Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,

Slides:



Advertisements
Similar presentations
Building a CFD Grid Over ThaiGrid Infrastructure Putchong Uthayopas, Ph.D Department of Computer Engineering, Faculty of Engineering, Kasetsart University,
Advertisements

"Recent development of e- Science & Grid in Thailand" 24 January 2006 Piyawut Srichaikul, NECTEC Putchong Uthayopas, KU.
Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.
Introduction of Grid Security
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
18 th WGISS Meeting, September 6-10, 2004, Beijing, People Republic of China Activities on Grid Technology at GISTDA Pakorn Apaphant GISTDA.
Inetrconnection of CNGrid and European Grid Infrastructure Depei Qian Beihang University Feb. 20, 2006.
5-Dec-02D.P.Kelsey, GridPP Security1 GridPP Security UK Security Workshop 5-6 Dec 2002, NeSC David Kelsey CLRC/RAL, UK
GT 4 Security Goals & Plans Sam Meder
The National Grid Service and OGSA-DAI Mike Mineter
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
OMII-UK Steven Newhouse, Director. © 2 OMII-UK aims to provide software and support to enable a sustained future for the UK e-Science community and its.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Liang ZHAO, PKU EUChinaGrid 3 rd Tutorial Nov.25, 2006 Authentication and Authorization in gLite Liang ZHAO Peking University.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
High Performance Computing Course Notes Grid Computing.
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
AustrianGrid, LCG & more Reinhard Bischof HPC-Seminar April 8 th 2005.
Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.
Globus Computing Infrustructure Software Globus Toolkit 11-2.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Building a Massive Virtual Screening using Grid Infrastructure Chak Sangma Centre for Cheminformatics Kasetsart University Putchong Uthayopas High Performance.
Long Term Ecological Research Network Information System LTER Grid Pilot Study LTER Information Manager’s Meeting Montreal, Canada 4-7 August 2005 Mark.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.
The Development of the Thai National Grid Center Dr.Tiranee Achalakul Representative, Thai National Grid Center Software Industry Promotion Agency (SIPA)
ThaiGrid: Current Status Vara Varavithya Dept. of Electrical Engineering King Mongkut's Inst. of Tech. North Bangkok, Thailand
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
Module 9: Fundamentals of Securing Network Communication.
1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.
Resource Brokering in the PROGRESS Project Juliusz Pukacki Grid Resource Management Workshop, October 2003.
Putchong Uthayopas, Sugree Phatanapherom, Nopparat Noppakuat, and Maneerat Suriyapiboonwattana Thai National Grid Center Software Industry Promotion Agency(SIPA),
Grid Computing and Thailand Research Community Putchong Uthayopas Director High Performance Computing and Networking Center Kasetsart University, Bangkok,
Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.
"Recent development of e- Science & Grid in Thailand" 24 January 2006 Piyawut Srichaikul, NECTEC Putchong Uthayopas, KU.
DAME: A Distributed Diagnostics Environment for Maintenance Duncan Russell University of Leeds.
Grid Middleware Tutorial / Grid Technologies IntroSlide 1 /14 Grid Technologies Intro Ivan Degtyarenko ivan.degtyarenko dog csc dot fi CSC – The Finnish.
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
Institute For Digital Research and Education Implementation of the UCLA Grid Using the Globus Toolkit Grid Center’s 2005 Community Workshop University.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Mine Altunay July 30, 2007 Security and Privacy in OSG.
GRIDS Center Middleware Overview Sandra Redman Information Technology and Systems Center and Information Technology Research Center National Space Science.
User Management: Authentication & Authorization on the NorduGrid Balázs Kónya, AndersWäänänen 3 rd NorduGrid Workshop, 23 May, 2002 Helsinki.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,
Thailand Grid and Networking: Infrastructure and Activities Putchong Uthayopas Director High Performance Computing and Networking Center Kasetsart University,
Grid technology Security issues Andrey Nifatov A hacker.
1 Grid Activity Summary » Grid Testbed » CFD Application » Virtualization » Information Grid » Grid CA.
Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.
Kento Aida, Tokyo Institute of Technology Joint Meeting Grid activities committee and Grid working group Jan. 28 th, 2004 Honolulu.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
Accessing the VI-SEEM infrastructure
HIMSS National Conference New Orleans Convention Center
Grid Security Infrastructure
Presentation transcript:

Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University, Bangkok, Thailand 2 Department of Electrical Engineering Faculty of Engineering King Mongkuts Institute of Technology North Bangkok

TNGP, Thai Grid Current Status Currently in Operation Delivered Grid Monitoring and Management Tools to Communities Government Approve approx. 6M US$ funding the project for 3 years Supports Certification Technical Grid Technology Promotions

TNGP, Agenda Thailand National Grid Project ThaiGrid Status Update Current Development in ThaiGrid

TNGP, TNGP Objectives Promote the use of Grid Technologies Excellence in Grid Technology Human Resource Development Provide Grid Infrastructure Computing Infrastructure Communication Structure Help Establishing Standard and Practices House the ThaiGrid Office

TNGP, National Grid Committee Business Structure Ministry of ICT Grid Technology Excellence Center SIPA Research Institutions Grid Users Gov. Agencies Com Sci. Eng. People Academic Institutions Researchers

