Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Slides:

Advertisements

Similar presentations

5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK

Advertisements

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK

Technology on the NGS Pete Oliver NGS Operations Manager.

Summer School Certificates Diego Romano & Gilda Team.

AustrianGrid, LCG & more Reinhard Bischof HPC-Seminar April 8 th 2005.

\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.

Getting grid-enabled Steps involved: personal grid certificate  Request a certificate from:

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

Next Steps Guy Warner

13-May-03D.P.Kelsey, WP8 CA and VO organistion1 CA’s and Experiment (VO) Organisation WP8 Meeting EDG Barcelona, 13 May 2003 David Kelsey CCLRC/RAL, UK.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

VOMS Alessandra Forti HEP Sysman meeting April 2005.

The National Grid Service Guy Warner.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

SouthGrid SouthGrid SouthGrid is a distributed Tier 2 centre, one of four setup in the UK as part of the GridPP project. SouthGrid.

The ILC And the Grid Andreas Gellrich DESY LCWS2007 DESY, Hamburg, Germany

Slide David Britton, University of Glasgow IET, Oct 09 1 Prof. David Britton GridPP Project leader University of Glasgow GridPP Computing for Particle.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE How to join GILDA Riccardo Bruno INFN gLite Tutorial at the First EGEE User Forum CERN,

Association with the Gilda Virtual Organization Certificate,VO membership, and MyProxy Server usage.

Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.

KISTI Grid CA Operation KISTI Supercomputing Center Sangwan Kim, Soonwook Hwang CA Operators Contact: Jan. 8, 2007.

EScience and Particle Physics Roger Barlow eScience showcase May 1 st 2007.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America EELA Infrastructure (WP2) Roberto Barbera.

Ian Bird LHC Computing Grid Project Leader LHC Grid Fest 3 rd October 2008 A worldwide collaboration.

Next Steps: becoming users of the NGS Mike Mineter

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.

INFSO-RI Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

Andrew McNab - Manchester HEP - 17 September 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –“How much of the Testbed has.

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.

Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop

INFSO-RI Enabling Grids for E-sciencE An overview of EGEE operations & support procedures Jules Wolfrat SARA.

Last update 31/01/ :41 LCG 1 Maria Dimou Procedures for introducing new Virtual Organisations to EGEE NA4 Open Meeting Catania.

Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL

The NGS Support Centre Katie Weeks. NGS Support Centre SLD Many areas to NGS Support Centre –SLD defines supported areas including: Certification Authority.

Rob Allan Daresbury Laboratory NW-GRID Training Event 26 th January 2007 Next Steps R.J. Allan CCLRC Daresbury Laboratory.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and JSPG activities David Kelsey CCLRC/RAL.

The National Grid Service Mike Mineter.

JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.

12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.

10-May-01D.P.Kelsey, WP6 Security1 Certificates/Authorisation for DataGrid Testbeds David Kelsey CLRC/RAL, UK

7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.

LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.

EGEE is a project funded by the European Union under contract IST New VO Integration Fabio Hernandez ROC Managers Workshop,

Trusted Organizations In the grid world one single CA usually covers a predefined geographic region or administrative domain: – Organization – Country.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.

Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.

Bob Jones EGEE Technical Director

Ian Bird GDB Meeting CERN 9 September 2003

EGEE VO Management.

CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Presentation transcript:

Joining the Grid Andrew McNab

28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate – Care of your certificate ● Joining a Virtual Organisation – AUP

28 March 2006Andrew McNab – Joining the Grid LCG The LHC Computing Grid (LCG) – – The worldwide computing infrastructure for LHC – Led by CERN – Majority of resources are at the other sites Has more than 100 fully operational sites, in 31 countries – About 190 are operational at some level – Sites from US to Japan, but mostly in Europe

28 March 2006Andrew McNab – Joining the Grid LCG: World

28 March 2006Andrew McNab – Joining the Grid LCG: Europe

28 March 2006Andrew McNab – Joining the Grid LCG: by region

28 March 2006Andrew McNab – Joining the Grid LCG: by region

28 March 2006Andrew McNab – Joining the Grid Related projects EGEE is also led by CERN – Develops software to be adopted by LCG – EU-funded, and intended to get non-HEP on board GridPP is the PPARC-funded UK HEP grid project – Runs LCG in the UK – Contributes effort to EGEE The National Grid Service (NGS): non-HEP UK grid – Increasingly adopting ideas/software from LCG Open Science Grid (OSG): the US DoE/NSF grid – Increasingly interoperates with LCG

28 March 2006Andrew McNab – Joining the Grid Getting a cert All authentication on LCG is done by X.509 digital certificates – these contain a unique name for each user – “/C=UK/O=eScience/OU=Manchester/L=HEP/CN=andrew mcnab” To use LCG you need to get a certificate This requires proving who you are with photo ID For the UK Certification Authority, you start this via their website –

28 March 2006Andrew McNab – Joining the Grid Requesting the cert

28 March 2006Andrew McNab – Joining the Grid Certificate process Apply for the certificate on the CA website – Choose the right Registration Authority (RA) – “Manchester HEP” in our case Go to the RA operator (Sabah in our case) and provide your photo ID You receive an from the CA when your certificate is ready (a day or so – the signing machine is offline) You can then load it into your web browser from the CA website

28 March 2006Andrew McNab – Joining the Grid Care of your cert ● Applying for the certificate has created a secret Private Key (a huge number) and a Public Key (another huge number) which the CA has turned into a certificate ● These are inside your web browser at the end of the process ● Any body with access to your web browser or the Private Key can pretend to be you – so treat it like a password ● There are instructions on the CA website for getting your certificate and private key out the browser, and into the file used by the Grid command line tools

28 March 2006Andrew McNab – Joining the Grid Virtual Organisations ● Your certificate proves who you are, but doesn't give you access to any sites ● To get that, you need to join a Virtual Organisation (VO), like ATLAS or BaBar ● Use the “User Registration” link from and follow the instructions ● Different VOs have slightly different procedures – it always involves associating your certificate with your request to join – then a manager of the VO decides if you really are a bona fide member of that collaboration

28 March 2006Andrew McNab – Joining the Grid AUP ● Joining a VO requires accepting the LCG Acceptable Usage Policy ● This is a common AUP accepted by all LCG sites – Avoids the need to fax off 190 different Computer Centre forms when you join ● The AUP is very short – less than a page – and pretty innocuous – basically: “Don't abuse the sites” and “You're legally responsible for what you do.” – In return, you get access to a huge amount of CPU, with local accounts created for you on demand