Integrating HPC and the Grid – the STFC experience Matthew Viljoen, STFC RAL EGEE 08 Istanbul.

Slides:

Advertisements

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Enabling, facilitating and delivering quality training in the UK and Internationally Mike Mineter Training Outreach and Education, NeSC, Edinburgh

Legacy code support for commercial production Grids G.Terstyanszky, T. Kiss, T. Delaitre, S. Winter School of Informatics, University.

MyProxy Guy Warner NeSC Training.

SCARF Duncan Tooke RAL HPCSG. Overview What is SCARF? Hardware & OS Management Software Users Future.

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

MyProxy: A Multi-Purpose Grid Authentication Service

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Grid Security. Typical Grid Scenario Users Resources.

MTA SZTAKI Hungarian Academy of Sciences Grid Computing Course Porto, January Introduction to Grid portals Gergely Sipos

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

USING THE GLOBUS TOOLKIT This summary by: Asad Samar / CALTECH/CMS Ben Segal / CERN-IT FULL INFO AT:

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

The UK National Grid Service Using the NGS. Outline NGS Background Getting Certificates Acceptable usage policies Joining VO’s What resources will be.

S. Gadomski, "ATLAS computing in Geneva", journee de reflexion, 14 Sept ATLAS computing in Geneva Szymon Gadomski description of the hardware the.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Technology on the NGS Pete Oliver NGS Operations Manager.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

GridChem-- User Support Kent Milfeld Supported by the NSF NMI Program under Award # Oct. 10, 2005.

Long Term Ecological Research Network Information System LTER Grid Pilot Study LTER Information Manager’s Meeting Montreal, Canada 4-7 August 2005 Mark.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

David Spence GOSC Graphical Access to the NGS for All Java GSI-SSHTerm.

MetaCentrum – the Czech computational grid Martin Kuba CESNET and Masaryk University Brno, Czech Republic.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

RAL Site Report John Gordon IT Department, CLRC/RAL HEPiX Meeting, JLAB, October 2000.

Security, Authorisation and Authentication.

3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK

Institute For Digital Research and Education Implementation of the UCLA Grid Using the Globus Toolkit Grid Center’s 2005 Community Workshop University.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

MTA SZTAKI Hungarian Academy of Sciences Introduction to Grid portals Gergely Sipos

EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.

Next Steps: becoming users of the NGS Mike Mineter

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

1 e-Science AHM st Aug – 3 rd Sept 2004 Nottingham Distributed Storage management using SRB on UK National Grid Service Manandhar A, Haines K,

Grid Access Toolkit for MS Windows Daniel Kouřil CESNET, MWSG meeting, Jun

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.

Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

The VL-e Proof of Concept Environment & The VL-e PoC Installer Jan Just Keijser System Integrator P4 Team NIKHEF.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

1 Egrid portal Stefano Cozzini and Angelo Leto. 2 Egrid portal Based on P-GRADE Portal 2.3 –LCG-2 middleware support: broker, CEs, SEs, BDII –MyProxy.

Fermilab supports several authentication mechanisms for user and computer authentication. This talk will cover our authentication systems, design considerations,

Accessing the VI-SEEM infrastructure

NGS Users and Support Matthew Viljoen, STFC RAL

Stephen Pickles Technical Director, GOSC

Data services on the NGS

Enable computational and experimental scientists to do “more” computational chemistry by providing capability computing resources and services at their.

CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov

A mobile single sign-on system

OGCE Portal Applications for Grid Computing

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Presentation transcript:

Integrating HPC and the Grid – the STFC experience Matthew Viljoen, STFC RAL EGEE 08 Istanbul

EGEE 08, 22/9/08, Istanbul Contents SCARF – Background Grid-based changes Pros and Cons of Grid Technologies User Perspective GSI-SSHTerm and Single Sign On Conclusions

EGEE 08, 22/9/08, Istanbul SCARF Computing cluster open to all STFC departments and Diamond (up to 1500 users) Run by the Scientific Computing and Technology Group Scientific Computing Application Resource for Facilities

