Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research and NeSC Applications Prof Richard Sinnott Technical Director National e-Science Centre 26 th October 2006.

Published byNathan Lock Modified over 9 years ago

Similar presentations

Presentation on theme: "Research and NeSC Applications Prof Richard Sinnott Technical Director National e-Science Centre 26 th October 2006."— Presentation transcript:

1 Research and NeSC Applications Prof Richard Sinnott Technical Director National e-Science Centre r.sinnott@nesc.gla.ac.uk 26 th October 2006

2 The Context There are many Grids There are many ways to build Grids There are many different middleware competing in this space People say Grid in grants and then build web services because Grid middleware is too hard There are many agendas –big business, academic, … There are many moving targets –changing middleware, changing standards, changing sciences resources/questions/funding streams… There is a lot of hype There is a lot of money available There are lots of projects and big scientific challenges There is an urgent need to build user communities There needs to have much more research pull than middleware push –… there are many more things that could go here!

3 Data Grids for High Energy Physics Tier2 Centre ~1 TIPS Online System Offline Processor Farm ~20 TIPS CERN Computer Centre FermiLab ~4 TIPSFrance Regional Centre Italy Regional Centre Germany Regional Centre Institute Institute ~0.25TIPS Physicist workstations ~100 MBytes/sec ~622 Mbits/sec ~1 MBytes/sec There is a “bunch crossing” every 25 nsecs. There are 100 “triggers” per second Each triggered event is ~1 MByte in size Physicists work on analysis “channels”. Each institute will have ~10 physicists working on one or more channels; data for these channels should be cached by the institute server Physics data cache ~PBytes/sec ~622 Mbits/sec Tier2 Centre ~1 TIPS Caltech ~1 TIPS ~622 Mbits/sec Tier 0 Tier 1 Tier 2 Tier 4 1 TIPS is approximately 25,000 SpecInt95 equivalents LCG/gLite middleware (Large scale data management, large scale compute resource management, resource broking…!!!)

4 Challenges of NanoCMOS Design 3D + Statistical OMII-UK middleware (workflows, security, data management, resource management, …)

5 The e-Health Future… Nucleotide sequences Nucleotide structures Gene expressions Protein Structures Protein functions Protein-protein interaction (pathways) Cell Cell signalling Tissues Organs PhysiologyOrganisms Populations Globus/WS- middleware (fine grained security, data access/integration, exponential data growth, keep it simple!)

6 NeSC Research… Most NeSC Glasgow research is on security and ease of use across various application domains NeSC Edinburgh focus is on middleware development especially Grid data access/integration (OGSA-DAI, DAIT, OMII-UK, eDIKT), high performance networking, data curation ….

7 Ease of Use (…and setting the scene for some of the later demonstrations) For Grids/e-Research to be truly successful –have to be made as seamless to access and use as the internet Forget training, education for some (most?) users! –have to be based on research pull and not middleware push –experiences in various projects have shown that users don’t like digital certificates The majority most certainly won’t jump through hoops to get on the Grid

8 Single Sign-On X.509 certificate based PKI common to many Grid efforts (including UK) –Step 1. Get a certificate –Step 2. Get your DN registered at places you expect to use –Step 3. Read the manuals (Globus, gLite, …) for how to submit/run a job

9 Step 1 In UK e-Science community X.509 PKI based on centralised CA with direct single hierarchy to users –Typical scenario for getting Grid certificate CA User RA 1.Request certificate (www.grid-support.ac.uk/ca)www.grid-support.ac.uk/ca 2. Check details of request 3. Ok? 4. Download and install certificate in browser 5. Download and install CRL 6. Export certificate to various formats e.g. as Grid certificate $> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out usercert.pem!!!! This is off-putting for end users!!! Typically not available on Windows!!! Root access? Local sys-admin?

10 But… Identity management issues –Certificate Revocation Lists –When revoked? By whom? How timely? Strong passwords for private keys –Users write them down, share them, forget them Privilege Management –Numerous domains where never get access to local account to “do stuff” User classification –Tinkerers vs much larger e-Research Community they want services to point their browser at and point click to run things on the Grid –I don’t want an account on a cluster to compile/run code, I’m a biologist who wants to run BLAST on a free National Grid resource

11 As a result… ~3500 UK e-Science certs –1000 for Manchester cluster But over 3 Million Athens accounts in UK HE/FE Iceberg is not to scale!!!!

