EGEE VO Management.

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

Hungrid A Possible Distributed Computing Platform for Hungarian Fusion Research Szabolcs Hernáth MTA KFKI RMKI EFDA RP Workshop.

Plateforme de Calcul pour les Sciences du Vivant SRB & gLite V. Breton.

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

AustrianGrid, LCG & more Reinhard Bischof HPC-Seminar April 8 th 2005.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

CERN - IT Department CH-1211 Genève 23 Switzerland t Monitoring the ATLAS Distributed Data Management System Ricardo Rocha (CERN) on behalf.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Pilot Test-bed Operations and Support Work.

OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Monitoring in EGEE EGEE/SEEGRID Summer School 2006, Budapest Judit Novak, CERN Piotr Nyczyk, CERN Valentin Vidic, CERN/RBI.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

Association with the Gilda Virtual Organization Certificate,VO membership, and MyProxy Server usage.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE Gergely Sipos

MTA SZTAKI Hungarian Academy of Sciences Introduction to Grid portals Gergely Sipos

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.

Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.

The OSG and Grid Operations Center Rob Quick Open Science Grid Operations Center - Indiana University ATLAS Tier 2-Tier 3 Meeting Bloomington, Indiana.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Ian Bird All Activity Meeting, Sofia

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Stephen Burke – Sysman meeting - 22/4/2002 Partner Logo The Testbed – A User View Stephen Burke, PPARC/RAL.

EGEE is a project funded by the European Union under contract IST New VO Integration Fabio Hernandez ROC Managers Workshop,

Gilda certificates. Certification Authority

INFSO-RI Enabling Grids for E-sciencE GILDA t-Infrastructure Antonio Fuentes Bermejo

First South Africa Grid Training June 2008, Catania (Italy) GILDA t-Infrastructure Valeria Ardizzone INFN Catania.

RI EGI-TF 2010, Tutorial Managing an EGEE/EGI Virtual Organisation (VO) with EDGES bridged Desktop Resources Tutorial Robert Lovas, MTA SZTAKI.

SAM architecture EGEE 07 Service Availability Monitor for the LHC experiments Simone Campana, Alessandro Di Girolamo, Nicolò Magini, Patricia Mendez Lorenzo,

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.

Vendredi 27 avril 2007 Management of ATLAS CC-IN2P3 Specificities, issues and advice.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI solution for high throughput data analysis Peter Solagna EGI.eu Operations.

Enabling Grids for E-sciencE University of Perugia Computational Chemistry status report EGAAP Meeting – 21 rst April 2005 Athens, Greece.

Bob Jones EGEE Technical Director

Introduction to GILDA testbed and Genius portal

Grid Computing: Running your Jobs around the World

Regional Operations Centres Core infrastructure Centres

The EDG Testbed Deployment Details

GILDA t-Infrastructure

How to connect your DG to EDGeS? Zoltán Farkas, MTA SZTAKI

Cross-health enterprises Medical Data Management on the EGEE grid

LCG Security Status and Issues

GWE Core Grid Wizard Enterprise (

Ian Bird GDB Meeting CERN 9 September 2003

NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit

Brief overview on GridICE and Ticketing System

Grid Services Ouafa Bentaleb CERIST, Algeria

The CCIN2P3 and its role in EGEE/LCG

Short update on the latest gLite status

Grid Security Jinny Chien Academia Sinica Grid Computing.

THE STEPS TO MANAGE THE GRID

Artem Trunov, Günter Quast EKP – Uni Karlsruhe

Gonçalo Borges, Mário David, Jorge Gomes

Update on EDG Security (VOMS)

Leigh Grundhoefer Indiana University

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Pierre Girard ATLAS Visit

EGEE Operation Tools and Procedures

gLite The EGEE Middleware Distribution

Site availability Dec. 19 th 2006

Grid Computing Software Interface

Presentation transcript:

EGEE VO Management

EGEE VO concept Group of users with the same scientific interest Local VOs Global VOs computational & storage resources needs A VO using the EGEE infrastructure is required to: Contribute computational resources corresponding approximately to the average needs of the VO for large-scale, production use. Help drive the evolution of the infrastructure and the middleware through use of the system and by providing feedback VOs provide machines in exchange of computing time

