© Fraunhofer IAO, IAT Universität Stuttgart Message based propagation of changes in VO membership in a Grid environment Change Propagation in a heterogeneous.

Slides:

Advertisements

Similar presentations

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (

Advertisements

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

University of Southampton Electronics and Computer Science M-grid: Using Ubiquitous Web Technologies to create a Computational Grid Robert John Walters.

Crucial Patterns in Service- Oriented Architecture Jaroslav Král, Michal Žemlička Charles University, Prague.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

Instant Queue IBM Techline Instant Queue Manager Deployed for IBM Techline Richard Brader IBM Techline January 2012.

Edoclite and Managing Client Engagements What is Edoclite? How is it used at IU? Development Process?

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

HyperContent 2.0 JA-SIG Winter Conference December 5, 2005 Alex Vigdor, Columbia University.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Interpret Application Specifications

1 © Prentice Hall, 2002 The Client/Server Database Environment.

Lecture The Client/Server Database Environment

Web Service Implementation Maitreya, Kishore, Jeff.

Setting up in Outlook Express. Select “Tools” from the toolbar menu.

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

The Client/Server Database Environment

CRM On Demand Integration Capabilities Joerg Wallmueller CRM Sales.

Jason Morrill NCOAUG Training Day February, 2008

Campus Management Portal and Online Higher Education Cardean Learning Group.

Grid Computing, B. Wilkinson, a.1 Grid Portals.

The Design Discipline.

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

Lecture 8 – Platform as a Service. Introduction We have discussed the SPI model of Cloud Computing – IaaS – PaaS – SaaS.

Copyright 2003 Accenture. All rights reserved. Accenture, its logo, and Accenture Innovation Delivered are trademarks of Accenture. Data Migration in Oracle.

What’s new in agenTel 6.2 December 2009 The Voxtron Factory.

DIRAC Web User Interface A.Casajus (Universitat de Barcelona) M.Sapunov (CPPM Marseille) On behalf of the LHCb DIRAC Team.

MBA 664 Database Management Systems Dave Salisbury ( )

SAP Overview SAP? Company ERP Software package –R/2 –R/3.

B.Ramamurthy9/19/20151 Operating Systems u Bina Ramamurthy CS421.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

Oracle Workflow Directions Atlanta OAUG Brenda Carlton, KPMG Peat Marwick June 19, 1998.

COLD FUSION Deepak Sethi. What is it…. Cold fusion is a complete web application server mainly used for developing e-business applications. It allows.

Practical Project of the 2006 Joint International Master’s Degree.

Services in Fraunhofer Enterprise Grids Julian Bart, Anette Weisbecker Cracow Grid Workshop ’

07/06/11 New Features of WS-PGRADE (and gUSE) 2010 Q Q2 Miklós Kozlovszky MTA SZTAKI LPDS.

COMP3019 Coursework: Introduction to GridSAM Steve Crouch School of Electronics and Computer Science.

1 Geospatial and Business Intelligence Jean-Sébastien Turcotte Executive VP San Francisco - April 2007 Streamlining web mapping applications.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

Holding slide prior to starting show. A Portlet Interface for Computational Electromagnetics on the Grid Maria Lin and David Walker Cardiff University.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.

Management System For Graduate Students Projects Day Presentation – June 2011.

Module: Software Engineering of Web Applications Chapter 2: Technologies 1.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

Module 1: Overview of Microsoft Office SharePoint Server 2007.

ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.

Clarens Toolkit Building Blocks for a Simple TeraGrid Gateway Tutorial Conrad Steenberg Julian Bunn, Matthew Graham, Joseph Jacob, Craig Miller, Roy Williams.

SQL SERVER AUDITING. Jean Joseph DBA/Consultant Contact Info: Blog:

INFSO-RI JRA2 Test Management Tools Eva Takacs (4D SOFT) ETICS 2 Final Review Brussels - 11 May 2010.

Tools for Navigating and Analysis of Provenance Information Vikas Deora, Arnaud Contes and Omer Rana.

Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTERSTAGE BPM ARCHITECTURE BPMS.

APEL Architecture Alison Packer. Overview Grid jobs accounting tool APEL Client software - installed in sites (CEs, gLite- APEL node) APEL Server accepts.

MESA A Simple Microarray Data Management Server. General MESA is a prototype web-based database solution for the massive amounts of initial data generated.

Chapter 9: The Client/Server Database Environment

Policy-oriented Enterprise Management (POEM)

The Client/Server Database Environment

Pipeline Execution Environment

Platform as a Service.

The Client/Server Database Environment

Chapter 9: The Client/Server Database Environment

Operating Systems Bina Ramamurthy CSE421 11/27/2018 B.Ramamurthy.

