Denis Caromel, Arnaud Contes www.inria.fr/oasis/ProActive OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis 1. Introduction to the GRID.

Slides:



Advertisements
Similar presentations
Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,
Advertisements

Mobile Agents Mouse House Creative Technologies Mike OBrien.
Introduction to .NET Framework
Tahir Nawaz Introduction to.NET Framework. .NET – What Is It? Software platform Language neutral In other words:.NET is not a language (Runtime and a.
Christian Delbe1 Christian Delbé OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis November Automatic Fault Tolerance in ProActive.
M. Muztaba Fuad Masters in Computer Science Department of Computer Science Adelaide University Supervised By Dr. Michael J. Oudshoorn Associate Professor.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire1 Security Architecture for GRID Applications Séminaire Croisé Sécurité Informatique Ubiquitaire.
GridFTP: File Transfer Protocol in Grid Computing Networks
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Denis Caromel1 Quatrième partie Cours EJC 2003, AUSSOIS, Denis Caromel OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis.
8.
1 Ludovic Henrio Paris, An Open Source Middleware for the Grid Programming Wrapping Composing Deploying.
Denis Caromel1 Institut Universitaire de France (IUF) OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis ECCOMAS, July 2004 ProActive: Components.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Session 2: task 3.2 GCM, Kracow, June l Current status of GCM Denis Caromel (10 mn each talk) l Wrapping CCA Components as GCM Components Maciej.
Denis Caromel1 Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis, IUF 3 rd ProActive User Group, Nov Model.
Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
Fabien Viale 1 Matlab & Scilab Applications to Finance Fabien Viale, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S.
KARMA with ProActive Parallel Suite 12/01/2009 Air France, Sophia Antipolis Solutions and Services for Accelerating your Applications.
Denis Caromel1 Institut universitaire de France (IUF) OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis REUNA, Santiago, May 2004 GRID.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
1 Secure Distributed Objects for Grid Applications Laurent Baduel, Arnaud Contes, Denis Caromel OASIS team ProActive
DISTRIBUTED COMPUTING
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
第十四章 J2EE 入门 Introduction What is J2EE ?
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong
Enterprise Java Beans Java for the Enterprise Server-based platform for Enterprise Applications Designed for “medium-to-large scale business, enterprise-wide.
The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
The Grid Component Model and its Implementation in ProActive CoreGrid Network of Excellence, Institute on Programming Models D.PM02 “Proposal for a Grid.
Cracow Grid Workshop, October 27 – 29, 2003 Institute of Computer Science AGH Design of Distributed Grid Workflow Composition System Marian Bubak, Tomasz.
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
Denis Caromel1 Troisieme partie Cours EJC 2003, AUSSOIS, Denis Caromel OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis.
The Anatomy of the Grid Introduction The Nature of Grid Architecture Grid Architecture Description Grid Architecture in Practice Relationships with Other.
Spring/2002 Distributed Software Engineering C:\unocourses\4350\slides\DefiningThreads 1 RMI.
Tools for collaboration How to share your duck tales…
A High Performance Middleware in Java with a Real Application Fabrice Huet*, Denis Caromel*, Henri Bal + * Inria-I3S-CNRS, Sophia-Antipolis, France + Vrije.
1 Romain Quilici ObjectWeb Architecture meeting July 2nd 2003 ProActive Architecture of an Open Middleware for the Grid.
Denis Caromel1 Denis Caromel, Romain Quilici OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Albufeira,
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Grid programming with components: an advanced COMPonent platform for an effective invisible grid © 2006 GridCOMP Grids Programming with components. An.
Hwajung Lee.  Interprocess Communication (IPC) is at the heart of distributed computing.  Processes and Threads  Process is the execution of a program.
1. 2 Objects to Distributed Components (1) Typed Group Java or Active Object ComponentIdentity Cpt = newActiveComponent (params); A a = Cpt ….getFcInterface.
GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.
ProActive components and legacy code Matthieu MOREL.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
WebFlow High-Level Programming Environment and Visual Authoring Toolkit for HPDC (desktop access to remote resources) Tomasz Haupt Northeast Parallel Architectures.
1 OASIS Team, INRIA Sophia-Antipolis/I3S CNRS, Univ. Nice Christian Delbé Data Grid Explorer 15/09/03 Large Scale Emulation Mobility in ProActive.
Introduction to Active Directory
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Java Programming: Advanced Topics 1 Enterprise JavaBeans Chapter 14.
A Theory of Distributed Objects Toward a Foundation for Component Grid Platforms Ludovic HENRIO l A Theory of Distributed Objects l Components l Perspectives.
1 Romain Quilici OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis, IUF July 2nd 2003 ProActive Architecture.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
Denis Caromel1 Institut universitaire de France (IUF) OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis JAOO, Cannes, May 2004 Programming,
MSF and MAGE: e-Science Middleware for BT Applications Sep 21, 2006 Jaeyoung Choi Soongsil University, Seoul Korea
A System for Monitoring and Management of Computational Grids Warren Smith Computer Sciences Corporation NASA Ames Research Center.
Denis Caromel1 OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis -- IUF IPDPS 2003 Nice Sophia Antipolis, April Overview: 1. What.
Towards a High Performance Extensible Grid Architecture Klaus Krauter Muthucumaru Maheswaran {krauter,
ProActive Architecture of an Open Middleware for the Grid
The Grid Component Model and its Implementation in ProActive
Presentation transcript:

