GRIP:Creating Interoperability between Grids

Similar documents
TUTORIAL. Rebecca Breu, Bastian Demuth, André Giesler, Bastian Tweddell (FZ Jülich) {r.breu, b.demuth, a.giesler,

Concepts and Architecture of the Grid. Summary of Grid 2, Chapter 4

MIGRATING DESKTOP AND ROAMING ACCESS. Migrating Desktop and Roaming Access Whitepaper

THE CCLRC DATA PORTAL

XSEDE Service Provider Software and Services Baseline. September 24, 2015 Version 1.2

A Survey Study on Monitoring Service for Grid

An approach to grid scheduling by using Condor-G Matchmaking mechanism

Globus Toolkit: Authentication and Credential Translation

Basic Scheduling in Grid environment &Grid Scheduling Ontology

The Current Status of the EUMETNET Programme UNIDART

Recommendations for Static Firewall Configuration in D-Grid

Grid Scheduling Dictionary of Terms and Keywords

Grid Computing With FreeBSD

Cluster, Grid, Cloud Concepts

GridFTP: A Data Transfer Protocol for the Grid

Grid Scheduling Architectures with Globus GridWay and Sun Grid Engine

Using the MyProxy Online Credential Repository

Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure

GT 6.0 GRAM5 Key Concepts

Monitoring Clusters and Grids

A Service Platform for On-Line Games

An Introduction to Globus Toolkit 3

Configuration Guide BES12. Version 12.2

GSI Credential Management with MyProxy

An Online Credential Repository for the Grid: MyProxy

IBM Solutions Grid for Business Partners Helping IBM Business Partners to Grid-enable applications for the next phase of e-business on demand

Grid Security : Authentication and Authorization

Instruments in Grid: the New Instrument Element

Web Services and Service Oriented Architectures. Thomas Soddemann, RZG

Globus Toolkit Firewall Requirements. Abstract

Configuration Guide BES12. Version 12.3

GT 6.0 GSI C Security: Key Concepts

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Certification Path Processing in the Tumbleweed Validation Authority Product Line Federal Bridge CA Meeting 10/14/2004

Interwise Connect. Working with Reverse Proxy Version 7.x

Resource Management on Computational Grids

AS/400 System Overview

Writing Grid Service Using GT3 Core. Dec, Abstract

Configuration Guide BES12. Version 12.1

z/os Firewall Technology Overview

2 Transport-level and Message-level Security

Contents at a Glance. 1 Introduction Basic Principles of IT Security Authentication and Authorization in

Grids Computing and Collaboration

Interoperability in Grid Computing

Data Management in an International Data Grid Project. Timur Chabuk 04/09/2007

Anwendungsintegration und Workflows mit UNICORE 6

IMPLEMENTING FORENSIC READINESS USING PERFORMANCE MONITORING TOOLS

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

Hardware. Maintenance

Praseeda Manoj Department of Computer Science Muscat College, Sultanate of Oman

IGI Portal architecture and interaction with a CA- online

A Taxonomy and Survey of Grid Resource Planning and Reservation Systems for Grid Enabled Analysis Environment

Introduction. The Evolution of the Grid. Introduction (cont.) Grid Computing Fall 2004 Paul A. Farrell 9/2/2004

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

Service-Orientation and Next Generation SOA

Grid Technology and Information Management for Command and Control

The ENEA-EGEE site: Access to non-standard platforms

A viable alternative to TMG / UAG Web Application security, acceleration and authentication with DenyAll s DA-WAF

TeleTrusT European Bridge CA Status and Outlook

Roberto Barbera. Centralized bookkeeping and monitoring in ALICE

Status and Integration of AP2 Monitoring and Online Steering

Proxied Authentication in SSO Setups with Common OSS. Open Identity Summit 2015 Prof. Dr. René Peinl Berlin,

GridWay: Open Source Meta-scheduling Technology for Grid Computing

Transcription:

GRIP:Creating Interoperability between Grids Philipp Wieder, Dietmar Erwin, Roger Menday Research Centre Jülich EuroGrid Workshop Cracow, October 29, 2003

