Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.

Slides:



Advertisements
Similar presentations
Security middleware Andrew McNab University of Manchester.
Advertisements

DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.
Andrew McNab - Manchester HEP - 17 September 2002 Putting Existing Farms on the Testbed Manchester DZero/Atlas and BaBar farms are available via the Testbed.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 24 May 2001 WorkGroup H: Software Support Both middleware and application support Installation tools and expertise Communication.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
30-Jan-03D.P.Kelsey, GridPP Security1 Security GridPP6 30 Jan 2003 Coseners House David Kelsey CLRC/RAL, UK
Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
The B A B AR G RID demonstrator Tim Adye, Roger Barlow, Alessandra Forti, Andrew McNab, David Smith What is BaBar? The BaBar detector is a High Energy.
Andrew McNab - Manchester HEP - 22 April 2002 UK Rollout and Support Plan Aim of this talk is to the answer question “As a site admin, what are the steps.
Andrew McNab - Manchester HEP - 5 March 2002 SlashGrid (“/grid”) Motivation: dynamic-accounts issues Local storage: implementation alternatives Generalisation:
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Andrew McNab - EDG Access Control - 17 Jan 2003 EDG Site Access Control (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
Andrew McNab - Manchester HEP - 29 January 2002 SlashGrid (“/grid”) Motivation: dynamic-accounts issues Local storage: implementation alternatives Generalisation:
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
Andrew McNab - Manchester HEP - 5 July 2001 WP6/Testbed Status Status by partner –CNRS, Czech R., INFN, NIKHEF, NorduGrid, LIP, Russia, UK Security Integration.
Andrew McNab - SlashGrid, HTTPS, fileGridSite SlashGrid, HTTPS and fileGridSite 30 October 2002 Andrew McNab, University of Manchester
Andrew McNab - GridSite/G-HTTPS - 17 Feb 2003 GridSite and G-HTTPS update Andrew McNab, University of Manchester
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Andrew McNab - Access Control - 28 May 2002 Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
Δ Storage Middleware GridPP10 What’s new since GridPP9? CERN, June 2004.
Author - Title- Date - n° 1 Partner Logo WP5 Summary Paris John Gordon WP5 6th March 2002.
Security Middleware in GridPP2 5 Feb 2004 Security Middleware in GridPP2 Current Status – GridSite GridPP2 Themes – libgridsite.
Security monitoring boxes Andrew McNab University of Manchester.
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
Andrew McNab - Security - 1 July 2003 Security: Authorization, Access Control and Usage Control Andrew McNab, University of Manchester
Andrew McNab - Grid HTTP/HTTPS extensions Grid HTTP/HTTPS extensions 18 November 2002 Andrew McNab, University of Manchester
GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.
Andrew McNab - Manchester HEP - 11 May 2001 Packaging / installation Ready to take globus from prerelease to release. Alex has prepared GSI openssh.
Andrew McNab - EDG Access Control - 4 Dec 2002 EDG Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of.
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Jens G Jensen RAL, EDG WP5 Storage Element Overview DataGrid Project Conference Heidelberg, 26 Sep-01 Oct 2003.
2-Sep-02Steve Traylen, RAL WP6 Test Bed Report1 RAL and UK WP6 Test Bed Report Steve Traylen, WP6
Andrew McNab - Manchester HEP - 17 September 2002 UK Testbed Deployment Aim of this talk is to the answer the questions: –“How much of the Testbed has.
Andrew McNab - EDG Access Control - 17 Jun 2003 EU DataGrid and GridPP Authorization and Access Control Andrew McNab, University of Manchester
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.
Andrew McNab - Security issues - 17 May 2002 WP6 Security Issues (some personal observations from a WP6 and sysadmin perspective) Andrew McNab, University.
Andrew McNab - Security issues - 4 Mar 2002 Security issues for TB1+ (some personal observations from a WP6 and sysadmin perspective) Andrew McNab, University.
The GridPP DIRAC project DIRAC for non-LHC communities.
Andrew McNabGrid Certs, Manchester HEP, 8 Nov 2002Slide 1 What can you do with a Grid Certificate? Andrew McNab High Energy Physics University of Manchester.
Andrew McNab - Globus Distribution for Testbed 1 Globus Distribution for Testbed 1 Andrew McNab, University of Manchester
Security Middleware Andrew McNab University of Manchester.
Andrew McNab - HTTP/HTTPS extensions HTTP/HTTPS as Grid data transport 6 March 2003 Andrew McNab, University of Manchester
Andrew McNab - Dynamic Accounts - 2 July 2002 Dynamic Accounts in TB1.3 What we could do with what we’ve got now... Andrew McNab, University of Manchester.
LHCb Grid MeetingLiverpool, UK GRID Activities Glenn Patrick Not particularly knowledgeable-just based on attending 3 meetings.  UK-HEP.
Stephen Burke – Sysman meeting - 22/4/2002 Partner Logo The Testbed – A User View Stephen Burke, PPARC/RAL.
The GridPP DIRAC project DIRAC for non-LHC communities.
11-May-01D.P.Kelsey, Security Update1 GRID Security Update David Kelsey CLRC/RAL, UK
Dave Newbold, University of Bristol14/8/2001 Testbed 1 What is it? First deployment of DataGrid middleware tools The place where we find out if it all.
Andrew McNabSlashGrid/GFS BOF, GGF9, 7 Oct 2003Slide 1 SlashGrid = “/grid” Andrew McNab High Energy Physics University of Manchester
GridSite status Andrew McNab University of Manchester.
UK Testbed Status Testbed 0 GridPP project Experiments’ tests started
Shiv Kaushal, University of Manchester
Presentation transcript:

