Presentation is loading. Please wait.

Presentation is loading. Please wait.

GCRC Meeting 2004 Introduction to the Grid and Security Philip Papadopoulos.

Published byJoshua Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "GCRC Meeting 2004 Introduction to the Grid and Security Philip Papadopoulos."— Presentation transcript:

1 GCRC Meeting 2004 Introduction to the Grid and Security Philip Papadopoulos

2 An Introduction to the Grid  Definition – Grid software allows a user to assemble remote resources and treat them as if they were local Uses a scalable security model Does not require centralized administration Does not require sites to give up administrative control of their resource  Simple Example A Morphometric BIRN researcher wants to test a new image segmentation program on brain image data.  The computing cluster is in San Diego  The Brain Data is physically stored at centers in Harvard, UCI, and Duke

3 What a Grid Is not  It’s not free computing  It does not replace large-scale “supercomputers”  Putting your resource on the grid does not mean anybody can use it  Note: Grid and “Cyberinfrastructure” are two words that describe the same thing

4 How is a Grid different from the Web ? FeatureWebGrid Physical Connections Ethernet, ATM, SONET, … Same User Identification Managed per site Single Sign On Program Access Web Browser (http protocol) Multiple programs and protocols SearchingGoogleWell-defined meta data and databases Starting User- defined Programs Not SupportedVery Flexible

5 Abridged History of Distributed Computing  Classification by administrative domain  1980 Single administrative domain  SUN NFS (file sharing)  Yellow Pages (authentication)  Remote shell (task creation)  1990 Virtual User Administrative Domain  A user logs onto various machines and runs software that makes these appear as a single system Example PVM (Parallel Virtual Machine)  Mid 90’s - Clusters  Message passing (MPI) used for communication  Usually a single administrative domain

6 Abridged History Continued  Mid 90’s. Cooperating (Mutual Trust) Domains  Kerberos and CORBA  Trust is administered centrally  Late 90’s. Grid Systems  Public Key Certificates identified individual users. All or nothing domain trust not needed  Mechanisms for interprocess communication needed re-visting  More like Virtual User Domains early 90’s but with a more scalable security model  Example: Globus, Avaki, United Devices, SETI@home

7 Clusters - The New Workstation  Commodity CPUs  Supercomputer-class performance  Easily replicated to form a distributed grid of computing and storage  Canonical IT platform for Biology  You may want/need access to cluster located at another site One of many clusters at UCSD. 256 Programs

8 “Wrapping” Resources for Symmetry Grid Interface Grid User Site Policies Grid Interface Standard Internet Network Site Policies Grid Interface Site Policies Grid Interface Site Policies Grid Interface Grid User Grid Interface provides security, identity Mapping, resource access/abstraction

9 How Grid Computing has Evolved  The Grid interface has evolved from scripts to a services based architecture  Service - a resource that has a well-defined programmatic interface that can be called remotely  A Web Service – a resource that can be called remotely using SOAP ( Simple Object Access Protocol ). Example: google in your web browser toolbar  A Grid Service – uses SOAP or other protocols with a defined authentication interface  Application – software that utilizes one or more services to work on the grid

10 What are Some Key Issues?  Some programs need to be re-engineered to work with non-local resources  Many programs need to explicitly carry a security credential (and not rely on a single administrative domain for implied authentication)  A culture of sharing resources and data among colleagues needs to be developed  Robustness of underlying grid middleware is being improved – (government investment, private investment) – but improvements are still needed

11 Summary  There is no magic program that takes existing code and makes it work with the grid.  Grid (or cyberinfrastructure) is an evolution of the web Security explicitly addressed Services programming model requires some change to applications  Benefits Utilizing and bridging remote resources is analogous bringing critical knowledge and information to you.

12 GCRC Meeting 2004 Grid Security Philip Papadopoulos

13 What is Grid Security?  Cooperating entities accept a cryptographically secure identification certificate  The certificate uniquely identifies a user or a resource Think of it as a passport  A resource interprets a presented certificate to determine whether access should be granted

14 GSI  GSI – Grid Security Infrastructure  A Certificate Authority creates a grid identity for a user (or resource) X.509 Certificate  A resource provider decides which Certificate Authorities it will trust https websites use Verisign, Thawte, Other Commercial and Private Certificates.  When a user signs on to the grid a time-limited proxy is generated. It is the proxy that is interpreted by a site

15 Simplified Grid Services Client (Requestor ) read rawdata; call.setTargetObjectURI("urn:gtomo-svc") call.setMethodName(“backproject") Call.setParams(“unprocesseddata”,rawdata) Response = invoke(call,http://nbcr.ucsd.edu/gtomo)http://nbcr.ucsd.edu/gtomo result = Response.getReturnValue(); GSI Processed Response 1. client formats request (parameters + security) 2. Provider starts instance of service for client 3. Results returned over net Backproject instance Formatted Request Service Provider http://nbcr.ucsd.edu Grid services leverages web service infrastructure

16 Enable Workflows in a Grid Service-Oriented Environment Interface CCDB Back- project GSI Proxy User Sign on Art/Blobs Osaka U. PACI Resources Ucsd.edu Common Security, discovery, and instantiation framework of Grid services enables construction of complex workflows that crosses domains

17 Pros and Cons of Grid Certificates  X.509 proxies allow us to program workflows and maintain a secure identity This is known as single sign on  User management of certificates can be burdensome Online certificate “banks” can simplify this  Software systems have to be modified to accept certificates for authentication  The certificate is only identity management, deciding what a user can do (authorization) still needs work.  Like any new software, management isn’t 0 But, projects like BIRN are significantly easing this transition

Download ppt "GCRC Meeting 2004 Introduction to the Grid and Security Philip Papadopoulos."

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Distributed Data Processing

Distributed Data Processing
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
ASCR Data Science Centers Infrastructure Demonstration S. Canon, N. Desai, M. Ernst, K. Kleese-Van Dam, G. Shipman, B. Tierney.

ASCR Data Science Centers Infrastructure Demonstration S. Canon, N. Desai, M. Ernst, K. Kleese-Van Dam, G. Shipman, B. Tierney.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.

Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.
Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.

Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.
A Computation Management Agent for Multi-Institutional Grids

A Computation Management Agent for Multi-Institutional Grids
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Chapter Goals Describe client/server and multi-tier application architecture and discuss their advantages compared to centralized applications Explain.

Chapter Goals Describe client/server and multi-tier application architecture and discuss their advantages compared to centralized applications Explain.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.
Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.

Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.
Ch 12 Distributed Systems Architectures

Ch 12 Distributed Systems Architectures
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
2 Systems Architecture, Fifth Edition Chapter Goals Describe client/server and multi-tier application architecture and discuss their advantages compared.

2 Systems Architecture, Fifth Edition Chapter Goals Describe client/server and multi-tier application architecture and discuss their advantages compared.

Similar presentations

Ads by Google