EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org www.glite.org EGEE and gLite are registered trademarks Security and Job Management.

Slides:



Advertisements
Similar presentations
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Advertisements

EGEE-II INFSO-RI Enabling Grids for E-sciencE The gLite middleware distribution OSG Consortium Meeting Seattle,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Middleware Claudio Grandi (INFN – Bologna) Workshop Commissione.
FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
INFSO-RI Enabling Grids for E-sciencE EGEE Middleware The Resource Broker EGEE project members.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
EGEE-II INFSO-RI Enabling Grids for E-sciencE Slides based on material from Sergio Andreozzi INFN-CNAF and from Pedro.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Based on material by Sergio Andreozzi INFN-CNAF OMII-Europe All-Hands.
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
FESR Consorzio COMETA Grid Introduction and gLite Overview Corso di formazione sul Calcolo Parallelo ad Alte Prestazioni (edizione.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Configuring and Maintaining EGEE Production.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
Enabling Grids for E-sciencE ENEA and the EGEE project gLite and interoperability Andrea Santoro, Carlo Sciò Enea Frascati, 22 November.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
INFSO-RI Enabling Grids for E-sciencE Workload Management System Mike Mineter
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Provenance Challenge gLite Job Provenance.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks JRA1 summary Claudio Grandi EGEE-II JRA1.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks WMSMonitor: a tool to monitor gLite WMS/LB.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
INFSO-RI Enabling Grids for E-sciencE The gLite Workload Management System Elisabetta Molinari (INFN-Milan) on behalf of the JRA1.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
EGEE-III INFSO-RI Enabling Grids for E-sciencE Feb. 06, Introduction to High Performance and Grid Computing Faculty of Sciences,
EGEE-II INFSO-RI Enabling Grids for E-sciencE JRA1 in EGEE II Claudio Grandi (INFN and CERN) EGEE II Transition Meeting.
Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.
EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract INFSO-RI Grid Accounting.
EGEE is a project funded by the European Union under contract INFSO-RI Practical approaches to Grid workload management in the EGEE project Massimo.
INFSO-RI Enabling Grids for E-sciencE EGEE Middleware reengineering Claudio Grandi – JRA1 Activity Manager - INFN EGEE Final EU.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
Enabling Grids for E-sciencE The gLite Workload Management System Alessandro Maraschini OGF20, Manchester,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Site Architecture Resource Center Deployment Considerations MIMOS EGEE Tutorial.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Alexandre Duarte CERN IT-GD-OPS UFCG LSD 1st EELA Grid School.
EMI INFSO-RI Argus Policies in Action Valery Tschopp (SWITCH) on behalf of the Argus PT.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks WMPROXY usage Álvaro Fernández IFIC (CSIC)
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks New Authorization Service Christoph Witzig,
EGEE-II INFSO-RI Enabling Grids for E-sciencE gLite and Condor present and future Claudio Grandi (INFN – Bologna)
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks APEL CPU Accounting in the EGEE/WLCG infrastructure.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Update Authorization Service Christoph Witzig,
INFSO-RI Enabling Grids for E-sciencE Grid Services for Resource Reservation and Allocation Tiziana Ferrari Istituto Nazionale di.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Introduction to P-GRADE Portal hands-on Miklos Kozlovszky MTA SZTAKI
LCG WLCG Accounting: Update, Issues, and Plans John Gordon RAL Management Board, 19 December 2006.
INFSO-RI Enabling Grids for E-sciencE Policy management and fair share in gLite Andrea Guarise HPDC 2006 Paris June 19th, 2006.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Practical using WMProxy advanced job submission.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks gLite – UNICORE interoperability Daniel Mallmann.
INFSO-RI Enabling Grids for E-sciencE DGAS, current status & plans Andrea Guarise EGEE JRA1 All Hands Meeting Plzen July 11th, 2006.
EGEE-II INFSO-RI Enabling Grids for E-sciencE middleware status and plans Claudio Grandi (INFN and CERN) John White.
13th EELA Tutorial, La Antigua, 18-19, October E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Study on Authorization Christoph Witzig,
EGEE-II INFSO-RI Enabling Grids for E-sciencE Overview of gLite, the EGEE middleware Mike Mineter Training Outreach Education National.
First South Africa Grid Training June 2008, Catania (Italy) OVERVIEW of the gLite COMPONENTS Marcello Iacono Manno FIRST.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Job Management Claudio Grandi.
INFSO-RI Enabling Grids for E-sciencE Padova site report Massimo Sgaravatto On behalf of the JRA1 IT-CZ Padova group.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.
Introduction to Computing Element HsiKai Wang Academia Sinica Grid Computing Center, Taiwan.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks CREAM: current status and next steps EGEE-JRA1.
Enabling Grids for E-sciencE Work Load Management & Simple Job Submission Practical Shu-Ting Liao APROC, ASGC EGEE Tutorial.
Enabling Grids for E-sciencE Claudio Cherubino INFN DGAS (Distributed Grid Accounting System)
Accounting Update Dave Kant, John Gordon RAL Javier Lopez, Pablo Rey Mayo CESGA.
Authentication, Authorisation and Security
Introduction to Grid Technology
Grid Services Ouafa Bentaleb CERIST, Algeria
Short update on the latest gLite status
Based on material by Sergio Andreozzi INFN-CNAF
Presentation transcript:

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security and Job Management Claudio Grandi – JRA1 Activity Manager - INFN OGF - EGEE-II User Forum Manchester - 9 May 2007