EGEE 08, 22/9/08, Istanbul SCARF Usage Computational Chemistry (GAMESS, Gaussian) HE laser physics: experiment simulation and interpretation, Fusion research Protein simulation General Monte Carlo simulation etc. No major emphasis on storage

EGEE 08, 22/9/08, Istanbul SCARF Hardware & OS 1,200 CPU cores 2. 4 TB main memory Fast interconnect 35 TB storage space 10GB network uplink RHEL 4 Globus 4

EGEE 08, 22/9/08, Istanbul SCARF and the Grid SCARF started in June 2004 –#315 of the top 500 at the time Adopted Grid security mechanisms in 2006 –Access via GSI-SSHTerm Joined the UK NGS in Aug 2008 Plans for future Grid technologies

EGEE 08, 22/9/08, Istanbul Benefits of the Grid (for the sysadmin) Digital Certificates = Easier User Authentication –No more creation/deletion of user accounts & ssh passwords –No more vetting of identity (CA does this) Knowledge sharing with other experts –Software review delegated to community. Help available for installation Integrated Monitoring Better (free) publicity Lever extra resources

EGEE 08, 22/9/08, Istanbul User perspective Previously used Putty + username/password Non computer literate users => X509 certificates cause problems: –understanding PKI –managing/converting certificates No real benefits of certs for users as yet –Mainly used for authentication, not SSO to other resources But now happy using GSI-SSHTerm app. –makes X509 usable & additional benefits Future potential benefits with Grid

EGEE 08, 22/9/08, Istanbul GSI-SSHTerm NGS developed GSISSH terminal emulator based on SSHTools Java webstart application (Windows/Linux/Mac) Works with myproxy Pulls certificate straight out of browser File transfer GUI + VNC Sourceforge project sf.net/projects/gsi-sshterm sf.net/projects/gsi-sshterm Used by Teragrid, NCSA, ICEAGE and others

EGEE 08, 22/9/08, Istanbul Single Sign On Certificates remain unpopular New Grid-based SSO solution to SCARF needed to provide ease of use and encourages uptake (SSO already there via proxy certs to other resources) Future SSO plans –Users need know nothing about PKI/certs –Transparent access via local AuthN mechanisms –Good integration with Windows & Linux/Mac with krb5 Prototype already working with GSI-SSHTerm Big win for everyone!

EGEE 08, 22/9/08, Istanbul SSO Solution Architecture GRID

EGEE 08, 22/9/08, Istanbul SSO Solution Architecture - explained 1.User logs into local PC within Active Directory domain. In Windows: gets a Kerberos token automatically. 2.User starts GSI-SSHTerm and points to Grid resource. GSI-SSHTerm picks up Kerberos token and sends to MyProxyCA server. 3.MyProxyCA checks validity of Kerberos token against Active Directory. If OK, a short-lived X509 certificate is generated. 4, 5. Certificate is used by GSI-SSHTerm to log into Grid resource. -> User can then SSO to other Grid resource. NB: Grid resources need to trust the MyProxyCA root certificate. The short-lived certificate DN must also be accepted.

EGEE 08, 22/9/08, Istanbul Future technologies Not only AuthN: the ‘true’ Grid Vision Resource brokering for other Grid resources -> better scaling for big apps Application-specific GUIs and Portals Grid-enabled storage

EGEE 08, 22/9/08, Istanbul Conclusion Scientists care little about technologies; just getting their work done GSISSH a success, but largely thanks to GSI- SSHTerm Grid = big benefit for sysadmins, … but users will really benefit from true SSO, resource brokering and new portals Grid is helping SCARF, but further development has been needed (GSI-SSHTerm, SSO) New technologies must be usable to end user

EGEE 08, 22/9/08, Istanbul Acknowledgements The SCARF team; Duncan Tooke and Pete Oliver for providing feedback during development of Grid tools SCARF users at STFC Jean-Claude Côte who wrote the proof of concept GSI-SSHTerm David Spence, principal software developer

EGEE 08, 22/9/08, Istanbul Questions?