Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts

Slides:

Advertisements

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

Advertisements

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms

Using the Self Service BMC Helpdesk

Request Management Mirror-. A random three day sample of Incidents revealed that about 86% of the registered Incidents were legitimate Requests Many other.

Financial Aid Management System Account Registration and Confirmation.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Smart Connect – Supplier Portal Training Module 2 – Creation of Service Confirmation.

Support.Avaya.Com Richard Schuman – Service Account Manager.

Academic Technology Services The UCLA Grid Portal - Campus Grids and the UC Grid Joan Slottow and Prakashan Korambath Research Computing Technologies UCLA.

Grid Security. Typical Grid Scenario Users Resources.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

AssignPrelim1.1 © 2011 B. Wilkinson/Clayton Ferner. Modification date: Aug 22, 2011 Course Preliminaries.

Distributed Account Management Middleware Glenn Bresnahan (PI), Boston University Steve Quinn (CoPI), NCSA Aaron Fuegi, Boston University Chris Pond, NCSA.

Standards Balloting and Commenting System (SBS) Login, Registration, Validation, and Permissions January 2015.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

TG QM Arlington: GIG User Support Coordination Plan Sergiu Sanielevici, GIG Area Director for User Support Coordination

EPA Postings Workflows There are 3 phases (workflows) in the recruitment process: 1)Creating a Posting 2)Screening and Transitioning.

Network, Operations and Security Area Tony Rimovsky NOS Area Director

IMC service provider bidding steps. Add your Username and Password as shown above.

GRAM: Software Provider Forum Stuart Martin Computational Institute, University of Chicago & Argonne National Lab TeraGrid 2007 Madison, WI.

TeraGrid Plans for Authentication and Authorization Testbed Dane Skow, Argonne National Laboratory Computation Institute Seminar September 28, 2006.

1 INITIAL SETUP OF THE ST ScI ELECTRONIC GRANTS MANAGEMENT SYSTEM BY AO DESIGNEES September, 2000.

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

URL: Contact: Extranet Redesign Guide TGEN EXTRANET– SHAREPOINT.

UFP/CS Update David Hart. Highlights Sept xRAC results POPS Allocations RAT follow-up User News AMIE WebSphere transition Accounting Updates Metrics,

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

© 2008 Pittsburgh Supercomputing Center So you have a TeraGrid Allocation What now?

TRW Code Updates for WCRS Document Activity ERD, EAR and Part Generator Changes August, 2006 TRW Automotive August, 2006 TRW Automotive August, 2006.

TeraGrid CTSS Plans and Status Dane Skow for Lee Liming and JP Navarro OSG Consortium Meeting 22 August, 2006.

1 ACTIVATION OF THE ST ScI ELECTRONIC GRANTS MANAGEMENT SYSTEM BY INSTITUTIONAL AUTHORIZING OFFICIALS January, 2001.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Click to add text Michigan.gov CMS Migration Project User Acceptance Testing August 16 th – September 17th.

Presented by: Tony Rimovsky TeraGrid Account Management Tony Rimovsky, Area Director for Network Operations and Security

TeraGrid NOS Turnover Jeff Koerner Q meeting December 8, 2010.

How to become a Horizon 2020 Evaluator.

NOS Report Jeff Koerner Feb 10 TG Roundtable. Security-wg In Q a total of 11 user accounts and one login node were compromised. The Security team.

User-Facing Projects Update David Hart, SDSC April 23, 2009.

Sponsored by the National Science Foundation Today’s Exercise.

Security Solutions Rachana Ananthakrishnan University of Chicago.

Network, Operations and Security Area Tony Rimovsky NOS Area Director

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

TeraGrid User Portal Eric Roberts. Outline Motivation Vision What’s included? Live Demonstration.

DHHS COE Meeting Agenda February 11, 2010 Welcome Introductions Contract Compliance Reporting Questions and Answers DHHS Open Windows Update.

E2E piPEfitters Eric L. Boyd. 2 Agenda NLANR / DAST Advisor Jim Ferguson John Estabrook OWAMP Jeff Boote SONAR Prototype Deployment Eric Boyd.

Gateway Security Summit, January 28-30, 2008 Welcome to the Gateway Security Summit Nancy Wilkins-Diehr Science Gateways Area Director.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Initiating Teragrid Sessions Raghu Reddy. Outline Motivation Initial Setup –Certificates –Proxies –Grid-map file entries and DNs Softenv for customizing.

The New CERN Mail Services Information for group Administrators Alberto Pace for the Internet Service Group and the Mail Migration Task Force.

A Vision for Core Services 2.0 Core Services 2.0 WG David L. Hart TG Quarterly Meeting, Dec. 7, 2007.

Lindsey Velez, Director of Instructional Technology Single Sign-On One Click.

