Globus Toolkit® 4 Workshop 2 Don’t take our word for it! Read the UK eScience Evaluation of GT4 www.nesc.ac.uk/technical_papers/UKeS-2005-03.pdf (Reachable.

Slides:



Advertisements
Similar presentations
© 2007 Open Grid Forum Data Management Challenge - The View from OGF OGF22 – February 28, 2008 Cambridge, MA, USA Erwin Laure David E. Martin Data Area.
Advertisements

Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.
GT 4 Security Goals & Plans Sam Meder
Data Management Expert Panel - WP2. WP2 Overview.
An Overview of OGSA-DAI Kostas Tourlas
The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.
High Performance Computing Course Notes Grid Computing.
The Globus Toolkit and OMII-Europe Neil Chue Hong EPCC, University of Edinburgh Thanks to Ian Foster and the Globus Team for slides.
GridFTP: File Transfer Protocol in Grid Computing Networks
Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.
A Computation Management Agent for Multi-Institutional Grids
Service Oriented Grid Architecture Hui Li ICT in Business Colloquium, LIACS Mar 1 st, 2006 Note: Part of this presentation is based on Dr. Ian Foster’s.
MTA SZTAKI Hungarian Academy of Sciences Grid Computing Course Porto, January Introduction to Grid portals Gergely Sipos
Seminar Grid Computing ‘05 Hui Li Sep 19, Overview Brief Introduction Presentations Projects Remarks.
Introduction to Globus Toolkit 4
Globus Toolkit 4 hands-on Gergely Sipos, Gábor Kecskeméti MTA SZTAKI
Seminar Grid Computing ‘06 Hui Li Sep 18, Overview Brief Introduction Presentations –Architecture –Functionality/Middleware –Applications Projects.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Data Grids: Globus vs SRB. Maturity SRB  Older code base  Widely accepted across multiple communities  Core components are tightly integrated Globus.
4b.1 Grid Computing Software Components of Globus 4.0 ITCS 4010 Grid Computing, 2005, UNC-Charlotte, B. Wilkinson, slides 4b.
1 GT4 WSRF Core and MDS4 Gabor Kecskemeti MTA SZTAKI, Hungary Univ. Westminster, UK
17 July 2006ISSGC06, Ischia, Italy1 Agenda Session 26 – 14:30-16:00 An Overview of OGSA-DAI OGSA-DAI today – and future features How to extend OGSA-DAI.
Globus Computing Infrustructure Software Globus Toolkit 11-2.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
1 Globus Developments Malcolm Atkinson for OMII SC 18 th January 2005.
Globus 4 Guy Warner NeSC Training.
Includes slides borrowed freely from The Globus team Building Grid Services and The Globus Toolkit ® CISE : Globus Tutorial Anda Iamnitchi.
Kate Keahey Argonne National Laboratory University of Chicago Globus Toolkit® 4: from common Grid protocols to virtualization.
Globus Toolkit® 4 Ian Foster Argonne National Laboratory University of Chicago Univa Corporation.
Core Grid Functions: A Minimal Architecture for Grids William E. Johnston Lawrence Berkeley National Lab and NASA Ames Research Center (www-itg.lbl.gov/~wej)
TeraGrid Information Services John-Paul “JP” Navarro TeraGrid Grid Infrastructure Group “GIG” Area Co-Director for Software Integration and Information.
A Swift Talk about Globus Technology: What Can It Do for Me? OOI Cyberinfrastructure Design Meeting, San Diego, October The Globus Team (presented.
Data Management Kelly Clynes Caitlin Minteer. Agenda Globus Toolkit Basic Data Management Systems Overview of Data Management Data Movement Grid FTP Reliable.
OPEN GRID SERVICES ARCHITECTURE AND GLOBUS TOOLKIT 4
Globus Data Replication Services Ann Chervenak, Robert Schuler USC Information Sciences Institute.
USC Viterbi School of Engineering Web and Grid Services Slides taken from a variety of sources: GT4 tutorial, by Borja Sotomayor
GRAM: Software Provider Forum Stuart Martin Computational Institute, University of Chicago & Argonne National Lab TeraGrid 2007 Madison, WI.
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
Grid Resource Allocation and Management (GRAM) Execution management Execution management –Deployment, scheduling and monitoring Community Scheduler Framework.
1 Grid Security. 2 Grid Security Concerns Control access to shared services –Address autonomous management, e.g., different policy in different work groups.
GRAM5 - A sustainable, scalable, reliable GRAM service Stuart Martin - UC/ANL.
ChinaGrid Experience with GT4 Hai Jin Huazhong University of Science and Technology
CSF4 Meta-Scheduler Name: Zhaohui Ding, Xiaohui Wei
Grid Services Overview & Introduction Ian Foster Argonne National Laboratory University of Chicago Univa Corporation OOSTech, Baltimore, October 26, 2005.
CYBERINFRASTRUCTURE FOR THE GEOSCIENCES Data Replication Service Sandeep Chandra GEON Systems Group San Diego Supercomputer Center.
OGSA-DAI in OMII-Europe Neil Chue Hong EPCC, University of Edinburgh.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.
Wide Area Data Replication for Scientific Collaborations Ann Chervenak, Robert Schuler, Carl Kesselman USC Information Sciences Institute Scott Koranda.
Mike Jackson EPCC OGSA-DAI Architecture + Extensibility OGSA-DAI Tutorial GGF17, Tokyo.
Amy Krause EPCC OGSA-DAI An Overview OGSA-DAI Technology Update GGF17, Tokyo (Japan)
Information Services Andrew Brown Jon Ludwig Elvis Montero grid:seminar1:lectures:seminar-grid-1-information-services.ppt.
Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,
What do we mean by the Grid and e-research? An overview of some key aspects and technologies in 30 minutes Jennifer M. Schopf UK National eScience Centre.
6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.
Rights Management in Globus Data Services Ann Chervenak, ISI/USC Bill Allcock, ANL/UC.
Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.
Carl Kesselman Information Sciences Institute University of Southern California Univa Corporation Grid MasterClass.
Ian Foster Computation Institute Argonne National Lab & University of Chicago Application Hosting Services — Enabling Science 2.0 —
DataGrid is a project funded by the European Commission EDG Conference, Heidelberg, Sep 26 – Oct under contract IST OGSI and GT3 Initial.
The GT 4 GRAM Service Sam Meder Middleware Workshop.
A System for Monitoring and Management of Computational Grids Warren Smith Computer Sciences Corporation NASA Ames Research Center.
Preservation Data Services Persistent Archive Research Group Reagan W. Moore October 1, 2003.
Amy Krause EPCC OGSA-DAI An Overview OGSA-DAI on OMII 2.0 OMII The Open Middleware Infrastructure Institute NeSC,
Parallel Computing Globus Toolkit – Grid Ayaka Ohira.
Dynamic Accounts: Identity Management for Site Operations Kate Keahey R. Ananthakrishnan, T. Freeman, R. Madduri, F. Siebenlist.
Globus Toolkit 4: Current Status and Futures Stuart Martin Argonne National Lab.
Presentation transcript:

Globus Toolkit® 4 Workshop

2 Don’t take our word for it! Read the UK eScience Evaluation of GT4 (Reachable from under “News”)

3 Overview l Part I u GT4 introduction and status: Ian u OGSA-DAI status: Neil Chue Hong u Discussion l Part II u NAREGI experiences: Satoshi Matsuoka u China Grid experiences: Hai Jin u Intel experiences: Ravi Subramaniam u TeraGrid experiences: Dane Skow u Globus Roadmap & GlobDev process: Ian u Discussion

4 R R R R R R R R R R Virtual Organizations Distributed resources and people Linked by networks, crossing admin domains Sharing resources, common goals Dynamic VO-B VO-A R R R R

5 R R R R R R R R R R R R VO-B Virtual Organizations Distributed resources and people Linked by networks, crossing admin domains Sharing resources, common goals Dynamic Fault tolerant

6 The Role of the Globus Toolkit l A collection of solutions to problems that come up frequently when building collaborative distributed applications l Heterogeneity u A focus, in particular, on overcoming heterogeneity for application developers l Standards u We capitalize on and encourage use of existing standards (IETF, W3C, OASIS, GGF) u GT also includes reference implementations of new/proposed standards in these organizations

7 Grid Infrastructure l Distributed management u Of physical resources u Of software services u Of communities and their policies l Unified treatment u Build on Web Services framework u Use WS-RF, WS-Notification (or WS-Transfer/Man??) to represent/access state u Common management abstractions & interfaces

