Presentation is loading. Please wait.

Presentation is loading. Please wait.

G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.

Published byEthan Thomas Modified over 8 years ago

Similar presentations

Presentation on theme: "G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago."— Presentation transcript:

1 G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago

2 T HE OSG C OMPUTE E LEMENT Introduction to OSG terms The OSG compute element Grid Middleware Web Resources Security Q&A time April 22, 2009 NCGS 2009 Chapel Hill 2

3 B ASIC T ERMS CE – Compute Element SE – Storage Element VO – Virtual Organization WN – Worker Node VDT – Virtual Data Toolkit DN – Distinguished name GUMS – Grid User Management Server CA – Certificate Authority CRL – Certificate Revocation List April 22, 2009 3 NCGS 2009 Chapel Hill

4 T HE OSG C OMPUTE E LEMENT Introduction to OSG terms The OSG compute element Grid Middleware Web Resources Security Q&A time April 22, 2009 NCGS 2009 Chapel Hill 4

5 OSG S OFTWARE S TACK Consists of: VDT Software PLUS Additional OSG Specific bits E.g. CE VDT Subset Globus RSV PRIMA … and another dozen OSG bits: Information about OSG VOs OSG configuration script (configure_osg.py) April 22, 2009 5 NCGS 2009 Chapel Hill

6 O VERVIEW OF OSG COMPONENTS CE – Compute Element Provides point of interface for tools attempting to run jobs or work on a cluster Users submit jobs to this system OSG provides a package that installs all software needed for this component SE – Storage Element Several implementations dCache Bestman Manages data and storage services on cluster WN – Worker Node Software found on each compute node on grid Provides software that incoming jobs may depend on (e.g. curl, srmcp, gsiftp, etc.) Client – Client Software Provides software that users can use to submit and manage jobs and data on OSG May be superseded by VO specific software Other tools (more specific and not necessarily used by many people) April 22, 2009 6 NCGS 2009 Chapel Hill

7 OVERVIEW OF CE GRAM : Allows job submissions and passes them on to local batch manager Gridftp : Provides data transfer services into and out of cluster CEMon / GIP : Provides information to central services Gratia : Sends accounting information on jobs run to central server RSV : Provides probes to monitor health of the CE User authorization : Needed to connect certificates to user accounts April 22, 2009 7 NCGS 2009 Chapel Hill

8 B ASIC CE April 22, 2009 8 NCGS 2009 Chapel Hill GRAM Authorization RSV CEMon/GIP Submit jobs Query Test Query Gratia

9 S OFTWARE O VERVIEW OSGVDTGlobusGramGridftpBestmandCache Other components OSG Specific bits Jobmanager April 22, 2009 9 NCGS 2009 Chapel Hill

10 GRAM Two different flavors OSG provides and supports both Very different implementations GT2 What most users and VOs use Very stable and well understood On the other hand, fairly old GT4 (aka ws-gram) Web services enabled job submission Currently in transition Used primarily by LIGO April 22, 2009 10 NCGS 2009 Chapel Hill

11 G RATIA Collects information about what jobs have run on your site and by whom Hooks into GRAM and/or job manager Sends information to a central server Can connect and query central service to get reports and graphs April 22, 2009 11 NCGS 2009 Chapel Hill

12 CEM ON / GIP These work together  Essential for accurate information about your site  End-users see this information Generic Information Provider (GIP)  Scripts to scrape information about your site  Some information is dynamic (queue length)  Some is static (site name) CEMon  Reports information to OSG GOC’s BDII  Reports to OSG Resource Selector (ReSS) April 22, 2009 12 NCGS 2009 Chapel Hill

13 RSV System to run tests on various components of your site Presents a web page with red/green overview and links to more specific information on test results Optional interface to nagios Can be run on a server other than CE April 22, 2009 13 NCGS 2009 Chapel Hill

14 G RID S ECURITY Introduction to OSG terms The OSG compute element Grid Middleware Web Resources Security Q&A time April 22, 2009 NCGS 2009 Chapel Hill 14

