Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester

Published byMeghan Cunningham Modified over 7 years ago

Similar presentations

Presentation on theme: "Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester"— Presentation transcript:

1 Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester http://www.gridpp.ac.uk/authz/

2 Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 2 SlashGrid motivation Produced as part of EU DataGrid EDG uses Unix pool accounts for job execution –user assigned to a temporary account for duration of the job, normal Unix permissions apply –but all files created need to be deleted before pool account can be created SlashGrid gets round this by controlling access to files by Grid credential rather than Unix ID –so SlashGrid primarily motivated by local security

3 Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 3 SlashGrid implementation Currently Linux-specific –uses Linux venus/coda kernel module to connect a client-side daemon to OS –replacing this with nfs daemon->OS connector Daemon handles the virtual filesystems, does credential checking and network operations. SlashGrid best described as a “Framework for Grid-aware filesystems” –provides verifying/storage of Grid credentials –multiple filesystem types, each supported by a loadable.so module

4 Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 4 Some plugin/filesystem types certfs - a robust demonstration fs –local disk storage controlled by GACL access control policies, and X509, GSI or VOMS cred. curlfs - an example networked fs –remote access to HTTP(S) servers –presents local credentials (eg GSI proxy) to remote services when auth required gmapfs - an example “utility” fs –populated with virtual symbolic links to augment pool account system

5 Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 5 What SlashGrid is not Not a “Grid” filesystem –it’s deliberately protocol-neutral –it’s a framework for building filesystems on Not a monolithic system –it lets third parties write plugins for their favourite file transfer protocol –third parties may need “utility” filesystems that we can’t anticipate (cf Linux /proc) Not a complete fs security model –it supports one (GSI/VOMS/GACL), but can readily support others (eg Kerberos based)

6 Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 6 Summary Motivated by local security Work done in a client-side daemon rather than kernel Daemon supports third-party plugins Aim for network-protocol and security-model neutrality Should be seen as a client for “Grid File Systems” rather than as “A Grid File System” itself.

Download ppt "Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester"

Similar presentations

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
Security middleware Andrew McNab University of Manchester.

Security middleware Andrew McNab University of Manchester.
DataGrid is a project funded by the European Union CHEP 2003 – 24-28 March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,

DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.

Andrew McNab - Manchester HEP - 29/30 March 2001 gridmapdir patch Overview of the problem Constraints from local systems Outline of how it works How to.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.

The GridSite Security Framework Andrew McNab University of Manchester.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 5 March 2002 SlashGrid (“/grid”) Motivation: dynamic-accounts issues Local storage: implementation alternatives Generalisation:

Andrew McNab - Manchester HEP - 5 March 2002 SlashGrid (“/grid”) Motivation: dynamic-accounts issues Local storage: implementation alternatives Generalisation:
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.

10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester

Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.

3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester

Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester
Andrew McNab - Manchester HEP - 29 January 2002 SlashGrid (“/grid”) Motivation: dynamic-accounts issues Local storage: implementation alternatives Generalisation:

Andrew McNab - Manchester HEP - 29 January 2002 SlashGrid (“/grid”) Motivation: dynamic-accounts issues Local storage: implementation alternatives Generalisation:
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.

Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester

Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester

Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester

Similar presentations

Ads by Google