDATES

Financial data becomes available to ICOs ~1-2 weeks after month close.

FINANCIAL TRANSPARENCY

Customers can directly view their spend, usage, funding, and account details.

SELF-SERVICE

Customers manage accounts, requests, and projections on their own.

For more information, please visit cloud.nih.gov.

Using Kubernetes to manage certificates��David Lacey, The J Paul Getty Trust

Due up next:

​

Tim Manik, Internet2

May 2026

David Lacey

Getty

Certificate Management in Kubernetes

13

• Certificates are now at 199 days as of March 15^th

​

• Down to 100 days on March 15, 2027

​

• A lifespan of 47 days on March 15, 2029

​

Shorter Certificate Lifespans

Certificate Management in Kubernetes

14

• InCommon Transition to CertiNext on July 17

​

• Certificate lifespan is now100 days on January 1, 2027

​

​

And Then This Happened

Certificate Management in Kubernetes

15

Automation and More Automation

Certificate Management in Kubernetes

• Several options are available
• ACME
• Certbot
• Simple-ACME
• REST API
• Home grown scripts
• Cloud providers

​

​

16

Certificate Management in Kubernetes

Certificate Management in Kubernetes

• Works with public and private issuers
• ACME service
• Can act as a CA
• Self-Signed certificates
• Requires a couple of annotations for a service to create and automictically renew a certificate

17

Legacy Systems and Automation

Certificate Management in Kubernetes

• Many do not have automation capabilities
• Create a home-grown process
• Use Cert-Manager
• User connects to Kubernetes
• Proxy connects to service
• Can use long lived certificate on legacy system
• Communications stay secure

​

Thank you.

David Lacey

dlacey@getty.edu

Building Reliable AI Evaluators��Tim Manik, University Corporation for Advanced Internet Development

Due up next:

​

Matthew Rich, Northwestern University

Interesting work with CEI

Timothy Manik, Cloud Solutions Architect

Internet2

CEI Primer

CEI Primer

• CEI stands for Cloud Elevation Index
• Founded at Penn State by Rick Rhoades and Gabriel Geise
• First introduced to the community at Cloud Forum 2024
• What is CEI: A metric to analyze cloud account performance
• Why it matters: Helps admins assess the maturity of their cloud accounts

Current Challenges

• LLMs are not trained on new cloud services
• Can’t guarantee what the LLM is being trained on
• Humans still need to be in the loop. But how?

Progress so far

• Refactored set up
• Prompt engineering
• Compared multiple LLMs
• Built evals
• Added logging of LLM’s reasoning
• Enabled web search
• Super power for smaller models

Future work

• Refactoring from single agent to multi-agent or subagent architecture
• Exploring different document ingestion methods
• Purely web search?
• Periodic download of CSP documentation -> RAG?
• Combination of both?
• Human in the loop

Got ideas?

​

Email me tmanik@internet2.edu

Thank you

A (More) Predictable Pricing Model for Glacier ��Matthew Rich, Northwestern University

Due up next:

​

Kari Robertson, University of California Office of the President

A (More) Predictable Pricing Model for Glacier

Matthew Rich

S3 Billing Dimensions

• Per byte-hour of storage
• Per read request (GET)
• Per write request (PUT/POST)
• Per object lifecycle transition
• Per object retrieval request (standard or bulk)
• Per byte retrieved (standard or bulk)
• Per byte transferred out (if not covered by DEFW)

​

A partial list

30

S3 Billing Dimensions

• Minimum storage duration (30, 90, or 180 days depending on class)
• 8k metadata per object for Glacier objects stored at standard rate
• 32k metadata per object for Glacier objects stored at glacier rate

​

​

Additional considerations

31

S3 Billing Dimensions

• S3 Metadata
• S3 Inventory
• Object Tagging
• Batch Operations
• Dual Layer Server-Side Encryption
• Storage Lens Advanced Metrics

​

​

​

Optional features

32

Challenge Level: Impossible

33

Engagement with Amazon

Non-hyperscaler object storage vendors' only advantage is cost certainty:

• Per-byte-month storage
• No add'l billing dimensions

​

34

Engagement with Amazon

Amazon's pitch: Custom Glacier Pricing

• Effectively ~2x the cost of storage
• $0 cost for API operations and retrievals

Roughly = 2% of data retrieved per month

​

​

35

The Reseller's Role

• Four Points pays Amazon standard pricing
• Four Points charges Northwestern custom pricing

​

36

Amazon Mitigates Reseller Risk

• If Northwestern's retrievals exceed ~2% of Glacier data in a month, Four Points would not recoup all of the cost
• Amazon provides Four Points usage credits in that case

​

37

Key Takeaway

Northwestern gains more predictable pricing for S3 Glacier while we transition to cloud archival and discover our usage patterns.