8 A Typical eScience Use of Globus: Network for Earthquake Eng. Simulation Links instruments, data, computers, people

9 Without the Globus Toolkit Web Browser Compute Server Data Catalog Data Viewer Tool Certificate authority Chat Tool Credential Repository Web Portal Compute Server Resources implement standard access & management interfaces Collective services aggregate &/or virtualize resources Users work with client applications Application services organize VOs & enable access to other services Database service Database service Database service Simulation Tool Camera Telepresence Monitor Registration Service A B C D E Application Developer 10 Off the Shelf 12 Globus Toolkit 0 Grid Community 0

10 With the Globus Toolkit Web Browser Compute Server Globus MCS/RLS Data Viewer Tool Certificate Authority CHEF Chat Teamlet MyProxy CHEF Compute Server Resources implement standard access & management interfaces Collective services aggregate &/or virtualize resources Users work with client applications Application services organize VOs & enable access to other services Database service Database service Database service Simulation Tool Camera Telepresence Monitor Globus Index Service Globus GRAM Globus DAI Application Developer 2 Off the Shelf 9 Globus Toolkit 4 Grid Community 4

11 The Globus Toolkit: “Standard Plumbing” for the Grid l Not turnkey solutions, but building blocks & tools for application developers & system integrators u Some components (e.g., file transfer) go farther than others (e.g., remote job submission) toward end-user relevance l Easier to reuse than to reinvent u Compatibility with other Grid systems comes for free l Today the majority of the GT public interfaces are usable by application developers and system integrators u Relatively few end-user interfaces u In general, not intended for direct use by end users (scientists, engineers, marketing specialists)

12 Globus is Open Source Grid Infrastructure l Implement key Web services standards u State, notification, security, … l Software for Grid infrastructure u Service-enable new & existing resources u E.g., GRAM on computer, GridFTP on storage system, custom application services u Uniform abstractions & mechanisms l Tools to build applications that exploit Grid infrastructure u Registries, security, data management, … l Enabler of a rich tool & service ecosystem

13 The Globus Toolkit is a Collection of Components l A set of loosely-coupled components, with: u Services and clients u Libraries u Development tools l GT components are used to build Grid- based applications and services u GT can be viewed as a Grid SDK l GT components can be categorized across two different dimensions u By broad domain area u By protocol support

14 GT Domain Areas l Core runtime u Infrastructure for building new services l Security u Apply uniform policy across distinct systems l Execution management u Provision, deploy, & manage services l Data management u Discover, transfer, & access large data l Monitoring u Discover & monitor dynamic services

15 GT Protocols l Web service protocols u WSDL, SOAP u WS Addressing, WSRF, WSN u WS Security, SAML, XACML u WS-Interoperability profile l Non Web service protocols u Standards-based, such as GridFTP u Custom

16 “Stateless” vs. “Stateful” Services l Without state, how does client: u Determine what happened (success/failure)? u Find out how many files completed? u Receive updates when interesting events arise? u Terminate a request? l Few useful services are truly “stateless”, but WS interfaces alone do not provide built-in support for state Client FileTransfer Service move (A to B) move

17 FileTransferService (without WSRF) l Developer reinvents wheel for each new service u Custom management and identification of state: transferID u Custom operations to inspect state synchronously (whatHappen) and asynchronously (tellMeWhen) u Custom lifetime operation (cancel) Client FileTransfer Service move (A to B) : transferID move state whatHappen tellMeWhen cancel

18 WSRF in a Nutshell l Service l State representation u Resource u Resource Property l State identification u Endpoint Reference l State Interfaces u GetRP, QueryRPs, GetMultipleRPs, SetRP l Lifetime Interfaces u SetTerminationTime u ImmediateDestruction l Notification Interfaces u Subscribe u Notify l ServiceGroups RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR

19 FileTransferService (w/ WSRF) l Developer specifies custom method to createResource and leaves the rest to WSRF standards: u State exposed as Resource + Resource Properties and identified by Endpoint Reference (EPR) u State inspected by standard interfaces (GetRP, QueryRPs) u Lifetime management by standard interfaces (Destroy) Client FileTransferService createResource (A to B) : EPR createResource RPs Transfer getRP queryRPs destroy

Data MgmtSecurity Common Runtime Execution Mgmt Info Services Non-WS Components Pre-WS Authentication Authorization GridFTP C Common Libraries Globus Toolkit version 2 (GT2) Grid Resource Alloc. Mgmt (GRAM) Monitoring & Discovery (MDS) Web Services Components

