Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.

Slides:

Advertisements

Similar presentations

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Advertisements

Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

 Contributing >30% of throughput to ATLAS and CMS in Worldwide LHC Computing Grid  Reliant on production and advanced networking from ESNET, LHCNET and.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.

LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.

VO Management in D-Grid, 2. WS, H. Enke (AstroGrid-D) AGD Grid Account Management.

Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.

Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/17 Status of the Adoption of a SAML-XACML Profile.

OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.

OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.

INFSO-RI Enabling Grids for E-sciencE The US Federation Miron Livny Computer Sciences Department University of Wisconsin – Madison.

VOX Project Status T. Levshina. Talk Overview VOX Status –Registration –Globus callouts/Plug-ins –LRAS –SAZ Collaboration with VOMS EDG team Preparation.

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.

10/24/2015OSG at CANS1 Open Science Grid Ruth Pordes Fermilab

VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.

May 11, 20091/17 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting May 11, 2009 Gabriele Garzoglio.

Mar 28, 20071/18 The OSG Resource Selection Service (ReSS) Gabriele Garzoglio OSG Resource Selection Service (ReSS) Don Petravick for Gabriele Garzoglio.

Grid User Management System Gabriele Carcassi HEPIX October 2004.

Jan 10, 20091/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Jan 10, 2009 Gabriele Garzoglio.

Global Grid Forum GridWorld GGF15 Boston USA October Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science.

Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/18 Status of the Adoption of a SAML-XACML Profile.

Partnerships & Interoperability - SciDAC Centers, Campus Grids, TeraGrid, EGEE, NorduGrid,DISUN Ruth Pordes Fermilab Open Science Grid Joint Oversight.

Mine Altunay July 30, 2007 Security and Privacy in OSG.

Status of the Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware 1/17 Status of the Adoption of a SAML-XACML Profile.

Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

Apr 26, 20071/3 OSG Executive Board Meeting Gabriele Garzoglio OSG Executive Board Meeting Gabriele Garzoglio VO Services, PL Computing Division, Fermilab.

Oct 19, 20101/16 Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE CHEP 2010 Oct 19, 2010 Gabriele.

OSG Integration Activity Report Rob Gardner Leigh Grundhoefer OSG Technical Meeting UCSD Dec 16, 2004.

6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.

VO Privilege Activity. The VO Privilege Project develops and implements fine-grained authorization to grid- enabled resources and services Started Spring.

OSG AuthZ components Dane Skow Gabriele Carcassi.

G Z LIGO's Physics at the Information Frontier Grant and OSG: Update Warren Anderson for Patrick Brady (PIF PI) OSG Executive Board Meeting Caltech.

Status Organization Overview of Program of Work Education, Training It’s the People who make it happen & make it Work.

The OSG and Grid Operations Center Rob Quick Open Science Grid Operations Center - Indiana University ATLAS Tier 2-Tier 3 Meeting Bloomington, Indiana.

Mar 27, gLExec Accounting Solutions in OSG Gabriele Garzoglio gLExec Accounting Solutions in OSG Mar 27, 2008 Middleware Security Group Meeting Igor.

VO Membership Registration Workflow, Policies and VOMRS software (VOX Project) Tanya Levshina Fermilab.

Jun 12, 20071/17 AuthZ Interoperability – Status and Plan Gabriele Garzoglio AuthZ Interoperability Status and Plans June 12, 2007 Middleware Security.

AstroGrid-D Meeting MPE Garching, M. Braun VO Management.

Virtual Organization Membership Service eXtension (VOX) Ian Fisk On behalf of the VOX Project Fermilab.

OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.

Eileen Berman. Condor in the Fermilab Grid FacilitiesApril 30, 2008  Fermi National Accelerator Laboratory is a high energy physics laboratory outside.

Sep 25, 20071/5 Grid Services Activities on Security Gabriele Garzoglio Grid Services Activities on Security Gabriele Garzoglio Computing Division, Fermilab.

OSG Area Coordinator’s Report: Workload Management Maxim Potekhin BNL May 8 th, 2008.

Jun 18, 20071/26 Security Policies and Middleware in OSG Gabriele Garzoglio Security Policies and Middleware in OSG June 18, 2007 JRA1 All Hands Meeting.

INFSO-RI Enabling Grids for E-sciencE SAML-XACML interoperability Oscar Koeroo.

April 25, 2006Parag Mhashilkar, Fermilab1 Resource Selection in OSG & SAM-On-The-Fly Parag Mhashilkar Fermi National Accelerator Laboratory Condor Week.

Sep 17, 20081/16 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Sep 17, 2008 Gabriele Garzoglio.

