Presentation is loading. Please wait.

Presentation is loading. Please wait.

GEON meeting - May 22, 2006 GAMA 2.0 Features and Status Kurt Mueller SDSC.

Published bySteven Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "GEON meeting - May 22, 2006 GAMA 2.0 Features and Status Kurt Mueller SDSC."— Presentation transcript:

1 GEON meeting - May 22, 2006 GAMA 2.0 Features and Status Kurt Mueller SDSC

2 GEON meeting - May 22, 2006 GAMA 1 in a nutshell A system for creating and managing Grid accounts for portal and application users Provides dedicated server installation consisting of Grid software (CACL, MyProxy, CAS) wrapped in web services Provides management portlets for easy integration into GridSphere portal framework –User account request form –Administrative account management console –User login through GAMA - retrieves GSI credential

3 GEON meeting - May 22, 2006 GAMA 1 architecture Portal server 2 Portal server 1 GAMA server CACL MyProxyCAS AXIS Web Services wrapper … Servlet container import user retrieve credential Stand-alone applications retrieve credential DB gridportlets Java keystore gama GridSphere Servlet container create user

4 GEON meeting - May 22, 2006 GAMA 1 ideal environment New portal/Grid project No existing users/credentials Single administrator Globus Grid GridSphere portal Authorization through grid-mapfile

5 GEON meeting - May 22, 2006 GAMA 1 weaknesses Hard to incorporate existing user accounts and Grid credentials Hard to use existing infrastructure –MyProxy server –Other CA packages Hard to expand core GAMA functions –SRB account creation –Authorization - CAS not so useful? –Unix accounts –grid-mapfile updates

6 GEON meeting - May 22, 2006 Back to the drawing board…

7 GEON meeting - May 22, 2006 GAMA 2 features Implementation agnostic Extensible through a plug-in architecture Workflow system for multi-step operations Supports VOs with many sites and independent site administrators Provides cluster account management

8 GEON meeting - May 22, 2006 Implementation agnostic No explicit reliance on MyProxy, CACL, CAS. Accomplished through a plug-in architecture on GAMA server: use whatever CA you want, whatever credential storage, whatever authorization service, etc. GAMA 2 includes CACL, Naregi and MyProxy plugins out of the box May also include SRB account management, and other plugins

9 GEON meeting - May 22, 2006 Extensible GAMA admin can write task plugins to accomplish novel tasks: –Interface with existing infrastructure (authentication/authorization mechanisms, databases, CA packages, etc.) – Manage Unix / Windows / physical accounts –etc.

10 GEON meeting - May 22, 2006 Extensible All GAMA tasks extend GAMATask class: abstract public class GAMATask { … abstract public void doTask() throws GAMATaskException; abstract public void rollbackTask() throws GAMATaskRollbackException {}; … }

11 GEON meeting - May 22, 2006 username java.lang.String true password java.lang.String true … credentialobject org.globus.gsi.GlobusCredential credentialstring java.lang.String Extensible - MyProxyAuthNTask.xml

12 GEON meeting - May 22, 2006 Extensible - MyProxyAuthNTask.java public class MyProxyAuthNTask extends GAMATask { public void doTask() throws GAMATaskException { String username = (String) getParamObjectByName("username"); String passwd = (String) getParamObjectByName("password"); … cred = (GSSCredential) myproxy.get(username, passwd, myProxyLifetime.intValue()); … getOutputByName("credentialobject").setOutputObject(cred); getOutputByName("credentialstring"). setOutputObject(cred.toString()); }

13 GEON meeting - May 22, 2006 Workflow system Server operations are customizable and expandable. Uses a workflow system that can execute arbitrary sequences of tasks for any operation, such as “login.” –GAMA 1 login does one thing: tries to retrieve a credential from MyProxy. –GAMA 2 login could do a sequence of things: retrieve credential from MyProxy, open an SRB socket connection, write a message to a logfile, etc.

14 GEON meeting - May 22, 2006 Workflow system - MyProxyAuthNSequence.xml GAMA's default MyProxy authentication sequence authenticate true false edu.sdsc.gama.server.services.task.auth. authn.MyProxyAuthNTask 0 simple MyProxy authentication with username and password false true

15 GEON meeting - May 22, 2006 Workflow system - NewUserSetupSequence.xml GAMA's default CACL and MyProxy new user sequence … edu.sdsc.gama.server.services.task.ca.newuser. CACLNewUserTask Create a new user in CACL true false true edu.sdsc.gama.server.services.task.myproxy.newuser. MyProxyLoadCredentialsFromCATask Load a user's credentials from CA into MyProxy true false true

16 GEON meeting - May 22, 2006 GridSphere PortalGAMA 1 Server Naregi MyProxy CAS Account request portlet (GridSphere) Account admin portlet (GridSphere) Create user Task engine SRB … NewUserSequence Account admin GUI (GridSphere portal) AuthNSequence Login portlet (GridSphere) Login user GEMSTONEKepler Login web service client GAMA 2 Server

17 GEON meeting - May 22, 2006 Multi-site support GAMA 2 server supports multiple sites, each with its own local site administrator Site admin logs in to GAMA server and manages accounts for just their site; other sites’ users are not visible. Primary GAMA admin can manage all users. GAMA can be configured to perform different sequences of actions for different sites: –Site A -> login sequence A –Site B -> login sequence B