A Grid Authorization Model for Science Gateways

Web Application Development Using PHP

Presentation transcript:

© Fraunhofer IAO, IAT Universität Stuttgart Message based propagation of changes in VO membership in a Grid environment Change Propagation in a heterogeneous Application Landscape Cracow Grid Workshop 2009 Oliver Strauss Fraunhofer IAO, Stuttgart, Germany Cracow, October 13 th 2009

© Fraunhofer IAO, IAT Universität Stuttgart Slide 2 Outline Background and motivation Overview and architecture Example Conclusion

© Fraunhofer IAO, IAT Universität Stuttgart Slide 3 GNS Systems (Provider of numerical services) Background: PartnerGrid Goal: Usage of Grid in a commercial environment Scenario: Portal based collaboration between a provider of crash simulations and its customers RCE GNS-Customer Grid GI A RCE Engineer RCE Engineer... Consultant Animator Generator INDEED Portal

© Fraunhofer IAO, IAT Universität Stuttgart Slide 4 Problem: Keep the Grid in sync with the VO Scenario: A new user enters the VO Accounts have to be created Roles in different systems have to be assigned Access rights have to be set Shell scripts work well for most tasks PartnerGrid VOMRS VO-Representative (potential) VO-Members approvesregister Data management accounts + rights WebDAV access rigths Grid resources affects D-Gridmap Web portal accounts, roles, rights Whitelist What if we want to have a whitelist of grid users or other sources of change that affect the Grid configuration?

© Fraunhofer IAO, IAT Universität Stuttgart Slide 5 Problem: Keep the Grid in sync with the VO Scenario: A new user enters the VO Accounts have to be created Roles in different systems have to be assigned Access rights have to be set Shell scripts work well for most tasks PartnerGrid VOMRS VO-Representative (potential) VO-Members approvesregister Data management accounts + rights WebDAV access rigths Grid resources affects D-Gridmap Web portal accounts, roles, rights Whitelist What if we want to have a whitelist of grid users or other sources of change that affect the Grid configuration? Idea: Why not take an event based approach and use messaging to propagate changes? Change manager

© Fraunhofer IAO, IAT Universität Stuttgart Slide 6 Architecture: Message based change propagation Source of change grid-mapfile Change adapter Target of change Liferay Portal Change adapter Target of change WebDAV Change adapter Message queue server Change Manager (Rule engine) Incoming queue: Changes Data processing and enhancement Message routing Outgoing queue: Liferay Outgoing queue: WebDAV Rules 7 Trigger 06 gridmap DN Username VO Roles gridmap DN Username VO Roles Apache Username Generated PW Liferay DN Username Organisation Portal Roles Add. queues: Logging Errors Mail etc… Tools … ack

© Fraunhofer IAO, IAT Universität Stuttgart Slide 7 Adapters Adapters have to be provided for each system Inside the target system (e.g. as a Liferay Portlet) Acting from the outside (e.g. via an API, WebServices, shell scripts) Adapter have very limited responsibilities Source adapters Detect and submit changes to a message queue Target adapters Receive from a message queue and execute changes Acknowledge success or report error Optionally submit logging information Adapters can be implemented in any language for which a Stomp client is available (e.g. Java, Ruby, Python, …)

© Fraunhofer IAO, IAT Universität Stuttgart Slide 8 Change Manager The Change Manager receives requests on the “Incoming“ queue feeds the change messages to the rule engine Data normalization and enhancement Lookup in external directories (e.g. LDAP) Blacklists and whitelists Send processed change request to output queue of the target system Prototype implemented based on Stompserver (Ruby) message queue Rule engine (Rools)

© Fraunhofer IAO, IAT Universität Stuttgart Slide 9 Example rules # Receive original message and insert a GridmapChange object in the rule engine rule 'receiveGridmapChange' do parameter Message, :source, :body, :change_type condition { msg.source == "gridmap" } consequence { assert GridmapChange.new( msg.body, msg.source, msg.change_type ) } end # On GridmapChange objects with organisation “IAO” change organization to # “Fraunhofer IAO” rule 'normalizeO' do parameter GridmapChange, :o condition { change.o == "IAO" } consequence { change.o = "Fraunhofer IAO" } end # Send every GridmapChange object with change_type “add” to the target rule 'addLiferayUser' do parameter GridmapChange, :change_type condition { change.change_type == "add" } consequence { send_add_liferay_user( change, ) } end

© Fraunhofer IAO, IAT Universität Stuttgart Slide 10 Discussion and future work Advantages Decoupling of change detection, data manipulation and change execution facilitates reuse Modular system with explicit rule based logic provides good flexibility Centralized logging (audit trail) Easier maintenance and better extensibility expected Easy integration with other tools like e.g. LDAP Possible disadvantages Introduction of a single point of failure More complexity, one more server, more things that can go wrong Security is crucial, since much harm can be done by injecting malicious messages Future work Further test practicability in the PartnerGrid scenario Improve security (transfer via HTTPS, encryption and signing of messages)

© Fraunhofer IAO, IAT Universität Stuttgart Slide 11 Contact Fraunhofer-Institute for Industrial Engineering (IAO) Oliver Strauss Research Assistant / Software Technology Mail: Web:

© Fraunhofer IAO, IAT Universität Stuttgart Slide 12 User, Role and Access Rights Management in PartnerGrid PartnerGrid VOMRS VO-Representative VO-Members (Customers, Engineers, Project Managers, etc.) Approval Registration D-Gridmap creates PartnerGrid Role and Rights Management loads Interpretation of D-Grid UserID Username (CN) Organisation (OU) Roles (VOMRS Attributes) RCE Data Management User, Rolls and Access Rights PG WebDAV Server User, Rolls and Access Rights PG Portal User, Rolls and Access Rights Customer Data Upload via WebDAV Client (e.g. Windows Explorer) Project Handling and Management via Browser Engineer sets integrates reads PG Resources User, Roles and Access Rights sets Resource Access Project Manager