12 How Can we Improve Things? We don’t want each domain reinventing their own security solutions Best to exploit local authentication –Sites know best if users still at institution and are best placed to state what their privileges are/should be

13 Shibboleth (http://shibboleth.internet2.edu)http://shibboleth.internet2.edu Definition Shibboleth [Hebrew for an ear of corn, or a stream or flood] 1. A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The Ephraimites, not being able to pronounce sh, called the word sibboleth. See --Judges xii. 2. Hence, the criterion, test, or watchword of a party; a party cry or pet phrase. ] Shibboleth will replace Athens as access mgt system across UK academia –Federations based on trust or more accurately trust but verify numerous international federations exist MAMS, SWITCH, HAKA, SDSS… Introducing Shibboleth

14 Typical Shibboleth Scenario Service provider 5. User accesses resource Grid resource / portal Identity Provider Home Institution W.A.Y.F. Federation User 1.User points browser at Grid resource/portal (or non-Grid resource) 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user AuthN LDAP

15 It’s a start, but… Benefit from local authentication but really want finer grained control… –I know you have authenticated, but I need to know that you have sufficient/correct privileges to access my VO resources –can also return various other information needed to support authorisation decisions

16 Authorization Technologies Various technologies for authorization including –PERMIS PrivilEge and Role Management Infrastructure Standards Validation –http://www.permis.orghttp://www.permis.org –Community Authorisation Service http://www.globus.org/security/CAS/ –AKENTI http://www-itg.lbl.giv/security/akenti –CARDEA http://www.nas.nasa.gov/Research/Reports/Techreports/2003/nas-03- 020-abstract.htmlhttp://www.nas.nasa.gov/Research/Reports/Techreports/2003/nas-03- 020-abstract.html –VOMS http://hep-project-grid-scg.web.cern.ch/hep-project-grid-scg/voms.html At NeSC we have been working extensively with PERMIS

17 Role Based Access Controls Basic idea is to define: –roles applicable to specific VO roles often hierarchical –Role X ≥ Role Y ≥ Role Z –Manager can do everything (and more) than an employee can do who can do everything (and more) than a trainee can do –actions allowed/not allowed for VO members –resources comprising VO infrastructure (computers, data resources etc) A policy then consists of sets of these rules { Role x Action x Target } –Can user with VO role X invoke service Y on resource Z? Policy itself can be represented in many ways, e.g. XML, XACML, … Tools available for policy editing, associating users with roles, signing policies etc –Policies stored as attribute certificates in LDAP server (New tools/wizards presented at OGF18 Washington)

18 Finer Grained Shibboleth Scenario Service provider Shib Frontend 5. Pass authentication info and attributes to authZ function Grid Portal 6. Make final AuthZ decision Grid Application Identity Provider Home Institution W.A.Y.F. Federation User 1. User points browser at Grid resource/portal 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user and pushes attributes to the service provider AuthN LDAP

19 Ok, but… I can do authorisation but I want single-sign on to lots of distributed resources across different organisations (aka Virtual Organisations in Grid speak) –Browser allows to keep session information so can access other resources without signing in again Provided authorisation information valid for different service providers –Each service provider completely autonomous Can configure attribute release/attribute acceptance policies per identity provider/service provider

20 NeSC Applications

21 BRIDGES Project More later GEMEPS Project More later VOTES Project More later

22 Dynamic Virtual Organisations for e-Science Education (DyVOSE) project –Two year project (£289k) started 1 st May 2004 funded by JISC –Exploring advanced authorisation infrastructures for security … in Grid Computing Module as part of advanced MSc at Glasgow –providing insight into rolling Grid out to the masses! DyVOSE Project

23 Putting the “Dy” in DyVOSE PERMIS based Authorisation checks/decisions Glasgow Education VO policies GlasgowEdinburgh Grid BLAST Data Service Nucleotide + Protein Sequence DB Grid-data Client Grid BLAST Service Edinburgh Education VO policies LDAP Implemented by Students data input Protein/nucleotide data returned based on student team role Glasgow SoA using Glasgow DIS to issue Edin. roles Edinburgh SoA using Glasgow DIS to issue Edin. roles ACs created for Edin. roles Dynamic PMI Case Study

24 GLASS –JISC funded started March 2006 Exploring early adoption of Shibboleth –Working with Computer Services directly Scenarios based upon teaching and access to NHS resources/data –Includes brain trauma (interest to neuro-folk/CARMEN?) Builds upon university wide unified account management system being rolled out (based on Novell nSure technology) ESP-Grid –JISC/Oxford University funded Developed demonstrator to show how Grid resources can be accessed and used via Shibboleth technology Grid Security Report –JISC/JCSR funded Focus on Grid security practices, middleware and outlook Grid meets Geographical Information Systems –JISC funded with focus on Shibboleth access to GIS data resources Security Related Projects

