Using Grid Computing at NIKHEF David Groep, NIKHEF
The One-Liner Resource sharing and coordinated problem solving in dynamic multi-institutional virtual organisations
What is Grid computing? Dependable, consistent and pervasive access Combining resources from various organizations `Virtual Organizations’ – user-based view on Grid Technical challenges: –transparent decisions for the user –uniformity in access methods –secure & crack resistant –authentication, authorization, accounting (AAA) "a
Globus Project started 1997 de facto-standard Reference implementation of Gridforum standards Large community effort Basis of several projects, including EU-DataGrid Toolkit `bag-of-services' approach Successful test beds, with single sign-on, etc… Grid Middleware
Grid Architecture Applications Grid Services GRAM Grid Security Infrastructure (GSI) Grid Fabric CondorMPIPBSInternetLinux Application Toolkits DUROCMPICH-G2Condor-G GridFTPMDS SUN VLAM-G Make all resources talk standard protocols Promote interoperability of application toolkit, similar to interoperability of networks by Internet standards ReplicaSrv
EU DataGrid Work Packages WP8-10 Applications Grid Services GRAM Grid Fabric CondorPBSInternetLinux Application Toolkits MPICH-G2Condor-G GridFTPMDS SUN WP1& 8-10 sw WP2,3,5,(7) WP4,7
Looking for Resources Per Virtual Organization (or test bed) Directory of Resources and their Characteristics Used to find `best resource out there’ DataGrid DutchGrid ldap://giishost.nikhef.nl:30001/o=Grid
Submitting a Job
Sending your Data Tape robots, disks, etc. share GridFTP interface Optimize for high-speed >1Gbit/s networks In the future: automatic optimizations, bandwidth reservations, directory-enabled networking, …
DataGrid Test Bed 1 DataGrid TB1: –14 countries –21 major sites –“Work Package 6” Submitting Jobs: –Login only once, run everywhere –Cross administrative boundaries in a secure and trusted way –Mutual authorization
DutchGrid Platform Amsterdam Utrecht KNMI Delft Leiden Nijmegen Enschede DutchGrid: –Test bed coordination –PKI security Participation by NIKHEF: FOM, VU, UvA, Utrecht, Nijmegen KNMI, SARA AMOLF DAS-II (ASCI): TUDelft, Leiden, VU, UvA, Utrecht Telematics Institute
Resources Current startup-resources to be (ab)used: –NIKHEF: Several Globus test machines (try them now from your desk!) 50x2 CPU’s D0 cluster 2x10x2 (=40) CPU’s LHCb at NIKHEF(WCW) &VU 10x2 CPU’s Alice NIKHEF(WCW) ca. 4x2 CPU’s Alice Utrecht ca. 10x2 CPU’s D0 Nijmegen Lots of disk & dedicated 1.3TByte cache server –DAS-II: 200 dual-PIII’s systems & some disk (~2TByte) Spread over 5 locations (NIKHEF is one!) –SARA: tape robot (>200TByte), some clusters –More systems (NCF) to come this year …
Systems around WCW
Start using the grid All the necessary “client tools” are on all Linux and Solaris systems You just need: –Credentials/tokens for the Grid (see next slides) –Authorization to use resources (you get all NIKHEF resources by default) –Information on which resources to use effectively
Your Grid Credentials You will use resources across several domains –You may not care about security and authorization –But the remote site admin will ! All communications are authenticated using X.509 “Public Key” Certificates The technology used to secure credit card transactions on the web ( ) Uniquely binds name/affiliation to a digital token
Certification Authorities CA’s act as trusted third parties Remote sites trust the CA for a proper binding They will not do authentication again, so only authorization left. CA’s are highly valuable: crack one to impersonate others on the Grid (and abuse resources) Registration Authorities do in-person ID checks
CA’s in DataGrid 10 National CA’s (one per EU country) Each one has a detailed policy and practice statement NIKHEF operates the CA for DutchGrid See Get a “certificate” from the DutchGrid CA before you can start using the Grid It’s valuable, protect it with a pass phrase One cert valid for all DataGrid sites
The Proxy A `proxy certificate’ is a limited-lifetime delegation without a pass phrase to protect it Implements the single sign-on for Grid Valid for 12 hours (by default) Use it to: –Run your jobs –Get access to your data Get it, by running grid-proxy-init
Now see for yourself
Getting a Certificate Initialize your environment for the Grid Use the Globus local guide from Run grid-cert-request Send the result to you will be contacted by phone Put the certificate (sent by mail) in your $HOME/.globus/usercert.pem Or use the Web at
Using the Grid Request authorization: Look what is out there using grid-info-search or Try some local hosts: –bilbo, kilogram, triangel kilogram:davidg:1009$ globus-job-run dommel.wins.uva.nl /usr/ucb/quota -v Disk quotas for random (uid 12xxx): Filesystem usage quota limit timeleft files quota limit timeleft /home/random kilogram:davidg:1010$ Start running your analysis/MC/other jobs
grid-proxy-init kilogram:davidg:1003$ grid-proxy-init Your identity: /O=dutchgrid/O=users/O=nikhef/CN=David Groep Enter GRID pass phrase for this identity: PassPhrase Creating proxy Done Your proxy is valid until Wed Sep 26 05:50:
GridFTP Universal high-performance file transfer Extends the FTP protocol with: –Single sign-on ( GSI, GSSAPI, RFC2228 ) –Parallel streams for speed-up –Striped access (ftp from multiple sites to be faster) Clients: gsincftp, globus-url-copy.
What’s Next? Some of the nice user-features to come: –Finding data files by characteristics (give me all golden decay’s) –Moving your job to where the data is –Automatic partitioning of jobs –Support true-interactive work –Better network utilisation (faster access to data) –……… If you are in the DataGrid project, ask your WP leader for authorization in TB1