Presentation is loading. Please wait.

Presentation is loading. Please wait.

J Jensen CCLRC RAL Data Management AUZN (mostly about SRM though) GGF 16, Athens J Jensen.

Published byMadison Hensley Modified over 10 years ago

Similar presentations

Presentation on theme: "J Jensen CCLRC RAL Data Management AUZN (mostly about SRM though) GGF 16, Athens J Jensen."— Presentation transcript:

1 J Jensen CCLRC RAL Data Management AUZN (mostly about SRM though) GGF 16, Athens J Jensen

2 CCLRC RAL GIN! Gimme Interoperability Now!! SRB ISLANDSRM ISLAND

3 J Jensen CCLRC RAL SRB - IANASRBE SRB is not SRM –Different aims, different users –SRB provides its own Data Grid AUCN: –Username/password –GSI for S commands (if compiled in) –Define id mapping… Access control replicated with data –Group permissions

4 J Jensen CCLRC RAL SRM Overview SRM is a file control protocol –GGF standard – GSM-WG –SOAP/HTTP over GSI sockets Something else does the transfer –WAN: Usually GridFTP –LAN: local protocol (RFIO, DCAP,…)

5 J Jensen CCLRC RAL Implementations Special ones – for specific tape MSS –JLAB, LBNL, CERN/RAL General purpose (usually to disk) –DPM from CERN/LCG, –dCache from DESY/FNAL, –StoRM from INFN

6 J Jensen CCLRC RAL SRM Versions Designers: –ACL not a major priority Implementers: –Listen to users (often) Users: –ACL not a major priority (HEP) Version 1.1 –Secure (GSI), but… –No functions for ACL Version 2.1 –Unixy +rwxrwxrwx –…POSIX

7 J Jensen CCLRC RAL Implementations provides SRM SRM1.1SRM2.1 dCacheYESNot seen yet DPMYES CASTOR1YESNO CASTOR2NOYES

8 J Jensen CCLRC RAL File Transfer Area Implementation LANWAN dCacheDCAPGridFTP DPMRFIOGridFTP CASTORRFIOGridFTP

9 J Jensen CCLRC RAL Local Protocols Traditional insecure versions… –Use Unix UID for authentication –No data confidentiality (encryption) Both RFIO and DCAP have GSI versions –Not always used by default –Need hostcerts for pool nodes –Dont necessarily encrypt –GSI/SSL negotiations slow

10 J Jensen CCLRC RAL GridFTP Implementations Use GSI authentication Authorise by DN, using gridmap files Dont encrypt data by default –Or large transfers would be slow

11 J Jensen CCLRC RAL DPM 1.5 Improved Security Integrated access control in nameserver –GridFTP, SRM, RFIO: consistent ACL RFIO –GSI only –No Encryption Performance vs confidentiality POSIX ACLs VOMS

12 J Jensen CCLRC RAL StoRM Security Requires ACL capable filesystem –GPFS (, ext3, ReiserFS,…) Being tested by INFN CNAF

13 J Jensen CCLRC RAL CASTOR 2 SRM Access control not implemented yet Will rely on CASTOR for ACL

14 J Jensen CCLRC RAL SRM Data Movers: Gaps Data movers must update ACLs when moving data –Support SRM 2.1 –Some copy as user (delegated) –Some as a service Not quite trivial –Data movers dont have special privileges

15 J Jensen CCLRC RAL Back Doors? File written via Grid can sometimes be read with local protocol –Or via SRM 1.1? Privileged (root/admin) access –Storage Filename is often random –Rarely a concern

16 J Jensen CCLRC RAL Conclusions GIN: Two Islands – SRM and SRB WAN protocols secure (sort of) –But no data encryption by default Increasingly, LAN protocols are secured Implementations are available (sort of) –SRM 1.1 is still widely used

Download ppt "J Jensen CCLRC RAL Data Management AUZN (mostly about SRM though) GGF 16, Athens J Jensen."

Similar presentations

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Jens G Jensen Atlas Petabyte store Supporting Multiple Interfaces to Mass Storage Providing Tape and Mass Storage to Diverse Scientific Communities.

