WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Contrail and Federated Identity Management
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
OmStore Cloud API Harshit Agarwal Sohil Habib. About Us ●We are graduate students at CMU ●Currently at CMU Silicon Valley campus ●Working part time with.
WebFTS as a first WLCG/HEP FIM pilot
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
1.The portal sends, under the user approval, user’s attribute retrieved from IDP to CA bridge 2.CA bridge module requests to a CA-online a certificate.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
PhysX CoE: LHC Data-intensive workflows and data- management Wahid Bhimji, Pete Clarke, Andrew Washbrook – Edinburgh And other CoE WP4 people…
PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Enabling Grids for E-sciencE Introduction Data Management Jan Just Keijser Nikhef Grid Tutorial, November 2008.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
1 Andrea Sciabà CERN Critical Services and Monitoring - CMS Andrea Sciabà WLCG Service Reliability Workshop 26 – 30 November, 2007.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
INFSO-RI Enabling Grids for E-sciencE The gLite File Transfer Service: Middleware Lessons Learned form Service Challenges Paolo.
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
INFSO-RI Enabling Grids for E-sciencE Introduction Data Management Ron Trompert SARA Grid Tutorial, September 2007.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
The CMS Top 5 Issues/Concerns wrt. WLCG services WLCG-MB April 3, 2007 Matthias Kasemann CERN/DESY.
Grid Technology CERN IT Department CH-1211 Geneva 23 Switzerland t DBCF GT Upcoming Features and Roadmap Ricardo Rocha ( on behalf of the.
Andrea Manzi CERN On behalf of the DPM team HEPiX Fall 2014 Workshop DPM performance tuning hints for HTTP/WebDAV and Xrootd 1 16/10/2014.
EGI-Engage Data Services and Solutions Part 1: Data in the Grid Vincenzo Spinoso EGI.eu/INFN Data Services.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Monitoring of the LHC Computing Activities Key Results from the Services.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.
EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
SESEC Storage Element (In)Security hepsysman, RAL 0-1 July 2009 Jens Jensen.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
The GridPP DIRAC project DIRAC for non-LHC communities.
Placeholder ES 1 CERN IT EGI Technical Forum, Experiment Support group AAI usage, issues and wishes for WLCG Maarten Litmaath CERN.
Andrea Manzi CERN EGI Conference on Challenges and Solutions for Big Data Processing on cloud 24/09/2014 Storage Management Overview 1 24/09/2014.
Breaking the frontiers of the Grid R. Graciani EGI TF 2012.
IT-SDC : Support for Distributed Computing Dynafed FTS3 Human Brain Project use cases Fabrizio Furano Alejandro Alvarez.
Kipper – a Grid bridge to Identity Federation Andrey Kiryanov.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Architecture of LHC File Catalog Valeria Ardizzone INFN Catania – EGEE-II NA3/NA4.
INDIGO – DataCloud CERN CERN RIA
CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.
Security recommendations DPM Jean-Philippe Baud CERN/IT.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.
Dynamic Federation of Grid and Cloud Storage Fabrizio Furano, Oliver Keeble, Laurence Field Speaker: Fabrizio Furano.
Authentication and Authorisation for Research and Collaboration Hannah Short (CERN) DI4R Authentication and Authorisation for Research.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI solution for high throughput data analysis Peter Solagna EGI.eu Operations.
EGEE Data Management Services
Jean-Philippe Baud, IT-GD, CERN November 2007
WLCG Update Hannah Short, CERN Computer Security.
eduroam Managed IdP - Roadmap
Ricardo Rocha ( on behalf of the DPM team )
AAI for a Collaborative Data Infrastructure
StoRM: a SRM solution for disk based storage systems
Vincenzo Spinoso EGI.eu/INFN
Status of the SRM 2.2 MoU extension
Grid accounting system
Introduction to Data Management in EGI
Taming the protocol zoo
CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.
GFAL 2.0 Devresse Adrien CERN lcgutil team
DCache things Paul Millar … on behalf of the dCache team.
Data Management cluster summary
Community AAI with Check-In
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing

Overview  The FTS3 service  WebFTS features  WebFTS cloud integrations  Dropbox  CERNBox  Ongoing development  Dropping X509  Data management operations 17/11/2014 WebFTS: File Transfer Web Interface for FTS3 2

What is WebFTS?  Web based tool to transfer files between grid/cloud storages  Modular protocol support  gsiftp, http(s), xrootd and srm  Cloud extensions: dropbox, CERNBox  Development funded by 17/11/ WebFTS: File Transfer Web Interface for FTS3

Provide access to leading technology Based on FTS3 FTS3 is the service responsible for distributing the majority of LHC data across the WLCG infrastructure Low level data movement service, responsible for moving sets of files from one site to another while allowing participating sites to control the network resource usage Used by LHC VOs + many others VOs part of EGI ~20PB monthly transfer volume / ~2.2M files per day (WLCG) /11/2014 WebFTS: File Transfer Web Interface for FTS3 4

WebFTS architecture WebFTS: File Transfer Web Interface for FTS3 BROWSER REST API GFAL2 FTS3 DAVIX GSIFTP DROP BOX … … WEBFTS.js 17/11/2014 5