Denis Caromel, Arnaud Contes OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis 1. Introduction to the GRID 2. ProActive: Remote Objects, Groups, Mobile Objects, Graphical Interface (IC2D), XML Deployment, 3. Declarative Security 4. Demonstration Declarative Security for GRID Applications: ProActive

1. Grid and the Internet GRID definition: GRID = electric network in the US A gripping idea: Like electricity, computer cycles cannot be stored, if not used they are lost A definition: Grid is a parallel and distributed system that enables the use, sharing, selection, and aggregation of resources across multiple administrative domains based on their availability and capability. Not limited to cycles: Computational GRID, Data GRID Inter, Intra-company, but multi-locations Grid (computational, and data) SECURITY ISSUES

Hierarchical Domains for Internet Grid

Issues at hand for Grid Security Authentication of Computers, Users, and Applications Authentication, Integrity and Confidentiality (AIC) of communications Creation, connection to, and monitoring of activities Hierarchical domains Security Policies: Application, Domain, (sub-domain), … High-level! Variation in Grid network links : LAN, Wireless (Wifi, GPRS/UMTS), VPN, Internet, or … unknown ! Variation in deployment, but maintain as much as possible performance

A uniform framework: An Active Object pattern A formal model behind: Prop. Determinism, insensitivity to deploy. Main features: Remotely accessible Objects Asynchronous Communications with synchro: automatic Futures Group Communications, Migration (mobile computations) XML Deployment Descriptors Interfaced with various protocols: rsh,ssh,LSF,Globus,Jini,RMIregistry Visualization and monitoring: IC2D In the www. ObjectWeb.org Consortium (Open Source middleware) since April 2002 (LGPL license) 2. ProActive: A Java API + Tools for Parallel, Distributed Computing

An object created with A a = new A (obj, 7); can be turned into an active and remote object: Instantiation-based: A a = (A)ProActive.newActive(«A», params, node); The most general case. ProActive : Creating active objects JVM foo (A a){ a.g (...); v = a.f (...);... v.bar (...); }

Standard system at Runtime No sharing between activities

ProActive: Groups Typed Group Remote Object A ag = newActiveGroup («A»,…,Nodes) V v = ag.foo(param); v.bar(); V A Typed and polymorphic Groups of active and remote objects

ProActive : Migration of active objects Migration is initiated by a primitive: migrateTo The active object migrates with: pending requests, objects, futures Automatic and transparent forwarding of: requests, replies Remote references remain valid

ProActive : Migration of active objects Migration is initiated by a primitive: migrateTo The active object migrates with: pending requests, objects, futures Automatic and transparent forwarding of: requests, replies Remote references remain valid

ProActive : Migration of active objects direct Migration is initiated by a primitive: migrateTo The active object migrates with: pending requests, objects, futures Automatic and transparent forwarding of: requests, replies Remote references remain valid

ProActive : Migration of active objects direct Migration is initiated by a primitive: migrateTo The active object migrates with: pending requests, objects, futures Automatic and transparent forwarding of: requests, replies Remote references remain valid