25 GEODE –Funded by ESRC lead by University of Stirling Two year project aiming to develop Grid enabled portal for occupational data –includes integration of various existing classification schemes –More later! Grid Enabled Occupational Data Environment (GEODE)

26 Grid Enabling Biomedical Pathway Simulator To extend software from DTI funding BPS project to benefit from the Grid –Biochemical differential equation solver –Parameter searches –Security aspects important

27 Scottish Bioinformatics Research Network Four year proposal (£2.4M) started February 2006 –Funded by Scottish Enterprise, Scottish Higher Education Funding Council, Scottish Executive Environment and Rural Affairs Department Involves Glasgow, Dundee, Edinburgh, Scottish Bioinformatics Forum –Aim to provide bioinformatics infrastructure for Scottish health, agriculture and industry Infrastructure support at Dundee, Edinburgh and Glasgow to support first-rate research in bioinformatics at each academic institute Infrastructure support at three institutes, to support inter-institutional sharing of compute and data resources through application of Grid computing Outreach and training activities mediated by the Scottish Bioinformatics Forum

28 Scottish Family Health Study Five (2+3) year proposal (£4.6M) started January 2006 –Funded by Health Department and Department for Enterprise and Lifelong Learning Involves Glasgow, Dundee, Edinburgh, Aberdeen –focus of genetics as applied to healthcare –first two years emphasis on providing a platform for research into the genetic basis of common complex diseases in Scotland »Mental health, cardiovascular, … »Plan to establish 15,000 family-based intensively-phenotyped cohort recruited from the East and West of Scotland –basis for neutralising heritable (genetic) risk factors in disease surveillance, treatment optimisation, avoidance of adverse drug events and prediction of response to therapy, health care planning and drug discovery, …

29 Meeting the Design Challenge of nanoCMOS Electronics Toshiba 04 Device diversification 90nm: HP, LOP, LSTP 45nm: UTB SOI 32nm: Double gate £5.3M EPSRC Pilot – kicks off next week 4-year project with lots of international visibility

30 AHRC Grant proposals –Performance Arts –Scottish Language and Literature OMII proposals –Visualisation service Scottish Enterprise –Production level clinical e-Infrastructure for Scotland Wellcome Trust –Grid based biomedical visualisation infrastructure EPSRC –Grid based brain trauma co-ordination with China Links to CARMEN –Construction Industry and Grids JISC –MANY bids on-going in e-Infrastructure, e-Repositories, … areas And of course the Scottish Grid Service… Current Efforts

31 There are more opportunities than can be followed up All funding councils, DTI, JISC, Europe FW7, international calls –How long for…? –Often difficult to get the first grant…? –More than happy to work with folk…? Opportunities

Download ppt "Research and NeSC Applications Prof Richard Sinnott Technical Director National e-Science Centre 26 th October 2006."

Similar presentations

International Grid Communities Dr. Carl Kesselman Information Sciences Institute University of Southern California.

International Grid Communities Dr. Carl Kesselman Information Sciences Institute University of Southern California.
Demonstrations at PRAGMA 13 10 demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
An open source approach for grids Bob Jones CERN EU DataGrid Project Deputy Project Leader EU EGEE Designated Technical Director

An open source approach for grids Bob Jones CERN EU DataGrid Project Deputy Project Leader EU EGEE Designated Technical Director
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.

Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.
The National Grid Service Mike Mineter.

The National Grid Service Mike Mineter.
AHM 2006 September 2006 DyVOSE Project: Experiences in Applying Advanced Authorisation Infrastructures John Watt (

AHM 2006 September 2006 DyVOSE Project: Experiences in Applying Advanced Authorisation Infrastructures John Watt (
AHM 2006 Talk 18 th September 2006 NanoCMOSgriD Meeting the Design Challenges of Nano-CMOS Electronics Meeting the Design Challenges of Nano-CMOS Electronics:

AHM 2006 Talk 18 th September 2006 NanoCMOSgriD Meeting the Design Challenges of Nano-CMOS Electronics Meeting the Design Challenges of Nano-CMOS Electronics:
Research Councils ICT Conference Welcome Malcolm Atkinson Director www.nesc.ac.uk 17 th May 2004.

Research Councils ICT Conference Welcome Malcolm Atkinson Director 17 th May 2004.
DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.

DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.
The National Grid Service and OGSA-DAI Mike Mineter

The National Grid Service and OGSA-DAI Mike Mineter
Supporting the UK e-Science community and their international collaborators Steven Newhouse.

Supporting the UK e-Science community and their international collaborators Steven Newhouse.
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Similar presentations

Ads by Google