1 MSWG, Amsterdam, December 15, 2005 DEISA security Jules Wolfrat SARA.

Slides:

Advertisements

Similar presentations

W w w. h p c - e u r o p a. o r g HPC-Europa Portal: Uniform Access to European HPC Infrastructure Ariel Oleksiak Poznan Supercomputing.

Advertisements

Forschungszentrum Jülich in der Helmholtz-Gesellschaft December 2006 A European Grid Middleware Achim Streit

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Agreement-based Distributed Resource Management Alain Andrieux Karl Czajkowski.

Security Daniel Mallmann MWSG meeting Amsterdam December 2005.

Towards a Virtual European Supercomputing Infrastructure Vision & issues Sanzio Bassini

High Performance Computing Course Notes Grid Computing.

XSEDE 13 July 24, Galaxy Team: PSC Team:

The UNICORE GRID Project Karl Solchenbach Gesellschaft für Parallele Anwendungen und Systeme mbH Pallas GmbH Hermülheimer Straße 10 D Brühl, Germany.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Silicon Graphics, Inc. Poster Presented by: SGI Proprietary Technologies for Breakthrough Research Rosario Caltabiano North East Higher Education & Research.

Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.

Amsterdam, 28 June 2006DEISA UNICORE tutorial UNICORE and the DEISA supercomputing grid Jules Wolfrat

Lisbon, August A. Streit DEISA Forschungszentrum Jülich in der Helmholtz-Gesellschaft Achim Streit

INFSO-RI Enabling Grids for E-sciencE Introduction to GRID computing Introduction GRID Tutorial Jules Wolfrat SARA.

UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.

CSC Grid Activities Arto Teräs HIP Research Seminar February 18th 2005.

INFSO-RI Enabling Grids for E-sciencE Large Scale Grid Infrastructures: Status and Future Erwin Laure EGEE Technical Director CERN,

Simo Niskala Teemu Pasanen

W w w. h p c - e u r o p a. o r g Single Point of Access to Resources of HPC-Europa Krzysztof Kurowski, Jarek Nabrzyski, Ariel Oleksiak, Dawid Szejnfeld.

© 2008 by M. Stümpert, A. Garcia; made available under the EPL v1.0 | Access the power of Grids with Eclipse Mathias Stümpert (Karlsruhe Institute.

Forschungszentrum Jülich in der Helmholtz-Gesellschaft Grid Computing at NIC September 2005 Achim Streit + Team

Experiences with using UNICORE in Production Grid Infrastructures DEISA and D-Grid Michael Rambadt

EuroCAMP, Malaga, October 19, 2006 DEISA requirements for federations and AA Jules Wolfrat SARA

1Forschungszentrum Jülich  11:00 – 11:20UNICORE – A European Grid Middleware (20 min) Achim Streit (FZJ)  11:20 – 11:30Demonstration of UNICORE in DEISA.

GGF16 Athens, February DEISA Perspectives Towards cooperative extreme computing in Europe Victor Alessandrini IDRIS - CNRS

Panel Abstractions for Large-Scale Distributed Systems Henri Bal Vrije Universiteit Amsterdam.

Towards the definition of an eIRGRoma, 10 December An e-Infrastructure in Europe: a strategy and policy driven approach for a policy eIRG A pink.

RI User Management in DEISA The DEISA VO view Jules Wolfrat SARA, HPDC’08 workshop June 24, 2008.

The John von Neumann Institute for Computing (NIC): A survey of its computer facilities and its Europe-wide computational science activities Norbert Attig.

DataTAG Research and Technological Development for a Transatlantic Grid Abstract Several major international Grid development projects are underway at.

RI User Support in DEISA/PRACE EEF meeting 2 November 2010, Geneva Jules Wolfrat/Axel Berg SARA.

Forschungszentrum Jülich in der Helmholtz-Gesellschaft Experiences with using UNICORE in Production Grid Infrastructures DEISA and D-Grid Michael Rambadt.

Cracow Grid Workshop October 2009 Dipl.-Ing. (M.Sc.) Marcus Hilbrich Center for Information Services and High Performance.

Introduction to Grid Computing Ed Seidel Max Planck Institute for Gravitational Physics

Grid Middleware Tutorial / Grid Technologies IntroSlide 1 /14 Grid Technologies Intro Ivan Degtyarenko ivan.degtyarenko dog csc dot fi CSC – The Finnish.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Authors: Ronnie Julio Cole David

RI The DEISA Sustainability Model Wolfgang Gentzsch DEISA-2 and OGF rzg.mpg.de.