ProActive : Migration of active objects direct forwarder Migration is initiated by a primitive: migrateTo The active object migrates with: pending requests, objects, futures Automatic and transparent forwarding of: requests, replies Remote references remain valid

ProActive : Migration of active objects direct forwarder Migration is initiated by a primitive: migrateTo The active object migrates with: pending requests, objects, futures Automatic and transparent forwarding of: requests, replies Remote references remain valid

ProActive : Migration of active objects direct forwarder Migration is initiated by a primitive: migrateTo The active object migrates with: pending requests, objects, futures Automatic and transparent forwarding of: requests, replies Remote references remain valid

ProActive: Abstract Deployment Model A key principle: Abstract Away from source code: Machine names, Creation Protocols, Lookup and Registry Protocols In program source: Virtual Node (VN, a string name): In XML descriptors: Mapping of VN to JVMs (leads to Node in a JVM on Host) Register or Lookup VNs Create or Acquire JVMs Program Source Descriptor (RunTime) | | | | Activities (AO) --> VN VN --> JVMs --> Hosts Runtime structured entities: 1 VN --> n Nodes in n JVMs

Hierarchical Domains for Internet Grid

Descriptors: Mapping Virtual Nodes Component Dependencies: Provides: … Uses:... VirtualNodes: Dispatcher RendererSet Mapping: Dispatcher --> DispatcherJVM RendererSet --> JVMset JVMs: DispatcherJVM = Current // (the current JVM) JVMset=//ClusterSophia.inria.fr/... Example of an XML file descriptor:

Monitoring of RMI, Globus, Jini, LSF cluster Nice -- Baltimore IC2D Width of links proportional to the number of com- munications

3. Declarative Security

What’s a secured ProActive application? Composed of ‘classic’ active objects, no change in sources Using Public Key Infrastructure, X.509 Identity Certificates, Access control lists XML description language PKI Certification chain to identify users, JVMs, objects User certificate => Application certificate =>active object certificate user private key used only once for generating application certificate Security policies set by deployment descriptors Mobility compliant

Security Rule Interactions : JVMCreation NodeCreation CodeLoading ActiveObjectCreation ActiveObjectMigration Request (Q) Reply (P) Listing Entities : Domain User Virtual Node Active Object Each entity owns a certificate and depends on a Certification Authority. Entity -> Entity : Interactions # Security Attributes Attributes : Authentication (A) Integrity (I) Confidentiality (C) Each attribute can be : Required (+) Optional (?) Disallowed (-)

Descriptors: Mapping Virtual Nodes VirtualNodes: Dispatcher RendererSet SECURITY: VN [Renderer] -> VN [Dispatcher] : Q,P # [?A,?I,?C] VN [Dispatcher] -> VN [Renderer] : Q,P # [?A,?I,?C] Domain [CardPlus] -> VN [Dispatcher] : Q,P # [+A,?I,?C] Mapping: Dispatcher --> DispatcherJVM RendererSet --> JVMset JVMs: DispatcherJVM = Current // (the current JVM) JVMset=//ClusterSophia.inria.fr/ Example of an XML file descriptor:

Certification Chain main Generate certificate for obj1 obj2 obj3 obj4

Hierarchical Security Domains Logical way to group many entities that have the same security needs. Domains are hierarchical. Sub-domains inherits parent’s security policies. Default : Sub-domains cannot weaken parent’s security policies. ‘Can override‘ : a domain authorizes an entity to override its policies (doPrivileged)

Multi-level Policies DnDn Accept Deny D0D0 D n-1 Accept Deny VN Accept Deny AO Accept Deny Computing a security policy according all matching rules from domains, Virtual Node and Active Object. Negotiated Security policy Administrator-/ User-level policy Application-level policy

Combining Policies Search for the most specific rule in each domain (if exists). Retrieve all matching rules in the Domain hierarchy, the Virtual Node and the Active Object. Compute policies according to security attributes. Required (+) Optional (?) Disallowed (-) Optional (?) Disallowed (-) Sender Receiver ? invalid

Migration & Security Migration can invalidate negotiated policies : migration to a node of the same domain migration to a node of another domain ===> New Security Negotiation

4. Demonstration: Declarative Security with Mobility C3D : Collaborative 3D renderer in // a standard ProActive application with the IC2D monitor IC2D: Interactive Control & Debug for Distribution work with any ProActive application Features: Graphical and Textual visualization Monitoring and Control

