Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts

Published byTamsyn Small Modified over 8 years ago

Similar presentations

Presentation on theme: "Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts"— Presentation transcript:

1 ericrobe@tacc.utexas.edu Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts (ericrobe@tacc.utexas.edu)

2 ericrobe@tacc.utexas.edu Motivation A* workshop August 30-31, 2006 –Clear that the process of acquiring and managing a TeraGrid account needs to be restructured –Time and resources it takes to get a new user many different resource accounts has exceeded scalability limits. It has become clear that extending the User Portal to provide account management functionality is of paramount importance in order to effectively scale access to TeraGrid resources. Policy document being written by User Portal group that describes the plan for –reducing the number of accounts per user –eliminating paper snail-mail –utilizing the TeraGrid User Portal as a centralized tool for performing TeraGrid- wide account management.

3 ericrobe@tacc.utexas.edu Current Account Creation and Management For a PI to request a new TeraGrid project and get access to TeraGrid resources they must do the following: 1.PI requests allocation through POPS 2.Allocation gets approved, user(s) vetted 3.New project and accounts are created 1.AMIE packets are sent to the TGCDB and RP sites 2.NCSA creates a portal account for the user immediately 3.An NCSA DN is automatically generated for the user and put into mapfile of TeraGrid MyProxy service as well as propagated to all RP resources for entry in those grid mapfiles. 4.RP’s create local accounts asynchronously (~5 days) 4.Once all accounts are created, the PI is mailed all the user logins 1.The mail packet lists the default usernames and passwords for password enabled systems 2.The PI is responsible for distributing paperwork to co-Pis 3.For systems that require public SSH keys users are instructed to send their public SSH keys to help@teragrid.org

4 ericrobe@tacc.utexas.edu Proposal Changes proposed are a significant shift from current account management model so we have documented a 3-phase work plan to ensure a smooth, gradual transition Document and timeline are available on wiki: http://www.teragridforum.org/mediawiki/index.php?title=Scaling_TeraGri d_Access_Through_the_User_Portal http://www.teragridforum.org/mediawiki/index.php?title=Scaling_TeraGri d_Access_Through_the_User_Portal Phase 1 - single signon access using myproxy and gsissh Phase 2 - Migrate all account management to TeraGrid User Portal Phase 3 - Introduce finer grained access through User Portal and eliminate snail mail

5 ericrobe@tacc.utexas.edu Phase 1 Single Sign-on Access to TG Resources Goal –Introduce Single Sign-on Method for accessing TG resources Description –This phase primarily involves writing/updating the documentation on the website/User Portal to provide instructions for users to use myproxy and gsissh for single sign-on ssh access across TG resources User is able to login to any TG resource but only provides username/password once: –User logs into TG system –Execute myproxy-logon to retrieve short lived credential from MyProxy Credential Service This is where the user provides their user portal username and password –Execute gsissh to authenticate to any TG resource where user has an account and an NCSA DN** mapped to that account **NCSA is not a requirement but will be provided to all users by default This process is completely independent from the User Portal!!!

6 ericrobe@tacc.utexas.edu Phase 2 All Account Management Through User Portal Goals –Migrate All Account Management to TeraGrid User Portal –Make portal password resetting easier (more automated) Description –This phase pertains mostly to adding account management capability to the TeraGrid User Portal such that users can handle any and all RP resource account management tasks through a single web interface. changing RP system password propagate an SSH public key propagate a DN to all resources Changes in new account creation process –User receives packet through snail mail immediately (2-3 days after approval) containing only user portal username/password –User receives and manages RP system accounts through User Portal

7 ericrobe@tacc.utexas.edu Phase 3 Eliminate “Snail-Mailing” of Account Information Goal –Introduce trusted and un-trusted User Portal accounts and eliminate snail mail Description –Potential users create untrusted portal account, which has limited access to requesting allocations through POPS –Once allocations approved/user vetted, system account creation process begins and portal account is now trusted –User has full access to User Portal including the account management features introduced in Phase 2 –Add user process modifications Potential user creates untrusted portal account User logs into portal and requests their account be added to a particular project PI/co-PI/allocation manager approves/denies request If approved, portal account becomes trusted and RP account creations begin

8 ericrobe@tacc.utexas.edu Timeline

9 ericrobe@tacc.utexas.edu For More Details… Please send questions and comments to services-wg@teragrid.org Policy document still in draft form available on wiki: http://www.teragridforum.org/mediawiki/index.php?title=Scaling_TeraGri d_Access_Through_the_User_Portal http://www.teragridforum.org/mediawiki/index.php?title=Scaling_TeraGri d_Access_Through_the_User_Portal

Download ppt "Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms

AmeriCorps is introducing a new online payment system for the processing of AmeriCorps forms
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
Request Management Mirror-. A random three day sample of Incidents revealed that about 86% of the registered Incidents were legitimate Requests Many other.

Request Management Mirror-. A random three day sample of Incidents revealed that about 86% of the registered Incidents were legitimate Requests Many other.
Financial Aid Management System Account Registration and Confirmation.

Financial Aid Management System Account Registration and Confirmation.
Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.
Smart Connect – Supplier Portal Training Module 2 – Creation of Service Confirmation.

Smart Connect – Supplier Portal Training Module 2 – Creation of Service Confirmation.
Support.Avaya.Com Richard Schuman – Service Account Manager.

Support.Avaya.Com Richard Schuman – Service Account Manager.
Academic Technology Services The UCLA Grid Portal - Campus Grids and the UC Grid Joan Slottow and Prakashan Korambath Research Computing Technologies UCLA.

Academic Technology Services The UCLA Grid Portal - Campus Grids and the UC Grid Joan Slottow and Prakashan Korambath Research Computing Technologies UCLA.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
AssignPrelim1.1 © 2011 B. Wilkinson/Clayton Ferner. Modification date: Aug 22, 2011 Course Preliminaries.

AssignPrelim1.1 © 2011 B. Wilkinson/Clayton Ferner. Modification date: Aug 22, 2011 Course Preliminaries.
Distributed Account Management Middleware Glenn Bresnahan (PI), Boston University Steve Quinn (CoPI), NCSA Aaron Fuegi, Boston University Chris Pond, NCSA.

Distributed Account Management Middleware Glenn Bresnahan (PI), Boston University Steve Quinn (CoPI), NCSA Aaron Fuegi, Boston University Chris Pond, NCSA.
Standards Balloting and Commenting System (SBS) Login, Registration, Validation, and Permissions January 2015.

Standards Balloting and Commenting System (SBS) Login, Registration, Validation, and Permissions January 2015.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.
TG QM Arlington: GIG User Support Coordination Plan Sergiu Sanielevici, GIG Area Director for User Support Coordination

TG QM Arlington: GIG User Support Coordination Plan Sergiu Sanielevici, GIG Area Director for User Support Coordination
EPA Postings Workflows There are 3 phases (workflows) in the recruitment process: 1)Creating a Posting 2)Screening and Transitioning.

EPA Postings Workflows There are 3 phases (workflows) in the recruitment process: 1)Creating a Posting 2)Screening and Transitioning.
Network, Operations and Security Area Tony Rimovsky NOS Area Director

Network, Operations and Security Area Tony Rimovsky NOS Area Director

Similar presentations

Ads by Google