GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.

Slides:



Advertisements
Similar presentations
30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
Advertisements

Security middleware Andrew McNab University of Manchester.
DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.
29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Chapter 17: WEB COMPONENTS
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
GridFTP: File Transfer Protocol in Grid Computing Networks
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
© Janice Regan, CMPT 128, Jan 2007 CMPT 371 Data Communications and Networking HTTP 0.
Data Management Kelly Clynes Caitlin Minteer. Agenda Globus Toolkit Basic Data Management Systems Overview of Data Management Data Movement Grid FTP Reliable.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Grid Security and VO Management Andrew McNab University of Manchester.
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
Andrew McNab - Access Control - 28 May 2002 Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
Security Middleware in GridPP2 5 Feb 2004 Security Middleware in GridPP2 Current Status – GridSite GridPP2 Themes – libgridsite.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
Security monitoring boxes Andrew McNab University of Manchester.
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
Andrew McNab - Security - 1 July 2003 Security: Authorization, Access Control and Usage Control Andrew McNab, University of Manchester
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Andrew McNab - Grid HTTP/HTTPS extensions Grid HTTP/HTTPS extensions 18 November 2002 Andrew McNab, University of Manchester
EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Owen Synge and Shaun De Witt HTTP as a better file transfer protocol default for SRM Slide 1 HTTP as a better file transfer protocol default for SRM By.
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
INFSO-RI Enabling Grids for E-sciencE ARDA Experiment Dashboard Ricardo Rocha (ARDA – CERN) on behalf of the Dashboard Team.
Andrew McNab - EDG Access Control - 17 Jun 2003 EU DataGrid and GridPP Authorization and Access Control Andrew McNab, University of Manchester
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.
INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract IST Job sandboxes.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Security Middleware Andrew McNab University of Manchester.
Andrew McNab - HTTP/HTTPS extensions HTTP/HTTPS as Grid data transport 6 March 2003 Andrew McNab, University of Manchester
(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)
Feeling RESTful? Well, first we’ll define a Web Service –A web page meant to be consumed by a computer via an autonomous program as opposed to a web browser.
© Janice Regan, CMPT 128, Jan 2007 CMPT 371 Data Communications and Networking HTTP 0.
Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.
Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester
GridSite status Andrew McNab University of Manchester.
SFS-HTTP: Securing the Web with Self-Certifying URLs
Third Party Transfers & Attribute URI ideas
PHP / MySQL Introduction
Chapter 3: Windows7 Part 4.
A Web-Based Data Grid Chip Watson, Ian Bird, Jie Chen,
Shiv Kaushal, University of Manchester
Presentation transcript:

GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK

15 February 2006Andrew McNab – GridSite Outline ● Recent “bulk file” oriented additions to the GridSite ( ) systemwww.gridsite.org – GridSite overview – Security model – Read/write access via HTTP(S) – Onetime passcodes – Third party transfers – SiteCast file location

15 February 2006Andrew McNab – GridSite GridSite Overview GridSite has evolved from the GridPP website management system Now provides a Grid-oriented security toolkit (libgridsite) and extensions to the Apache webserver Supports Grid/Web services on Apache using CGI – C/C++, Perl, other scripting languages See GridSite Web Services poster for more details

15 February 2006Andrew McNab – GridSite Design philosophy Most Grid deployments (eg LCG + EGEE) are based on protocols and security technologies derived from the Web So we attempt to reuse high quality implementations like Apache from the mainstream This significantly reduces our support burden, since core Apache, mod_ssl, OpenSSL,... is “RedHat's Problem” (or whoever does your distribution...)

15 February 2006Andrew McNab – GridSite Security model Authentication is done in Apache's mod_ssl using the client's X.509 certificate or GSI proxy – mod_gridsite dynamically modifies the OpenSSL callbacks to handle GSI proxies correctly VOMS attributes are extracted if present, and the server has access to a cache of any DN-Lists which have been fetched asynchronously. XML policy engine based on GACL or XACML languages decides whether access is permitted

15 February 2006Andrew McNab – GridSite Read / write access Almost all web traffic uses the GET method to fetch files, or POST to send the results of a form – But the HTTP/WebDAV RFCs also define PUT, DELETE and MOVE methods mod_gridsite adds support for these “write” methods, subject to the policy-based access model – So HTTP(S) servers act as read/write file stores Our htcp etc commands (cf scp) provide clients, but curl and many standard clients can be used too

15 February 2006Andrew McNab – GridSite Onetime passcodes For bulk files, may want an unencrypted data stream – cf GridFTP's use of an encrypted control channel and unencrypted data channel GridSite achieves this using an HTTPS GET/PUT to establish access rights – The server then issues an HTTP redirect to an HTTP URL – A onetime passcode is returned as a cookie This “GridHTTP” protocol works with unmodified versions of curl etc, and our htcp command

15 February 2006Andrew McNab – GridSite Third-party transfers WebDAV RFC defines a COPY method, which can be used for a client C to orchestrate a transfer of a file from remote server A to server B GridSite now implements this, both in the server (gridsite-copy.cgi) and client (htcp) We use onetime passcodes as a simple form of delegation from C to B, to give it the right to access the file – Supports both single stream and multistream HTTP

15 February 2006Andrew McNab – GridSite Third-party transfers A - has fileB - wants file C – Client/User “in charge” Onetime passcode GET - fetches passcode over HTTPS COPY - tells B to get file, gives passcode as cookie, over HTTPS GET file, using passcode, over HTTP file returned to B

15 February 2006Andrew McNab – GridSite SiteCast ● Current work is looking at how to locate local replicas of files on GridSite HTTP(S) servers ● Have designed a simple replica location system for farms with many disks/hosts – Implemented in server-side (mod_gridsite) and htcp – Uses multicast of Hypertext Cache Protocol queries to find lists of replicas of a given file: looks at filesystem rather than any database – no database to keep in sync; automatically avoids replicas on dead machines; multicast can be filtered / routed by network hardware

15 February 2006Andrew McNab – GridSite Summary ● GridSite ( ) is already used forwww.gridsite.org – Website/server management – Secured Web Services for grids, in C/C++/Scripts ● Now also has features for bulk file transfer – Fine grained, VOMS-aware access control – Secure Read/write using HTTP or HTTPS – Third party transfers using COPY ● Current work is on file location within a site – Using HTCP multicast to locate files – Very lightweight: no database needed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.