Www.eu-eela.eu E-science grid facility for Europe and Latin America Using Secure Storage Service inside the EELA-2 Infrastructure Diego Scardaci INFN (Italy)

Slides:

Advertisements

Similar presentations

12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.

Advertisements

E-science grid facility for Europe and Latin America E2GRIS1 Jaime Parada, Edgar Perdomo – UCV Itacuruça (Brazil), 2-15 November 2008 CATIVIC.

SEE-GRID-SCI User Interface (UI) Installation and Configuration Branimir Ackovic Institute of Physics Serbia The SEE-GRID-SCI.

E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.

E-science grid facility for Europe and Latin America JRA1 Status Report Development of Services for Applications and Infrastructure Francisco.

Basic Grid Job Submission Alessandra Forti 28 March 2006.

FESR Consorzio COMETA - Progetto PI2S2 Using MPI to run parallel jobs on the Grid Marcello Iacono Manno Consorzio COMETA

Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Special Jobs Matias Zabaljauregui UNLP.

Enabling Grids for E-sciencE gLite training at Sinaia '06 Victor Penso Kilian Schwarz GSI Darmstadt Germany.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Pilot Test-bed Operations and Support Work.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

E-science grid facility for Europe and Latin America Bridging OurGrid-based and gLite-based Grid Infrastructures Abmar de Barros, Adabriand.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) WMPROXY API Python & C++ Diego Scardaci

The gLite API – PART I Giuseppe LA ROCCA INFN Catania ACGRID-II School 2-14 November 2009 Kuala Lumpur - Malaysia.

INFSO-RI Enabling Grids for E-sciencE GILDA Praticals GILDA Tutors INFN Catania ICTP/INFM-Democritos Workshop on Porting Scientific.

Computational grids and grids projects DSS,

E-science grid facility for Europe and Latin America Watchdog: A job monitoring solution inside the EELA-2 Infrastructure Riccardo Bruno,

:: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: ::::: :: GridKA School 2009 MPI on Grids 1 MPI On Grids September 3 rd, GridKA School 2009.

1 HeMoLab - Porting HeMoLab's SolverGP to EELA glite Grid Environment FINAL REPORT Ramon Gomes Costa - Paulo Ziemer.

E-science grid facility for Europe and Latin America Developing e-Infrastructure services for e-Science applications: the EELA-2 experience.

Nadia LAJILI User Interface User Interface 4 Février 2002.

E-science grid facility for Europe and Latin America Marcelo Risk y Juan Francisco García Eijó Laboratorio de Sistemas Complejos Departamento.

INFSO-RI Enabling Grids for E-sciencE Workload Management System Mike Mineter

E-science grid facility for Europe and Latin America JRA1 – Activity Report and Plans Francisco Brasileiro Universidade Federal de Campina.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) GISELA Additional Services Diego Scardaci

E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.

Group 1 : Grid Computing Laboratory of Information Technology Supervisors: Alexander Ujhinsky Nikolay Kutovskiy.

1 Catania, 4 th EEGE User Forum/OGF 25, OurGrid integration with gLite based grids in EELA-2 Francisco Brasileiro Universidade.

E-science grid facility for Europe and Latin America E2GRIS1 Gustavo Miranda Teixeira Ricardo Silva Campos Laboratório de Fisiologia Computacional.

E-science grid facility for Europe and Latin America gLite MPI Tutorial for Grid School Daniel Alberto Burbano Sefair, Universidad de Los.

EGEE-II INFSO-RI Enabling Grids for E-sciencE An Introduction to the EGEE Project Presented by Min Tsai ISGC 2007, Taipei With thanks.

E-science grid facility for Europe and Latin America GRIP - Grid Image Processing for Biomedical Diagnosis SECOND EELA-2 GRID SCHOOL Querétaro,

EGEE-III INFSO-RI Enabling Grids for E-sciencE Feb. 06, Introduction to High Performance and Grid Computing Faculty of Sciences,

Jan 31, 2006 SEE-GRID Nis Training Session Hands-on V: Standard Grid Usage Dušan Vudragović SCL and ATLAS group Institute of Physics, Belgrade.

E-science grid facility for Europe and Latin America GridwWin: porting gLite to run under Windows Fabio Scibilia – Consorzio COMETA 30/06/2008.

E-infrastructure shared between Europe and Latin America GENIUS PORTAL Valeria Ardizzone INFN-Catania 1° EELA Grid School Itacuruçà Island, State of Rio.

Satellital Image Clasification with neural networks Step implemented – Final Report Susana Arias, Héctor Gómez UNIVERSIDAD TÉCNICA PARTICULAR DE LOJA ECUADOR.

E-science grid facility for Europe and Latin America JRA1 – Annual Activity Report Francisco Brasileiro Universidade Federal de Campina.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Worker Node installation & configuration.

