Presentation is loading. Please wait.

Presentation is loading. Please wait.

Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina.

Published byMillicent Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina."— Presentation transcript:

1 Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina

2 Grid Site with Log Search Service CE SE Grid application VO Spec application Syslog-ng Log Search Service OSG Central Facility Auditing Service Auditing Service Client Syslog-ng Log Search Service SE VO Spec application Grid application Syslog-ng CE Grid Site without Log Search Service Catch-All Log Search Service Host Central Repository Security Officer Site Central Log Monitoring Host Auditing Project Architecture VO Resource Site VO Services Host Gratia probes Gratia probes Gratia probes VO Spec application Syslog-ng site cluster host application log repository auditing data repository flow of data request flow of data storage Legend

3 Grid Site with Centralized Log collection Log Search Service Hosts multiple CEs and SEs Runs Grid and VO specific Services Uses syslog-ng to collect distributed log files in central repository Installs Gratia’s probes to report information about grid jobs Uses Log Search Service for logs monitoring Allows to execute queries to Log Search Service to authorized user

4 Gird Site without Log collection and Log Search Service Hosts multiple CEs and SEs Runs Grid and VO specific Services Uses syslog-ng or some other mechanism to collect distributed log files and forward them to central repository in OSG Facilities Installs Gratia’s probes to report information about grid jobs

5 VO Resources Site Runs VO specific Services Uses syslog-ng or some other mechanism to collect distributed log files and forward them to central repository in OSG Facilities Installs Gratia’s probes to report information about grid jobs

6 OSG Central Facility Set of nodes provided by one of OSG Grid Sites Offers –Auditing Service –Auditing Repository –Catch-All Log Search Service –Catch-All Central Log Repository

7 Auditing Project Context Diagram Auditing Service Active Storage Grid operation environment Gratia’s probes Auditing probes Globus Datagram Auditing Data Management MS Grid Configuration AAA Data Log Storage Query Executor Automaton Grid Security team Incident respondent Security assessor Suspected vulnerability Suspected incident OSG Security Information Service

8 Query Executor Admin Client Auditing DB Auditing Server User Client Archiver Report Generator MS Report Log Search Service Log Search Service Auditing Service Architecture Gratia DB

9 Auditing Service Components Auditing Server –Authenticates and authorized clients –Forwards authorized query to QE –Logs the request, its issuer and results in DB –Forwards authorized request for report to RG Query Executor –Receives request from AS –Queries all relevant Grid Site Log Search Services –Queries Gartia DB for information about finished grid jobs Archiver –Archives/de-archives historic events from/to mass storage Admin Client –Registers/Unregisters Grid Site and Site Security Admin –Registers/Unregisters Admin –Assigns/de-assigns Admin role based on credential –Allows Admin to define query –Allows Site Admin to approved predefined query User Client –Launches an authorized query –Requests report

Download ppt "Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina."

Similar presentations

Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.

Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.

Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.
OSG Logging Architecture Update Center for Enabling Distributed Petascale Science Brian L. Tierney: LBNL.

OSG Logging Architecture Update Center for Enabling Distributed Petascale Science Brian L. Tierney: LBNL.
Enabling Grids for E-sciencE www.eu-egee.org Medical image processing web portal : Requirements analysis. An almost end user point of view … H. Benoit-Cattin,

Enabling Grids for E-sciencE Medical image processing web portal : Requirements analysis. An almost end user point of view … H. Benoit-Cattin,
SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.

SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.
OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.

OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.
Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.

Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.
HPDC 2007 / Grid Infrastructure Monitoring System Based on Nagios Grid Infrastructure Monitoring System Based on Nagios E. Imamagic, D. Dobrenic SRCE HPDC.

HPDC 2007 / Grid Infrastructure Monitoring System Based on Nagios Grid Infrastructure Monitoring System Based on Nagios E. Imamagic, D. Dobrenic SRCE HPDC.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.
G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.

G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Information System on gLite middleware Vincent.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Information System on gLite middleware Vincent.
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

Similar presentations

Ads by Google