Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architectural Framework Presentation Vincenzo Ciaschini CNAF 15/5/06.

PublishToby Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "Architectural Framework Presentation Vincenzo Ciaschini CNAF 15/5/06."— Presentation transcript:

1 Architectural Framework Presentation Vincenzo Ciaschini CNAF 15/5/06

2 Objective: To describe a flexible infrastructure for VO-based CE management. –Generalities only: Details will be given by the other presentations.

3 Requirements: VO should be able to: –Dynamically change the way groups/roles utilize resources. –Collect usage and historical informations. –Implement quotas Differentiate resource usage inside a VO. –Impossible with the current setup. Collect and use accounting informations.

4 Concepts: CE offer different service classes to different groups of users and to different VOs. –E.g: atlasgold, atlassilver, atlasbronze Users are mapped onto different groups. –E.g: /atlas/production, /atlas/analysis The internal configuration of a CE is a sensitive matter.

5 Components Needed VOMS –To define groups for users. G-PBox –To map users to service classes. –To dynamically change the association between users and classes. DGAS –Accounting information. WMS –Job brokering.

6 Architectural Schema VOMS RB VO G-PBox CESite G-PBoxSite HLR VO HLR

7 Job Submission VOMS RB VO G-PBox CESite G-PBoxSite HLR VO HLR Creds Job + Creds

8 Policy Manipulation VOMS VO G-PBox CESite G-PBox VO Admin

9 Setup of the CE Create one queue for VO. Create several local pools for VO, each with its own fair share. Publish the supported service classes.

10 Contents of the Site G-PBox Policies mapping service classes to the corresponding local accounts. (private) Policies mapping groups/roles to service classes. (public, from VO G-PBox)

11 Contents of the VO G-PBox Policies mapping groups/roles to service classes (public, transmitted to Site G- PBoxes) Policies to filter CEs on the base of the mapping policies and the service classes implemented by the CE

12 Advantages: Mapping of users to service classes can be changed dynamically. Easy to discover what service classes are supported by each CE. No need to rely on publication of FQAN for CE selection from RB. –IS is insecure. XACML semantics allow much more complex policies.

Download ppt "Architectural Framework Presentation Vincenzo Ciaschini CNAF 15/5/06."

Similar presentations

29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.

INFSO-RI Enabling Grids for E-sciencE XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.
W w w. h p c - e u r o p a. o r g Single Point of Access to Resources of HPC-Europa Krzysztof Kurowski, Jarek Nabrzyski, Ariel Oleksiak, Dawid Szejnfeld.

W w w. h p c - e u r o p a. o r g Single Point of Access to Resources of HPC-Europa Krzysztof Kurowski, Jarek Nabrzyski, Ariel Oleksiak, Dawid Szejnfeld.
SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.
Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.

Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.
Frascati, October 9th, Accounting in DataGrid Initial Architecture Albert Werbrouck Frascati, October 9, 2001.

Frascati, October 9th, Accounting in DataGrid Initial Architecture Albert Werbrouck Frascati, October 9, 2001.
The Data Grid: Towards an Architecture for the Distributed Management and Analysis of Large Scientific Dataset Caitlin Minteer & Kelly Clynes.

The Data Grid: Towards an Architecture for the Distributed Management and Analysis of Large Scientific Dataset Caitlin Minteer & Kelly Clynes.
A.Guarise – F.Rosso 1 Enabling Grids for E-sciencE INFSO-RI-508833 Comprehensive Accounting Views on large computing farms. Andrea Guarise & Felice Rosso.

A.Guarise – F.Rosso 1 Enabling Grids for E-sciencE INFSO-RI Comprehensive Accounting Views on large computing farms. Andrea Guarise & Felice Rosso.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,

AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,
Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.
Database Environment Session 2 Course Name: Database System Year : 2013.

Database Environment Session 2 Course Name: Database System Year : 2013.
1 User Analysis Workgroup Discussion  Understand and document analysis models  Best in a way that allows to compare them easily.

1 User Analysis Workgroup Discussion  Understand and document analysis models  Best in a way that allows to compare them easily.
Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
Conference name Company name INFSOM-RI-1234567 Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Use of VOMS Attributes: semantics and suggestions Vincenzo Ciaschini MWSG 12 Stockholm 12-13/06/07.

INFSO-RI Enabling Grids for E-sciencE Use of VOMS Attributes: semantics and suggestions Vincenzo Ciaschini MWSG 12 Stockholm 12-13/06/07.

Similar presentations

Ads by Google