Data MgmtSecurity Common Runtime Execution Mgmt Info Services Web Services Components Non-WS Components Pre-WS Authentication Authorization GridFTP C Common Libraries WS Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Alloc. Mgmt (WS GRAM) MDS3 Java WS Core Community Authorization Replica Location eXtensible IO (XIO) Globus Toolkit version 3 (GT3) Grid Resource Alloc. Mgmt (GRAM) Monitoring & Discovery (MDS)

Data MgmtSecurity Common Runtime Execution Mgmt Info Services Web Services Components Non-WS Components Pre-WS Authentication Authorization GridFTP Pre-WS Grid Resource Alloc. & Mgmt Pre-WS Monitoring & Discovery C Common Libraries Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Java WS Core Community Authorization Replica Location eXtensible IO (XIO) Credential Mgmt Community Scheduling Framework Delegation Globus Toolkit version 4 (GT4) Data Replication Trigger C WS Core Python WS Core WebMDS Workspace Management Grid Telecontrol Protocol Contrib/ Preview Core Depre- cated

23 Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt Globus Toolkit: Open Source Grid Infrastructure I. Foster, Globus Toolkit Version 4: Software for Service-Oriented Systems, LNCS 3779, 2-13, 2005

was not a typical “.0” release, but the culmination of months of testing CVS trunk Stable release branch Development release Stable release

25 Our Goals for GT4 l Usability, reliability, scalability, … u Web service components have quality equal or superior to pre-WS components u Documentation at acceptable quality level l Consistency with latest standards (WS-*, WSRF, WS-N, etc.) and Apache platform u WS-I Basic Profile compliant u WS-I Basic Security Profile compliant l New components, platforms, languages u And links to larger Globus ecosystem

26 Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt Globus Toolkit: Open Source Grid Infrastructure I. Foster, Globus Toolkit Version 4: Software for Service-Oriented Systems, LNCS 3779, 2-13, 2005

27 GT4 Web Services Runtime l Supports both GT (GRAM, RFT, Delegation, etc.) & user-developed services l Redesign to enhance scalability, modularity, performance, usability l Leverages existing WS standards u WS-I Basic Profile: WSDL, SOAP, etc. u WS-Security, WS-Addressing l Adds support for emerging WS standards u WS-Resource Framework, WS-Notification l Java, Python, & C hosting environments u Java is standard Apache

28 GT4 WS Core in a Nutshell RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR Implementation of WSRF: Resources, EndpointReferences, ResourceProperties Operation Providers: pre-build implementations of WSRF operations Notification implementation: Topics, TopicSet, Embedded Notification Consumer service Implementations of Resources (ReflectionResource, PersistentReflectionResource) and ResourceProperties (SimpleResourceProperty, ReflectionResourceProperty)

29 GT4 WS Core in a Nutshell RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome ResourceHome: The home “owns” the Resource instances in the service SingletonResourceHome: manages single instance of Resource ServiceResourceHome: for services that support a single Resource instance ResourceHomeImpl: manages multiple Resource instances. Supports resources with in- memory state and resources with persistent (on disk) state

30 Service Container GT4 WS Core in a Nutshell RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome Service Container: host multiple services in container; one JVM process …more details: based on AXIS service container, processes SOAP messages, ResourceContext extension.

31 Service Container GT4 WS Core in a Nutshell RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome Secure Communication: Transport, Message, Conversation (Transport demonstrates best performance) PIP PDP Configurable Security Policies: Policy Information Points (PIPs), Policy Decision Points (PDP) -- chained Example authorization PDPs: GridMap, SAML implementations, XACML policies

32 Service Container GT4 WS Core in a Nutshell RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome PIP PDP WorkManagerDB Conn Pool JNDI Directory WorkManager: “thread pool”, site independent “work” manager Apache Database Connection Pool library (JDBC “DataSource” implementation) JNDI Directory: manages internal, shared objects (ResourceHomes, WorkManager, Configuration objects,…)

33 Apache Tomcat Service Container GT4 WS Core in a Nutshell RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR ResourceHome PIP PDP WorkManagerDB Conn Pool JNDI Directory Deploy Service Container “standalone” or within Apache Tomcat

34 Custom Web Services WS-Addressing, WSRF, WS-Notification Custom WSRF Web Services GT4 WSRF Web Services WSDL, SOAP, WS-Security User Applications Registry Administration GT4 Container GT4 Web Services Runtime