ISERVOGrid Architecture Working Group Brisbane Australia June Geoffrey Fox Community Grids Lab Indiana University

Research Infrastructures Information Day Brussels, March 25, 2003 Victor Alessandrini IDRIS - CNRS.

Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.

LIGO-G E LIGO Scientific Collaboration Data Grid Status Albert Lazzarini Caltech LIGO Laboratory Trillium Steering Committee Meeting 20 May 2004.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

NORDUnet Nordic Infrastructure for Research & Education Workshop Introduction - Finding the Match Lars Fischer LHCONE Workshop CERN, December 2012.

April 10, 2008, Garching Claudio Gheller CINECA The DEISA HPC Grid for Astrophysical Applications.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

Panel “Making real large-scale grids for real money-making users: why, how and when?” August 2005 Achim Streit Forschungszentrum Jülich in der.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

7. Grid Computing Systems and Resource Management

Fourth EGEE Conference Pise, October 23-28, 2005 DEISA Perspectives Towards cooperative extreme computing in Europe Victor Alessandrini IDRIS - CNRS

LSF Universus By Robert Stober Systems Engineer Platform Computing, Inc.

An Architectural Approach to Managing Data in Transit Micah Beck Director & Associate Professor Logistical Computing and Internetworking Lab Computer Science.

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

14, Chicago, IL, 2005 Science Gateways to DEISA Motivation, user requirements, and prototype example Thomas Soddemann, RZG, Germany.

E-Infrastructure the FP7 prospects Mário Campolargo European Commission - DG INFSO Head of Unit Research Infrastructures TERENA Networking Conference 2006.

Claudio Grandi INFN Bologna Virtual Pools for Interactive Analysis and Software Development through an Integrated Cloud Environment Claudio Grandi (INFN.

EGEE Workshop on Management of Rights in Production Grids Paris, June 19th, 2006 Victor Alessandrini IDRIS - CNRS DEISA : status, strategies, perspectives.

Page : 1 SC2004 Pittsburgh, November 12, 2004 DEISA : integrating HPC infrastructures in Europe DEISA : integrating HPC infrastructures in Europe Victor.

Monterey HPDC Workshop Experiences with MC-GPFS in DEISA Andreas Schott

DutchGrid KNMI KUN Delft Leiden VU ASTRON WCW Utrecht Telin Amsterdam Many organizations in the Netherlands are very active in Grid usage and development,

EGI-InSPIRE EGI-InSPIRE RI The European Grid Infrastructure Steven Newhouse Director, EGI.eu Project Director, EGI-InSPIRE 29/06/2016CoreGrid.

EGI-InSPIRE RI EGI Compute and Data Services for Open Access in H2020 Tiziana Ferrari Technical Director, EGI.eu

GGF 17 - May, 11th 2006 FI-RG: Firewall Issues Overview Document update and discussion The “Firewall Issues Overview” document.

Bob Jones EGEE Technical Director

DEISA : integrating HPC infrastructures in Europe Prof

Presentation transcript:

1 MSWG, Amsterdam, December 15, 2005 DEISA security Jules Wolfrat SARA

MSWG, Amsterdam, December 15, DEISA objectives To enable Europe’s terascale science by the integration of Europe’s most powerful supercomputing systems. Enabling scientific discovery across a broad spectrum of science and technology is the only criterion for success DEISA is an European Supercomputing Service built on top of existing national services. This service is based on the deployment and operation of a persistent, production quality, distributed supercomputing environment with continental scope. The integration of national facilities and services, together with innovative operational models, is expected to add substantial value to existing infrastructures. Main focus is High Performance Computing (HPC).

MSWG, Amsterdam, December 15, The DEISA Supercomputing Environment IBM AIX Super-cluster –FZJ-Julich, 1214 processors, 6,8 teraflops peak –RZG – Garching, 748 processors, 3,8 teraflops peak –IDRIS, 1024 processors, 6.7 teraflops peak –CINECA, 512 processors, 2,6 teraflops peak –CSC, 512 processors, 2,6 teraflops peak –ECMWF, 2 systems of 2276 processors each, 33 teraflops peak BSC, IBM PowerPC Linux system (MareNostrum) 4864 processeurs, 40 teraflops peak SARA, SGI ALTIX Linux system, 1024 processors, 2.2 teraflops peak LRZ, Linux cluster (2.7 teraflops) moving to SGI ALTIX system (5120 processors and 33 teraflops peak in 2006, 70 teraflops peak in 2007) HLRS, NEC SX8 vector system, 646 processors, 12,7 teraflops peak.

