Presentation is loading. Please wait.

Presentation is loading. Please wait.

WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep"— Presentation transcript:

1 WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep hep-proj-grid-fabric-gridify@cern.ch

2 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 2 WP4 Gridification components u External (“Grid”) components n issues relating to the three core Grid protocols (GRAM, GSIFTP,GRIP) n network issues (firewall admin, NAT) n fabric authorization interoperability (multi-domain, AAA, co-allocing) u Internal components n authenticated installation services n secure bootstrapping services

3 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 3 WP4 Subsystems and relationships (D4.2)

4 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 4 Job submission protocol & interface u Current Globus design n Client tools connect to gatekeeper n GRAM (attributes over HTTPS) n Gatekeeper does authentication, authorization and user mapping n RSL passed to JobManager u Identified design differences n authorization and user mapping done quite early in the process u Identical components n Protocol must stay the same (GRAM) n Separation of JobManager (closer to RMS) and GateKeeper will remain u Issues:scalability problems with many jobs within one centre (N jobmanagers) authorization cannot take into account RMS state (budget, etc.)

5 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 5 Authorization and AAA u Current Globus design: n Authorization and user mapping are combined in one n No dynamic per-site Authorization decisions u Identified design points n new design, taking concepts from generic AAA architectures n coordinate with AuthZ group and GGF u Identical components n towards generic AAA architectures/servers n distributed AAA decisions/brokering n concepts from new SciDAC/SecureGRID/AAAARCH Accounting framework yet to be considered…

6 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 6 Local Centre AuthZ Service (LCAS) future u Integrate in generic AAA ARCH n being developed in IRTF (experimental) u co-allocation of resources u incorporates site-local policies u use existing policy languages n Ponder, AAAARCH language, …? u complementary to CAS AAA ASM

7 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 7 Credential Mapping u Current Globus design: n Authorization and user mapping are combined n Currently by GateKeeper/GridMapDir (on connection establishment) n Kerberos by external service (sslk5) u Identified design points n Extend for multiple credential types n move to later in the process (after AAA decision) u Identical components n gridmapdir patch by Andrew McNab n sslk5/k5cert service u Issues in current design n mapping may be expensive (updating password files, NIS, LDAP, etc.)

8 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 8 Local security service (FLIdS) u Current design: n does not exist (not a Grid component) n Technology ubiquitous (X.509 PKI) u Identified design points n Policy driven automatic service n policy language design (based on generic policy language or EACLs) u Identical components n PKI X.509 technology (OpenSSL) n use by GSI and HTTPS u Issues: n mainly useful in untrusted environments (e.g., outside a locked computer centre) Non-critical component

9 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 9 Information Services (GriFIS) u Current design: n MDS2.1(or compat):LDAP with back-ends n Modular information providers u Identified design points n NO fundamental changes n More information providers (CDB) n Correlators between RMS, Monitoring and CDB (internal WP4 components) u Identical components n MDS2.1, F-tree and/or GMA/R-GMA n Some of the information providers u Issues in current design n Evaluation of WP3 framework still in progress n Wide variety of frameworks in general, but all seem currently interchangeable

10 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 10 Network access to large fabrics u Current Globus design n Is not in scope of Globus toolkit u Identified design differences n Needed component for large farms n Needed for bandwidth provisioning/brokerage n Farm nodes not visible from outside! u Identical components n 0 st order: no functionality n 1 st order: IP Masquerading routers n 2 nd order: IP Masq & protocol translation (IPv6 → IPv4 and v.v.) n later: use of intelligent edge devices, managed bandwidth (and connections) per job, AAA interaction (with LCAS)

11 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 11 Key overlaps & differences u Globus provides adequate components for much of the functionality u Lacking components n Generic and distributed AAA n too-early relinquishing of credential mapping capabilities in gatekeeper n does not address intra-fabric security concerns (FLIdS) n information providers for whatever the framework will be n managed network access u Key components to stay compatible n GRAM protocol & RSL forwarding [Globus,GGF] n Information framework (GIS, GMA, R-GMA, …) [Globus,GGF and EDG WP3] n Security methods and protocols (X.509, SSL, …)

Download ppt "WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep"

Similar presentations

GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.

The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.
Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep

Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep
The DutchGrid Platform Collaboration of projects from –Computer Science, HEP and service providers Participating and supported projects –Virtual Laboratory.

The DutchGrid Platform Collaboration of projects from –Computer Science, HEP and service providers Participating and supported projects –Virtual Laboratory.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
A Computation Management Agent for Multi-Institutional Grids

A Computation Management Agent for Multi-Institutional Grids
DataGrid is a project funded by the European Union 22 September 2003 – n° 1 EDG WP4 Fabric Management: Fabric Monitoring and Fault Tolerance

DataGrid is a project funded by the European Union 22 September 2003 – n° 1 EDG WP4 Fabric Management: Fabric Monitoring and Fault Tolerance
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
USING THE GLOBUS TOOLKIT This summary by: Asad Samar / CALTECH/CMS Ben Segal / CERN-IT FULL INFO AT:

USING THE GLOBUS TOOLKIT This summary by: Asad Samar / CALTECH/CMS Ben Segal / CERN-IT FULL INFO AT:
WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep

WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep
2001.04.02 / David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.

/ David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.
WP4 Security Update For WP4: David Groep

WP4 Security Update For WP4: David Groep
WP4 Gridification Security Components in the Fabric overview of the WP4 architecture as of D4.2 for Gridification Task: David Groep

WP4 Gridification Security Components in the Fabric overview of the WP4 architecture as of D4.2 for Gridification Task: David Groep
Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.

Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group

Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group
Understanding Active Directory

Understanding Active Directory

Similar presentations

Ads by Google