Presentation is loading. Please wait.

Presentation is loading. Please wait.

John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Accessing the Grid from DL John Kewley Grid Technology Group E-Science Centre.

Published byAngel Denmark Modified over 9 years ago

Similar presentations

Presentation on theme: "John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Accessing the Grid from DL John Kewley Grid Technology Group E-Science Centre."— Presentation transcript:

1 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Accessing the Grid from DL John Kewley Grid Technology Group E-Science Centre CCLRC Daresbury Laboratory j.kewley@dl.ac.uk

2 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Talk outline 1.Requirements for accessing the NW-Grid 2.An introduction to Grid Security 3.How to apply for a Grid Certificate and access the NW-Grid / NGS Content of future talks will cover: 1.Next steps with the NW-Grid 2.Use of the DL Condor Pool 3.NGS and the NGS Portal

3 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008Requirements To access the Grid, you will need: 1.An e-Science certificate, from a trusted certification authority, in an appropriate format 2.The Distinguished Name (DN) from your certificate registered with the Grid resource you intend to use 3.Client-side middleware on the accessing computer (unless you intend using only browser/portal technology) 4.No firewalls "in the way" between your client and the grid resource

4 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Security Issues ● How does the expensive Grid resource "account" for its use? Are these users who they claim to be? ● How does a user utilise a resource on a remote machine when he may not have an account on any intervening ones? ● How can you trust the remote machine to "behave" with your data?

5 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Security Basics ● Authentication –Who you are, Identity –Non-repudiation ● Authorisation –What you are allowed to do, Capability –Which resources you can use ● Confidentiality (encryption) ● Integrity (untampered, lossless)

6 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Tools of the trade Encryption ● Secret “symmetric” key – both parties need to share the key –DES, RC4 –Comparatively efficient ● Public/private key – “asymmetric” - 2 keys mathematically related –RSA, DSA –Slower Oneway hash / message digest –MD5, SHA-1 –fast

7 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Gbbyf bs gur genqr Rapelcgvba ● Frpergt “flzzrgevp” xrl – obgu cnegvrf arrq gb funer gur xrl –QRF, EP4 –Pbzcnengviryl rssvpvrag ● Choyvp/cevingr xrl – “nflzzrgevp” - 2 xrlf zngurzngvpnyyl eryngrq –EFN, QFN –Fybjre Barjnl unfu / zrffntr qvtrfg –ZQ5, FUN-1 –Snfg

8 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Tools of the trade Encryption ● Secret “symmetric” key – both parties need to share the key –DES, RC4 –Comparatively efficient ● Public/private key – “asymmetric” - 2 keys mathematically related –RSA, DSA –Slower Oneway hash / message digest –MD5, SHA-1 –fast

9 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Public/Private keys ● Asymmetric encryption comprises a key pair: one private and one public: –it is impossible to derive the private key from the public one; –a message encrypted by one key can be decrypted only by its partner ● Public keys can be freely exchanged / distributed ● The sender encrypts using his private key ● The receiver decrypts using sender's public key; Encrypted text Private Key Public Key Clear text message

10 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Certificates ● A statement from a trusted 3 rd party (the Certification Authority), that your public key (and hence your private key) is associated with your identity ● A certificate can only be verified if you have the public key of the party who signed it

11 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 X.509 Certificates An X.509 Certificate contains: ● owner’s public key; ● identity of the owner; ● info on the CA; ● validity; ● Serial number; ● digital signature from the CA Public key Subject:C=CH, O=CERN, OU=GRID, CN=Andrea Sciaba 8968 Issuer: C=CH, O=CERN, OU=GRID, CN=CERN CA Expiration date: Aug 26 08:08:14 2005 GMT Serial number: 625 (0x271) CA Digital signature

12 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Certificate Request Private Key encrypted on local disk Cert Request Public Key ID Cert User generates public/private key pair in browser. User sends public key to CA and shows RA proof of identity. CA signature links identity and public key in certificate. CA informs user. CA root certificate

13 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Downloading and Testing your certificate You will receive an email with instructions telling you how to download your certificate. Since the private key is stored locally, you will need to use the SAME browser when downloading as applying for your certificate. You should then follow the instructions on the website to Test your certificate. On successful completion, your DN will be displayed for use when registering for Grid resources

