Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.

Slides:



Advertisements
Similar presentations
DataTAG WP4 Meeting CNAF Jan 14, 2003 Interfacing AliEn and EDG 1/13 Stefano Bagnasco, INFN Torino Interfacing AliEn to EDG Stefano Bagnasco, INFN Torino.
Advertisements

Lousy Introduction into SWITCHaai
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Grid Tech Team Certificates, Monitoring, & Firewall September 15, 2003 Chiang Mai, Thailand Allan Doyle, NASA With the help of the entire Grid Tech Team.
Andrew McNab - Manchester HEP - 15 February 2002 Testbed Release in the UK EDG Testbed 1 GridPP sources of information GridPP VO GIIS and Resource Broker.
30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
S.L.LloydATSE e-Science Visit April 2004Slide 1 GridPP – A UK Computing Grid for Particle Physics GridPP 19 UK Universities, CCLRC (RAL & Daresbury) and.
1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.
GridPP July 2003Stefan StonjekSlide 1 SAM middleware components Stefan Stonjek University of Oxford 7 th GridPP Meeting 02 nd July 2003 Oxford.
Security middleware Andrew McNab University of Manchester.
WP2: Data Management Gavin McCance University of Glasgow November 5, 2001.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
Tony Doyle - University of Glasgow GridPP EDG - UK Contributions Architecture Testbed-1 Network Monitoring Certificates & Security Storage Element R-GMA.
GridPP Meeting, Cambridge, 15 Feb 2002 Paul Mealor, UCL UCL Testbed 1 status report Paul Mealor.
Andrew McNab - Manchester HEP - 10 May 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –What are other sites doing? –What are.
Partner Logo Tier1/A and Tier2 in GridPP2 John Gordon GridPP6 31 January 2003.
User Board - Supporting Other Experiments Stephen Burke, RAL pp Glenn Patrick.
Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.
Partner Logo UK GridPP Testbed Rollout John Gordon GridPP 3rd Collaboration Meeting Cambridge 15th February 2002.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 24 May 2001 WorkGroup H: Software Support Both middleware and application support Installation tools and expertise Communication.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
12th September 2002Tim Adye1 RAL Tier A Tim Adye Rutherford Appleton Laboratory BaBar Collaboration Meeting Imperial College, London 12 th September 2002.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
22-Apr-02D.P.Kelsey, Security, UKHEP Sysman1 Grid Security 22 Apr 2002 UK HEP Sysman Meeting David Kelsey CLRC/RAL, UK
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Andrew McNab - Manchester HEP - 22 April 2002 UK Rollout and Support Plan Aim of this talk is to the answer question “As a site admin, what are the steps.
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
5 November 2001F Harris GridPP Edinburgh 1 WP8 status for validating Testbed1 and middleware F Harris(LHCb/Oxford)
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.
Andrew McNabETF Firewall Meeting, NeSC, 5 Nov 2002Slide 1 Firewall issues for Globus 2 and EDG Andrew McNab High Energy Physics University of Manchester.
Author - Title- Date - n° 1 Partner Logo EU DataGrid, Work Package 5 The Storage Element.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
First attempt for validating/testing Testbed 1 Globus and middleware services WP6 Meeting, December 2001 Flavia Donno, Marco Serra for IT and WPs.
Security monitoring boxes Andrew McNab University of Manchester.
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
Andrew McNab - Grid HTTP/HTTPS extensions Grid HTTP/HTTPS extensions 18 November 2002 Andrew McNab, University of Manchester
GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.
Andrew McNab - Manchester HEP - 11 May 2001 Packaging / installation Ready to take globus from prerelease to release. Alex has prepared GSI openssh.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Jens G Jensen RAL, EDG WP5 Storage Element Overview DataGrid Project Conference Heidelberg, 26 Sep-01 Oct 2003.
2-Sep-02Steve Traylen, RAL WP6 Test Bed Report1 RAL and UK WP6 Test Bed Report Steve Traylen, WP6
Andrew McNab - Manchester HEP - 17 September 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –“How much of the Testbed has.
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.
GRID Security & DIRAC A. Casajus R. Graciani A. Tsaregorodtsev.
Security Middleware Andrew McNab University of Manchester.
Andrew McNab - HTTP/HTTPS extensions HTTP/HTTPS as Grid data transport 6 March 2003 Andrew McNab, University of Manchester
LHCb Grid MeetingLiverpool, UK GRID Activities Glenn Patrick Not particularly knowledgeable-just based on attending 3 meetings.  UK-HEP.
INFSO-RI Enabling Grids for E-sciencE File Transfer Software and Service SC3 Gavin McCance – JRA1 Data Management Cluster Service.
J Jensen / WP5 /RAL UCL 4/5 March 2004 GridPP / DataGrid wrap-up Mass Storage Management J Jensen
Third Party Transfers & Attribute URI ideas
CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.
Presentation transcript:

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 2 Overview Testbed 0 GridPP Testbed EU DataGrid Testbed EDG Version TB support for GridPP Future TB support TB Summary

