Presentation is loading. Please wait.

Presentation is loading. Please wait.

VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators.

Published byEverett McGee Modified over 8 years ago

Similar presentations

Presentation on theme: "VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators."— Presentation transcript:

1 VOX Project Status Report Tanya Levshina

2 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators VOX Project VOX Components VOMRS Status –To be done by April 1st –Open issues –Next phase SAZ Status LRAS Status Summary

3 03/10/2004 VOX Project Status Report3 Introduction US CMS, SDSS, and iVDGL have sponsored an effort at Fermilab, the VOX Project (VO Management Service eXtension), to investigate and implement the requirements, both policy-related and technical, for admitting collaborators into a VO, and facilitating and monitoring their authorization to access the available grid resources. This effort has resulted in a study and understanding of the necessary workflow, and the creation of prototype registration and VO management, site and local resources authorization services.

4 03/10/2004 VOX Project Status Report4 Stakeholders, Team and Collaborators Stakeholders: –US CMS (L. Bauerdick) –Fermilab Computing Facility (D. Skow) –iVDGL (R. Gardner) –SDSS (J. Annis) Team: –T. Levshina – Fermilab –L. Grundhoefer – iVDGL –A. Heavey (technical writer) – Fermilab –V. Sekhri – SDSS/iVDGL, Fermilab –J. Weigand – Fermilab –Y. Wu – Fermilab Collaborators –BNL(R. Baker, D. Yu) – VOMRS architecture, registration process, common interfaces –EDG/Data Tag (V. Ciaschini, A. Frohner) – VOMS core and admin software –VDT (U of Wisconsin), Virginia Tech (Markus Lorch) - ongoing communication and agreements with Globus on gatekeeper and authorization callouts

5 03/10/2004 VOX Project Status Report5 VOX Project VOX Goals: –to understand and model the registration workflow: Done –to provide VO registration mechanism: Done –to negotiate and monitor member authorization to grid resources: Partially done –End Goal:To facilitate the remote participation of physicists in effective and timely analysis of data from the LHC experiments during DC04: To be determined VOMS EDG SAZ LRAS VOMRS Fermilab Grid Cluster Gatekeeper & callouts Local Center Registration Service

6 03/10/2004 VOX Project Status Report6 VOX Components VOMRS (VO Membership Registration Service) provides a registration service that –allows a single point of registration with a VO –facilitates, negotiates and monitors the process of a member’s authorization to grid resources –provides centralized storage of membership information and a means to query said information LRAS (Local Resource Authorization Service) automates and facilitates the process of managing fine grain access to a local grid element –stores a subset of VO membership information and maps a VO member to a local account Gatekeeper authorization callouts (in agreement with standard adopted by Globus, EDG, FNAL, and Virginia Tech). SAZ (Site Authorization Service) allows security authorities of the local site to control access to the site’s resources VOMS EDG Admin service provides centralized storage of member dn,ca, groups and roles, means to handle this data. VOMS EDG Core service gives out extended proxy upon member’s request.

7 03/10/2004 VOX Project Status Report7 VOMRS Status Version 1.0 has been released. It consists of: –Server that is handling event notifications and synchronization with VOMS –WEB UI and Web Services that provide means for member registration, role and group assignments, and various administrative tasks –VOMRS database, scripts to facilitate its initial creation and population –Scripts to start/stop server and client –Configuration files that control behavior of the server, WEB UI and database setting –Documentation RPMs (for server and client) are available on: –http://www.uscms.org/s&c/VO/downloadhttp://www.uscms.org/s&c/VO/download User Documentation is available on: http://computing.fnal.gov/docs/products/vomrs Test installation is running on (valid certificate is required to login): https://shahzad.fnal.gov:8443/vo-USCMS/vomrs

8 03/10/2004 VOX Project Status Report8 To be done by April 1st More documentation: –Update VOMRS Architecture document –Update VOMRS database schema document –Comprehensive Administration Guide –Developer Guide (usage of WEB services and CLI) Scripts that facilitate database management More packaging options: –ups –pacman Testing synchronization flow with new VOMS admin software release (not available yet)

9 03/10/2004 VOX Project Status Report9 Open Issues More complicated logic needsto be implemented to handle deletion of Institution, Certificate Authorities Membership suspension mechanism should be more sophisticated (reason for suspension should be provided and stored for auditing) Suspension of a specific DN & CA that has been compromised Responsibilities of Sites are not really finalized –Should VO have up to date list of banned users per each site –Should it be mandatory to notify VO about approved/denied member’s authorization status during the registration process with a site Database issues: –Transition to ORACLE –Replication –Report Generation

