G-PBox: current status and future plans

Slides:



Advertisements
Similar presentations
GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.
Advertisements

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
INFSO-RI Enabling Grids for E-sciencE XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Program Guide v25Q3. Overview » Concepts » Workflow  Press sheet  Linking product  Program guide  Publishing a program guide day » Layout configuration.
Objectives  Testing Concepts for WebApps  Testing Process  Content Testing  User Interface Testing  Component-level testing  Navigation Testing.
INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
VOMS Alessandra Forti HEP Sysman meeting April 2005.
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.
VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.
AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,
Rev Advanced User Training We’ll Start at 9:00AM Mike Horan Pictometry Trainer.
INFSO-RI Enabling Grids for E-sciencE Scenarios for Integrating Data and Job Scheduling Peter Kunszt On behalf of the JRA1-DM Cluster,
1 Andrea Sciabà CERN Critical Services and Monitoring - CMS Andrea Sciabà WLCG Service Reliability Workshop 26 – 30 November, 2007.
INFSO-RI Enabling Grids for E-sciencE G-PBox Auth meeting 13/9/2005 Presenter: Vincenzo Ciaschini.
OSG AuthZ components Dane Skow Gabriele Carcassi.
SVOPME – A Scalable Virtual Organization Privileges Management Environment Phase I Project Review and Phase II Project Kickoff Oct 28, FNAL, Batavia,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Update Authorization Service Christoph Witzig,
INFSO-RI Enabling Grids for E-sciencE - II SLCS, VASH, and LCAS/LCMAPS Plugins All-Hands Meeting Helsinki Placi Flury, SWITCH 19.
INFSO-RI Enabling Grids for E-sciencE - II VOMS Attributes from Shibboleth (VASH) JRA1 All-Hands meeting Catania 8 March 2007.
INFSO-RI Enabling Grids for E-sciencE Policy management and fair share in gLite Andrea Guarise HPDC 2006 Paris June 19th, 2006.
1Maria Dimou- cern-it-gd LCG November 2007 GDB October 2007 VOM(R)S Workshop report Grid Deployment Board.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
INFSO-RI Enabling Grids for E-sciencE SAML-XACML interoperability Oscar Koeroo.
VOX Project Tanya Levshina. 05/17/2004 VOX Project2 Presentation overview Introduction VOX Project VOMRS Concepts Roles Registration flow EDG VOMS Open.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks OpenSAML extension library and API to support.
Placeholder ES 1 CERN IT EGI Technical Forum, Experiment Support group AAI usage, issues and wishes for WLCG Maarten Litmaath CERN.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Study on Authorization Christoph Witzig,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Study on Authorization Christoph Witzig,
VOMS chapter 1&1/2 Alessandra Forti Sergey Dolgodobrov HEP Sysman meeting 5 December 2005.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Job Management Claudio Grandi.
SVOPME A Scalable Virtual Organization Privileges Management Environment CHEP 2009 Mar 24, 2009 Funded by DOE OASCR SBIR Grant #DE-FG02-07ER84733 Eileen.
1 Grid security Services and Support Vincenzo Ciaschini, INFN CNAF V INFN-GRID workshop 18-20/12/2006.
Architectural Framework Presentation Vincenzo Ciaschini CNAF 15/5/06.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Argus gLite Authorization Service Workplan.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Simone Campana (CERN) Job Priorities: status.
EGEE is a project funded by the European Union under contract INFSO-RI DGAS Grid accounting L.Gaido on behalf of A.Guarise LCG Workshop November.
G-PBox Facts and status JRA1 Authz Coord Meeting January CNAF/INFN Bologna Andrea Ferraro.
EGEE Data Management Services
Trygve Aspelien and Yuri Demchenko
Grid based telemedicine application
Regional Operations Centres Core infrastructure Centres
OGF PGI – EDGI Security Use Case and Requirements
David Kelsey CCLRC/RAL, UK
Vincenzo Spinoso EGI.eu/INFN
UVOS and VOMS differences
Design rationale and status of the org.glite.overlay component
The friendly G-PBox Graphical User Interface for the VO/Site admins
GGF OGSA-WG, Data Use Cases Peter Kunszt Middleware Activity, Data Management Cluster EGEE is a project funded by the European.
A Model for Grid User Management
CREAM Status and Plans Massimo Sgaravatto – INFN Padova
A gLite Authorization Framework
Brief overview on GridICE and Ticketing System
Configuring Windows 10 for Your Studio
EGEE VO Management.
Introduction to Data Management in EGI
Administrator Training
Grid2Win: Porting of gLite middleware to Windows XP platform
Short update on the latest gLite status
gLite Information System
Interoperability & Standards
Update on EDG Security (VOMS)
O. Otenko PERMIS Project Salford University © 2002
QoS and SLA in INFN Grid INFN team: Andrea Ceccanti, Vincenzo Ciaschini, Alberto Forti, Andrea Ferraro, Valerio Venturi Location Catania (Italy) Date 4/3/2008.
a middleware implementation
PCW-09 Vision: Information Center Approval System
Information System (BDII)
GRIF : an EGEE site in Paris Region
Installation/Configuration
Presentation transcript:

G-PBox: current status and future plans Speaker Andrea Ceccanti Location CERN Date 25/10/2007

Accessing resources Grid infrastructures need regulate: accesses of users on resources sites actions of users on resources sites (once accessed) usage of whole grid resources (based on SLA) A comprehensive solution would be to handle: access policies (ACL) agreed by VOs and Sites more-than-access policies agreed by VOs and Sites

Current limits VO <-> Resource Providers configuration are uneasy and not automatic to set: agreed SLAs agreed and site-specific ACLs agreed and site-specific policies A lot of different ACL/SLA mechanisms BDII exclusions LCAS/LCMAPS configurations WMS configuration DATA management configuration etc.

VO layer Grid layer Site layer PBox VO GRID Site PBox SubFARM The design objective was “Distribution of Policy to allow for AuthZ hierarchies and to implement replication & fault tolerance of the GPBox services” Site layer

Distribution VO GridX Site1 Site2 Site3 The administrator selects a policy and sends that policy to a set of G-PBoxes The administrators of the target G-PBoxes: See new policies in the “Incoming policies box” Accept the new policies and put these policies in the correct policy set VO G-PBox SLAs GridX G-PBox Site1 Site2 Site3 G-PBox G-PBox G-PBox MSWG, December 6-7, 2007, Berkeley

GUI Used by VO/Site Administrators to manage policies Features: “Off-line” policy management Policy/Policyset editor to ease creation of XACML policies Policy distribution management Interacts: with the G-PBox server with VOMS-Admin Proof of concept No formal requirements yet from Site/VO Admins RMI interface since interoperability is not an issue in this phase No input/formal requirements from Site and VO admin Proof of concept Focus on usability In this phase, interoperability was not a requirement (that’s why RMI)

GUI – Policy Navigator tab (2)‏ Right mouse button popup menu for Policy/PolicySet Basic management operations Enable/Disable Cut&Paste Change order Send policies to other G-PBoxes Distribution info MSWG, December 6-7, 2007, Berkeley

GUI – Policy Navigator tab (3)‏ New Policy/PolicySet button Generic XACML editor Wizards Create Policy VO PolicySet Share PolicySet BlackList PolicySet Import XACML Policy/PolicySet from file MSWG, December 6-7, 2007, Berkeley

VOMS attribute selection dialog Used by the Create Policy wizard to retrieve FQANs directly from VOMS servers MSWG, December 6-7, 2007, Berkeley

GUI - Address Navigator tab Register the G-PBoxes involved in the Policy distribution MSWG, December 6-7, 2007, Berkeley

GUI – Send policy The VO administrator selects a policy and sends it to other G-PBoxes MSWG, December 6-7, 2007, Berkeley

GUI – Accept policy Incoming policies have to be accepted and put in the correct policy hierarchy MSWG, December 6-7, 2007, Berkeley

Performance Test results G-PBox performance has been tested in the EGEE preview testbed Results presented at the Helsinki’s AH Meeting No measurable overhead on the CE & WMS side Small performance improvements in AuthZ & Mapping on the CE Resource selection on the WMS Presentati all all-hands di giugno test ce e test wms presentazione vincenzo user forum

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.