35 Stateful Entities Registry Service requestor (e.g., user application) Factory service Create Stateful Entity State Address Resource allocation Register Stateful Entity Discovery Interactions standardized using WSDL and SOAP State inspection Lifetime mgmt Notifications Authentication & Authorization are applied to all requests Modeling State in Web Services

36 WSRF & WS-Notification l Naming and bindings (basis for virtualization) u Every resource can be uniquely referenced, and has one or more associated services for interacting with it l Lifecycle (basis for fault resilient state mgmt) u Resources created by services following factory pattern u Resources destroyed immediately or scheduled l Information model (basis for monitoring, discovery) u Resource properties associated with resources u Operations for querying and setting this info u Asynchronous notification of changes to properties l Service groups (basis for registries, collective svcs) u Group membership rules & membership management l Base Fault type

37 WSRF/WSNs Compared (HPDC 2005) GT4-JavaGT4-CpyGridWareWSRF::LiteWSRF.NET Languages supportedJavaCPythonPerlC#/C++/VBasic, etc. WS-Security password profileYesNoIn progress Yes WS-Security X.509 profileYesIn progressYesIn progressYes WS-SecureConversationYesNoYesNoYes TLS/SSLYes AuthorizationMultiple CalloutNone Persistence of WS-ResourcesYesNot defaultYes Memory FootprintJVM + 10M22 KB12 MB Depends Memory size per WS-Resource Depends on resource state 70B Depends on resource state 0 (file/DB) or 10B (process) Depends on resource state Unmodified hosting environmentYesNoYesYes (Apache)Yes Compliance with WS-I Basic Profile Yes In progressYes Compliance with WS-I Basic Security Profile Yes NoYes LoggingLog4JYes WSE diagnostics WS-ResourceLifetimeYes WS-ResourcePropertiesYes WS-ServiceGroupYes WS-BaseFaultsYes WS-BaseNotificationYesConsumerYesNoYes WS-BrokeredNotificationPartialNo Yes WS-TopicsPartial NoPartial

38 GetRP Test Distributed client and service on same LAN (times in milliseconds) GT4 - JavaGT4 - C pyGridWareWSRF::LiteWSRF.NET No Security GT4 - JavaGT4 - C pyGridWareWSRF::LiteWSRF.NET GT4 - JavaGT4 - C pyGridWareWSRF::LiteWSRF.NET X509 SigningHTTPS N/A

39 GT4 WS Core Performance GT4 JavaGT4 CGT4 PythonWSRF.NET GetRP SetRP CreateR DestroyR Notify219.51N/A GT4 JavaGT4 CGT4 PythonWSRF.NET getRP setRP createR destroyR Notify (1) Message-level security (times in milliseconds) (2) Transport-level security (times in milliseconds) “WSRF/WSNs Compared,” HPDC 2005.

40 Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt Globus Toolkit: Open Source Grid Infrastructure I. Foster, Globus Toolkit Version 4: Software for Service-Oriented Systems, LNCS 3779, 2-13, 2005

41 Globus Security l Control access to shared services u Address autonomous management, e.g., different policy in different work-groups l Support multi-user collaborations u Federate through mutually trusted services u Local policy authorities rule l Allow users and application communities to set up dynamic trust domains u Personal/VO collection of resources working together based on trust of user/VO

42 Virtual Organization (VO) Concept l VO for each application or workload l Carve out and configure resources for a particular use and set of users

43 GT4 Security VO Rights Users Rights’ Compute Center Access Services (running on user’s behalf) Rights Local policy on VO identity or attribute authority CAS or VOMS issuing SAML or X.509 ACs SSL/WS-Security with Proxy Certificates Authz Callout: SAML, XACML KCA MyProxy

44 GT4 Security l Public-key-based authentication l Extensible authorization framework based on Web services standards u SAML-based authorization callout l As specified in GGF OGSA-Authz WG u Integrated policy decision engine l XACML policy language, per-operation policies, pluggable l Credential management service u MyProxy (One time password support) l Community Authorization Service l Standalone delegation service

45 GT4’s Use of Security Standards Supported, Supported, Fastest, but slow but insecure so default

46 GT-XACML Integration l eXtensible Access Control Markup Language u OASIS standard, open source implementations l XACML: sophisticated policy language l Globus Toolkit ships with XACML runtime u Included in every client and server built on GT u Turned-on through configuration l … that can be called transparently from runtime and/or explicitly from application … l … and we use the XACML-”model” for our Authz Processing Framework