Jens G Jensen Atlas Petabyte store Supporting Multiple Interfaces to Mass Storage Providing Tape and Mass Storage to Diverse Scientific Communities.
CASTOR SRM v1.1 experience Presentation at HEPiX MSS Forum 28/05/2004 Olof Bärring, CERN-IT.

CASTOR SRM v1.1 experience Presentation at HEPiX MSS Forum 28/05/2004 Olof Bärring, CERN-IT.
HEPiX 2004-05-23 GFAL and LCG data management Jean-Philippe Baud CERN/IT/GD.

HEPiX GFAL and LCG data management Jean-Philippe Baud CERN/IT/GD.
Steve Traylen Particle Physics Department Experiences of DCache at RAL UK HEP Sysman, 11/11/04 Steve Traylen

Steve Traylen Particle Physics Department Experiences of DCache at RAL UK HEP Sysman, 11/11/04 Steve Traylen
Jens G Jensen CCLRC/RAL hepsysman 2005Storage Middleware SRM 2.1 issues hepsysman Oxford 5 Dec 2005.

Jens G Jensen CCLRC/RAL hepsysman 2005Storage Middleware SRM 2.1 issues hepsysman Oxford 5 Dec 2005.
Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.

Data Management Expert Panel. RLS Globus-EDG Replica Location Service u Joint Design in the form of the Giggle architecture u Reference Implementation.
EGEE is a project funded by the European Union under contract IST-2003-508833 Using SRM: DPM and dCache G.Donvito,V.Spinoso INFN Bari www.eu-egee.org.

EGEE is a project funded by the European Union under contract IST Using SRM: DPM and dCache G.Donvito,V.Spinoso INFN Bari
Storage: Futures Flavia Donno CERN/IT WLCG Grid Deployment Board, CERN 8 October 2008.

Storage: Futures Flavia Donno CERN/IT WLCG Grid Deployment Board, CERN 8 October 2008.
CASTOR SRM v1.1 experience Presentation at SRM meeting 01/09/2004, Berkeley Olof Bärring, CERN-IT.

CASTOR SRM v1.1 experience Presentation at SRM meeting 01/09/2004, Berkeley Olof Bärring, CERN-IT.
Heads in the cloud? GSM-WG at OGF31, Taipei Jens Jensen, RAL.

Heads in the cloud? GSM-WG at OGF31, Taipei Jens Jensen, RAL.
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester

Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
Maarten Litmaath (CERN), EGEE User Forum, CERN, 2006/03/02 (v3) Use of the SRM interface Use case What is the SRM? –Who develops it? –Is it a standard?

Maarten Litmaath (CERN), EGEE User Forum, CERN, 2006/03/02 (v3) Use of the SRM interface Use case What is the SRM? –Who develops it? –Is it a standard?
CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Plans and Architectural Options for Physics Data Analysis at CERN D. Duellmann, A. Pace.

CERN IT Department CH-1211 Genève 23 Switzerland t Plans and Architectural Options for Physics Data Analysis at CERN D. Duellmann, A. Pace.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org gLite Data Management Services - Overview Mike Mineter National e-Science Centre, Edinburgh.

INFSO-RI Enabling Grids for E-sciencE gLite Data Management Services - Overview Mike Mineter National e-Science Centre, Edinburgh.
StoRM Some basics and a comparison with DPM Wahid Bhimji University of Edinburgh GridPP Storage Workshop 31-Mar-101Wahid Bhimji – StoRM.

StoRM Some basics and a comparison with DPM Wahid Bhimji University of Edinburgh GridPP Storage Workshop 31-Mar-101Wahid Bhimji – StoRM.
Ákos FROHNER – DataGrid Security Requirements- 2002-04-09 - n° 1 Security Group D7.5 Document and Open Issues

Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues
Mass Storage System Forum HEPiX Vancouver, 24/10/2003 Don Petravick (FNAL) Olof Bärring (CERN)

Mass Storage System Forum HEPiX Vancouver, 24/10/2003 Don Petravick (FNAL) Olof Bärring (CERN)
Data Management The GSM-WG Perspective. Background SRM is the Storage Resource Manager A Control protocol for Mass Storage Systems Standard protocol:

Data Management The GSM-WG Perspective. Background SRM is the Storage Resource Manager A Control protocol for Mass Storage Systems Standard protocol:

Similar presentations

Ads by Google