VO management 2 levels of management : Internal VO management Users Software Ressources requests Site level VO management VO deployment resources access setup and control VO operation management (sites need dialog with VOs when there are jobs/services problems) Fairshare policies

Usual VO Requirements Differentiate user privileges : Standard user Production user Software manager Easy way to get access/negotiate to new resources Over 200 sites  CIC portal Statistics about resource usage GOC accounting portal (partial) control on software secure storage LFC file catalog allows ACLs Stored data encryption still not clearly supported access to (meta)data outside the grid

VO Requirements - 2 Depending on VO, response/submission time may be vital Ex. : biomedical, earth science (real time data reconstruction/modeling) … probably other requirements

VO Membership User authentication : user certificate/proxy User gets a certificate from his CA : Europe : http://www.eugridpma.org/members/worldmap/ US / FNAL : http://computing.fnal.gov/security/pki/ Asia/Pacific : http://www.apgridpma.org Other countries (LCG) : http://lcg.web.cern.ch/LCG/catch-all-ca/default.html Other countries (EGEE) : https://igc.services.cnrs.fr/GRID-FR/english User registers in a VO using his certificate VO enrollment URL available on the “CIC portal” By registering, user agrees to follow the VO Acceptable Use Policy (AUP) User creates a short lived proxy to authenticate on sites

User Authentication Old grid-mapfile way is beeing discarded User authentication largely based on VOMS (VOMS Admin web portal) Some VOs (mainly HEP) use VOMRS on top of VOMS Admin http://computing.fnal.gov/docs/products/vomrs (/vomrs1_2/) Voms mapping depending on The user selected group The selected role A user can register in several VOs, have several roles with a unique certificate (thanks to VOMS) VO Managers handle users and follow EGEE security policy

Tools for VO ressources – SAM/FCR Service Availability Monitoring (SAM) : Tests services on production sites Runs on several different VO accounts (VO specific tests) Displays && provides the results through web service/portal https://lcg-sam.cern.ch:8443/sam/sam.py Freedom Of Choice for Ressources (FCR) Configured for each VO Allows automatic ressource exclusion based on SAM results https://lcg-fcr.cern.ch:8443/fcr/fcr.cgi

Tools for VO ressources – SAM/FCR SFT FCR

Tools for VO ressources – accounting Need to know consumed (available) ressources Most schedulers are « VO unaware » log parsers (pbs, lsf, condor, SGE) Centrally agregate accounting data Generate graphical reports and statistics

VO Operations CIC portal (http://cic.in2p3.fr/) VO Support VO weekly report (currently, only HEP VOs are “active”) VO Id Card Voms configuration details (server, groups, roles, certificate public key) Contacts Requirements Official VO policy Data challenges Broadcast tool VO Support GGUS (http://www.ggus.org) Infrastructure support, non VO specific problems Dedicated VO support (provided by VO) NA4 (people managing Applications) Application porting support VO Managers Group

« VO Boxes » Definition : Consequences : “The VO-box is a type of node where experiments can run specific agents and services to provide a reliable mechanism to accomplish various tasks. It is provided as an interim solution in order to allow experiments to provide their own services whenever the middleware still does not provide the required functionality. The access to the VO-box (or VO node) is restricted to the Software Group Manager (SGM) of the Virtual Organisation (VO).“ Consequences : each experiment tailors its own specific requirements Experiments require a dedicated VO node to be set up on each site See http://goc.grid.sinica.edu.tw/gocwiki/VO-box_HowTo

Issues No data exchange between VOs (authentication problem) Complicated VO setup process Lots of administrative tasks and negociations, Deployment takes time Temporary VOs not well handled Registration too heavy Ressource allocation/provision paradox User proxy expiration/renewal User proxies can expire while jobs are waiting or running Proxy renewal service Very few user friendly tools available Everything is command-line based Few portals ease the first contact GILDA web portal / testbed : https://gilda.ct.infn.it/

Questions ?