Security Daniel Mallmann MWSG meeting Amsterdam 14-15 December 2005.

Slides:



Advertisements
Similar presentations
UNICORE – The Seamless GRID Solution Hans–Christian Hoppe A Member of the ExperTeam Group Pallas GmbH Hermülheimer Straße 10 D–50321 Brühl, Germany
Advertisements

March 6 th, 2009 OGF 25 Unicore 6 and IPv6 readiness and IPv6 readiness
Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.
Chapter 17: WEB COMPONENTS
Module 5: Configuring Access to Internal Resources.
The UNICORE GRID Project Karl Solchenbach Gesellschaft für Parallele Anwendungen und Systeme mbH Pallas GmbH Hermülheimer Straße 10 D Brühl, Germany.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Fujitsu Laboratories of Europe © 2003 Unicore Technology Dr. David Snelling Grid School July 17, 2003.
PAWN: Producer-Archive Workflow Network University of Maryland Institute for Advanced Computer Studies Joseph Ja’Ja, Mike Smorul, Mike McGann.
Grid Programming Environment (GPE) Grid Summer School, July 28, 2004 Ralf Ratering Intel - Parallel and Distributed Solutions Division (PDSD)
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.
Member of the ExperTeam Group Ralf Ratering Pallas GmbH Hermülheimer Straße Brühl, Germany
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)
Session 11: Security with ASP.NET
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Data Management Kelly Clynes Caitlin Minteer. Agenda Globus Toolkit Basic Data Management Systems Overview of Data Management Data Movement Grid FTP Reliable.
Vision of UNICORE – UniGrids and beyond Daniel Mallmann 2 nd CoreGRID Summer School Bonn, Germany 24 th – 28 th July 2006.
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Module 5: Designing a Terminal Services Infrastructure.
Forschungszentrum Jülich in der Helmholtz-Gemeinschaft UNICORE and Grid Computing in Europe Dietmar Erwin Forschungszentrum Jülich
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
Building Security into Your System Bill Major Gregory Ponto.
PROGRESS: ICCS'2003 GRID SERVICE PROVIDER: How to improve flexibility of grid user interfaces? Michał Kosiedowski.
Grid Execution Management for Legacy Code Applications Grid Enabling Legacy Code Applications Tamas Kiss Centre for Parallel.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Steering and Interactive Visualization on the Grid Using the UNICORE Grid Middleware K. Benedyczak 1,2, A. Nowiński 1, K.S. Nowiński 1, P. Bała 1,2 (1)ICM,
EUROGRID – An Integrated User–Friendly Grid System Hans–Christian Hoppe, Karl Solchenbach A Member of the ExperTeam Group Pallas GmbH Hermülheimer Straße.
1 Grid Computing Middleware Thực hiện: - Tăng Thị Thúy Duyên - Trần Công Đời - Trần Công Thanh.
Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Grid technology Security issues Andrey Nifatov A hacker.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Resource Brokering on Complex Grids EUROGRID and GRIP Presented by John Brooke ESNW October 3/4 UK/Japan N+N.
Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing
WEB SERVER SOFTWARE FEATURE SETS
Overview of Grid Webservices in Distributed Scientific Applications Dennis Gannon Aleksander Slominski Indiana University Extreme! Lab.
Data Manipulation with Globus Toolkit Ivan Ivanovski TU München,
GRID Security & DIRAC A. Casajus R. Graciani A. Tsaregorodtsev.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
The Gateway Computational Web Portal Marlon Pierce Indiana University March 15, 2002.
Combining the strengths of UMIST and The Victoria University of Manchester The Manchester Resource Broker Donal K. Fellows Research Support Services, Manchster.
File Transfer And Access (FTP, TFTP, NFS). Remote File Access, Transfer and Storage Networks For different goals variety of approaches to remote file.
PROGRESS: GEW'2003 Using Resources of Multiple Grids with the Grid Service Provider Michał Kosiedowski.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks gLite – UNICORE interoperability Daniel Mallmann.
SAM architecture EGEE 07 Service Availability Monitor for the LHC experiments Simone Campana, Alessandro Di Girolamo, Nicolò Magini, Patricia Mendez Lorenzo,
Core and Framework DIRAC Workshop October Marseille.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
Understand Names Resolution
The Open Grid Service Architecture (OGSA) Standard for Grid Computing
Consulting Services JobScheduler Architecture Decision Template
Viet Tran Institute of Informatics Slovakia
Building Security into Your System
Grid Computing Software Interface
Presentation transcript:

Security Daniel Mallmann MWSG meeting Amsterdam December 2005

2 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Architecture Overview Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client

3  Java application  User authentication via X.509 certificates  Global or local list of Unicore sites (Usites)  Connects to Gateway via SSL and Unicore Protocol Layer (UPL)  Job preparation ♦Workflow management ♦File management ♦Abstract Job Object (AJO) generation ♦Job signing  Job monitoring  Job control Job Preparation Job Monitor Workflow Management Usites Vsites

4 Client Internet Gateway Unicore Site list SSL Client

5 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Gateway

6  Authentication: ♦Connection only with valid certificates from accepted Certification Authorities ♦Forwards client certificate to NJS for authorisation  Single point of entry for all Unicore services of the Usite ♦Only one open port  List of Vsites  Connects to Vsites via UPL (SSL optional)

7 Gateway Internet Client Gateway SSL VSite list Vsite 2 Network Job Supervisor Vsite 1 Network Job Supervisor Vsite 3 Network Job Supervisor Firewall

8 Network Job Supervisor Usite B Vsite B2Vsite B1 Usite A Vsite A1 Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Network Job Supervisor

9  Checks integrity of jobs  Authorises the user by Unicore User Data Base (UUDB) ♦Mapping of Unicore user certificate to target system Xlogin  Forwards sub jobs to remote Vsites  Translates abstract job into target system specific tasks based on Incarnation Data Base (IDB)  Transfers files to work directory on the target system via socket connection  Submits jobs to Target System Interface (TSI) via socket connection

10 Network Job Supervisor Target System Interface Network Job Supervisor Gateway Incarnation Data Base Unicore User Data Base Network Job Supervisor Gateway Internet

11 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Target System Interface Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Target System Interface

12 Target System Interface  Interfaces between Unicore and the Grid resource  Executes the specific tasks, translated by the NJS, or submits them to the batch sub system  Stores and sends files from/to the Unicore Client or local directories  Contains batch sub system, operating system and installation specific code  Runs as root

13 Target System Interface Network Job Supervisor Shepard Worker Batch Sub System File System Application Operating System

14 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Multiside Job Gateway Internet Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Gateway

15 Secondary Network Job Supervisor Primary Network Job Supervisor SSL Client Multiside Job = User certificate= NJS certificate Job Sub Job  Consigner ♦The entity (user client or NJS) that consigns a job or sub-job ♦Expressed by use in SSL connection  Endorser ♦The entity (user) that authorises the tasks to be performed ♦Expressed by signing of serialized AJO direct acyclic graph

16 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Explicit Trust Delegation Gateway Internet Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Gateway Portal

17 SSL Network Job Supervisor SSL Portal WS- Client (Browser) Explicit Trust Delegation Job User: name = User certificate= Portal certificate  User ♦New role besides consignor and endorser ♦Entity (user) on whose behalf tasks will be performed  Trusted Agents (Portal) ♦Added to the UUDB explicitly ♦Allowed to endorse AJO on behalf of users

18 UniGrids project  All components are being moved to stateful Web Services ♦Based on the Open Grid Services Architecture (OGSA) ♦Compliant with the Web Services Resource Framework  Gateway handles multiple protocols  Web Service implementation of the UUDB

19 References  Unicore ♦Software: ♦Whitepaper: documents/UNICOREPlus-Final-Report.pdf  Unicore Security ♦GGF Document GFD.18 “An Analysis of the UNICORE Security Model”  UniGrids ♦  Explicit Trust Delegation ♦Fujitsu Scientific & Technical Journal, Special Issue: Grid Computing, (Vol.40, No.2) “Explicit Trust Delegation: Security for Dynamic Grids”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.