38

Get a Prenup! Lessons learned from vendor engagements��Kari Robertson, University of California Office of the President

Due up next:

​

Ian Crew, University of California, Santa Barbara

Get a Prenup!

Lessons Learned from Vendor Engagements

Kari Robertson�Deputy CIO, CTO�

A strong vendor contract is like a prenup: it builds clarity and protection upfront so that, if things change, both parties can part ways with minimal disruption

Credit: ChatGPT - AI Generated

​

Buyer's Remorse

Situation: Expectation gaps between the sales promise and actual delivery or a poor fit for evolving needs

​

Impact: Dissatisfaction with outcomes, underutilized tools or services, wasted spend, and potential rework or replacement efforts

​

Lessons Learned: Validate capabilities through pilots and include performance checkpoints and early exit options in the contract

​

Credit: SplashNews.com

​

Strategic Drift

Situation: Partnership no longer aligns with changing business needs

Impact: The vendor's value diminishes as needs evolve and becomes less effective

Lessons Learned: Establish regular reviews, clear renewal criteria and upfront defined exit strategies

Credit: Getty Images

​

Loss of Transparency/Trust

Situation: Lack of transparency, shifting vendor priorities toward other clients, and unclear pricing/value alignment

​

Impact: Trust declines, service quality drops, costs rise, and disputes escalate

​

Lessons Learned: Set clear Service Level Agreements, define resourcing/priorities expectations, and enforce structured pricing with strong change and cost controls

​

Credit: Def Jam

​

Culture/Values Misalignment

Situation: Misalignment in values, priorities, and ways of working leads to security, reputational, or compliance concerns

​

Impact: Persistent friction, increased rework, and slower decision-making, along with heightened legal risk and breakdowns in collaboration

​

Lessons Learned: Establish a clear decision-making framework early, assess cultural alignment and working norms, and incorporate risk clauses, compliance requirements, and termination protections into the initial contract

​

​

Credit: Getty Images

​

Amicable Separation

Situation: Relationship ends professionally but requires complex separation

​

Impact: Costly transitions and gaps in knowledge transfer

​

Lessons Learned: Plan exit strategies, transition support, and clear data ownership upfront

​

​

Hope for the best, but contract for the worst

​

THANK YOU

From SaaS to Infrastructure-as-Code: An AI-Assisted Journey ��Ian Crew, University of California, Santa Barbara

Due up next:

​

Cornelia Bailey, �University of Chicago

From IaC to SaaS and back again: �An AI-Assisted Journey

Ian Crew, UC Santa Barbara

May 19, 2026

1993. RevRdist.

2010. Alfresco.

60

Architecture. Not vocabulary.

61

Four accounts. One Terraform. Finally.

​

​

62

Making everyone happy enough: Security and Privacy assurances for Azure-based AI development ��Cornelia Bailey, University of Chicago

Due up next:

​

Cornelia Ann Bailey, �University of Chicago

Making everyone happy*

Security and Privacy assurances for Azure-based AI development

Cornelia Bailey, University of Chicago

May 2026

Who are you and what are you talking about?

Last year, “Cornelia” explained the AI affordance built by UChicago, PhoenixAI.

TLDR: PhoenixAI was built quickly on Azure, which meant everyone on the project had a relationship to Azure Defender.

TLDR: Security is everyone’s job now, and Defender is our compass.

​

Right! OMG YES KEEP TALKING

What “Cornelia” didn’t tell you are some of the big questions asked about PhoenixAI. If you build like UChicago did, you may have to answer these questions too.

ARE YOU

READY for THE

QUESTIONS?

Is our AI offering secure?

Yes, for the medical center, which was a high bar.

1. The medical center requires its vendors to adhere to the SSA, the System Security Agreement. It’s like HIPAA, but with details.
2. We went through the SSA line by line, got the answer for each requirement, created a POAM, and let the medical center know we’d kept our promise. The medical center doesn’t require a BAA from campus, and it was the first time we had to do due diligence.

​

How can we describe it as private?

