Scaling NVO Services to the Teragrid Roy Williams Conrad Steenberg Matthew Graham Joe Jacob Ray Plante.

Slides:

Advertisements

Similar presentations

CHEP 2000, Roberto Barbera Roberto Barbera (*) GENIUS: a Web Portal for the GRID Meeting Grid.it, Bologna, (*) work in collaboration.

Advertisements

/ 1 N. Williams Grid Middleware Experiences Nadya Williams OCI Grid Computing, University of Zurich

CSF4 Meta-Scheduler Tutorial 1st PRAGMA Institute Zhaohui Ding or

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.

National Center for Supercomputing Applications MyProxy and NVO or Web SSO for Grid Portals GlobusWorld 2006 Washington, DC, USA September 12, 2006 Mike.

25 April 2005NVO Team Meeting - Tucson1 Interoperable Authentication And Authorization for the VO T HE US N ATIONAL V IRTUAL O BSERVATORY Background: Security.

MyProxy Jim Basney Senior Research Scientist NCSA

Globus Workshop at CoreGrid Summer School 2006 Dipl.-Inf. Hamza Mehammed Leibniz Computing Centre.

Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.

The National Grid Service and OGSA-DAI Mike Mineter

JLab Lattice Portal – Data Grid Web Service Ying Chen, Chip Watson Thomas Jefferson National Accelerator Facility.

Presenter: James Huang Date: Sept. 29,  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.

FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

1 G2 and ActiveSheets Paul Roe QUT Yes Australia!

Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Academic Technology Services The UCLA Grid Portal - Campus Grids and the UC Grid Joan Slottow and Prakashan Korambath Research Computing Technologies UCLA.

Science Gateways on the TeraGrid Von Welch, NCSA (with thanks to Nancy Wilkins-Diehr, SDSC for many slides)

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.

Simo Niskala Teemu Pasanen

Google App Engine Danail Alexiev Technical Trainer SoftAcad.bg.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

National Computational Science National Center for Supercomputing Applications National Computational Science Alliance Setup Package Requirements Jim Basney.

Smart Card Single Sign On with Access Gateway Enterprise Edition

Introduction to UNIX/Linux Exercises Dan Stanzione.

Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.

The CAVES Project Collaborative Analysis Versioning Environment System The CODESH Project COllaborative DEvelopment SHell Dimitri Bourilkov University.

Scaling NVO Services to the Teragrid Roy Williams Conrad Steenberg Craig Miller Matthew Graham Joe Jacob Julian Bunn.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Asynchronous services from NVO Roy Williams Conrad Steenberg Craig Miller Matthew Graham Joe Jacob Julian Bunn.

ArcGIS Server for Administrators

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

Grid Architecture William E. Johnston Lawrence Berkeley National Lab and NASA Ames Research Center (These slides are available at grid.lbl.gov/~wej/Grids)

09/02 ID099-1 September 9, 2002Grid Technology Panel Patrick Dreher Technical Panel Discussion: Progress in Developing a Web Services Data Analysis Grid.

G CITRIXHACKIN. Citrix Presentation Server 4.5 New version is called XenApp/Server Common Deployments Nfuse classic CSG – Citrix Secure Gateway Citrix.

Institute For Digital Research and Education Implementation of the UCLA Grid Using the Globus Toolkit Grid Center’s 2005 Community Workshop University.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.

GCRC Meeting 2004 BIRN Coordinating Center Software Development Vicky Rowley.

SAN DIEGO SUPERCOMPUTER CENTER Inca Control Infrastructure Shava Smallen Inca Workshop September 4, 2008.

25 April 2005NVO Team Meeting - Tucson1 Interoperable Authentication And Authorization for the VO T HE US N ATIONAL V IRTUAL O BSERVATORY Background: Single.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Shell Interface Shell Interface Functions Data. Graphical Interface Graphical Interface Command-line Interface Command-line Interface Experiments Private.

Ad Hoc VO Akylbek Zhumabayev Images. Node Discovery vs. Registration VO Node Resource User discover register Resource.

National Computational Science National Center for Supercomputing Applications National Computational Science Integration of the MyProxy Online Credential.

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

© Geodise Project, University of Southampton, Geodise Middleware Graeme Pound, Gang Xue & Matthew Fairman Summer 2003.

Portals, Services, Interfaces Marlon Pierce Indiana University March 15, 2002.

(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)

SAN DIEGO SUPERCOMPUTER CENTER Welcome to the 2nd Inca Workshop Sponsored by the NSF September 4 & 5, 2008 Presenters: Shava Smallen

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Clarens Toolkit Building Blocks for a Simple TeraGrid Gateway Tutorial Conrad Steenberg Julian Bunn, Matthew Graham, Joseph Jacob, Craig Miller, Roy Williams.

GridShell/Condor: A virtual login Shell for the NSF TeraGrid (How do you run a million jobs on the NSF TeraGrid?) The University of Texas at Austin.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Overview of gLite, the EGEE middleware Mike Mineter Training Outreach Education National.

Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

The LGI Pilot job portal EGI Technical Forum 20 September 2011 Jan Just Keijser Willem van Engen Mark Somers.

Open OnDemand: Open Source General Purpose HPC Portal

Configuring Internet-related services

HACKIN G CITRIX.