VOX Project Status T. Levshina. 5/7/2003LCG SEC meetings2 Goals, team and collaborators Purpose: To facilitate the remote participation of US based physicists.

Feb 15, 20071/6 OSG EB Meeting – VO Services Status Gabriele Garzoglio VO Services Status OSG EB Meeting Feb 15, 2007 Gabriele Garzoglio, Fermilab.

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

Towards deploying a production interoperable Grid Infrastructure in the U.S. Vicky White U.S. Representative to GDB.

OSG Status and Rob Gardner University of Chicago US ATLAS Tier2 Meeting Harvard University, August 17-18, 2006.

Parag Mhashilkar Computing Division, Fermilab.  Status  Effort Spent  Operations & Support  Phase II: Reasons for Closing the Project  Phase II:

April 18, 2006FermiGrid Project1 FermiGrid Project Status April 18, 2006 Keith Chadwick.

Abhishek Singh Rana and Frank Wuerthwein UC San Diegowww.opensciencegrid.org The Open Science Grid ConsortiumCHEP 2006 Mumbai INDIA February gPLAZMA:

VOX Project Status Report Tanya Levshina. 03/10/2004 VOX Project Status Report2 Presentation overview Introduction Stakeholders, team and collaborators.

Why you should care about glexec OSG Site Administrator’s Meeting Written by Igor Sfiligoi Presented by Alain Roy Hint: It’s about security.

Open Science Grid Progress and Status

f f FermiGrid – Site AuthoriZation (SAZ) Service

Summary from last MB “The MB agreed that a detailed deployment plan and a realistic time scale are required for deploying glexec with setuid mode at WLCG.

Presentation transcript:

Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio Computing Division, Fermilab

Dec 14, 20062/10 VO Services Project – Status Report Gabriele Garzoglio Overview VO Services Project (aka Privilege Project) –Charter WBS Conclusions

Dec 14, 20063/10 VO Services Project – Status Report Gabriele Garzoglio Project Charter The project provides an infrastructure to manage user registration and implement fine-grained authorization to access rights on computing and storage resources. Authorization is linked to identities and extended attributes. Mapping is dynamic and supports pool accounts. Enforcement of access rights is implemented using UID/GID pairs. The infrastructure aims at reducing administrative overhead. Authorization service is central at the site. The project is responsible for the development and maintenance of the infrastructure and for assisting with the deployment and support on the OSG.

Dec 14, 20064/10 VO Services Project – Status Report Gabriele Garzoglio WBS The WBS was put together in late spring Requirements come from the stakeholders, including CMS, Fermilab, CERN WBS reflects work on –Internal components (PRIMA, GUMS) –Related components (gPlazma, gLexec) –Recent additions (VOMRS as of Sep 06) SAZ is logically part of VO Services, but is managed by Fermigrid

Dec 14, 20065/10 VO Services Project – Status Report Gabriele Garzoglio WBS Support and deployment (Ongoing ~25% FTE internal support) (Support need will grow with deployment) 1.Support the PRIMA and GUMS code for 32/64 bits for GT2 and GT4 for CMS Tier 1&2. Provide best effort support for all OSG VOs. (In the past 10% effort by Vikram) 2.Support “stable” VOMRS release for Fermilab, CERN, and OSG stakeholders Ongoing. (In the past: 15% Tanya, 10% external (CERN) support) 3.Help deploy the infrastructure to stakeholders’ sites. Ongoing (TBD)

Dec 14, 20066/10 VO Services Project – Status Report Gabriele Garzoglio WBS Improve health status reporting for key servers (Started. Remaining effort TBD) 1.Better Gatekeeper / Prima error reporting for authorization failures (effort TBD) 2.VOMS/GUMS health monitors (Done Aug 06) 3.Improve software validation (8 FTE weeks) (Started) 1.Improve validation of basic functionalities (framework available in VDT) 2.Implement validation of software dependencies 3.Measure PRIMA / GUMS scalability (Started by John W.) 4.Improve integration of the infrastructure with dependent components as needed (Started) 1.Improve GUMS integration with MonALISA (Started)

Dec 14, 20067/10 VO Services Project – Status Report Gabriele Garzoglio WBS Improve robustness of GUMS (Started) 1.Fix GUMS memory management problems (3 FTE weeks) (Done at FNAL Sep 06) 2.Improve GUMS configuration management (3 FTE weeks) (Started in BNL) 3.Investigate redundant servers configuration (2 FTE weeks – was 3 FTE days) (Started) 6.Improve GUMS usability (Started) 1.Improve pool account management (1 FTE week) (Started in FNAL) 2.Implement history log querying interface (2 FTE week) (Not started)