MSWG, Amsterdam, December 15, The DEISA supercomputing Grid: a layered infrastructure Inner layer: a distrubuted super-cluster resulting from the deep integration of similar IBM AIX platforms at IDRIS, FZ-Julich, RZG-Garching and CINECA (phase 1) then CSC (phase 2). It looks to external users as a single supercomputing platform. Outer layer: a heterogeneous supercomputing Grid: –IBM AIX super-cluster (IDRIS, FZJ, RZG, CINECA, CSC) close to 24 Tf –BSC, IBM PowerPC Linux system, 40 Tf –LRZ, Linux cluster (2.7 Tf) moving to SGI ALTIX system (33 Tf in 2006, 70 Tf in 2007 –SARA, SGI ALTIX Linux cluster, 2.2 Tf –ECMWF, IBM AIX system, 32 Tf –HLRS, NEC SX8 vector system, close to 10 Tf

MSWG, Amsterdam, December 15, AIX SUPER-CLUSTER, September 2005 Full production status of dedicated (reserved bandwidth) 1 Gb/s network GPFS : Full production at FZJ, RZG, IDRIS, CINECA; CSC and ECMWF to follow JOB MIGRATION: test status in all sites CSC ECMWF Services Services: High performance datagrid via GPFS Access to remote files use the full available network bandwidth Job migration across sites Used to load balance the global workflow when a huge partition is allocated to a DEISA project in one site Common Production Environment

MSWG, Amsterdam, December 15, Heterogeneous Grid services roadmap Extension of GPFS to non-AIX Linus systems. GPFS will work also on the extended Grid. Extensions to SGI Altix is validated. MareNostrum can also be integrated in DEISA’s GPFS Workflow applications. Based on UNICORE plus further extensions coming from EU funded projects. Available today. Co-allocation. Needed to support Grid applications running on the heterogeneous environment. First generation co-allocation service to be implemented by Platform Computing Global data management. Implementing access to distributed data, fast data transfers across sites, hierarchical data management at a continental scale. First services expected in 2006 Science Gateways and Portals; Specific Internet interfaces to hide complex supercomputing environments from end users, and facilitate the access of new, non traditional users communities.

MSWG, Amsterdam, December 15, Technologies deployed Batch systems integrated between core sites (Loadleveler- MC) Transparent data access – Global file system –GPFS (MC) on IBM systems – high performance parallel filesystem, high throughput network needed between sites to achieve performance – dedicated network between sites, currently provided by GEANT and NRENs (1Gbps) –AFS (if GPFS not available) UNICORE for job submission in heterogeneous environment

MSWG, Amsterdam, December 15, DEISA AA (1) For both LL-MC and GPFS AuthX and AuthZ based on Posix ids Synchronization needed between sites of DEISA user ids and group ids User administration system build based on LDAP –Each site add DEISA users from their sites in LDAP system –Other sites extract information and update local user administration Duplicate ids avoided by using reserved ranges for each partner – for both uid and gid - also existing users get a new DEISA user id. GPFS also has mapping functionality e.g. xuid  uid1 (site A) and  uid2 (site B) – not used yet

MSWG, Amsterdam, December 15, User attributes example Title: Mr. Name: Jules Wolfrat Certificate subject: CN=Jules Wolfrat,O=sara,O=users,O=dutchgrid Nationality: NL Organisational Unit: SARA Science field: DEISA Staff Telephone number: address: Registrar: Jules Wolfrat Home directory: AFS Login shell: /bin/bash DEISA username: sar00005 DEISA UID: DEISA group: sar00005 DEISA GID: Active: Yes

MSWG, Amsterdam, December 15, DEISA AA (2) UNICORE AuthX and AuthZ based on X.509 certs Certificates accepted from EUGridPMA CAs –Except ECMWF, lifetime considered too long – they provide smartcards for users that need access – and then they can request certs with lifetime in order of 2 weeks from ECMWF CA LDAP system used for distribution of certs for addition to UUDB for UNICORE authZ – transition to DN based AuthZ now More fine grained authZ is under discussion – now access to site is yes/no