TNGP, Computing Infrastructure Tera Flops Machine Satellite Clusters 32-proc. Machine Satellite Clusters 32-proc. Machine Satellite Clusters 32-proc. Machine Satellite Clusters 32-proc. Machine 16 Satellite Sites High Speed Network

TNGP, Participated Organizations KU, CU, KMITNB, KMUTT, KMITL, Mahidol, KKU, SUT, WU, AIT Weather Forecast Services NECTEC

TNGP, Human Resource Housing Dozen of Grid Engineers and Scientists at the excellence center Systematically trains Grid Admins via series of tutorials and workshops Target 2,000 in three years

TNGP, Applications Health Care Data Grid High Performance Computing Applications Drug Design CFD FEM Evolutionary Computing Financial Application Based on Participated Inst. Expertise

TNGP, Targeted Outcomes Robust Grid Enable High Performance Computing Infrastructure A set, 3-4, of Grid Applications Show Cases Social impact to Thais well being Supports sciences and technology 2,000 HR Development Grid Technology Promotion

TNGP, ThaiGrid Project Found Jan 2002 Build up a long term research partnership to explore The construction of Grid testbed and production environment The building of Grid tools and middleware. The deployment of grid technology to support the mission of scientific discovery The development of Grid application

TNGP, ThaiGrid Overall Status 10 Clusters total AMATA – KU GASS – KU MAEKA – KU WARINE – KU CAMETA – SUT OPTIMA - AIT ENQUEUE – KMITNB PALM – KMITNB SPIRIT – CU INCA - KMUTT 110 Hosts (From SCMS) 158 CPUs (From SCMS)

TNGP, ThaiGrid Status Map

TNGP, Software ROCKS (Shasta) with HPC Roll Grid Roll SCE Roll Scheduler Roll Globus Toolkits 2.4 SCMSWeb Monitoring Tool Shared Certificate Authority

TNGP, ThaiGrid Tools TGCheckPort – Checking the firewall between sites TGregister – Grid user management and automatically updated grid- mapfile system

TNGP, TGregister

TNGP, Application Drug Design ThaiGrid Drug Design Portal HIV Drug Design Avian Flu Drug Design

TNGP, Drug Design

TNGP,

Proxy Certificate Delegation X.509 SSL Multi-Level User Implementation on X.509 ThaiGrid User Services Two core concepts: X.509 digital certificates used as identity credentials Proxy Certificate used to delegate identity temporarily to other credentials

Grid Security : Security VO manage Management of VO - Discover VO by Grid participants - Authentication and authorization of participants to join VO - Access control: Participants access shared resources in VO The problem of VO security - Large number of distributed resources - Dynamic and complex relationships among organizations across trust domains - Resource utilization scenarios are complex and changing dynamically

Large and dynamic population Different accounts at different sites Personal and confidential data Heterogeneous privileges (roles) Desire Single Sign-OnUsers Sites Heterogeneous Resources Access Patterns Local policies Membership Group data Access Patterns MembershipGroups Grid Security: VOs Role Grid

Grid Security : Authorization management Community Authorization Service user CA CAS Server Mutual authentication and access resource Request proxy to CAS server Reply restriced proxy to user Delegation restriced proxy from CAS CAS concept: Reduce trust relationship by - Group user to community - Resource authorized community - Community authorized user - Constrain in proxy certificate But CAS cannot support authorization in small communities in VO and support only GridFTP

Grid Security: Small Communities in VO Component of small communities in VO Static users for assign authoritative Temporarily users accept authoritative from static users Users operation same jobs in small communities in VO Multi-level authoritative from user to user Requirement of small communities in VO Mechanism for direct assign authoritative multi-level user management

Authoritative credentials High-level user Low-level user Proxy generator with privilege authoritative Authoritative privilege generator Gatekeeper Check permit for authorization Grid mapfile Run jobs Cannot run jobs GRID RESOURCE Multi-Level assign authoritative architecture Generate assign authoritative Request proxy with privilege authoritative allowdeny Authentication & authorization with proxy privilege authoritative

Multi-Level assign authoritative Concept Use Attribute Certificate concept for assign privilege authoritative Embed Attribute Certificate into X.509 Certificate Subject:O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriya Issuer: C=TH, O=Grid, O=ThaiGrid, CN=ThaiGrid CA Expiration date: Aug 22 08:08: GMTSerial number: 625 (0x271) CA Digital signature Attribute Certificate : Issuer : O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriya Holder : O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=gridstaff Validity date : Jan 22 08:08: GMTSerial extension : sun.ee.kmitnb.ac.th/allow Issuer Signature : MD5RSAEncryption Public Key Concept :

Transfer multi-level assign authoritative Attribute Certificate: Issuer : user A Holder : user B,C,..X Privilege :host/allow/deny Validity : :18:45 Signature: user A Proxy Certificate with AC Identity : user B Public Key : user B Validity : :18:45 Signature: CA Assign authoritative from user A User B proxy-init with AC User B CA User X Resource User A User A is authoritative privilege User B can access Step access same user B Assign authoritative to user B to user X

Current Development Build tool support multi-level assign authoritative user management for small communities in VO Modify Proxy Certificate by embedded Attribute Certificate for access rights

TNGP, Conclusion The Start of Thailand National Grid Project ThaiGrid Operation has been in operation and strong. Several applications, middleware development Lots more to come in human resource development to foster grid efforts