Implementing VOSpace 1.0 without Axis

Presentation transcript:

Scaling NVO Services to the Teragrid Roy Williams Conrad Steenberg Matthew Graham Joe Jacob Ray Plante

NESSSI NVO Extensible Secure Scalable Service Infrastructure Services are science-oriented Services are made by trusted developers from the science community Web forms OR command line (Python API) Built-in security (X.509 certificates) Very large jobs can be run Easy to get a certificate No complex install needed by client Different levels of certificate get different service Is installed on Teragrid Services can be part of a workflow

Desired Characteristics of NVO Services Service oriented architecture Services should be easily and quickly deployable and usable on workstations or supercomputers Services deployed, managed, and upgraded by their developers Service developers/deployers are trusted users Service developer acts as a broker between computing customer and computer center Service users authenticated with graduated security Easy to start, but great power is possible Asynchrony for compute intensive jobs Jobs submitted to batch queue Unique sessionID may be used to monitor job & return results From clicking to scripting Services may be accessed by clicking on a web page or with scripted client codes Authentication for web clicking comes from a certificate store Scripted access requires a certificate (strong or weak) straight from the client Services as workflow components A service user may be another service (a computer, not a human!)

A Graduated Security Model Web form - anonymous access, small jobs Some science.... Get NVO weak certificate - access logged, but identity not verified More science.... Full TeraGrid account - browser access Big-iron computing.... Scripted access Power user Portal-Based

Traditional Grid Security client Show us your Certificate! I will do exactly what you want.

Graduated Security client May I have your Request and your Certificate?

This is a US drivers licence. In the US it proves identity strongly. It is like a strong certificate. This is a loyalty card where I buy food. (You can put a false address on the application.) It is like a weak certificate. This is a $50 gift card at a bookstore. It does not prove my identity in any way. It is like an anonymous certificate. Certificates The Virtual Observatory as a Virtual Organization

service implementation web forms python API graduated security certificates certificate chains root certificates proxy certificates proxy certificate chains 2nd level proxy chains xforms secure https redirection teragrid security police caltech security police NCSA security police chown directory ownership NFS root-squashing PBS stdout permissions pubcookie

A proxy is a copy of a certificate with a 24-hour expiry date It is safer than sending the full certificate. A proxy can come from a certificate store released by username/password A proxy can be built with a local tool eg nesssi_proxy_init or globus_proxy_init Proxy Certificates

Web Portal client certificate repository nesssi web portal nesssi node web form SOAP http queue fetch proxy select user account sandbox storage open http certificate policies

Commandline Portal clientnesssi node Teragrid cluster certificate policies queue select user account sandbox storage Secure SOAP certificate open http build proxy

Exercise: Running a Nesssi Service see

The NVO Certificate Authority The NVO now has a certificate authority

Getting an NVO login

The Web Portal

Getting a proxy certificate % cd $NVOSS_HOME % source bin/setup.csh [snip] All set up for the 2006 NVO Summer School. % cd nesssi % java NesssiInit YourUsername YourPassword /tmp/x509up_u501 % ls -l /tmp/x* -rw roy wheel 2231 Sep 1 12:40 /tmp/x509up_u501 web portal command line is this your UID?

SessionID and Sandbox Identify which job we are talking about 32 character hex string eg cb28d0753a7fec9a485981f741d425ec Used to monitor a running job sessionID = nesssiServer.cutout.init() msg = server.cutout.monitor(sessionID) Used to form URL where results appear, eg /clarens/shell/cb/cb28d0753a7fec9a485981f741d425ec/cutouts/index.html If you lose the sessionID, you lose your job

Cutout ux daf5ef52facc68cb03db4b1fdc815 clarens/shell/ 77/774daf5ef52facc68cb03db4b1fdc815 clarens/shell/ 77/774daf5ef52facc68cb03db4b1fdc815 /cutouts/index.html 149.envoy.cacr.calte roy batch C8845cb :00 R -- Monitoring a Nesssi job service name running as this user session ID sandbox URL results URL queue status (R = running)

Example: SleepyAdd nesssiServer=nesssi.client(' # nesssiServer=nesssi.client(' sessionID = nesssiServer.sleepyadd.init() print "Your session ID is", sessionID # Run: sleep 30 seconds then add 52 and 344 nesssiServer.sleepyadd.run(sessionID, "-time 30 -n 52 -m 344") web portal command line

Monitoring the Run Key n is 52 Key m is 344 Key time is 30 Sleeping for 30 seconds Waking up... Sum of 52 and 344 is 396 Sleepyadd ux a3a167a383111c0cbd b8659aa dtf-mgmt1.sds ux dque Ca3a :00 Q --

Mosaic Service nesssiServer=nesssi.client(' mosaic_loc = "-ra dec rawidth 0.5 -decwidth 0.5 -filt f -bgcorr 0" session = nesssiServer.dpossMosaic.mosaic(mosaic_loc) print "Your session ID is %s." % session msg = dbsvr.dpossMosaic.monitor(session) print msg

nesssiServer. dpossMosaic.mosaic ( -ra dec rawidth 0.5 -decwidth 0.5 -filt f -bgcorr 0)

Coadd Service nesssiServer=nesssi.client(' # Initialize the service sessionID = nesssiServer.hyperatlas.init() print "Session id is ", sessionID # Arguments for service, the coaddition to do args = "-bandpass z1 -ra dec rawidth 1.0 -decwidth 1.0"

-bandpass z1 -ra dec rawidth 1.0 -decwidth 1.0

Cutout Service nesssiServer=nesssi.client(' sessionID = nesssiServer.cutout.init() print "Session id is ", sessionID # Upload locations file remoteinputfile = "/shell/%2s/%s/inputfile.xml" % (sessionID[0:2], sessionID) nesssiServer.upload_file(inputfile, remoteinputfile) # Arguments for service, surveys to use and cutout size args = "-surveys PQ:gr,PQ:gi,PQ:z1,PQ:z2,SDSS:r,SDSS:i,SDSS:z,2MASS:k,2MASS:h " args += "-size 64" # Run service nesssiServer.cutout.run(sessionID, args)

Cutout Monitoring

cutouts from Palomar-Quest, SDSS, 2MASS of sources from Veron quasar catalog