E-science grid facility for Europe and Latin America MAVs-Study Biologically Inspired, Super Maneuverable, Flapping Wing Micro-Air-Vehicles.

Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Site Architecture Resource Center Deployment Considerations MIMOS EGEE Tutorial.

INFSO-RI Enabling Grids for E-sciencE Αthanasia Asiki Computing Systems Laboratory, National Technical.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Grid2Win: Porting of gLite middleware to.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid2Win : gLite for Microsoft Windows Roberto.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Moisés Hernández Duarte UNAM FES Cuautitlán.

INFSO-RI Enabling Grids for E-sciencE GILDA Praticals Giuseppe La Rocca INFN – Catania gLite Tutorial at the EGEE User Forum CERN.

E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Special Jobs Valeria Ardizzone INFN - Catania.

E-science grid facility for Europe and Latin America JRA1 role and its interaction with SA1 and NA3 Francisco Brasileiro Universidade Federal.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Practical using WMProxy advanced job submission.

User Interface UI TP: UI User Interface installation & configuration.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The GILDA t-Infrastructure Roberto Barbera.

Presentation of the results khiat abdelhamid

IST E-infrastructure shared between Europe and Latin America The GILDA t-Infrastructure and the GENIUS portal Christian Grunfeld,

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.

Scuola Grid INFN, Trieste, 1-12 Dic Managing Confidential Data in the gLite Middleware – The Secure Storage.

Enabling Grids for E-sciencE Work Load Management & Simple Job Submission Practical Shu-Ting Liao APROC, ASGC EGEE Tutorial.

Il Data Engine basato su standard degli Science Gateway di Catania ed altri servizi di Data Management Roberto Barbera

Grid2Win Porting of gLite middleware to Windows XP platform

Stephen Childs Trinity College Dublin

Advanced Topics: MPI jobs

Scuola Grid INFN, Martina Franca, Nov

Accounting at the T1/T2 Sites of the Italian Grid

Grid2Win: Porting of gLite middleware to Windows XP platform

Special Jobs: MPI Alessandro Costa INAF Catania

gLite Job Management Christos Theodosiou

GENIUS Grid portal Hands on

Topali Lombardo Alessandro

Presentation transcript:

E-science grid facility for Europe and Latin America Using Secure Storage Service inside the EELA-2 Infrastructure Diego Scardaci INFN (Italy) EELA-2 Second Conference Choroni, Venezuela,

Choroni (Venezuela), EELA-2 Conference, The Secure Storage Service for the gLite Middleware; Deployment in the EELA-2 Infrastructure; Use Secure Storage in the EELA-2 Infrastructure; The E2GRIS2 experience. Outline

Choroni (Venezuela), EELA-2 Conference, Provides gLite users with suitable and simple tools to store confidential data in storage elements in a transparent and secure way. The service is composed by the following components: Command Line Applications: commands integrated in the gLite User Interface to encrypt/upload and decrypt/ download files. Application Program Interface: allows the developer to write programs able to manage confidential data. Keystore: a new grid element used to store and retrieve the users’ keys. It is identified by an host X.509 digital certificate and all its Grid transactions are mutually authenticated and encrypted according to GSI model. The Secure Storage service

Choroni (Venezuela), EELA-2 Conference, lcg-scr: Encryption and Storage GSI AUTHENTICATED CHANNEL OWNER DN DN1 DN2 FQAN1 FQAN2 … ACL Access authorized to: DN1, DN2, FQAN1, FQAN2, … A FQAN AUTHORIZED TO ACCESS THE FILE CAN REPRESENT A WHOLE VO OR A VO GROUP ETC.

Choroni (Venezuela), EELA-2 Conference, lcg-scp: Retrieval and Decryption OWNER DN DN1 DN2 FQAN1 FQAN2 … ACL THE KEYSTORE PROVIDES USERS WITH THE KEY ONLY IF USER’S DN OR ONE OF THE VOMS ATTRIBUTES INCLUDED IN HIS PROXY MATCHES ONE ENTRY OF THE ACL GSI AUTHENTICATED CHANNEL

Choroni (Venezuela), EELA-2 Conference, Deployment in the EELA-2 infrastructure The deployment of the Secure Storage service consists on the setup of one or more keystores in the infrastructure and the installation of the client library on the infrastructure resource centres; We installed an instance of the keystore in the INFN Catania resource centre (securestorage-01.ct.infn.it) and the client library in several other EELA-2 nodes. The Secure Storage client library has been deployed in the infrastructure using a special installation job. This job has been designed to copy the Secure Storage software in a special folder of the Computing Element (CE) of the resource centre selected to support the service (VO_PROD_VO_EU_EELA_EU_SW_DIR, shared by all the site WNs). Computing ElementLocation ce.eela.cesga.esSantiago De Compostela (Spain) gridgate.cs.tcd.ieDublin (Ireland) ce.labmc.inf.utfsm.clValparaiso (Chile) ce01.eela.if.ufrj.brRio De Janeiro (Brazil) ce01.macc.unican.esSantander (Spain) ce-eela.ciemat.esMadrid (Spain)

