The GISELA Science Gateway

Transcription

1 The GISELA Science Gateway Roberto Barbera University of Catania and INFN - Italy TICAL 2012 Lima, 3 July 2012

2 Introduction and driving considerations The Catania Science Gateway framework The GISELA Science Gateway The Science Gateway market place Summary and conclusions Outline 2

3 Path to technology uptake The Rogers bell-shape curve - Rogers, E. M. (1962), Diffusion of Innovations, Glencoe: Free Press. 3

4 IT acceptance model the Web Development of web browsers The World Wide Web Davis, F. D. (1989), "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS Quarterly 13(3):

5 The evolution leap in web browsers evolution leap 5

6 The «strength» of the web: standards! 6

7 Some figures 7

8 The eresearch2020 report ( Some barriers in the adoption of Grids: Changes on Grids means changes on applications Time required to adapt usual workflows Lack of structure to support anonymous access Download and installation of applications Interface Slow to get to compared to other resources Difficult to use in the beginning Time spent to get the application compiled and running 8

9 Using Grids is not straightforward Users have to cope with complex security procedures, execution scripts, job description languages, command line based interfaces and lack of standards. This makes the learning curve very steep and keeps non IT-experts away.

10 Another consideration # of users VRCs There is a huge number of non IT-experts out there who do not belong to any constituted Virtual Research Community. How can we attract them? 10

11 Community-driven web portals have started to integrate Grid Tools and Applications A Science Gateway is a community-developed set of tools, applications, and data that is integrated via a portal or a suite of applications, usually in a graphical user interface, that is further customized to meet the needs of a specific community. Teragrid/XSEDE 11

12 IT acceptance model the Grid Development of Science Gateway Requirement for sustainability Davis, F. D. (1989), "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS Quarterly 13(3):

13 EGI Portal & Traceability Policies (1/2) Science Gateways Portal Classes Portal Class Executable Parameters Input Simple oneclick provided by portal provided by portal provided by portal Parameter provided by portal chosen from enumerable and limited set chosen from repository vetted by the portal Data processing provided by portal chosen from enumerable and limited set provided by user Job management provided by user provided by user provided by user 13

14 EGI Portal & Traceability Policies (2/2) The Portal, the VO the Portal is associated to, and the Portal manager are all individually and collec;vely responsible and accountable for all interac;ons with the Grid The Portal must be capable of limi;ng the job submission rate The Portal must keep audit logs for all interac;ons with the Grid as defined in the Traceability and Logging Policy (minimum 90 days) The Portal manager and operators must assist in security incident inves;ga;ons Where relevant, private keys associated with (proxy) cer;ficates must not be transferred across a network, not even in encrypted form 14

15 Primary requirement: building Science Gateways should be like playing with Standards Simplicity Easiness of use Re-usability Sc. Gtwy A Sc. Gtwy B Sc. Gtwy C Sc. Gtwy D Sc. Gtwy E 15

16 Summary of standards adopted The framework for Science Gateways developed at Catania is fully web-based and adopts official worldwide standards and protocols, through their most common implementations These are: The JSR 168 and JSR 286 standards (also known as "portlet 1.0" and "portlet 2.0" standards) The OASIS Security Assertion Markup Language (SAML) standard and its Shibboleth and SimpleSAMLphp implementations The Lightweight Direct Access Protocol, and its OpenLDAP implementation The Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptoki implementation The Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGA implementation 16

17 Our reference model Embedded Applica-ons... App. 1 App. 2 App. N Standard-based (SAGA) middleware-independent Grid Engine Science Gateway Administrator Power User Basic User Users from different organisations having different roles and privileges 17

18 AuthN & AuthZ Schema Science Gateway 1. Register to a Service GrIDP ( catch-all ) 2. Sign in IDPCT ( catchall ) Social Networks Bridge IdP IDP_y LDAP... 18

19 The Grid IDentity Pool (GrIDP) (

20 edugain ( Catania Science Gateways are also registered as Service Providers of edugain 20

21 Science Gateway access workflow 1. register 3. sign in User 2. has to be member? 2.y account granted 2.n account denied 2.n Admin 2.y 2.y store credentials User Registry 21

22 User Registry Identity Provider 1. sign in 6. get the results User Science Gateway access workflow 3. create a proxy from an etoken server with robot certificates 4. execute action etoken server The Grid 5. get output Admin Compliant with the EGI.eu Portal and Traceability Policies 22