Dec 14, 20068/10 VO Services Project – Status Report Gabriele Garzoglio WBS gPlazma integration with DCache and deployment (EXTERNAL) (Started) 1.Integrate gPlazma-enabled authorization classes with DCache doors (Done Aug) 2.Validate DCache / gPlazma integration (Done Sep 06) 3.Deploy gPlazma-enabled DCache (Started Sep 06 at Tier 1- suspended in Oct for CSA 06) 8.Integration of gLexec with PDP (8 FTE week: Done Oct 06)

Dec 14, 20069/10 VO Services Project – Status Report Gabriele Garzoglio WBS VOMRS: implementation of “vital” features for stakeholders 10.Define roadmap for long-term future (TBD) 1.Interact with Globus (Security model, XACML PRIMA-equivalent, CAS, etc.) 2.Interact with EGEE (possible collaboration on GUMS) 3.VOMRS long-term future 11.Outreach (Ongoing) 1.Understanding Requirements from new VOs and groups (e.g. LIGO)

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Conclusions The privilege infrastructure provides role-based fine-grained authorization for access to grid- enabled resources. It is used on the OSG by US CMS, US ATLAS, et al. Our current focus is to improve operations by improving robustness, usability, and validation processes Challenges include reliability of effort available, interactions with external groups, and defining the roadmap for the future.

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Extra Slides

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Deployment on OSG The authorization system (GUMS) has been deployed at O(10) sites –US CMS T2 centers and T1 at FNAL –US ATLAS T2 centers and T1 at BNL –FermiGrid (includes SAZ) et al. US CMS and US ATLAS have defined roles that are implemented within VOMS. Sites configure GUMS (PDP) to implement local identity mapping

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Stakeholders Stakeholders giving requirements: US CMS and US ATLAS. Joint Project of Fermilab, BNL, PPDG, Virginia Tech, UCSD, OSG since 2003 Different institutions are responsible for the maintenance of different components Core software distributed via VDT

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio synchronizes VO Services Architecture GUMS server maintains identity / attribute mapping for all the gateways at a site gPlazma server (not shown) enhances UID/GID mapping with service-specific parameters (e.g. root path for SE). SAZ checks black/white lists Periodically, GUMS synchronizes with VOMS users/groups User identity and attributes are maintained in VOMS through VOMRS Users interact with VOMS to get attribute-enhanced credentials Gateway software (CE and SE) performs –identity mapping call-out through the PRIMA module –access control call-out through the SAZ module

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Effort NameExpertise Recent Effort Projected Effort Gabriele GarzoglioPL (Apr 06)30% Igor Sfiligoi **gLexec, PRIMA, GUMS50% Vikram AndemPRIMA50%0% Tanya Levshina *VOMRS, Roadmap50% Valery Sergeev * (Fermigrid)VOMRS support0%10% John Hover (BNL)GUMS(20%)(??) 50% Jay Packard (BNL)GUMS(20%)20% Ted Hesselroth (dCache)gPlazma50%10% John Weigand (CMS)Testing VDT50%(??) 0% * VOMRS part of VO Services Since Sep 06** Joined in Sep 06320%220%

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Challenges 1 Contribution from BNL on GUMS (expected to be at least 20%) has been minor from Apr to Nov 06. –Most effort in WBS is related to GUMS. –The issue was raised at the OSG Consortium meeting –Work seems to have picked up in Nov (BNL has come to FNAL in mid Nov) –Nominal % FTE for John Hover (BNL) will increase to 50%

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Challenges 2 CERN requests for features and VOMS-Admin feature additions entail work in VOMRS. With our current responsibilities, we cannot lower our effort below 40% Current actions: –Working with EGEE to improve communication between groups participate in requirement gathering –Evaluating how to lower maintenance Integrating new technologies (hibernate, workflow engines, shibboleth, …) in VOMRS

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Challenges 3 With current effort level, progress on WBS was slow –Groups are too specialized (e.g. GUMS was maintained only at BNL) –Some internal disagreements on priorities Vikram is leaving (was 50%) and Igor just joined (is 50%), BUT –Vikram was maintaining PRIMA –Igor needs to maintain PRIMA, gLexec (and “some” GUMS) With the current effort level it is not clear that we’ll be able to accomplish our mission

Dec 14, /10 VO Services Project – Status Report Gabriele Garzoglio Challenges 4 Computing Security and Authorization are fields that evolve rapidly. –Different groups are integrating new technologies (e.g. Shibboleth) with Grid middleware. –XACML security model (from OASIS) starts picking up (e.g. new GT4 implementation) We need to understand how to evolve our infrastructure while service our stakeholders. We are gathering information to define a Roadmap, meeting with Globus, EGEE, experts, etc.