Choroni (Venezuela), EELA-2 Conference, Integrate Secure Storage in a EELA-2 application Set the following environment variables in the UI or in the WN: SS_GRID_KEYSTORE_HOST= :25406 SS_GRID_KEYSTORE_DN= In the main script of the application, set the following environment variables to be able to use Secure Storage in a WN: PATH=${VO_PROD_VO_EU_EELA_EU_SW_DIR}/securestorage- client/bin/:${PATH} LD_LIBRARY_PATH=${VO_PROD_VO_EU_EELA_EU_SW_DIR}/securestorage- client/lib/:${LD_LIBRARY_PATH} [ Type = "Job"; JobType = "Normal"; Executable = "/bin/sh"; Arguments = "MySSApplication.sh"; StdOutput = "MySSApplication.out"; StdError = "MySSApplication.err"; InputSandbox = {“MySSApplication.sh”,…}; OutputSandbox = {"MySSApplication.err"," MySSApplication.out"}; ] MY JOB #!/bin/sh … export SS_GRID_KEYSTORE_HOST= :25406 export SS_GRID_KEYSTORE_DN= export LCG_CATALOG_TYPE=lfc export LFC_HOST=lfc.eela.ufrj.br export LCG_RFIO_TYPE=dpm export PATH=${VO_PROD_VO_EU_EELA_EU_SW_DIR}/securest orage-client/bin/:${PATH} export LD_LIBRARY_PATH=${VO_PROD_VO_EU_EELA_EU_SW_ DIR}/securestorage-client/lib/:${LD_LIBRARY_PATH} #run application

Choroni (Venezuela), EELA-2 Conference, An example of Secure Storage Job [ Type = "Job"; JobType = "Normal"; Executable = "/bin/sh"; Arguments = "./securestorage_test.sh"; StdOutput = "out-securestorage_test.out"; StdError = "err-securestorage_test.err"; InputSandbox = {"./securestorage_test.sh"}; OutputSandbox = {"text_file_copy_dec.txt","err- securestorage_test.err","out-securestorage_test.out"}; ] #!/bin/sh export SS_GRID_KEYSTORE_HOST=securestorage-01.ct.infn.it:25406 export SS_GRID_KEYSTORE_DN="/C=IT/O=INFN/OU=Host/L=Catania/CN=securestorage-01.ct.infn.it“ export LCG_CATALOG_TYPE=lfc export LFC_HOST=lfc.eela.ufrj.br export LCG_RFIO_TYPE=dpm export PATH=${VO_PROD_VO_EU_EELA_EU_SW_DIR}/securestorage-client/bin/:${PATH} export LD_LIBRARY_PATH=${VO_PROD_VO_EU_EELA_EU_SW_DIR}/securestorage- client/lib/:${LD_LIBRARY_PATH} echo "SECURE STORAGE TEST" > text_file_5.txt lcg-scr --vo prod.vo.eu-eela.eu -d lnx097.eela.if.ufrj.br --vo_permission /C=IT/O=INFN/OU=Personal\ Certificate/L=Catania/CN=Diego\ Scardaci -l lfn:/grid/prod.vo.eu-eela.eu/text_file_6.enc text_file_5.txt lcg-scp --vo prod.vo.eu-eela.eu lfn:/grid/prod.vo.eu-eela.eu/text_file_6.enc file:$PWD/text_file_copy_dec.txt echo "That's all folks!“ exit $? MY JOB MY SCRIPT

Choroni (Venezuela), EELA-2 Conference, Secure Storage - The E2GRIS2 experience Three applications adopted Secure Storage during the school: HeMoLab (LNCC - Brazil): the main concern of this application is the simulation of the Human Cardiovascular System. Segmentation techniques are used to obtain images of the blood vessels in which the flux will be simulated. It uses Secure Storage to upload input files from the gLite User Interface to a Storage Element and to download the input files from the Storage Element to the Worker Node running the application to preserve the data confidentiality. Seismic Sensor (UNAM – Mexico): manage different signals coming from several institutions that operate networks for seismic observation in Mexico. Application developers decided to adopt Secure Storage to preserve the confidentiality of the “continuous seismic signals and events”. All the file operations are managed using the secure storage command to upload, download and delete file to/from/in storage elements. AeroVANT (UNRC – Argentina): this application allows the simulation of nonlinear and unsteady behavior of joined wings, high altitude, long endurance unmanned aerial vehicles. All application output files are saved on a Storage Elements using Secure Storage to preserve the confidentiality of the results.

Choroni (Venezuela), EELA-2 Conference, Any questions ?