Contents Motivation Software Base at a Glance UNICORE Globus Objectives of GRIP Interoperability: From Design to Production Architectural Design Key Components Issues & Challenges GRIP and OGSI/A: Status Quo & Outlook EuroGrid Workshop, Cracow 2

Motivation Moving towards THE GRID: Standardization Interoperability layer Applications Interoperation between UNICORE and Globus combining the unique strength of both systems EuroGrid Workshop, Cracow 3

Status Uniform Interface to Computing Resources Project UNICORE Plus (funded by BMBF, grant: 01 IR 001) successfully completed UNICORE Pro software marketed and supported by Intel Software & Solutions Group Software available as Open Source for R&D projects: http: //www.unicore.org/download Basis for a German HPC Grid Used in several EC funded Grid projects Selected by Japanese NAREGI project EuroGrid Workshop, Cracow 4

Highlights System-independent creation and control of jobs Support for multi-system and multi-site jobs Dynamic flow control Integrated security using X.509 certificates Access to remote file systems and archives Extensible support for scientific & commercial applications Minimal intrusion into site autonomy EuroGrid Workshop, Cracow 5

Globus Status Globus Toolkit (GT) 2.4 and 3.0.2 Many GT 2.x based solutions available (IBM Grid Toolbox...) Software is available as Open Source at http://www-unix.globus.org/toolkit/ GT is used in projects & testbeds worldwide (DataGrid, NASA IPG...) EuroGrid Workshop, Cracow 6

Globus Highlights Set of extensible services and corresponding APIs Collection of commands to access services Services are Grid Security Infrastructure (GSI) enabled Commodity Grid Kits (CoG Kits) to build Grid portals OGSI compliant Grid implementation & Grid Services hosting environment EuroGrid Workshop, Cracow 7

Objectives of GRIP Grid Interoperability Project: EU grant IST-2001-32257 Make Globus controlled resources available to UNICORE users Develop software to enable the interoperation of UNICORE and Globus Cross-Grid information brokerage Build and demonstrate biomolecular and meteorological inter-grid applications Contribution to standarization efforts Evolve towards a service oriented Grid EuroGrid Workshop, Cracow 8

Partners (DE) Pallas (DE) Deutschen Wetterdienst (DE) ICM (PL) Fujitsu (UK) University of Manchester (UK) University of Southhampton (UK) Argonne National Laboratory (US) EuroGrid Workshop, Cracow 9

UNICORE Architecture Preparation and Control of jobs User Certificate Job Preparation Agent (JPA) Abstract job object UNICORE Client Job Monitor Controller (JMC) List of Sites Unsafe Internet (SSL/https) User authentication Site-specific authorization UNICORE Gateway UNICORE Site A UNICORE Gateway optional firewall Site B User mapping, Resources info Job incarnation Network Job Superviser (NJS) Safe Intranet (TCP/http) NJS Sending jobs to other gateways, data transfer optional firewall NJS IDB Incarnated job Status request Target System Interface (TSI) UUDB TSI... TSI IDB... UUDB TSI IDB Commands files Batch Subsystem Batch Subsystem Batch Subsystem Virtual site 1 Virtual site 2 Virtual site 3 EuroGrid Workshop, Cracow 10

GRIP Architecture User Certificate Job preparation/control Proxy Certificate Plugin Plugins UNICORE Client Abstract Job Object UNICORE Gateway UNICORE Site Network Job Supervisor (NJS) NJS Globus IDB UUDB IDB Incarnated job Globus TSI Status request TSI... TSI Commands files Globus Server (GT 2.x) Batch Subsystem EuroGrid Workshop, Cracow 11

Globus Architecture Components relevant for GRIP Client using Globus 2.x APIs User Proxy Certificate GRAM Client GASS Server Resource info GRAM Job request Callback Data GRAM Gatekeeper Creation GRAM Job Manager MDS gridmap file Job request GASS Client Status Globus 2.x server Batch Subsystem EuroGrid Workshop, Cracow 12

Interoperability Components Discussed in this presentation: Security Resource provisioning & brokerage Applications support Others: Resource description mapping Job submission & monitoring Data transfer EuroGrid Workshop, Cracow 13

