Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Web Server for Basic Grid Services D. Calvet DAPNIA/SEI, CEA Saclay 91191 Gif-sur-Yvette Cedex.

Published bySherman O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "A Web Server for Basic Grid Services D. Calvet DAPNIA/SEI, CEA Saclay 91191 Gif-sur-Yvette Cedex."— Presentation transcript:

1 A Web Server for Basic Grid Services D. Calvet DAPNIA/SEI, CEA Saclay 91191 Gif-sur-Yvette Cedex

2 Lyon 21 November 2001 calvet@hep.saclay.cea.fr2 GRID and WWW Functionality of a typical Web server useful for GRID: –Anonymous access, or server authentication, or mutual client and server authentication (e.g. X.509 certificates) –Plain-text or secure transfers (encryption), HTTPS over SSL –File read/write access by clients –Execute access on a server is not well defined -> the basis of the GRID can be seen as providing the « Execute » capability to the existing WWW Some basic GRID Services: servers and users authentication users authorization secure data transfers remote process creation

3 Lyon 21 November 2001 calvet@hep.saclay.cea.fr3 Providing Basic Services for Grid Dedicated packages, specific protocols –E.g. Globus and gatekeeper protocol -> viable option, main (only?) stream of work in DataGRID « Standard » Web tools –Re-use as much as one can from WWW technology –Use Web browsers as clients; HTTP(S) protocol as is –Make extensions to one of today’s web server to provide the missing parts -> this option is investigated in the present work: feasibility, proof of principle, how much effort is needed … but all code is for demonstration only (i.e. incomplete, quickly done – ~6 person month - and most likely unsafe)

4 Lyon 21 November 2001 calvet@hep.saclay.cea.fr4 Technical Choices An open-source JAVA based Web server –portability, ease of customization,… Choice: JETTY (http://jetty.mortbay.org)http://jetty.mortbay.org Hook to host computer via CGI interface –PERL scripts for interaction with host computer –C programs to wrap critical parts, system commands… -> Code runs on any UNIX-like machines Use of standard X.509 certificates for authentication –JAVA like trusted certificate management (keystore file) –or Globus/OpenSSL like certificate storage (directory of files) Off-the-shelf web browsers for clients -> Zero installation or specific program on the client side

5 Lyon 21 November 2001 calvet@hep.saclay.cea.fr5 Software Architecture CGI GUI, Server authentication Web server HTML form Perl script Execvp Upload User B adduser SUID root X.509 Certs and CRLs Client browser X.509 Certs (and CRLs) Environment variables DN allowed DN denied DN to login HTTPS User A Dynamic account setup User authorization Execvp Upload Client authentication Secure channel Process creation HTML (stdout) (stdout)

6 Lyon 21 November 2001 calvet@hep.saclay.cea.fr6 Implementation Server and Client authentication (JAVA) –Supported by Jetty without any modification -> but no check of CRLs in today’s SUN JDK classes –SUN’s X509TrustManager replaced by our own version -> support trusted Certs and CRL’s a la Globus/OpenSSL Client authorization: (PERL CGI script) –Client rights: transposed combination of UNIX flags « rwx » document read on server (all authenticated users) file upload to server (authorized users) execute command or program on server (authorized users) -> more refinements can be imagined Secure data transfer –HTTPS support in Jetty and Web browsers without any change

7 Lyon 21 November 2001 calvet@hep.saclay.cea.fr7 Implementation (con’t) Users and accounts –1 account per user: correspondence between the user’s DN and his local account provided by a mapfile –Dynamic account creation on the server if a user’s DN is not in the mapfile, is in a file users.allow and not in a file users.deny file users.allow: list of users’ DN permitted to have an account (e.g. project wide list distributed to all sites) file users.deny: list of users’ DN not permitted on this site/server (local policy enforcement) Remote process creation (PERL script and C wrapper) –return output in HTML to the client

