E-science grid facility for Europe and Latin America The GENIUS Grid Portal Giuseppe LA ROCCA INFN Catania Joint EELA/EGEEIII Tutorial for Trainers, – , Catania (Italy)
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Grid portal technology GENIUS/EnginFrame: new version 4.0 VOMS Proxy Init Service Robot Certificates Summary and Conclusions Outline 2
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – A grid portal: why and how It can be accessed from everywhere and by “everything” (desktop, laptop, PDA, cell phone). It can keep the same user interface to several back- ends. It must be redundantly “secure” at all levels: – 1) secure for web transactions, – 2) secure for user credentials, – 3) secure for user authentication, – 4) secure at VO/VOMS level. All available grid services must be incorporated in a logic way, just “one mouse click away”. Its layout must be easily understandable and user friendly.
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – A Grid Portal improves usability of Grids – Lowering end-user requirements for accessing the Grid – Hiding the complexity of data and job services management in the Grid A Grid Portal improves utilization of Grids – Making the Grid (r)evolution transparent to the end- user – Providing an appealing user-friendly Web interface – Enforcing Grid utilization policies GRID Portal benefits
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Interactive Applications Grid / Compute Farm Internal Users Batch Applications Storage and Data Grid Portal / Gateway Project Managers Client Apps Standard protocols Licenses Home Users The GRID Portal / Gateway
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Grid portal technology GENIUS/EnginFrame: new version 4.0 VOMS Proxy Init Service Robot Certificates Summary and Conclusions 6
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – What EnginFrame is ? It is a web-based technology able to expose Grid services running on Grid infrastructures It allows organizations to provide application- oriented computing and data services to both users (via Web browsers) and applications (via SOAP/WSDL and/or RSS) It’s a Grid gateway It greatly simplifies the development of Web Portals exposing computing services that can run on a broad range of different computational Grid systems 7
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Spoolers HTML page Custom plugin Script Browser SDF XML EnginFrame Server HTML XSLT Grid Compute Farm Grid Compute Farm MetaFram e + NFuse MetaFram e + NFuse Application Server Application Server EnginFrame Agent Execute Service Req XML output Service Req User Authorize Groups, ACLs XML Layout XSL Service Submission EnginFrame Working Environment
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – gzip sample maximum medium none EF_SPOOLER_NAME="gzip $file” export EF_SPOOLER_NAME ${EF_ROOT}/plugins/lsf/bin/bsub -o output.txt gzip -$level \"$FILE\” Service example
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Who uses EnginFrame? Mechanical – Ferrari, Audi, BMW, FIAT Auto, Elasis, Magneti Marelli, P+Z, Swagelok, Toyota, TRW Manufacturing – Bridgestone, Procter & Gamble, Galileo Avionica Oil&Gas – Slavneft, Schlumberger, TOTAL, VNIIGaz Electronics – STMicroelectronics, Accent, SensorDynamics, Motorola Biotech – ENEA, EGEE LS community Telecom – Telecom Italia Research – INFN, ASSC, CCLRC, CERN, CILEA, CINECA, CNR, CNRS/IN2P3, ENEA, FzU, ICI, IFAE, ITEP, JSC G.G.M., KU Leuven, SSC-Russia, SDSC Education – Dresda University, Ferrara University, ITU, Messina University, Politecnico of Milan, Technische Universität Dresden, Trinity College Dublin, Salerno University, S-PACI 10
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS is a powerful Grid Portal that allows scientists to exploit Grid resources only using a conventional Web browser It has been built on top of the EnginFrame framework It’s a gateway to European EGEE Project middle- ware It allows to expose gLite-enabled applications via Web-browser as well as Web Services What GENIUS is ? 11
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS architecture Globus middleware Compute resources EGEE middleware LCG-2 / gLite Local Data Distributed Data Classic GENIUS Authentication – ACL management Data Management & Virtualization General XML Application Kits VO n - XML Application Kit VO 1 - XML Application Kit Monitoring & Accounting VNC remote Desktop over SSL X509 Proxy w/ VOMS extensions End users Presentation engine WSDL/SOAP 3rd party Apps HTTP RSS Clients JSR168 Portlet Containers Portlet GW WS GW RSS GW
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Reference Web Site: 13
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: files management
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Grid Preferences
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Job Submission
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Job Submission
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Job Submission
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Code for Job Queue management rewritten using GridML tags GENIUS: Job(s) Queue
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – New Confirmation Message! GENIUS: Job Retrieving
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Data Spooler
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Tight VNC GENIUS: Interactive Services
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Local Browse on laptop Remote Browse on UI (GENIUS Server) Extended Remote File Browse on LFC Catalog GENIUS: Data Management