15 C ERTIFICATES U SED OSG uses X.509 certificates for authentication and authorization Most certificates are from the DOEGrids certificate chain Obtained from GOC / Need someone to “vouch” for you All tools use and verify using certificates User submissions (job submission, gsiftp) use proxies signed by user’s X.509 certificate Sites and services have certificates which are verified by user tools April 22, 2009 15 NCGS 2009 Chapel Hill

16 CA C ERTIFICATES What are they? Public certificate for certificate authorities Used to verify authenticity of user certificates Recommended: OSG CA distribution IGTF + TeraGrid-only April 22, 2009 16 NCGS 2009 Chapel Hill

17 C ERTIFICATE R EVOCATION L ISTS (CRL S ) It’s not enough to have the CAs CAs publish CRLs: lists of certificates that have been revoked Sometimes revoked for administrative reasons Sometimes revoked for security reasons On OSG, default settings are to update these lists once a day April 22, 2009 17 NCGS 2009 Chapel Hill

18 C ERTIFCATE C HECKING April 22, 2009 18 NCGS 2009 Chapel Hill Server Certificate CA List CRL List Valid? Revoked?Yes! No Certificate accepted

19 A UTHORIZATION Done by gridmap files or GUMS Gridmap files are fairly simple Text file with DN followed by local account GUMS is preferred solution for larger site Central location for authorization decisions Allows for vo roles and multiple vo membership April 22, 2009 19 NCGS 2009 Chapel Hill

20 G RIDMAP A UTHORIZATION P ROCEDURE April 22, 2009 20 NCGS 2009 Chapel Hill Server 1 Server 2 Gridmap text file Certificate User DN engage osg Gridmap text file

21 GUMS A UTHORIZATION P ROCEDURE April 22, 2009 21 NCGS 2009 Chapel Hill Server 1 Server 2 GUMS Server Certificate User DN Server DN User DN Server DN engage osg

22 Q UESTIONS ? T HOUGHTS ? C OMMENTS ? Introduction to OSG terms and operations Installing an OSG site Maintaining a site Q&A time April 22, 2009 NCGS 2009 Chapel Hill 22

23 A CKNOWLEDGEMENTS Alain Roy Terrence Martin April 22, 2009 23 NCGS 2009 Chapel Hill

Download ppt "G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago."

Similar presentations

Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.

Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.
FP7-INFRA-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
Security Q&A OSG Site Administrators workshop Indianapolis August 6-7 2009 Doug Olson LBNL.

Security Q&A OSG Site Administrators workshop Indianapolis August Doug Olson LBNL.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.

Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.
Security Mechanisms The European DataGrid Project Team

Security Mechanisms The European DataGrid Project Team
Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.

Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.
OSG Logging Architecture Update Center for Enabling Distributed Petascale Science Brian L. Tierney: LBNL.

OSG Logging Architecture Update Center for Enabling Distributed Petascale Science Brian L. Tierney: LBNL.
OSG End User Tools Overview OSG Grid school – March 19, 2009 Marco Mambelli - University of Chicago A brief summary about the system.

OSG End User Tools Overview OSG Grid school – March 19, 2009 Marco Mambelli - University of Chicago A brief summary about the system.
Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG www.opensciencegrid.org International.

Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.
Rsv-control Marco Mambelli – Site Coordination meeting October 1, 2009.

Rsv-control Marco Mambelli – Site Coordination meeting October 1, 2009.
OSG S ITE INSTALLATION AND M AINTENANCE Suchandra Thapa Computation Institute University of Chicago.

OSG S ITE INSTALLATION AND M AINTENANCE Suchandra Thapa Computation Institute University of Chicago.
OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.

OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.
OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.

OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.
OSG Site Provide one or more of the following capabilities: – access to local computational resources using a batch queue – interactive access to local.

OSG Site Provide one or more of the following capabilities: – access to local computational resources using a batch queue – interactive access to local.
Integration and Sites Rob Gardner Area Coordinators Meeting 12/4/08.

Integration and Sites Rob Gardner Area Coordinators Meeting 12/4/08.

Similar presentations

Ads by Google