8 Lyon 21 November 2001 calvet@hep.saclay.cea.fr8 Demonstration Top window: server; bottom window: client

9 Lyon 21 November 2001 calvet@hep.saclay.cea.fr9 Demonstration

10 Lyon 21 November 2001 calvet@hep.saclay.cea.fr10 Demonstration

11 Lyon 21 November 2001 calvet@hep.saclay.cea.fr11 Demonstration

12 Lyon 21 November 2001 calvet@hep.saclay.cea.fr12 Tentative comparison with Globus FunctionGlobus 1.1.3Proposed scheme Client software/interfaceSpecific / command lineInternet Explorer, Netscape / Graphical Single sign-onYes (grid-proxy)No Server protocolProprietary (gatekeeper)Web standards: SSL, HTML, CGI… Data transfersAuthenticated; plain-text onlyAnonymous and in plain-text (HTTP) or authenticated and encrypted (HTTPS) Information serviceGIS, GIIS, LDAP browserNot studied – adapt web search tools? Other servicesMPI support, GSI ftp, HBMDynamic login setup Platforms/OS supportlimitedClients: almost any; servers: UNIX-like Critical part for securityDaemon running as rootHooks to some SUID commands Development effort10’s of person-year0.5 person-year Deployment effortAdministrator and user trainingWeb server administration

13 Lyon 21 November 2001 calvet@hep.saclay.cea.fr13 Potential of proposed approach Pros –Minimum effort by extensive re-use of web stuff –Reduced dedicated package to develop, install and maintain –Web servers and browsers are ubiquitous and come by default with any modern OS –Software companies could extend the scope of their web products in the direction of the GRID (if there is a market…) Cons –Proof of principle is easy, but obstacles may be found later –Introduces security weaknesses in web servers –Relies a lot on software industry (will they do what we need?) –Clients tight to a Web browser (no access via console, batch) –The GRID is much more than the basic services mentioned –For DataGRID, orthogonal to the approach based on Globus

14 Lyon 21 November 2001 calvet@hep.saclay.cea.fr14 Summary Today’s Web stuff could be the basis of the GRID –Anonymous or authenticated accesses –Clear or encrypted data transfers –File read/write access by clients on a server Adaptations around a JAVA-based Web server showed –Server and client authentication with X.509 certificates/CRLs –Dynamic computer account creation on server for authorized remote users (or use of an existing account) –File upload, program execute for authorized remote users –Data stream encryption between client and server –Client software: off-the-shelf web browsers Paper submitted to CCGrid2002 as a personal contribution

Download ppt "A Web Server for Basic Grid Services D. Calvet DAPNIA/SEI, CEA Saclay 91191 Gif-sur-Yvette Cedex."

Similar presentations

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.
GT4 Architectural Security Review December 17th, 2004.

GT4 Architectural Security Review December 17th, 2004.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.

Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
 2003 Prentice Hall, Inc. All rights reserved. Chapter 21 – Web Servers (IIS and Apache) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3 System.

 2003 Prentice Hall, Inc. All rights reserved. Chapter 21 – Web Servers (IIS and Apache) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3 System.
Andrew McNab - Manchester HEP - 6 November 2001 www.gridpp.ac.uk Old version of website was maintained from Unix command line => needed (gsi)ssh access.

Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Sun Grid Engine Grid Computing Assignment – Fall 2005 James Ruff Senior Department of Mathematics and Computer Science Western Carolina University.

Sun Grid Engine Grid Computing Assignment – Fall 2005 James Ruff Senior Department of Mathematics and Computer Science Western Carolina University.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.

UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Grids and Globus at BNL Presented by John Scott Leita.

Grids and Globus at BNL Presented by John Scott Leita.
July 16 th, 2005 Software Architecture in Practice RiSE’s Seminars Bass’s at all Book :: Chapters 13 Fred Durão.

July 16 th, 2005 Software Architecture in Practice RiSE’s Seminars Bass’s at all Book :: Chapters 13 Fred Durão.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Chapter 10 Publishing and Maintaining Your Web Site.

Chapter 10 Publishing and Maintaining Your Web Site.

Similar presentations

Ads by Google