TeraGrid’s Process for Meeting User Needs. Jay Boisseau, Texas Advanced Computing Center Dennis Gannon, Indiana University Ralph Roskies, University of.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

TeraGrid Software Integration: Area Overview (detailed in 2007 Annual Report Section 3) Lee Liming, JP Navarro TeraGrid Annual Project Review April, 2008.

TeraGrid Accounting System Progress and Plans David Hart July 26, 2007.

Dynamic Accounts: Identity Management for Site Operations Kate Keahey R. Ananthakrishnan, T. Freeman, R. Madduri, F. Siebenlist.

TeraGrid User Portal and Online Presence David Hart, SDSC Area Director, User-Facing Projects and Core Services TeraGrid Annual Review April 6, 2009.

How to complete and submit a Final Report through

Automated Trip Approval

Epilepsy12 round 3 data platform How to re-set your password and update your user profile as a Site Editor/Site Reader after being added as a user by.

Student Introduction to CORE ELMS

E-Invoicing for Network Access Customers

Smart Connect – Supplier Portal Training

A Grid Authorization Model for Science Gateways

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Presentation transcript:

Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts

Motivation A* workshop August 30-31, 2006 –Clear that the process of acquiring and managing a TeraGrid account needs to be restructured –Time and resources it takes to get a new user many different resource accounts has exceeded scalability limits. It has become clear that extending the User Portal to provide account management functionality is of paramount importance in order to effectively scale access to TeraGrid resources. Policy document being written by User Portal group that describes the plan for –reducing the number of accounts per user –eliminating paper snail-mail –utilizing the TeraGrid User Portal as a centralized tool for performing TeraGrid- wide account management.

Current Account Creation and Management For a PI to request a new TeraGrid project and get access to TeraGrid resources they must do the following: 1.PI requests allocation through POPS 2.Allocation gets approved, user(s) vetted 3.New project and accounts are created 1.AMIE packets are sent to the TGCDB and RP sites 2.NCSA creates a portal account for the user immediately 3.An NCSA DN is automatically generated for the user and put into mapfile of TeraGrid MyProxy service as well as propagated to all RP resources for entry in those grid mapfiles. 4.RP’s create local accounts asynchronously (~5 days) 4.Once all accounts are created, the PI is mailed all the user logins 1.The mail packet lists the default usernames and passwords for password enabled systems 2.The PI is responsible for distributing paperwork to co-Pis 3.For systems that require public SSH keys users are instructed to send their public SSH keys to

Proposal Changes proposed are a significant shift from current account management model so we have documented a 3-phase work plan to ensure a smooth, gradual transition Document and timeline are available on wiki: d_Access_Through_the_User_Portal d_Access_Through_the_User_Portal Phase 1 - single signon access using myproxy and gsissh Phase 2 - Migrate all account management to TeraGrid User Portal Phase 3 - Introduce finer grained access through User Portal and eliminate snail mail

Phase 1 Single Sign-on Access to TG Resources Goal –Introduce Single Sign-on Method for accessing TG resources Description –This phase primarily involves writing/updating the documentation on the website/User Portal to provide instructions for users to use myproxy and gsissh for single sign-on ssh access across TG resources User is able to login to any TG resource but only provides username/password once: –User logs into TG system –Execute myproxy-logon to retrieve short lived credential from MyProxy Credential Service This is where the user provides their user portal username and password –Execute gsissh to authenticate to any TG resource where user has an account and an NCSA DN** mapped to that account **NCSA is not a requirement but will be provided to all users by default This process is completely independent from the User Portal!!!

Phase 2 All Account Management Through User Portal Goals –Migrate All Account Management to TeraGrid User Portal –Make portal password resetting easier (more automated) Description –This phase pertains mostly to adding account management capability to the TeraGrid User Portal such that users can handle any and all RP resource account management tasks through a single web interface. changing RP system password propagate an SSH public key propagate a DN to all resources Changes in new account creation process –User receives packet through snail mail immediately (2-3 days after approval) containing only user portal username/password –User receives and manages RP system accounts through User Portal

Phase 3 Eliminate “Snail-Mailing” of Account Information Goal –Introduce trusted and un-trusted User Portal accounts and eliminate snail mail Description –Potential users create untrusted portal account, which has limited access to requesting allocations through POPS –Once allocations approved/user vetted, system account creation process begins and portal account is now trusted –User has full access to User Portal including the account management features introduced in Phase 2 –Add user process modifications Potential user creates untrusted portal account User logs into portal and requests their account be added to a particular project PI/co-PI/allocation manager approves/denies request If approved, portal account becomes trusted and RP account creations begin

Timeline

For More Details… Please send questions and comments to Policy document still in draft form available on wiki: d_Access_Through_the_User_Portal d_Access_Through_the_User_Portal