Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.

Similar presentations


Presentation on theme: "Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester."— Presentation transcript:

1 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester

2 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 2 Overview Testbed 0 GridPP Testbed EU DataGrid Testbed EDG Version TB support for GridPP Future TB support TB Summary

3 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 3 Testbed 0 All HEP experiment sites are part of Gavins green dot map. –At least a Globus gatekeeper was running at some point. In almost all cases this is actually an EDG gatekeeper - ie with extra functionality.

4 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 4 GridPP Testbed Uses Resource Broker at IC, MDS at RAL and VO at Manchester. Yesterdays snapshot: Birmingham2 cpus Bristol3 Cambridge16 IC16 (+ 80 BaBar) Liverpool2 Manchester8 (+ 60 DZero/Atlas) Oxford1 RAL6 UCL2

5 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 5 EDG Testbed Yesterdays snapshot via CERN RB/II: CERN nl:Nikhef140 fr:CC Lyon22? + 74? + 409? fr:Polytechnique/LLR6 it:CNAF Bologna48 it:Padova11 it:Legnaro48 uk:IC uk:Liverpool2 uk:Manchester uk:Oxford1 uk:RAL6 (so were doing ok internationally)

6 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 6 EDG Version Current EDG production release is –Last time I gave this talk was at This now finally includes fixes for the showstopper problems, largely with Globus –spent most of September - December including new patches from Globus to fix problems with Information system, Job submission and File transfer. Current release works pretty-much as advertised, although some aspects of the user-interface and installation are obscure

7 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 7 Testbed Support for GridPP Centered on –including our own LCFG installation recipes that fill in the gaps Peer-to-peer support for site admins on tb- (Roughly) fortnightly phone meetings ~30-60 mins: go through EDG, GridPP and site status –aim is to flag problems and questions to deal with offline –sitting-in on this quickly gives a status overview Seems to work for the current Testbed size.

8 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 8 Future Testbed Support Ticket-based helpdesk system –experimented with Bugzilla - but would be good to use same system as Tier1A centre. –ideally put site admins into the system too, since can refer problems up or down then. Need to include site admins in all aspects of support –keep them up to date; provide help they need; help them help their users. Can we use regional Tier2 structures as a devolved support network, using local experts?

9 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 9 TB Summary All experimental HEP sites are involved at some level in Testbeds. 9 are genuinely part of a Grid and accessible via the IC Resource Broker. 5 are part of the EDG Application Testbed –out of 12 across the EDG Expect to be able to include the others rapidly –Additional GridPP support and documentation provided beyond that from EDG. Current mailing list/WWW/phone system ok –will need extending as more sites/users join

10 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 10 Grid HTTPS Extensions HTTPS is an interesting and important protocol for several reasons: –it is by far the most widely deployed secure protocolhas a large amount of high quality software that we could leverage –has excellent interaction with Firewalls, Network Address Translation and Application Proxies –has the potential to solve some of the problems sites have with private IP farms HTTPS security done using X509 certificates (including GSI) –the piece of the Grid we already had HTTP/1.1 (rfc2616) and extensions like WebDAV (rfc2518) have a rich set of methods (GET, PUT, DELETE, COPY etc) headers (Expires: etc) and Errors (413 Request Entity Too Large) HTTP redirection allows you to change from HTTPS negotiation to HTTP unencrypted data transfer Can HTTP/HTTPS be fast compared to other protocols though?

11 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 11 HTTP as a data protocol Same advantages as HTTPS: large amount of existing high quality software, and good operation with Firewalls, NAT etc. Kernel-based zero-copy HTTP servers like tux are very efficient –need to do something like that to fully use a machines gigabit interface Multistream HTTP and standard webservers as fast as GridFTP for ~300 MB transfers –At ~1 MB, multistream HTTP is much faster

12 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 12 Delegation over HTTPS HTTPS would be even more useful if could delegate GSI credentials over HTTPS –for example, to do third party transfers between two remote sites Proposal exists to do this (G-HTTPS) by adding extra methods to HTTPS –this is designed to leverage and interoperate with existing browsers, servers, www libraries –stress backwards and pass-through compatibility Basic implemention of this now added to file version of GridSite.

13 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 13 Secure, Trusted Caches Existing HTTPS isnt cache-able: –end-to-end client-server needed for SSL to work –best you get is opaque proxying/tunneling of SSL –one of the long standing shortcomings of HTTPS With delegation, can improve this: –identify a local cache you trust (in your VO maybe?) –delegate a credential to it –makes a proxy request via HTTPS: GET https://a.b.c/def –cache fetches this for you, using delegated credential –if can get an ACL for this file, may also be able to return file from cache in subsequent requests by you or other users in ACL

14 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 14 Delegation and Portals Some form of delegation also needed for Grid portals G-HTTPS would provide a standard way of inserting GSI proxies into portals However, a portal could also use G-HTTPS approach to pull proxies from server like MyProxy Possible to use MD5 digest passwords for this stage –MD5 hash of password generated in the users browser –passed to portal webserver without it seeing the password –portal provides MD5 hash to proxy server and gets proxy or other credential in return So some very useful mechanisms possible with a few extensions to existing HTTP software.

15 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 15 Summary HTTP has the potential to be a competitive data transport protocol. HTTPS is already a Grid protocol Delegation would add many possibilities –third party transfers with HTTP/HTTPS –secured, trusted caches would address caching shortcomings of HTTPS Delegation provides useful mechanisms for Portals –inserting proxies into portals –using MD5 passwords to authenticate with proxy server G-HTTPS proposal hopes to standardise some of this


Download ppt "Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester."

Similar presentations


Ads by Google