Security Both systems use PKIs utilizing X.509 certificates UNICORE End-to-end security Certificates for user & server authentication and signing of jobs Authorization entity: UNICORE user database Globus Proxy delegation Proxies are used for user & server authentication Authorization entity: gridmap-file EuroGrid Workshop, Cracow 14

Security (cont) GRIP Client generates proxy certificates Proxy transferred via SSL within (signed) job as a SSO (site specific object), and not stored in between Proxy stored in user s filespace Proxy is removed after job execution Proxies are signed by users UNICORE certificate (issued by GRIP CA) Globus site must trust GRIP CA EuroGrid Workshop, Cracow 15

Resource Management UNICORE Distributed database (IDB) for each target system Resource info automatically provided to client Software is also a resource in the database Globus Monitoring & Discovery Service (MDS) using LDAP Client API to query MDS No software resources EuroGrid Workshop, Cracow 16

Resource Management (cont) GRIP: Initially manual & static mapping of Globus resource description to UNICORE database Work in progress: Cross-Grid resource broker Ontology to translate resource descriptions automatically Extensible broker architecture EuroGrid Workshop, Cracow 17

Applications EuroGrid Workshop, Cracow 18

Applications UNICORE: Plugins and Software Resources to support user written and commercial applications Globus: Globus library calls in application Usage of CoG Kits to build portals EuroGrid Workshop, Cracow 19

Applications (cont) GRIP: Wrappers for applications to allow them to execute transparently either on Globus or on UNICORE Hopefully only a temporary solution till applications become Grid Services EuroGrid Workshop, Cracow 20

GRIP Issues & Challenges Administration Management Interoperability Challenges EuroGrid Workshop, Cracow 21

Administration No major additional administration for UNICORE & Globus sites Maintain UNICORE user database to authorize access to Globus Virtual site Globus site installs a Globus TSI on a dedicated system or the target system Enable GSI to use GRIP CA signed proxies EuroGrid Workshop, Cracow 22

Management Management is distributed in UNICORE and GRIP Organizations retain their autonomy Coordination is a must Acceptance of CAs Expiration of certificates (esp. for servers) Management of user mappings Interoperability between software versions Dependency on other software (e.g. Java version) Additional: Dependency on Globus versions and policies EuroGrid Workshop, Cracow 23

Interoperability Challenges Interoperability between UNICORE and Globus is technically solved Different security models needed additional work UNICORE: end-to-end Globus: proxy certificates Resource models are not fully compatible Software resources missing in Globus Different semantics Evolution towards Grid Services EuroGrid Workshop, Cracow 24

GRIP and OGSI/A UNICORE is extended implementing internal/external OGSI interfaces Re-factorization of UNICORE/GRIP specific components to become Grid Services TSI Grid Service to interface with GT 3 OGSI is not enough, standards needed for protocols, languages... Web Service security mechanisms need integrating EuroGrid Workshop, Cracow 25

GRIP and OGSI/A (cont) Client UPL <porttype> Abstract Job Objects Multi-site jobs Authentication Gateway Gateway UPL Authorisation Abstract NJS UUDB NJS NJS (brokering) NJS Incarnation IDB IDB IDB Non-abstract NJS <-> TSI Protocol TSI BSS Vsite GT3 TSI TSI BSS Usite Globus 3 Usite EuroGrid Workshop, Cracow 26

Selected GGF Contributions Open Grid Services Architecture (OGSI) v. 1.0, Grid Forum Document GFD.15 An Analysis of the UNICORE Security Model, Grid Forum Document GFD.18 Grid Scheduling Dictionary of Terms and Keywords, Grid Forum Document GFD.11... and participation in many groups at http://forge.gridforum.org/ EuroGrid Workshop, Cracow 27

Recommended Reading Grid Interoperability Project: http://www.grid-interoperability.org UNICORE Forum: http://www.unicore.org UNICORE Plus Final Report: http://www.unicore.org/documents/unicore Plus-Final-Report.pdf (Good intro to UNICORE) The Globus Alliance: http://www.globus.org EuroGrid Workshop, Cracow 28

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information