Security  Simpler access while keeping the same level of security  X509 + Oauth for Dropbox  Transparent delegation of credentials  Avoid storing or transferring any sensitive data  Open access to all source code  All sensitive information is used within the browser and forgotten 17/11/ WebFTS: File Transfer Web Interface for FTS3

Delegation  Delegation is needed to let WebFTS access the grid on users behalf  Users make private key available to browser  Not available via browser API  VOMS extensions acquired by the service on users behalf  Why it’s important  Gives the users a service which can access the grid for them, from a browser, with full VOMS credentials WebFTS: File Transfer Web Interface for FTS3 17/11/2014 7

Additional Features  Check-summing and file overwriting  Possibility to resubmit transfer jobs or only-failed files transfers.  Storage Endpoints Auto-completion  For endpoints published on the BDII (EGI and WLCG Information System)  Support for LFC Registration  File catalog developed at CERN and used by EGI and WLCG 17/11/ WebFTS: File Transfer Web Interface for FTS3

Success Stories  WebFTS has been successfully tested to transfer from/to:  EUDAT B2Stage ( iRODS DSI)  Any gsiftp/webdav/xrootd aware grid storage ( DPM, dCache, Castor, EOS, Storm)  HPC Oak Ridge National Lab (ongoing)   Under evaluation by LHCb 17/11/ WebFTS: File Transfer Web Interface for FTS3

Landing page and Guided-tour 17/11/ WebFTS: File Transfer Web Interface for FTS3

Credential delegation 17/11/ WebFTS: File Transfer Web Interface for FTS3

Transfer interface 17/11/ WebFTS: File Transfer Web Interface for FTS3

Job status interface 17/11/ WebFTS: File Transfer Web Interface for FTS3

Extension for Dropbox  Nice way import/export data from the grid world  Avoid the installation of new software and uses what the user has already installed  Zero development of clients  Multiplatform is given for free  Integration with Oauth  By delegating to FTS the right to interact with dropbox on users behalf  Achieved using web tech  Which requires the interactivity of a browser WebFTS: File Transfer Web Interface for FTS3 17/11/

17/11/ WebFTS: File Transfer Web Interface for FTS3 Extension for Dropbox

Dropbox plugin  Server side the development of a plugin for the metadata management and I/O operations was needed:  FTS REST integrates the plugin to perform metadata management operations  FTS3 server uses the plugin to perform the transfers:  GridFTP dropbox  Http(s) dropbox WebFTS: File Transfer Web Interface for FTS3 17/11/

 While Dropbox has been integrated via the implementation of a plugin for CERNBox we waited for the new version with EOS as backend ( CERNBox 2.0)  We use EOS access via standard grid protocols ( e.g. xrootd)  We map user credentials to correct EOS namespace  The rest comes for free CERNBox integration 17/11/ WebFTS: File Transfer Web Interface for FTS3

WebFTS With CERNBox 17/11/2014 WebFTS: File Transfer Web Interface for FTS3 18

17/11/2014 WebFTS: File Transfer Web Interface for FTS3 19 WebFTS With CERNBox

17/11/2014 WebFTS: File Transfer Web Interface for FTS3 20 WebFTS With CERNBox

17/11/2014 WebFTS: File Transfer Web Interface for FTS3 21 WebFTS With CERNBox

17/11/2014 WebFTS: File Transfer Web Interface for FTS3 22 WebFTS With CERNBox

17/11/2014 WebFTS: File Transfer Web Interface for FTS3 23 How can we get rid of the delegation step? 1. An Identity Federation: eduGAIN  To allow identity providers to authenticate users at their own institute (SSO) 2. A token translation service : STS  To ask the CA for a certificate for the users 3. An “IOTA” Certification Authority  To grant the short lived certificate 4. VOMS  To accept the new cert as a VO member Ongoing developments: Access without X509

EDUGAIN WebFTS: File Transfer Web Interface for FTS3  Built on existing federations and infrastructures  CERN participates in eduGAIN via SWITCHaai  Many NRENs participate in eduGAIN too 24 17/11/

Security Token Service (STS) WebFTS: File Transfer Web Interface for FTS3 An EMI service SAML in, X509/VOMS out 17/11/

“IOTA” CA WebFTS: File Transfer Web Interface for FTS3 17/11/

VOMS admin WebFTS: File Transfer Web Interface for FTS3 17/11/

Architecture WebFTS CERN SSO IdP Credentials Attributes Web Redirect WAYF SAML VOMS IdP Grid Storage Element Grid Storage Element X.509 VOMS STS IOTA CA IOTA CA SAML X.509 VOMS Slide adapted from Romain Wartel, GDB Sept

Pros/Cons  X509-free access to the grid infrastructure  With VOMS support  Without modifying all the services  Federated single sign on  One password to remember  Numerous services potentially accessible  But we need Site acceptance WebFTS: File Transfer Web Interface for FTS3 17/11/

 Not only Transfers..  FTS REST API have been extended to support data management operations  Delete  Create/Remove folders  Rename  Under integration in WebFTS 17/11/ WebFTS: File Transfer Web Interface for FTS3 Ongoing developments: Data Management

 Online service accessible:   try now!  User certificate in your browser  User guide, F.A.Q:  Online guided-tour   Official support & code   Links 17/11/ WebFTS: File Transfer Web Interface for FTS3

Questions? 17/11/ WebFTS: File Transfer Web Interface for FTS3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.