GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Test harness and reporting framework Shava Smallen San Diego Supercomputer Center Grid Performance Workshop 6/22/05.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Grid Security. Typical Grid Scenario Users Resources.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

The Cactus Portal A Case Study in Grid Portal Development Michael Paul Russell Dept of Computer Science The University of Chicago

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

© 2008 Pittsburgh Supercomputing Center So you have a TeraGrid Allocation What now?

Grids and Portals for VLAB Marlon Pierce Community Grids Lab Indiana University.

Network/Security Talking Points ECI Workshop NSF 6-7 Dec 2004.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Using NMI Components in MGRID: A Campus Grid Infrastructure Andy Adamson Center for Information Technology Integration University of Michigan, USA.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

© 2008 Pittsburgh Supercomputing Center So you have a TeraGrid Allocation What now?

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.

CyberInfrastructure workshop CSG May Ann Arbor, Michigan.

Apache Airavata (Incubating) Gateway to Grids & Clouds Suresh Marru Nov 10 th 2011.

GCRC Meeting 2004 Introduction to the Grid and Security Philip Papadopoulos.

3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK

Ames Research CenterDivision 1 Information Power Grid (IPG) Overview Anthony Lisotta Computer Sciences Corporation NASA Ames May 2,

Institute For Digital Research and Education Implementation of the UCLA Grid Using the Globus Toolkit Grid Center’s 2005 Community Workshop University.

Holding slide prior to starting show. A Portlet Interface for Computational Electromagnetics on the Grid Maria Lin and David Walker Cardiff University.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.

NEES Cyberinfrastructure Center at the San Diego Supercomputer Center, UCSD George E. Brown, Jr. Network for Earthquake Engineering Simulation NEES TeraGrid.

Grid, Web services and Taverna Machiel Jansen Richard Holland.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Ad Hoc VO Akylbek Zhumabayev Images. Node Discovery vs. Registration VO Node Resource User discover register Resource.

Biomedical and Bioscience Gateway to National Cyberinfrastructure John McGee Renaissance Computing Institute

National Computational Science National Center for Supercomputing Applications National Computational Science Integration of the MyProxy Online Credential.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)

National Energy Research Scientific Computing Center (NERSC) Visportal : interface to grid enabled NERC resources Cristina Siegerist NERSC Center Division,

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

Introduction to Portals.

Initiating Teragrid Sessions Raghu Reddy. Outline Motivation Initial Setup –Certificates –Proxies –Grid-map file entries and DNs Softenv for customizing.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

GridShell/Condor: A virtual login Shell for the NSF TeraGrid (How do you run a million jobs on the NSF TeraGrid?) The University of Texas at Austin.

Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

INTRODUCTION TO XSEDE. INTRODUCTION  Extreme Science and Engineering Discovery Environment (XSEDE)  “most advanced, powerful, and robust collection.

CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Client/Server and Peer to Peer

Presentation transcript:

GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda

Overview What is Cyberinfrastructure and Grid Computing? What is Cyberinfrastructure and Grid Computing? What is Teragrid? What is Teragrid? Authenticating users and securing credentials Authenticating users and securing credentials GSI-SSH GSI-SSH Grid Proxies Grid Proxies Shibboleth Shibboleth Clemson’s Use of Grid Security Clemson’s Use of Grid Security

What is Cyberinfrastructure and Grid Computing? Cyberinfrastructure is a buzz word for grid computing. Cyberinfrastructure is a buzz word for grid computing. Cyberinfrastructure is the coordinated aggregate of software, hardware and other technologies, as well as human expertise, required to support current and future discoveries in science and engineering.Cyberinfrastructure is the coordinated aggregate of software, hardware and other technologies, as well as human expertise, required to support current and future discoveries in science and engineering.

The Structure of Cyberinfrastructure

What is Teragrid? TeraGrid is an open scientific discovery infrastructure combining leadership class resources at nine partner sites to create an integrated, persistent computational resource. TeraGrid is an open scientific discovery infrastructure combining leadership class resources at nine partner sites to create an integrated, persistent computational resource.

What is Teragrid… Really? Services High Performance Computing Visualization Data Storage Accessibility

Why Do We Use Security On Teragrid? While Teragrid was designed to be openly used by the scientific community to share information and solve computationally intensive problems using distrubuted resources it must be protected from ignorant or malicious users who might accidentally or intentionally damage or misuse those resources. While Teragrid was designed to be openly used by the scientific community to share information and solve computationally intensive problems using distrubuted resources it must be protected from ignorant or malicious users who might accidentally or intentionally damage or misuse those resources.

Authenticating Users and Securing Credentials Users must submit their personal information by US Mail. Users must submit their personal information by US Mail. To speed up the process it helps to have someone on the inside vouch for you. To speed up the process it helps to have someone on the inside vouch for you. All returned credentials are sent via US Mail after they call you to confirm your identity. All returned credentials are sent via US Mail after they call you to confirm your identity.

Grid Proxies A short term grid proxy is a certificate made in the X.509 standard from a long term client certificate that was stored on a remote machine called MyProxy when a user account is added to Teragrid. A short term grid proxy is a certificate made in the X.509 standard from a long term client certificate that was stored on a remote machine called MyProxy when a user account is added to Teragrid. This short term credential is stored on the local machine and can been used to access remote machines without a login name and password via GSI-SSH. This short term credential is stored on the local machine and can been used to access remote machines without a login name and password via GSI-SSH.

GSI-SSH GSI-SSH is a modded version of OpenSSH that uses a grid credential to authenticate users instead of a user name and password. GSI-SSH stands for Grid Security - Secure Shell and was developed by Globus.

Shibboleth Shibboleth allows users to make grid credentials from existing credentials such as a user name and password. Shibboleth allows users to make grid credentials from existing credentials such as a user name and password. This credential is a EEC or End Entity Certificate which is the certificate at the end of the authentication chain. This credential is a EEC or End Entity Certificate which is the certificate at the end of the authentication chain.

How Clemson is Using Grid Security CPSC881 has set up a small cluster that is running ROCKS a prepackaged Cyberinfrastructure set up on the CentOS platform. CPSC881 has set up a small cluster that is running ROCKS a prepackaged Cyberinfrastructure set up on the CentOS platform. Tomcat with Globus has been set up so that users with a valid credential can use web services over https as long as the name in their grid credential is the same as the one in their.gridmap file that is mapped to a local account. Tomcat with Globus has been set up so that users with a valid credential can use web services over https as long as the name in their grid credential is the same as the one in their.gridmap file that is mapped to a local account.

Clemons’s Future With Grid Security Clemson’s future with grid computing is to get a campus wide allocation on Teragrid so that all users can simply use their student login in Grid Shib to get a grid credential for use on the Grid.

References gsso.html gsso.html gsso.html gsso.html gsso.html gsso.html gsso.html gsso.html rastructure rastructure