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Outline Security Resource access: Computing Element Workload management Job accounting

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Authentication Authentication is based on X.509 PKI infrastructure –Certificate Authorities (CA) issue (long lived) certificates identifying individuals (much like a passport)  Commonly used in web browsers to authenticate to sites –Trust between CAs and sites is established (offline) –In order to reduce vulnerability, on the Grid user identification is done by using (short lived) proxies of their certificates Short-Lived Credential Services (SLCS) –issue short lived certificates or proxies to its local users  e.g. from Kerberos or from Shibboleth credentials (new in EGEE II) Proxies can –Be delegated to a service such that it can act on the user’s behalf –Be stored in an external proxy store (MyProxy) –Be renewed (in case they are about to expire) –Include additional attributes

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Authorization –glexec changes the local identity (based on suexec from Apache) –LCAS/LCMAPS use different plug-ins to determine if and how to map a grid user to a local user  mainly used for C-based applications –gLite Java Authorization Framework (XACML-compatible)  mainly used for Java-based applications –Compatible with the future G-PBox policy management system VOMS service issues Attribute Certificates that are attached to certificate proxies –Provide users with additional capabilities defined by the Virtual Organization –Base for the Authorization process Authorization: via mapping to a local user on the resource

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Security - overview

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Coming: Shibboleth SLCS Long lived certificates may be replaced by short lived certificates provided by a Shibboleth identity Provider

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Job Management Services Computing Element Storage Element Site X Information System submit query retrieve Workload Management Logging & Bookkeeping User Interface publish state File and Replica Catalogs Authorization Service query update credential publish state discover services

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Resource Access in EGEE  LCG-CE (GT2 GRAM) –Not ported to GT4. To be dismissed  gLite-CE (Condor-C+GSI) –Deployed (GT2 version) but still needs tuning  CREAM (WS-I) –Prototype. OGF-BES (see demo at SC’06) Possible developments: –GT4 → BLAH submissions? Choose your preferred path to the Batch System! Condor-G Globus client gLite WMS User CREAM CEMon ICE CREAM client EGEE authZ, InfoSys, Accounting In production Existing prototype Possible development gLite component non-gLite component Batch System LCG-CE (GT2) gLiteCE BLAH User / Resource UI Site GT4 GRAM jobmanager X

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Workload Management System WMS: Resource brokering, workflow management, I/O data management  Web Service interface: WMProxy –Task Queue: keep non matched jobs –Information SuperMarket: optimized cache of information system –Match Maker: assigns jobs to resources according to user requirements (possibly including data location) –Job submission & monitoring  Condor-G  ICE (to CREAM) –External interactions:  Information System  Data Catalogs  Logging&Bookkeeping  Policy Management systems

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Workload Management System Not only resource brokering: Support for compound jobs –Compound, Parametric, DAGs (Direct Acyclic Graphs) –One shot submission of a group of jobs  Submission time reduction (single call to WMProxy server) –Shared input sandboxes –Single Job Id to manage the group (single job ID still available) Support for ‘scattered’ input/output sandboxes Support for deep and shallow resubmission –Automatic resubmission in case of failure of the infrastructure Automatic proxy renewal (including VOMS attributes) nodeE nodeC nodeA nodeD nodeB

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Logging & Bookkeeping LB: Tracks jobs during their lifetime (in terms of events) –Functional to WMS operations  but works also for jobs not submitted through the WMS –Web service Interface for querying

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May WMS and LB performances jobs/day Load-limiter prevented submission } Job in WMS } Job on CE Final states

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Coming: Job Provenance Store and retain data on finished jobs –Complementary to L&B –Optionally adds input sandbox files and additional user annotations –Provides data-mining capabilities –Allows job re-execution JP Primary Storage (JPPS) –Stores data coming from L&B  purge L&B after job completion  now 1-n relation for LB-JPPS JP Index Server (JPIS) –User front-end (WSDL interface)  May be VO-customized (predefined queries & indices)

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Coming: support for pilot jobs Several VOs submit pilot jobs with a single identity for all of the VO –The pilot job gets the user job when it arrives on the WN and executes it  Just-in-time scheduling. VO policies implemented at the central queue Use the same mechanism for changing the identity on the Computing Element also on the Worker Nodes (glexec) –The site may know the identity of the real user

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May Job accounting Resource usage by VO, group or single user –Resource metering: sensors running on resources to determine usage –Pricing policies: associate a cost to resource usage  if enabled allowed market- based resource brokering –privacy: access to accounting data granted only to authorized people (user, provider, VO manager) Information collected at the Grid Operations Centre (GOC) Basic functionality in APEL, full functionality in DGAS

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May GOC - VO Manager View Table shows CPU, WCT and Job Eff. of the Top 10 Anonymised Users This example shows that the largest WCT User has a job efficiency of 10%…clearly the VO Manager may wish to contact this person

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May GOC - Site Admin View The Site Administrator can view usage of anonymous grid users who executed jobs at the site.

Enabling Grids for E-sciencE EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May EGEE-II INFSO-RI OGF - EGEE II User Forum - Manchester - 9 May GOC - User View Each Grid User can interrogate their own accounting data –Tables showing what they did and when –Number of Jobs, CPU and WCT per Month (per VO) –Average Job Efficiency per VO –Accumulative Njobs, CPU and WCT per VO –The sites which executed the jobs, and when they were done The following table shows the distribution of the Total number of Your Jobs grouped by VO and DATE

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.