18 GEON meeting - May 22, 2006 Cluster account management GAMA knows about resources such as clusters –A resource belongs to a site Site admin can specify access permissions for each user on each resource in their site Resources can poll GAMA server for list of valid users, and manage individual user accounts and/or grid-mapfile entries accordingly. Provides a critical step in cluster management: Rocks for OS/software install, GAMA for users

19 GEON meeting - May 22, 2006 GAMA 2 web services Provide a simple API that duplicates GAMA 1 API: authenticateUser() authorizeUser() requestNewUser() … Plus new methods for site/resource management: createSite() addNewResource() getResourceUsers() addUserToResource() …

20 GEON meeting - May 22, 2006 GAMA 2 web services All web services take as inputs a set of key-value pairs, and produce as outputs another set of key- value pairs Allows flexibility for task/sequence writers, at the expense of explicitness: String authenticateUser(String username, String password, String lifetime) {…} vs. HashMap authenticateUser(HashMap inputs) {…}

21 GEON meeting - May 22, 2006 GAMA server admin GUI demo

22 GEON meeting - May 22, 2006 GAMA 2.0: Steps to completion Finish tying in web service interface to task engine Complete the administrative GUI –Group management –Task and sequence management Refactor account request and login portlets Provide client tools for cluster user management Construct server Rocks roll with Naregi, MyProxy and GAMA

23 GEON meeting - May 22, 2006 GAMA: the future Explore authentication technologies –CAS still useful? –Shibboleth / GridShib –etc. More complete end-to-end user management: –grid-mapfile updates on end resources, for instance Synchronization / cooperation between multiple GAMA servers across VOs

24 GEON meeting - May 22, 2006 References GAMA: http://grid-devel.sdsc.edu/gamahttp://grid-devel.sdsc.edu/gama GridSphere: http://www.gridsphere.orghttp://www.gridsphere.org CACL: http://www.sdsc.edu/CAhttp://www.sdsc.edu/CA Naregi CA: https://www.naregi.org/ca MyProxy: http://grid.ncsa.uiuc.edu/myproxyhttp://grid.ncsa.uiuc.edu/myproxy CAS: http://www.globus.org/security/CAShttp://www.globus.org/security/CAS GEON project: http://www.geongrid.orghttp://www.geongrid.org Telescience project: http://telescience.ucsd.eduhttp://telescience.ucsd.edu NBCR: http://nbcr.sdsc.eduhttp://nbcr.sdsc.edu

25 GEON meeting - May 22, 2006 Credits SDSC/GEON: Kurt Mueller, Sandeep Chandra, Karan Bhatia UCSD/NCMIR: Abel Lin, Khim Ung, Lu Dai UCSD/BIRN: Jason Novotny, Ramil Manansala, Jana Nguyen

Download ppt "GEON meeting - May 22, 2006 GAMA 2.0 Features and Status Kurt Mueller SDSC."

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Demonstrations at PRAGMA 13 10 demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
PRAGMA BioSciences Portal Raj Chhabra Susumu Date Junya Seo Yohei Sawai.

PRAGMA BioSciences Portal Raj Chhabra Susumu Date Junya Seo Yohei Sawai.
The Telescience Project - ATOMIC (Applications to Middleware Interaction Components) https://telescience.ucsd.edu Transparent Grid Access for Scientific.

The Telescience Project - ATOMIC (Applications to Middleware Interaction Components) Transparent Grid Access for Scientific.
MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Data Grid: Storage Resource Broker Mike Smorul. SRB Overview Developed at San Diego Supercomputing Center. Provides the abstraction mechanisms needed.

Data Grid: Storage Resource Broker Mike Smorul. SRB Overview Developed at San Diego Supercomputing Center. Provides the abstraction mechanisms needed.
CGW 2009 Vine Toolkit A uniform access and portal solution to existing grid middleware services P.Dziubecki, T.Kuczynski, K.Kurowski, D.Szejnfeld, D.Tarnawczyk,

CGW 2009 Vine Toolkit A uniform access and portal solution to existing grid middleware services P.Dziubecki, T.Kuczynski, K.Kurowski, D.Szejnfeld, D.Tarnawczyk,
Academic Technology Services The UCLA Grid Portal - Campus Grids and the UC Grid Joan Slottow and Prakashan Korambath Research Computing Technologies UCLA.

Academic Technology Services The UCLA Grid Portal - Campus Grids and the UC Grid Joan Slottow and Prakashan Korambath Research Computing Technologies UCLA.
Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Data Grids: Globus vs SRB. Maturity SRB  Older code base  Widely accepted across multiple communities  Core components are tightly integrated Globus.

Data Grids: Globus vs SRB. Maturity SRB  Older code base  Widely accepted across multiple communities  Core components are tightly integrated Globus.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
DB-19: OpenEdge® Authentication Without the _User Table

DB-19: OpenEdge® Authentication Without the _User Table
- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)

- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.

National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
Riccardo Bruno INFN.CT Sevilla, 10-14 Sep 2007 The GENIUS Grid portal.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.

W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.
Holding slide prior to starting show. A Grid-based Problem Solving Environment for GECEM Maria Lin and David Walker Cardiff University Yu Chen and Jason.

Holding slide prior to starting show. A Grid-based Problem Solving Environment for GECEM Maria Lin and David Walker Cardiff University Yu Chen and Jason.

Similar presentations

Ads by Google