C3D : Collaborative 3D renderer in //

Comparisons with Related Work ProActive Basic Features Authentication of users and applications Authentication, integrity and confidentiality of communications Security model for fully mobile applications Dynamically negotiated policies, non-functional security Logical representation : security is easily adaptable to the deployment Security Frameworks.Net, Legion, Globus: no notion of application mobility Globus: Grid Security Infrastructure (GSI): single sign on, delegation, and credential mapping, but no high-level control, no easy encryption of communications Security in Agent platforms Ajanta, Mole, Aglets, MAP: limited code mobility (fixe host + mobile agent)

Conclusion ProActive Perspectives : Group communication (key management, find common policy) Sandboxing of nodes Role-based access control Components (Distributed, Parallel, Hierarchical) and Security General Perspectives: OGSA Security: Open Grid Services Architecture Globus new open architecture, Web Services based Security code no longer instantiated within the middleware: the middleware (and applications) calls external Web Security Services but high-level abstractions, still needed (domain, application-level)

Extra Material

Object Diagram for C3D

Monitoring: graphical and textual com.

Standard system at Runtime

2.2 Programming vs. Composing A model of computation is still needed

1.7 Conclusion on the basics: Component Orientedness Level 1: Instantiate - Deploy - Configure Simple Pattern Meta-information (file, XML, etc.)JavaBeans, EJB Level 2: Assembly (flat) Use and client interfacesCCM Level 3: Hierarchic CompositeFractal Level 4: Reconfiguration Binding, Inclusion, Location On going work … Interactions / Communications: Functional Calls: service, event, stream Non-Functional: instantiate, deploy, start/stop, inner/outer, re-bind

Programming vs. Composing The underlying model of parallel and distributed computing being used is FUNDAMENTAL. How to build components that actually compose: semantics, correctness, efficiency, predictability of performance,... without a clearly defined programming model ? For 50 years, Computer Science have been looking for abstractions that compose: functions, modules, classes, objects, … The semantics of a composite is solely and well defined from the semantics of inner components. The quest is not over !

Component Descriptors Defining Provide and Use ports (Server, Client) Defining Composite Using the Fractal component model, and ADL: Architecture Description Language [ObjectWeb, Bruneton-Coupaye-Stefani ] XML descriptors Integration with Virtual Nodes

Descriptor Example: Primitive Component <primitive-component implementation="test.component.car.MotorImpl” name="motor_1" virtualNode="Node2">

Descriptor Example: Composite Component <interface-type name="controlComposite2" signature="test.component.car.Motor" /> <interface-type name="controlComposite1” signature="test.component.car.Motor" /> <primitive-component ….. Not to be written nor read by humans !! TOOLS

WP1WP2WP3 M1 M2 Motors and Wheels demo case WP4 WP5 W1 W2 composite2 composite1 WP6 parallel2 parallel1

3. Conclusion

Next steps Interactively compose components with the component view Maintain component view at execution Formal Semantics of mixing: »Functional, with »Non Functional calls (start/stop, rebind, in/out, …)

Conclusion -- Perspectives Not all models are equivalent: Component Orientedness Level 1: Configuration 2: Assembly 3: Hierarchic 4:Reconfiguration Specificity for GRID Components: Parallel (HPC), Distributed, Collective Op., Deployment, …Reconfiguration Can programming models be independent of (Grid) Components ? Do not target the same objectives But can components … compose, reconfigure … without a clear model ? Reconfiguration is the next big issue: Life cycle management, but with direct communications as much as possible For the sake of reliability and fault tolerance ---> GRID –Error, Exception handling across components –Checkpointing: independent, coordinated, memory channel,... Other pending issues: Peer-to-peer (even more volatile … reconfiguration is a must), Security,...

Adaptive GRID The need for adaptive middleware is now acknowledged, with dynamic strategies at various points in containers, proxies, etc. Can we afford adaptive GRID ? with dynamic strategies at various points (communications, checkpointing, reconfiguration, …) for various conditions (LAN, WAN, network, P2P,...) HPC vs. HPC High Performance Components vs. High Productivity Components

Security extra Find the first common domain if exists A domain has a policy server + a certification authority Dynamically configurable via SSL connections