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 2 Overview Globus packaging Testbed at Manchester Testbed Support for GridPP GridSite SlashGrid GACL / Authorization WG G-HTTPS Summary

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 3 Globus packaging for RH Linux Globus RPM’s were the first “public” Grid thing we started providing, back in spring Globus is the underlying software for most current Grid testbeds –including EDG + BaBar + SAM These became the basis of EDG releases in 2001 and we’ve provided updates during 2002 (currently at v24) This is becoming routine but still labour- intensive: so we’re handing over to NBI.dk, who already maintain a NorduGrid distribution.

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 4 Testbed at Manchester We’ve been involved with the EDG and GridPP testbeds since Dec 2001 –we were the first UK site to join the EDG testbed in fact Started with 4 machines, and has now grown to 16. Allows us to maintain production and development sites at the same time. Hands-on - “cheap and cheerful” approach. But gives experience for gridifying the farms

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 5 Testbed Support for GridPP This has come together a lot during –Now 3 other Support people as well as me (Bristol, IC and RAL) As well as website, now have: mailing list –fortnightly phone conferences –detailed site installation instructions Next phase will involve more support for other sites, especially ones without Grid experts. But at end of 2002 have a stable release, ready for experiments.

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 6 We started running a website for the UK HEP Grid in 2000 ( –When GridPP was formed, we changed to Initially provided software and support pages. Now used by most groups within GridPP to publish pages. –Using GridSite they manage pages themselves. Initially physically hosted in HEP group –now hosted on two machines in MC machine room, administered by us

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 7 GridSite: Grid/Web integration GridSite system has user authentification Maintains lists of users in different groups –Each directory has a list of groups who can modify its webpages (“Grid ACL”) –Group admins can modify group membership Website allows you to upload files, edit pages –Devolves the work of maintaining the site down to each subgroup Now used by GridPP, EDG Testbed website, UK e-Science Engineering Task Force and Level 2 Grid websites.

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 8 SlashGrid: Grid filesystems Almost all EDG sites use Manchester’s pool accounts system –get a temporary Unix UID when you run a job SlashGrid adds to this by controlling disk access and file ownership –Use Grid ACL’s to say who owns each directory –Enforced at kernel level so all programs see it Unix ID doesn’t matter: Grid ID does Also provides a remote filesystem using https –Like AFS, but Grid credentials and web servers

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 9 Grid Access Control Lists Our GACL format provides a way of writing ACLs using Grid credentials –user certificate names, group certificates etc GridSite/SlashGrid use this format already Other projects (eg EDG Storage Element) taking it up Now part of the authorisation work in Global Grid Forum (GGF) –GGF: world wide standards body for Grids –I co-chair the Authorisation Working Group

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 10 Extending HTTPS - G-HTTPS Normal HTTPS is already very Grid-like Work now underway to add more Grid features –need to avoid breaking existing HTTPS –our G-HTTPS proposal designed to do this Delegation from client to server –so get all the benefits discussed already Servers can return the ACL along with the file –so if I cache a copy locally, I know who I can share the copy with Relevant EDG groups involved; taking it to GGF

Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 11 Summary Globus packaging work tailing off Manchester maintains presence in Testbeds We’re making a significant contribution to Testbed Support GridSite, SlashGrid and GACL “products” being taken up by EDG and others Security work feeding into new Grid-wide standards