Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.

Published byEmma Adair Modified over 10 years ago

Similar presentations

Presentation on theme: "Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester."— Presentation transcript:

1 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester

2 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 2 Overview Testbed 0 GridPP Testbed EU DataGrid Testbed EDG Version TB support for GridPP Future TB support TB Summary

3 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 3 Testbed 0 All HEP experiment sites are part of Gavins green dot map. –At least a Globus gatekeeper was running at some point. In almost all cases this is actually an EDG gatekeeper - ie with extra functionality.

4 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 4 GridPP Testbed Uses Resource Broker at IC, MDS at RAL and VO at Manchester. Yesterdays snapshot: Birmingham2 cpus Bristol3 Cambridge16 IC16 (+ 80 BaBar) Liverpool2 Manchester8 (+ 60 DZero/Atlas) Oxford1 RAL6 UCL2

5 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 5 EDG Testbed Yesterdays snapshot via CERN RB/II: CERN59 + 20 nl:Nikhef140 fr:CC Lyon22? + 74? + 409? fr:Polytechnique/LLR6 it:CNAF Bologna48 it:Padova11 it:Legnaro48 uk:IC16 + 80 uk:Liverpool2 uk:Manchester8 + 60 uk:Oxford1 uk:RAL6 (so were doing ok internationally)

6 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 6 EDG Version Current EDG production release is 1.4.3 –Last time I gave this talk was at 1.2.2 This now finally includes fixes for the showstopper problems, largely with Globus –spent most of September - December including new patches from Globus to fix problems with Information system, Job submission and File transfer. Current release works pretty-much as advertised, although some aspects of the user-interface and installation are obscure

7 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 7 Testbed Support for GridPP Centered on http://www.gridpp.ac.uk/tb-support/ –including our own LCFG installation recipes that fill in the gaps Peer-to-peer support for site admins on tb- support@jiscmail.ac.uk (Roughly) fortnightly phone meetings ~30-60 mins: go through EDG, GridPP and site status –aim is to flag problems and questions to deal with offline –sitting-in on this quickly gives a status overview Seems to work for the current Testbed size.

8 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 8 Future Testbed Support Ticket-based helpdesk system –experimented with Bugzilla - but would be good to use same system as Tier1A centre. –ideally put site admins into the system too, since can refer problems up or down then. Need to include site admins in all aspects of support –keep them up to date; provide help they need; help them help their users. Can we use regional Tier2 structures as a devolved support network, using local experts?

9 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 9 TB Summary All experimental HEP sites are involved at some level in Testbeds. 9 are genuinely part of a Grid and accessible via the IC Resource Broker. 5 are part of the EDG Application Testbed –out of 12 across the EDG Expect to be able to include the others rapidly –Additional GridPP support and documentation provided beyond that from EDG. Current mailing list/WWW/phone system ok –will need extending as more sites/users join

10 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 10 Grid HTTPS Extensions HTTPS is an interesting and important protocol for several reasons: –it is by far the most widely deployed secure protocolhas a large amount of high quality software that we could leverage –has excellent interaction with Firewalls, Network Address Translation and Application Proxies –has the potential to solve some of the problems sites have with private IP farms HTTPS security done using X509 certificates (including GSI) –the piece of the Grid we already had HTTP/1.1 (rfc2616) and extensions like WebDAV (rfc2518) have a rich set of methods (GET, PUT, DELETE, COPY etc) headers (Expires: etc) and Errors (413 Request Entity Too Large) HTTP redirection allows you to change from HTTPS negotiation to HTTP unencrypted data transfer Can HTTP/HTTPS be fast compared to other protocols though?

11 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 11 HTTP as a data protocol Same advantages as HTTPS: large amount of existing high quality software, and good operation with Firewalls, NAT etc. Kernel-based zero-copy HTTP servers like tux are very efficient –need to do something like that to fully use a machines gigabit interface Multistream HTTP and standard webservers as fast as GridFTP for ~300 MB transfers –At ~1 MB, multistream HTTP is much faster

12 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 12 Delegation over HTTPS HTTPS would be even more useful if could delegate GSI credentials over HTTPS –for example, to do third party transfers between two remote sites Proposal exists to do this (G-HTTPS) by adding extra methods to HTTPS –this is designed to leverage and interoperate with existing browsers, servers, www libraries –stress backwards and pass-through compatibility Basic implemention of this now added to file version of GridSite.