14 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Registering to use NW-Grid There is a web registration form for NW-Grid Once approved, this will : ● assign you a common username (e.g. nwdljk ) ● register the Distinguished Name (DN) from your certificate with the NW-Grid machines /C=UK/O=eScience/OU=CLRC/L=DL/CN=john kewley ● open NW-Grid firewalls so your client machine(s) can access the Grid resources. http://man4.nw-grid.ac.uk:8080/user_registration

15 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 What is the Grid? http://gridcafe.web.cern.ch/ What is e-Science? http://www.e-science.cclrc.ac.uk/ http://www.nesc.ac.uk/ What is the NW-GRID? http://www.nw-grid.ac.uk/ UK e-Science CA: http://www.grid-support.ac.uk/content/view/182/184/ https://ca.grid-support.ac.uk/ Links

16 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Globus and GROWL Nodes in a large Grid such as the UK National Grid Service (NGS) can run different resource managers (PBS, LSF, SGE, and Load Leveller for instance). Globus is Grid middleware that provides a more uniform method of running jobs by acting at a higher level of abstraction. GROWL provides a method of installing Globus client software easily. This will be detailed in the next talk.

17 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Parallel Tightly-coupled Processes Need synchronisation Information sharing – Message passing – Shared memory 1 process fails, whole job fails Same machine Need all nodes at once Independent Unordered (so not serial) Nothing embarrassing about it No communication once job starts Might not need all results Could run on different machines with different operating systems. Job types

18 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 ClassAds ● Classified Advertisments ● Name - Value pairs ● Advertise what a resource can do and when it can do it ● These are then "matched" against a job's requirements ● Users can define their own Photo © 2005 Jonathan Lundqvist http://www.flickr.com/photos/jturn/9157307/

19 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 What is Condor? ● A job submission framework which utilises the spare computing power within a heterogeneous computer network to form what is known as a Condor pool ● It supports High-Throughput Computing (HTC), maximising the amount of processing capacity that is utilised over long periods of time. ● Developed over many years (15-20!) at the University of Wisconsin in Madison

20 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 How does it work? ● A central machine collects information from all the nodes in the pool and plays the role of Matchmaker ● Execute nodes make themselves known to the central node by advertising their wares through ClassAds ● A Job's requirements are sent from a Submit node to the central node so that a match can be found.

21 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Execute Machine Submit Machine Submit Schedd Starter Job Shadow Startd Central Manager CollectorNegotiator Slide courtesy of University of Wisconsin-Madison

22 John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 standard Must be relinked under condor System calls occur on the submitting resource Jobs may checkpoint and hence be stopped and later restarted from its last checkpoint, and may migrate to another resource Not available on some platforms (e.g. Windows) Some restrictions on what can be run. vanilla Any executable or script, no need for relinking System calls happen on the executing resource No checkpointing, not so good for long-running jobs. If a job is stopped it will be rescheduled (i.e. compute time is lost). Works on all supported platforms (incl Windows) Universes

Download ppt "John Kewley STFC e-Science Centre Accessing the Grid from DL 8 th January 2008 Accessing the Grid from DL John Kewley Grid Technology Group E-Science Centre."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Introduction of Grid Security

Introduction of Grid Security
Www.cpc.wmin.ac.uk/GEMLCA Legacy code support for commercial production Grids G.Terstyanszky, T. Kiss, T. Delaitre, S. Winter School of Informatics, University.

Legacy code support for commercial production Grids G.Terstyanszky, T. Kiss, T. Delaitre, S. Winter School of Informatics, University.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 25 th January 2007 Accessing the NW-GRID (from Linux) John Kewley Grid Technology Group E-Science.

John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 25 th January 2007 Accessing the NW-GRID (from Linux) John Kewley Grid Technology Group E-Science.
John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 26 th January 2007 GROWL Scripts and Web Services John Kewley Grid Technology Group E-Science.

John Kewley CCLRC Daresbury Laboratory NW-GRID Training Event 26 th January 2007 GROWL Scripts and Web Services John Kewley Grid Technology Group E-Science.
Www.euchinagrid.org Liang ZHAO, PKU EUChinaGrid 3 rd Tutorial Nov.25, 2006 Authentication and Authorization in gLite Liang ZHAO Peking University.

Liang ZHAO, PKU EUChinaGrid 3 rd Tutorial Nov.25, 2006 Authentication and Authorization in gLite Liang ZHAO Peking University.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

Similar presentations

Ads by Google