47 GT Authorization Framework

48 Other Security Services Include … l MyProxy u Simplified credential management u Web portal integration u Single-sign-on support l KCA & kx.509 u Bridging into/out-of Kerberos domains l SimpleCA u Online credential generation l PERMIS u Authorization service callout

49 Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt Globus Toolkit: Open Source Grid Infrastructure I. Foster, Globus Toolkit Version 4: Software for Service-Oriented Systems, LNCS 3779, 2-13, 2005

50 GT4 Data Management l Stage/move large data to/from nodes u GridFTP, Reliable File Transfer (RFT) u Alone, and integrated with GRAM l Locate data of interest u Replica Location Service (RLS) l Replicate data for performance/reliability u Distributed Replication Service (DRS) l Provide access to diverse data sources u File systems, parallel file systems, hierarchical storage: GridFTP u Databases: OGSA DAI

51 GridFTP in GT4 l 100% Globus code u No licensing issues u Stable, extensible l IPv6 Support l XIO for different transports l Striping  multi-Gb/sec wide area transport u 27 Gbit/s on 30 Gbit/s link l Pluggable u Front-end: e.g., future WS control channel u Back-end: e.g., HPSS, cluster file systems u Transfer: e.g., UDP, NetBLT transport Disk-to-disk on TeraGrid

52 Reliable File Transfer: Third Party Transfer RFT Service RFT Client SOAP Messages Notifications (Optional) Data Channel Protocol Interpreter Master DSI Data Channel Slave DSI IPC Receiver IPC Link Master DSI Protocol Interpreter Data Channel IPC Receiver Slave DSI Data Channel IPC Link GridFTP Server l Fire-and-forget transfer l Web services interface l Many files & directories l Integrated failure recovery l Has transferred 900K files

53 Replica Location Service l Identify location of files via logical to physical name map l Distributed indexing of names, fault tolerant update protocols l GT4 version scalable & stable l Managing ~40 million files across ~10 sites Index Local DB Update send (secs) Bloom filter (secs) Bloom filter (bits) 10K<121 M M 5 M M

54  Cardiff AEI/Golm Birmingham Reliable Wide Area Data Replication Replicating >1 Terabyte/day to 8 sites >30 million replicas so far MTBF = 1 month LIGO Gravitational Wave Observatory

55 OGSA-DAI l Provide service-based access to structured data resources as part of Globus l Specify a selection of interfaces tailored to various styles of data access—starting with relational and XML

56 MySQL OGSA-DAI service Engine SQLQuery JDBC Data Resources Activities DB2 The OGSA-DAI Framework GZipGridFTPXPath XMLDB XIndice readFile File SWISS PROT XSLT SQL Server Data- bases Application Client Toolkit

57 MySQL OGSA-DAI service Engine SQLQuery JDBC SQL JDBC SQL JDBC SQL JDBC SQL JDBC Multiple SQL GDS SQLQuery Extensibility Example

58 OGSA-DAI: A Framework for Building Applications l Supports data access, insert and update u Relational: MySQL, Oracle, DB2, SQL Server, Postgres u XML: Xindice, eXist u Files – CSV, BinX, EMBL, OMIM, SWISSPROT,… l Supports data delivery u SOAP over HTTP u FTP; GridFTP u u Inter-service l Supports data transformation u XSLT u ZIP; GZIP l Supports security u X.509 certificate based security

59 OGSA-DAI: Other Features l A framework for building data clients u Client toolkit library for application developers l A framework for developing functionality u Extend existing activities, or implement your own u Mix and match activities to provide functionality you need l Highly extensible u Customise our out-of-the-box product u Provide your own services, client-side support, and data-related functionality

60 Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt Globus Toolkit: Open Source Grid Infrastructure I. Foster, Globus Toolkit Version 4: Software for Service-Oriented Systems, LNCS 3779, 2-13, 2005

61 Execution Management (GRAM) l Common WS interface to schedulers u Unix, Condor, LSF, PBS, SGE, … l More generally: interface for process execution management u Lay down execution environment u Stage data u Monitor & manage lifecycle u Kill it, clean up l A basis for application-driven provisioning

62 GT4 WS GRAM l 2nd-generation WS implementation optimized for performance, flexibility, stability, scalability l Streamlined critical path u Use only what you need l Flexible credential management u Credential cache & delegation service l GridFTP & RFT used for data operations u Data staging & streaming output u Eliminates redundant GASS code