23 Robot certificates «in a nutshell» Robot certificates have been introduced to allow users, who do not have/want personal certificates and do not belong to any Virtual Organisation, to use the Grid; They are usually issued on smartcards to be plugged on the machine where the service(s) is (are) executed. Basically, these certificates can be used to identify a person responsible for an unattended service or process acting as client and/or server for a Virtual Research Community. 23

24 The «lightweight» crypto-library Users Client Applica-ons Science Gateways 24

25 The etoken server working scenario (*) SSL encryption ask for a service list/create request (*) etokenserver get results retrieve serials/proxy (*) execute a service get the results back ask for VOMS AC attributes store long proxy VOMS Server MyProxy Server 25

26 The Authentication Procedure Identity Federations discovery service «catch-all» Identity Provider GISELA - Second Project Review - Brussels - 08/12/

27 The Social Networks Bridge Identity Provider ( Identity Federations discovery service 27

28 Catania Science Gateways in numbers Users from 139 Organisations in 34 Countries ~1/3 of registered people are users of the GISELA Science Gateway 28

29 Liferay Portlets The Catania Grid Engine Science GW 1 Science GW 2 Science GW 3 Grid Engine Science GW Interface etoken Server Data Engine Job Engine SAGA/JSAGA API Users Track & Monit. Users Tracking DB Grid MWs DONE 29 DONE DONE DONE DONE DONE

30 Multi-Infrastructures Grid Engine EUMEDGRID Infrastr. Info (BDII,VO, etc.) GISELA Infrastr. Info Other Infrastr. Info EUMEDGRID e-infrastructure Submit Multi-Infrastructure Science Gateway GISELA e-infrastructure User 30 Other e-infrastructure

31 Job Engine Interoperability Interoperability is a property referring to the ability of diverse systems and organizations to work together (interoperate). The term is often used in a technical systems engineering sense, or alternatively in a broad sense, taking into account social, political, and organizational factors that impact system to system performance; According to ISO/IEC (Information Technology Vocabulary, Fundamental Terms), interoperability is "The capability to communicate, execute programs, or transfer data among various functional units in a manner that requires the user to have little or no knowledge of the unique characteristics of those units". 31

32 Job Engine Interoperability glite-based e-infrastructures/projects EUAsiaGrid EUChinaGRID EU-IndiaGrid EUMEDGRID GISELA IGI (Italy) SAGrid (South Africa) 32

33 MyJobsMap (1/3) 33

34 MyJobsMap (2/3) 34

35 MyJobsMap (3/3) Both sequential and MPI-enabled jobs successfully executed The CHAIN project is preparing a demo of worldwide interoperability among glite, Globus, Unicore, OurGrid, GOS, and GARUDA to be presented both at the next EGI Technical Forum and Supercomputing

36 The GISELA Science Gateway ( 36

37 The GISELA Science Gateway in action 37

38 The GISELA Science Gateway in action 38

39 The GISELA Science Gateway in action 39

40 The GISELA Science Gateway in action 40

41 The GISELA Science Gateway in action 41

42 The GISELA Science Gateway in action 42

43 But big challenges are in front of us Now that many users can potentially access and use Science Gateways, a new «training» and «communication» strategy is needed as well as a portfolio of «appealing» applications to attract them 43

44 The Science Gateway market place Users/VRCs SG Dev Science Gateway 44

45 Survey for VRCs to propose applications ( 45

46 Training for Science Gateway developers ( Training Material) New training material: New training tools: New training events:

47 Training for Federated Identity Management services Two persons from CUDI/UNAM are going to visit us in Catania for one month to setup federated identity services for Mexico. Anybody else interested? 47

48 A success story: the Latin American Science Gateway task force We are working to create a Latin-American Task Force able to integrate new applications on the GISELA Science Gateway in a short time (less than a week) CLARA and the NRENs have already identified a group of skilled Java developers (but more are needed!) We organized a series of webinars to teach how to integrate scientific applications on the GISELA Science Gateway We are running dedicated grid schools in Latin America and we are inviting members of the Latin-American Task Force to come to Catania to learn more about the Science Gateway model and become tutors (in collaboration with the EPIKH project) 48

49 Summary and conclusions e-infrastructures can be very beneficial platforms, provided they are really «easy to use» The GISELA Science Gateway, with its support for Identity Federations and Social Networks, is changing the way Grid infrastructures are used in Latin America, hugely widening their potential user base (especially non-it experts and the citizen scientist ), yet keeping the required level of security The adoption of standards (JSR 286, SAGA, SAML, etc.) represents a concrete investment towards sustainability If you want to join the Science Gateway market place and/or the Latin American Science Gateway task force, please contact me at sg-licence@ct.infn.it 49

50 Thank you! 50