Here’s how:

1. It’s UChicago’s instance, and the T&C’s are clear that there’s no training on data.
2. Microsoft allows you to ask to have their abuse features turned off. So we did.

What if someone is doing the Wrong Thing ™ with the AI we’ve offered to campus?

Only if legal asked. Yes.

1. If you have a Medical Center, someone is going to put research health information in there. That has to be ok (see work on SSA).
2. Our user accepted T&C’s forbade the use of PHI and diagnosis, which would be dumb AND makes the application part of the patient record.
3. Retroactively added retention policies, where files and assistance are deleted after neglect. Pro tip: do this up front.
4. Will be using Portkey’s ability to sense inputs are not right.

​

If we get audited, will we be OK?

It depends.

1. It depends on who audited you.
2. It depends on the standard you ask them to use. They lauded our work on the SSA, but the optics were NIST RMF-AI.
3. If you are missing governance, they’ll tell you you’re missing governance.

​

Good luck!

We did it!* ��Cornelia Ann Bailey, �University of Chicago

Due up next:

​

Zekai Otles, University of Wisconsin-Madison

We did it!*

UChicago deletes abandoned projects in GCP

Cornelia Bailey, University of Chicago

May 2026

Who are you and what are you talking about?

UChicago’s goal is to have owners of GCP projects with

1. no billing account and
2. unmodified 365 days

receive 4 chances via email to keep the project alive for another year. When the owner leaves the university, they lose the ability to vouch for the project, and it’s deleted. In theory, it will keep the GCP organization in decent shape.

​

​

​

Right! OMG YES KEEP TALKING

Last year, “Cornelia” brought you up to speed on where UChicago had gotten after a year.

TLDR: Remora was Google’s solution to remove projects. It orchestrates a number of Google’s services and was brittle at best.

UW+Burwood were going to share their modified version of Remora.

​

​

It’s been a year, OMG what happened?

1. UW generously shared their Remora code.
2. Our security engineer realized UChicago’s mess was different enough than UW’s, that she had to make her own edits.
3. And then…

​

​

Are you ready to lose your mind?

ARE YOU READY?

This year we discovered the Frontiers of Deletion (™)

This might be your journey too.

1. LESSON LEARNED: you’ll have to do this in stages, in increasing order of people who might freak out.
2. We’ll share our code if you need it.

​

​

See you next year!

Exploring Azure Low-Code Solution for Meteorological Data Analysis ��Zekai Otles, University of Wisconsin-Madison

Due up next:

​

Phil Fenstermacher, �William & Mary

​

Retrieval Augment Generation (RAG) for Meteorological Data Analysis

Zekai Otles

​

Research Cyberinfrastructure Consultant

University of Wisconsin-Madison

​

​

DIVISION OF INFORMATION TECHNOLOGY

Casual questions at team chat

• “What was the largest snow fall in Madison, WI”
• History of interest and evolution of the applied tools
• Brief overview of meteorological data analysis challenges.
• Introduction to Large Language Models (LLMs) Trained on many resources' computer Program

Retrieval Augmented Generations (RAG)

• Relevant responses to your document (data)
• Motivation: Why use RAG for weather data?
• Vision: Chatting with meteorological data via agents.

2026 Cloud Forum

Z. Otles

Why am doing?

• Asked to be expert in Generative Artificial Intelligence (AI)

in the cloud infrastructure

How

• Building a chatbot/agent using GPT-4/GPT-5.
• Preprocessing and grounding meteorological data.
• Demonstration using one station dataset.
• Agent chaining concept for broader decision-making

Data

• Overview of GHCN-Daily data from NOAA: Max/Min temperatures, snow depth

2026 Cloud Forum

Z. Otles

​

Implementation

1. Azure infrastructure setup:

Blob storage, OpenAI services, Azure AI Search.

• Data conversion to NDJSON for vectorized search.
• Embedding model: text-embedding-3-small.
• Chat playground with GPT-4.1.
• Agent development and chaining potential.