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Extended Multiple Remote File Browsing on Catalog! GENIUS: Data Management
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Submit Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Submit Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Submit Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Submit Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Submit Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Submit Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – GENIUS: Submit Workflow
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – All web transactions are executed under the Secure Socket Layer (SSL) via HTTPS The user must have an account on the User Interface When the user wants to interact with the file-system of the UI, he gets prompted for the username and password of the account on that machine All the glite functionalities are integrated in the portal and accessible only after the creation of the voms- proxy through the applet GENIUS: security infrastructure 39
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Authentication with the User Interface 2. Authentication to the Grid. Input password of the proxy ( specified when you execute myproxy-init ) Input password of the user account Improved Security 40
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Grid portal technology GENIUS/EnginFrame: new version 4.0 VOMS Proxy Init Service Robot Certificates Summary and Conclusions 41
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – A CAPTCHA Code is required to start the VOMS Proxy Applet for the proxy initialization The Java plugin or higher is mandatory required. 42 VOMS Proxy Init Service
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Jointly developed by NICE and INFN Catania 43 VOMS Proxy Init Service
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – VOMS Proxy Init Service
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – VOMS Proxy Init Service
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – VOMS Proxy Init Service
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – VOMS Proxy Init Service
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Now the user is authenticated on gLite middleware 48 VOMS Proxy Init Service
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Grid portal technology GENIUS/EnginFrame: new version 4.0 VOMS Proxy Init Service Robot Certificates Summary and Conclusions 49
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Starting from Feb also the Italian INFN CA will start to issue Robot Certificates. Thanks to these new certificates biologists will be able to access the grid sharing the certificate installed on the portal. 2.UK and NL CA are already issuing robot certificates 3. The decision of the INFN CA is a great success of the BioinfoGRID project Robot Certificates
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Your identity: /C=IT/O=GILDA/OU=Robots/L=INFN Catania/CN=Robot:MrBayes - Giuseppe La Rocca Creating temporary proxy Done Contacting voms.ct.infn.it:15001 [/C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn. it] "gilda" Done Creating proxy Done Your proxy is valid until Thu May 8 21:42: Robot Certificates
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – In order to strong reduce the risks of having the portal certificate compromised and improve the security, the INFN CA has decided to issue this new certificate on board of the Aladdin eToken PRO smart card. – Each smart card can support several robot certificates: one for each application user wants to share with the other. – An user’s PIN is prompted every time user try to read the certificate on board of the smart card to generate a proxy.
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Admin User Play live video GENIUS & Robot Certificates
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – User Tracking System (UTS)
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – User Tracking System (UTS)
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – User Tracking System (UTS)
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – User Tracking System (UTS)
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Grid portal technology GENIUS/EnginFrame: new version 4.0 VOMS Proxy Init Service Robot Certificates Summary and Conclusions 58
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Summary and Conclusions GENIUS offers the following advantages: it is a complete production-ready environment which combines the concepts of “user portal” and “science portal”; absolutely no client software needs to be installed on the user’s workstation apart from the web browser with its usual plug-ins like Java (at least JRE or higher); it provides a new unique tool to authorize users, in a very strong secure way, into the grid environment with or without VOMS support as well, easy to use; it includes support for both single and composite jobs (including DAG’s); interactive analysis and web access to personal spooling areas are possible; environment and settings customizable for the users; security for data management and sessions. 59
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – References NICE web-site EnginFrame Framework GENIUS Portal GENIUS Repository at GENIUS based on gLite at GENIUS Installation GENIUS Repository at Write an message to italy.com or for an account request to download the GENIUS
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Questions …
Catania (Italy), Joint EELA/EGEEIII Tutorial for Trainers, – Hands-on Login : cataniaXX OS passwd : GridCATXX PassPhrase : CATANIA where XX = 01,..,30