10 03/10/2004 VOX Project Status Report10 Next phase VOMRS test: –Tentative agreement to install and try VOMRS at CERN (Maria Dimou) –Some interest to try our test installation has been expressed by BNL (R. Baker) –M. Helms (the coordinator of the ESNET DOEGrids CA) wants to try it out Installation on Grid2003 test node: –Come up with deployment plan –Install it on one of Grid2003 test node after April 1 st –After extensive testing: Allow new user to register Synchronize with VOMRS database with current VOMS(s) database that are used on Grid3 cluster –Provide software and maintenance support during this time

11 03/10/2004 VOX Project Status Report11 SAZ Status SAZ beta version is released. It consists of: –Server that verifies user authorization –DB that stores user’s information (principal, DN & CA, status) –Client that is invoked as Gatekeeper plugins –Admin Server that handles administrative tasks (addition/deletion of users, modification of status, etc) –AI/UI Client that is a front end for the admin/user –Configuration script and file –Database management scripts –Documentation SAZ software is available for download: http://tam01.fnal.gov:8080/saz http://tam01.fnal.gov:8080/saz Installed at Fermi by security team Successfully used on CMS grid deployment testbed for several months Production support is transferred to security team Software support is transferred to CCF/MAP (G. Garzoglio, V. Sekhri is ready to help as well)

12 03/10/2004 VOX Project Status Report12 LRAS Status LRAS alpha version is released. It consists of: –Server that authorizes/denies the user's access to the local cluster and provides a mapping between the user proxy information and the abstract resource known to the server –Database that contains the list of known VOs, the list of groups within the VO, available abstract resources, the list of users', their access status and mapping to UNIX id and the list of resources associated with each user –Update Daemon that fetches the groups and member information from the multiple VOs and populates the LRAS database –Client API allows a client (e.g. gatekeeper, storage element) to connect with the LRAS Server and fetch the user's related information –Admin GUI is a graphical user interface that is used to facilitate LRPs to manage user access status, introduce new resources and map them to a particular user (CLI is also provided) –Configuration script and file –Database management scripts –Documentation (see also http://www.uscms.org/s&c/VO/design/newlras1.htm )http://www.uscms.org/s&c/VO/design/newlras1.htm LRAS can be download from: http://tam01.fnal.gov:8080/lras More work is needed to satisfied constantly emerging new requirements

13 03/10/2004 VOX Project Status Report13 Summary Thanks to all developers for their hard work! Special thanks to Anne Heavey for her work on documentation and definition of vague and sometimes controversial terminology. We greatly appreciate discussions, support and software contributions provided by our stakeholders and collaborators. We all have spent substantial time and effort understanding the issues involved, modeling the workflow and developing a system to implement it. There are a lot of issues that remain. We believe that we need to wait for feedback from VO users and administrators before we can continue any new development. More info: http://www.uscms.org/s&c/VO E-mail: vo-project@fnal.gov

Download ppt "VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators."

Similar presentations

Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.

Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.

Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.
GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.
CMS Applications Towards Requirements for Data Processing and Analysis on the Open Science Grid Greg Graham FNAL CD/CMS for OSG Deployment 16-Dec-2004.

CMS Applications Towards Requirements for Data Processing and Analysis on the Open Science Grid Greg Graham FNAL CD/CMS for OSG Deployment 16-Dec-2004.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
VOMRS/VOMS-Admin 2.0.x 2.5.x comparison Mar 28, 2008 Middleware Security Group Meeting Tanya Levshina and Gabriele Garzoglio Computing Division, Fermilab.

VOMRS/VOMS-Admin 2.0.x 2.5.x comparison Mar 28, 2008 Middleware Security Group Meeting Tanya Levshina and Gabriele Garzoglio Computing Division, Fermilab.
1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.
A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.
NGOP J.Fromm K.Genser T.Levshina M.Mengel V.Podstavkov.

NGOP J.Fromm K.Genser T.Levshina M.Mengel V.Podstavkov.
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases 1234576891011 Copyright Wonderlane Studios.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.

LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.
The SAM-Grid Fabric Services Gabriele Garzoglio (for the SAM-Grid team) Computing Division Fermilab.

The SAM-Grid Fabric Services Gabriele Garzoglio (for the SAM-Grid team) Computing Division Fermilab.
OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.

OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.
VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.

INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

Similar presentations

Ads by Google