​

2026 Cloud Forum

Z. Otles

Terraform to deploy some resources

​

​

Terraform created Infrastructure

​

​

2026 Cloud Forum

Z. Otles

Weather station Data

​

​

​

​

​

2026 Cloud Forum

Z. Otles

Upload documents to “blob container” to build RAG

​

​

​

​

​

2026 Cloud Forum

Z. Otles

Azure Foundry Portal

​

2026 Cloud Forum

Z. Otles

Chat Playground

​

​

​

​

2026 Cloud Forum

Z. Otles

Vector search

​

​

​

​

2026 Cloud Forum

Z. Otles

Meteorological Data Chatbot

​

​

​

​

2026 Cloud Forum

Z. Otles

Meteorological Data Chatbot can be deployed with different option

​

​

​

​

2026 Cloud Forum

Z. Otles

Meteorological Data Chatbot interactively used—or orchestrated with another agent for decision making process

​

​

​

​

2026 Cloud Forum

Z. Otles

Summary

​

• A chat playground was developed leveraging GPT-4.1 within the Azure environment.

​

• Integrating RAG-driven meteorological station data into the chat playground demonstrated measurable improvements in data interaction and usability.

​

• This framework establishes a foundation for chained agent orchestration, thereby enhancing the broader decision-making process.

​

• Developing collaborative agents and chat playgrounds holds significant potential for advancing scientific discovery.

​

​

2026 Cloud Forum

Z. Otles

It Doesn’t Have to Cost an ARM and a Leg ��Phil Fenstermacher, William & Mary

Due up next:

​

James Bennett, �Indiana University

It Doesn’t Have to Cost an ARM and a Leg

Phil Fenstermacher

What is ARM?

• Company who licenses CPU designs
• Customers can sometimes extend the CPU design

INFORMATION TECHNOLOGY

How is an ARM CPU different?

• Different instruction set compared to Intel/AMD (x86)
• CPUs are optimized for different use cases
• Almost always cheaper

INFORMATION TECHNOLOGY

You’ve already used ARM

INFORMATION TECHNOLOGY

What about in the cloud?

clu

​

Graviton

clo

Cobalt

clo

Axion

INFORMATION TECHNOLOGY

Real Numbers?

INFORMATION TECHNOLOGY

How do I switch?

INFORMATION TECHNOLOGY

How do I switch?

INFORMATION TECHNOLOGY

W&M Experience

INFORMATION TECHNOLOGY

Thanks!

Phil Fenstermacher

phil@wm.edu

Fast Tracking Research Experimentation��James Bennett, �Indiana University

Due up next:

​

Geert Soet, SURF

⚡️FAST-TRACKING RESEARCH EXPERIMENTATION

CLOUD-BASED ENVIRONMENTS IN SECONDS

Internet2 Higher Ed Cloud Forum

May 19, 2026

GOAL

Support researchers who want to explore cloud-based options as rapidly as possible without friction.

🚀Gotta go fast

• Short-term accounts (max 180 days)
• Leveraging credit sharing
• Managed with AWS Innovation Sandbox
• Management account for sandbox workloads
• Tied into IU’s single-sign on

Fast-Tracking Research Experimentation

Fast-Tracking Research Experimentation

Fast-Tracking Research Experimentation

Fast-Tracking Research Experimentation

🛠️Administration

• No administrative overhead!
• Standard AWS account provisioning
• Blueprints allow for customization
• Eject accounts for long-term use
• Self-service empowerment

Fast-Tracking Research Experimentation

THANK YOU

James Bennett

Manager, Enterprise Platforms

UITS, Indiana University

jawbenne@iu.edu

Fast-Tracking Research Experimentation

The hamburger model: Can NRENs buy cloud together across continents? ��Geert Soet, SURF

Due up next:

​

Q&A

OCRE 2029 Global

A feasibility study

​

​

Can NRENs buy cloud together across continents?

May 19, 2026

OCRE already works

• $155M R&E cloud spend in 2025
• 1,200 institutions
• 29 countries
• 9 European + 5 US platforms
• Egress waiver
• 3 rounds, never legally contested

125

Why take it global?

• Face the vendors as one global R&E community, not 29 small buyers
• Bridge the digital divide
• Deeper NREN collaboration worldwide
• Better terms, together

126

OCRE Global: the hamburger model

• One global tender? Not legal (procurement law)
• So: near‑identical tenders, in parallel
• Shared base ~75% - process, contracts, criteria
• Local toppings ≤25% - law, resellers, privacy

127

We want the US in the room

• The shared 75% gets written in 2026–27, not 2029
• Your step: read OCRE 2024, tell us what would break in the US
• Talk to Bob to know more about status of the US

​

128

Thank you!

geert.soet@surf.nl

michel.wets@surf.nl

Lightning �Q & A��