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 3 Testbed 0 All HEP experiment sites are part of Gavins green dot map. –At least a Globus gatekeeper was running at some point. In almost all cases this is actually an EDG gatekeeper - ie with extra functionality.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 4 GridPP Testbed Uses Resource Broker at IC, MDS at RAL and VO at Manchester. Yesterdays snapshot: Birmingham2 cpus Bristol3 Cambridge16 IC16 (+ 80 BaBar) Liverpool2 Manchester8 (+ 60 DZero/Atlas) Oxford1 RAL6 UCL2

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 5 EDG Testbed Yesterdays snapshot via CERN RB/II: CERN nl:Nikhef140 fr:CC Lyon22? + 74? + 409? fr:Polytechnique/LLR6 it:CNAF Bologna48 it:Padova11 it:Legnaro48 uk:IC uk:Liverpool2 uk:Manchester uk:Oxford1 uk:RAL6 (so were doing ok internationally)

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 6 EDG Version Current EDG production release is –Last time I gave this talk was at This now finally includes fixes for the showstopper problems, largely with Globus –spent most of September - December including new patches from Globus to fix problems with Information system, Job submission and File transfer. Current release works pretty-much as advertised, although some aspects of the user-interface and installation are obscure

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 7 Testbed Support for GridPP Centered on –including our own LCFG installation recipes that fill in the gaps Peer-to-peer support for site admins on tb- (Roughly) fortnightly phone meetings ~30-60 mins: go through EDG, GridPP and site status –aim is to flag problems and questions to deal with offline –sitting-in on this quickly gives a status overview Seems to work for the current Testbed size.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 8 Future Testbed Support Ticket-based helpdesk system –experimented with Bugzilla - but would be good to use same system as Tier1A centre. –ideally put site admins into the system too, since can refer problems up or down then. Need to include site admins in all aspects of support –keep them up to date; provide help they need; help them help their users. Can we use regional Tier2 structures as a devolved support network, using local experts?

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 9 TB Summary All experimental HEP sites are involved at some level in Testbeds. 9 are genuinely part of a Grid and accessible via the IC Resource Broker. 5 are part of the EDG Application Testbed –out of 12 across the EDG Expect to be able to include the others rapidly –Additional GridPP support and documentation provided beyond that from EDG. Current mailing list/WWW/phone system ok –will need extending as more sites/users join

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 10 Grid HTTPS Extensions HTTPS is an interesting and important protocol for several reasons: –it is by far the most widely deployed secure protocolhas a large amount of high quality software that we could leverage –has excellent interaction with Firewalls, Network Address Translation and Application Proxies –has the potential to solve some of the problems sites have with private IP farms HTTPS security done using X509 certificates (including GSI) –the piece of the Grid we already had HTTP/1.1 (rfc2616) and extensions like WebDAV (rfc2518) have a rich set of methods (GET, PUT, DELETE, COPY etc) headers (Expires: etc) and Errors (413 Request Entity Too Large) HTTP redirection allows you to change from HTTPS negotiation to HTTP unencrypted data transfer Can HTTP/HTTPS be fast compared to other protocols though?

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 11 HTTP as a data protocol Same advantages as HTTPS: large amount of existing high quality software, and good operation with Firewalls, NAT etc. Kernel-based zero-copy HTTP servers like tux are very efficient –need to do something like that to fully use a machines gigabit interface Multistream HTTP and standard webservers as fast as GridFTP for ~300 MB transfers –At ~1 MB, multistream HTTP is much faster

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 12 Delegation over HTTPS HTTPS would be even more useful if could delegate GSI credentials over HTTPS –for example, to do third party transfers between two remote sites Proposal exists to do this (G-HTTPS) by adding extra methods to HTTPS –this is designed to leverage and interoperate with existing browsers, servers, www libraries –stress backwards and pass-through compatibility Basic implemention of this now added to file version of GridSite.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 13 Secure, Trusted Caches Existing HTTPS isnt cache-able: –end-to-end client-server needed for SSL to work –best you get is opaque proxying/tunneling of SSL –one of the long standing shortcomings of HTTPS With delegation, can improve this: –identify a local cache you trust (in your VO maybe?) –delegate a credential to it –makes a proxy request via HTTPS: GET –cache fetches this for you, using delegated credential –if can get an ACL for this file, may also be able to return file from cache in subsequent requests by you or other users in ACL

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 14 Delegation and Portals Some form of delegation also needed for Grid portals G-HTTPS would provide a standard way of inserting GSI proxies into portals However, a portal could also use G-HTTPS approach to pull proxies from server like MyProxy Possible to use MD5 digest passwords for this stage –MD5 hash of password generated in the users browser –passed to portal webserver without it seeing the password –portal provides MD5 hash to proxy server and gets proxy or other credential in return So some very useful mechanisms possible with a few extensions to existing HTTP software.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 15 Summary HTTP has the potential to be a competitive data transport protocol. HTTPS is already a Grid protocol Delegation would add many possibilities –third party transfers with HTTP/HTTPS –secured, trusted caches would address caching shortcomings of HTTPS Delegation provides useful mechanisms for Portals –inserting proxies into portals –using MD5 passwords to authenticate with proxy server G-HTTPS proposal hopes to standardise some of this

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.