13 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 13 Secure, Trusted Caches Existing HTTPS isnt cache-able: –end-to-end client-server needed for SSL to work –best you get is opaque proxying/tunneling of SSL –one of the long standing shortcomings of HTTPS With delegation, can improve this: –identify a local cache you trust (in your VO maybe?) –delegate a credential to it –makes a proxy request via HTTPS: GET https://a.b.c/def –cache fetches this for you, using delegated credential –if can get an ACL for this file, may also be able to return file from cache in subsequent requests by you or other users in ACL

14 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 14 Delegation and Portals Some form of delegation also needed for Grid portals G-HTTPS would provide a standard way of inserting GSI proxies into portals However, a portal could also use G-HTTPS approach to pull proxies from server like MyProxy Possible to use MD5 digest passwords for this stage –MD5 hash of password generated in the users browser –passed to portal webserver without it seeing the password –portal provides MD5 hash to proxy server and gets proxy or other credential in return So some very useful mechanisms possible with a few extensions to existing HTTP software.

15 Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 15 Summary HTTP has the potential to be a competitive data transport protocol. HTTPS is already a Grid protocol Delegation would add many possibilities –third party transfers with HTTP/HTTPS –secured, trusted caches would address caching shortcomings of HTTPS Delegation provides useful mechanisms for Portals –inserting proxies into portals –using MD5 passwords to authenticate with proxy server G-HTTPS proposal hopes to standardise some of this

Download ppt "Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester."

Similar presentations

DataTAG WP4 Meeting CNAF Jan 14, 2003 Interfacing AliEn and EDG 1/13 Stefano Bagnasco, INFN Torino Interfacing AliEn to EDG Stefano Bagnasco, INFN Torino.

DataTAG WP4 Meeting CNAF Jan 14, 2003 Interfacing AliEn and EDG 1/13 Stefano Bagnasco, INFN Torino Interfacing AliEn to EDG Stefano Bagnasco, INFN Torino.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Grid Tech Team Certificates, Monitoring, & Firewall September 15, 2003 Chiang Mai, Thailand Allan Doyle, NASA With the help of the entire Grid Tech Team.

Grid Tech Team Certificates, Monitoring, & Firewall September 15, 2003 Chiang Mai, Thailand Allan Doyle, NASA With the help of the entire Grid Tech Team.
Andrew McNab - Manchester HEP - 15 February 2002 Testbed Release in the UK EDG Testbed 1 GridPP sources of information GridPP VO GIIS and Resource Broker.

Andrew McNab - Manchester HEP - 15 February 2002 Testbed Release in the UK EDG Testbed 1 GridPP sources of information GridPP VO GIIS and Resource Broker.
30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
S.L.LloydATSE e-Science Visit April 2004Slide 1 GridPP – A UK Computing Grid for Particle Physics GridPP 19 UK Universities, CCLRC (RAL & Daresbury) and.

S.L.LloydATSE e-Science Visit April 2004Slide 1 GridPP – A UK Computing Grid for Particle Physics GridPP 19 UK Universities, CCLRC (RAL & Daresbury) and.
1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.

1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.
GridPP7 - 02 July 2003Stefan StonjekSlide 1 SAM middleware components Stefan Stonjek University of Oxford 7 th GridPP Meeting 02 nd July 2003 Oxford.

GridPP July 2003Stefan StonjekSlide 1 SAM middleware components Stefan Stonjek University of Oxford 7 th GridPP Meeting 02 nd July 2003 Oxford.
Security middleware Andrew McNab University of Manchester.

Security middleware Andrew McNab University of Manchester.
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.

WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
DataGrid is a project funded by the European Union CHEP 2003 – 24-28 March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,

DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
Tony Doyle - University of Glasgow GridPP EDG - UK Contributions Architecture Testbed-1 Network Monitoring Certificates & Security Storage Element R-GMA.

Tony Doyle - University of Glasgow GridPP EDG - UK Contributions Architecture Testbed-1 Network Monitoring Certificates & Security Storage Element R-GMA.
GridPP Meeting, Cambridge, 15 Feb 2002 Paul Mealor, UCL UCL Testbed 1 status report Paul Mealor.

GridPP Meeting, Cambridge, 15 Feb 2002 Paul Mealor, UCL UCL Testbed 1 status report Paul Mealor.
Andrew McNab - Manchester HEP - 10 May 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –What are other sites doing? –What are.

Andrew McNab - Manchester HEP - 10 May 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –What are other sites doing? –What are.
Partner Logo Tier1/A and Tier2 in GridPP2 John Gordon GridPP6 31 January 2003.

Partner Logo Tier1/A and Tier2 in GridPP2 John Gordon GridPP6 31 January 2003.
User Board - Supporting Other Experiments Stephen Burke, RAL pp Glenn Patrick.

User Board - Supporting Other Experiments Stephen Burke, RAL pp Glenn Patrick.
Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.

Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.

Similar presentations

Ads by Google