63 GRAM services GT4 Java Container GRAM services Delegation RFT File Transfer request GridFTP Remote storage element(s) Local scheduler User job Compute element GridFTP sudo GRAM adapter FTP control Local job control Delegate FTP data Client Job functions Delegate Service host(s) and compute element(s) GT4 WS GRAM Architecture SEG Job events

64 GRAM services GT4 Java Container GRAM services Delegation RFT File Transfer request GridFTP Remote storage element(s) Local scheduler User job Compute element GridFTP sudo GRAM adapter FTP control Local job control Delegate FTP data Client Job functions Delegate Service host(s) and compute element(s) GT4 WS GRAM Architecture SEG Job events Delegated credential can be: Made available to the application

65 GRAM services GT4 Java Container GRAM services Delegation RFT File Transfer request GridFTP Remote storage element(s) Local scheduler User job Compute element GridFTP sudo GRAM adapter FTP control Local job control Delegate FTP data Client Job functions Delegate Service host(s) and compute element(s) GT4 WS GRAM Architecture SEG Job events Delegated credential can be: Used to authenticate with RFT

66 GRAM services GT4 Java Container GRAM services Delegation RFT File Transfer request GridFTP Remote storage element(s) Local scheduler User job Compute element GridFTP sudo GRAM adapter FTP control Local job control Delegate FTP data Client Job functions Delegate Service host(s) and compute element(s) GT4 WS GRAM Architecture SEG Job events Delegated credential can be: Used to authenticate with GridFTP

67 WS GRAM Performance l Time to submit a basic GRAM job u Pre-WS GRAM: < 1 second u WS GRAM: 2 seconds l Concurrent jobs u Pre-WS GRAM: 300 jobs u WS GRAM: 32,000 jobs l Various studies are underway to test latest software

68 Workspace Service: The Hosted Activity Policy Client Environment Activity Allocate/provision Configure Initiate activity Monitor activity Control activity Interface Resource provider

69 Virtual OSG Clusters OSG cluster Xen hypervisors TeraGrid cluster OSG

70 Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt Globus Toolkit: Open Source Grid Infrastructure I. Foster, Globus Toolkit Version 4: Software for Service-Oriented Systems, LNCS 3779, 2-13, 2005

71 Monitoring and Discovery l “Every service should be monitorable and discoverable using common mechanisms” u WSRF/WSN provides those mechanisms l A common aggregator framework for collecting information from services, thus: u MDS-Index: Xpath queries, with caching u MDS-Trigger: perform action on condition u (MDS-Archiver: Xpath on historical data) l Deep integration with Globus containers & services: every GT4 service is discoverable u GRAM, RFT, GridFTP, CAS, …

72 GT4 Container GT4 Monitoring & Discovery GRAMUser MDS- Index GT4 Cont. RFT MDS- Index GT4 Container MDS- Index GridFTP adapter Registration & WSRF/WSN Access Custom protocols for non-WSRF entities Clients (e.g., WebMDS) Automated registration in container WS-ServiceGroup

73 Information Providers l GT4 information providers collect information from some system and make it accessible as WSRF resource properties l Growing number of information providers u Ganglia, CluMon, Nagios u SGE, LSF, OpenPBS, PBSPro, Torque l Many opportunities to build additional ones u E.g., network monitoring, storage systems, various sensors

74 Java Services in Apache Axis Plus GT Libraries and Handlers Your Java Service Your Python Service Your Java Service RFT GRAM Delegation Index Trigger Archiver pyGlobus WS Core Your C Service C WS Core RLS Pre-WS MDS CAS Pre-WS GRAM SimpleCAMyProxy OGSA-DAI GTCP GridFTP C Services using GT Libraries and Handlers SERVER CLIENT Interoperable WS-I-compliant SOAP messaging Your Java Client Your C Client Your Python Client Your Java Client Your C Client Your Python Client Your Java Client Your C Client Your Python Client Your Java Client Your C Client Your Python Client X.509 credentials = common authentication Python hosting, GT Libraries GT4 Summary

GT4 Documentation is Much Improved!

