Architectural Framework Presentation Vincenzo Ciaschini CNAF 15/5/06.

Slides:

Advertisements

Similar presentations

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

Advertisements

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

INFSO-RI Enabling Grids for E-sciencE XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.

W w w. h p c - e u r o p a. o r g Single Point of Access to Resources of HPC-Europa Krzysztof Kurowski, Jarek Nabrzyski, Ariel Oleksiak, Dawid Szejnfeld.

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.

Frascati, October 9th, Accounting in DataGrid Initial Architecture Albert Werbrouck Frascati, October 9, 2001.

The Data Grid: Towards an Architecture for the Distributed Management and Analysis of Large Scientific Dataset Caitlin Minteer & Kelly Clynes.

A.Guarise – F.Rosso 1 Enabling Grids for E-sciencE INFSO-RI Comprehensive Accounting Views on large computing farms. Andrea Guarise & Felice Rosso.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

Database Environment Session 2 Course Name: Database System Year : 2013.

1 User Analysis Workgroup Discussion  Understand and document analysis models  Best in a way that allows to compare them easily.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

INFSO-RI Enabling Grids for E-sciencE Use of VOMS Attributes: semantics and suggestions Vincenzo Ciaschini MWSG 12 Stockholm 12-13/06/07.

VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.

INFSO-RI Enabling Grids for E-sciencE G-PBox Auth meeting 13/9/2005 Presenter: Vincenzo Ciaschini.

Summary from WP 1 Parallel Section Massimo Sgaravatto INFN Padova.

INFSO-RI Enabling Grids for E-sciencE Policy management and fair share in gLite Andrea Guarise HPDC 2006 Paris June 19th, 2006.

INFSO-RI Enabling Grids for E-sciencE SAML-XACML interoperability Oscar Koeroo.

CERN 21 January 2005Piotr Nyczyk, CERN1 R-GMA Basics and key concepts Monitoring framework for computing Grids – developed by EGEE-JRA1-UK, currently used.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.

DataTAG is a project funded by the European Union International School on Grid Computing, 23 Jul 2003 – n o 1 GridICE The eyes of the grid PART I. Introduction.

Placeholder ES 1 CERN IT EGI Technical Forum, Experiment Support group AAI usage, issues and wishes for WLCG Maarten Litmaath CERN.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Study on Authorization Christoph Witzig,

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Study on Authorization Christoph Witzig,

EGEE-III INFSO-RI Enabling Grids for E-sciencE VO Authorization in EGEE Erwin Laure EGEE Technical Director Joint EGEE and OSG Workshop.

EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp (SWITCH) – Argus Product Team.

SAM architecture EGEE 07 Service Availability Monitor for the LHC experiments Simone Campana, Alessandro Di Girolamo, Nicolò Magini, Patricia Mendez Lorenzo,

1 Grid security Services and Support Vincenzo Ciaschini, INFN CNAF V INFN-GRID workshop 18-20/12/2006.

ECGI meeting on job priorities on May 15th 2006, CNAF Bologna How LHCb thinks to use/integrate g-PBox (or single components) and when Gianluca Castellani.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.

Job Priorities and Resource sharing in CMS A. Sciabà ECGI meeting on job priorities 15 May 2006.

Implementation of GLUE 2.0 support in the EMI Data Area Elisabetta Ronchieri on behalf of JRA1’s GLUE 2.0 Working Group INFN-CNAF 13 April 2011, EGI User.

Panda Monitoring, Job Information, Performance Collection Kaushik De (UT Arlington), Torre Wenaus (BNL) OSG All Hands Consortium Meeting March 3, 2008.

EGEE is a project funded by the European Union under contract INFSO-RI DGAS Grid accounting L.Gaido on behalf of A.Guarise LCG Workshop November.

G-PBox Facts and status JRA1 Authz Coord Meeting January CNAF/INFN Bologna Andrea Ferraro.

國立臺北科技大學課程：資料庫系統 Chapter 2 Database Environment.

REV 00 Chapter 2 Database Environment DDC DATABASE SYSTEM.

REV 00 Chapter 2 Database Environment DDC DATABASE SYSTEM.

DGAS A.Guarise April 19th, Athens

Classic Storage Element

StoRM: a SRM solution for disk based storage systems

How to connect your DG to EDGeS? Zoltán Farkas, MTA SZTAKI

Farida Naz Andrea Sciabà

CRIC ・ Authentication & Authorization

Towards GLUE Schema 2.0 Sergio Andreozzi INFN-CNAF Bologna, Italy

Preview Testbed Massimo Sgaravatto – INFN Padova

Grid accounting system

WLCG experiments FedCloud through VAC/VCycle in the EGI

Accounting at the T1/T2 Sites of the Italian Grid

Pierre Girard Réunion CMS

October 11th, CNAF GDB Meeting

Grid Deployment Board meeting, 8 November 2006, CERN

Giuseppe Patania Nov, Martina Franca (Ta)‏

Chapter 2 Database Environment Pearson Education © 2009.

Chapter 2: Database System Concepts and Architecture

Danilo Dongiovanni INFN-CNAF

DGAS Today and tomorrow

HLRmon accounting portal

QoS and SLA in INFN Grid INFN team: Andrea Ceccanti, Vincenzo Ciaschini, Alberto Forti, Andrea Ferraro, Valerio Venturi Location Catania (Italy) Date 4/3/2008.

Chapter 2 Database Environment Pearson Education © 2014.

a middleware implementation

Information System (BDII)

G-PBox: current status and future plans

Presentation transcript:

Architectural Framework Presentation Vincenzo Ciaschini CNAF 15/5/06

Objective: To describe a flexible infrastructure for VO-based CE management. –Generalities only: Details will be given by the other presentations.

Requirements: VO should be able to: –Dynamically change the way groups/roles utilize resources. –Collect usage and historical informations. –Implement quotas Differentiate resource usage inside a VO. –Impossible with the current setup. Collect and use accounting informations.

Concepts: CE offer different service classes to different groups of users and to different VOs. –E.g: atlasgold, atlassilver, atlasbronze Users are mapped onto different groups. –E.g: /atlas/production, /atlas/analysis The internal configuration of a CE is a sensitive matter.

Components Needed VOMS –To define groups for users. G-PBox –To map users to service classes. –To dynamically change the association between users and classes. DGAS –Accounting information. WMS –Job brokering.

Architectural Schema VOMS RB VO G-PBox CESite G-PBoxSite HLR VO HLR

Job Submission VOMS RB VO G-PBox CESite G-PBoxSite HLR VO HLR Creds Job + Creds

Policy Manipulation VOMS VO G-PBox CESite G-PBox VO Admin

Setup of the CE Create one queue for VO. Create several local pools for VO, each with its own fair share. Publish the supported service classes.

Contents of the Site G-PBox Policies mapping service classes to the corresponding local accounts. (private) Policies mapping groups/roles to service classes. (public, from VO G-PBox)

Contents of the VO G-PBox Policies mapping groups/roles to service classes (public, transmitted to Site G- PBoxes) Policies to filter CEs on the base of the mapping policies and the service classes implemented by the CE

Advantages: Mapping of users to service classes can be changed dynamically. Easy to discover what service classes are supported by each CE. No need to rely on publication of FQAN for CE selection from RB. –IS is insecure. XACML semantics allow much more complex policies.