76 The Globus Commitment to Open Source l Globus was first established as an open source project in 1996 l The Globus Toolkit is open source to: u allow for inspection l for consideration in standardization processes u encourage adoption l in pursuit of ubiquity and interoperability u encourage contributions l harness the expertise of the community l The Globus Toolkit is distributed under the (BSD-style) Apache License version 2

77 The Future: Structure l NSF Community Driven Improvement of Globus Software (CDIGS) project u 5 years of funding for GT enhancement u Regular Globus roadmaps outlining plans l GlobDevhttp://dev.globus.org u Apache-like community development site u Community governance of components u “Globus Toolkit” & other related software u Open for business early 2006 u “Globus Alliance” = “GlobDev committers”

78 GlobDev l The current set of Globus components will be organized into several “Globus Projects” u Projects release products l Each project will have its own group of “Committers” u committers are responsible for governance on matters relating to their products l The “Globus Management Committee” will u provide overall guidance and conflict resolution u approve the creation of new Globus Projects

Guidelines (Apache) Infrastructure (CVS, , bugzilla, Wiki) Projects Include … GlobDev

80 The Future: Content l We now have a solid and extremely powerful Web services base l Next, we will build an expanded open source Grid infrastructure u Virtualization u New services for provisioning, data management, security, VO management u End-user tools for application development u Etc., etc. l And of course responding to user requests for other short-term needs

81 Short-Term Priorities: Security l Improve GSI error reporting & diagnostics l Secure password, one-time password, Kerberos support for initial log on l Trust roots, use of GridLogon l Identity/attribute assertions in GT auth. callouts (e.g., Shib, PERMIS, VOMS, SAML) l Extend CAS admin & policy support l Security logging with management control for audit purposes

82 Short-Term Priorities: Data Management l Space & bandwidth management in GridFTP l Concurrency in globus-url-copy l Priorities in RFT l Data replication service l Enhance policy support in data services l Physical file name creation service l Scalable & distributed metadata manager

83 Short-Term Priorities: Execution Management l Implement GGF JSDL once finalized l Advance reservation support l Policy-driven restart of “persistent” jobs l Improved information collection for jobs l Improved management of job collections l Credential refresh l Development of workspace service l Integration of virtual machines (Xen, VMware) and associated services l Windows port of WS GRAM

84 Short-Term Priorities: Information Services l Many more information sources, including gateways to other systems l Automated configuration of monitoring l Specialized monitoring displays l Performance optimization of registry l Archiver service l Helper tools to streamline integration of new information sources

85 Short-Term Priorities: WS Core l Streamlined container configuration l Remote management interface l Dynamic service deployment l Service isolation: multiple service instances l WS-Notification, subscription performance l Full functionality in C WS Core l Optimized WS-ServiceGroup support l WS-SecureConversation support

86 What to Expect from the Globus Alliance in the Coming Months l Support for users of GT4 u Working to make sure the toolkit meets user needs u Answering questions on the mailing lists u Further improving documentation l Normal evolution of performance, scalability and feature enhancements l Further development of tools and services in support of VOs l Expanding contributions to Globus

87 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future directions l Related tools

88 The Globus Ecosystem l Globus components address core issues relating to resource access, monitoring, discovery, security, data movement, etc. u GT4 being the latest version l A larger Globus ecosystem of open source and proprietary components provide complementary components u A growing list of components l These components can be combined to produce solutions to Grid problems u We’re building a list of such solutions

89 Many Tools Build on, or Can Contribute to, GT4-Based Grids l Condor-G, DAGman l MPICH-G2 l GRMS l Nimrod-G l Ninf-G l Open Grid Computing Env. l Commodity Grid Toolkit l GriPhyN Virtual Data System l Virtual Data Toolkit l GridXpert Synergy l Platform Globus Toolkit l VOMS l PERMIS l GT4IDE l Sun Grid Engine l PBS scheduler l LSF scheduler l GridBus l TeraGrid CTSS l NEES l IBM Grid Toolbox l …

90 Documenting The Grid Ecosystem The Grid Ecosystem: Software Components for Grid Systems And Applications

91 Example Solutions l Portal-based User Reg. System (PURSE) l VO Management Registration Service l Service Monitoring Service l TeraGrid TGCP Tool l Lightweight Data Replicator l GriPhyN Virtual Data System

92 Tells Us About Your Grid Tools & Solutions l We list links to related projects on the “Related Software” of the Globus Toolkit web l “Solutions” are documented on the Globus web l If we’ve got details wrong or you have a GT4-related tool to list on our website, please send mail to

93 Globus Toolkit v4 Components Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 Credential Mgmt I. Foster, Globus Toolkit Version 4: Software for Service-Oriented Systems, LNCS 3779, 2-13, 2005

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.