Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAA from HEP* Perspective

Published byGodwin Cain Modified over 6 years ago

Similar presentations

Presentation on theme: "AAA from HEP* Perspective"— Presentation transcript:

1 AAA from HEP* Perspective
Ingo Augustin CERN *) the world according to Ingo September 27, 2003 I. Augustin, CERN

2 Cartoonist View of the World
Totally unrealistic! September 27, 2003 I. Augustin, CERN

3 Cartoonist View of the World
Actually it’s 2 years and 10 months… September 27, 2003 I. Augustin, CERN

4 Our Perspective Deploy AAA Monitor behavior of the Grid(s)
Identify problems (usage, rights, privileges) Apply policy changes (or issue bug reports, if needed functionality is not available) goto 1). Nobody has seen a real Grid up to now…. September 27, 2003 I. Augustin, CERN

5 Authentication Certificates work in general
CA response times are fine (~ 1 day) VO response times are fine (~ 1 day) Time to be in the gridmap file (~ 1 week in case of LCG) CERT management requires too much manual intervention September 27, 2003 I. Augustin, CERN

6 Authorization HEP Use Cases require dynamic system (daily changes)
Coordination of local and global authorizations? (Site vs. VO) Access rights to files and resources? Granularity Transfer of rights Monitoring Priorities must be changeable during execution of jobs September 27, 2003 I. Augustin, CERN

7 UC “Hotspot” QCD studies require a lot of data to be crunched, so the 'QCD Analysis Coordinator’ role in VOMS is granted a lot of access to resources at high priority. Then someone in the 'EGamma Analysis Coordinator' role announces a hint of the Higgs™ has been found, but they need more studies to find it. The experiment policy shifts overnight, the 'QCD Analysis Coordinator' is told to take a holiday and the 'EGamma Analysis Coordinator' is given sweeping access to everything in sight. September 27, 2003 I. Augustin, CERN

8 UC “Delegation” 'Professor X' may have significant access to resources, because he’s important. His student, 'Student Y', has minimal access. The Professor wants an important piece of work done, and delegates to the student. 'Student Y' then must be given access to resources available to 'Professor X' for the duration of 'Task T'. How do we determine who can delegate which rights to whom? September 27, 2003 I. Augustin, CERN

9 UC “Priority Enforcement”
VOMS should be able to influence the existing state of a grid. If 'Student Z' is running jobs for the 'QCD Analysis Coordinator' when 'Student Y' starts running the Higgs search for 'Professor X' then maybe 'Student Y' should have the rights to cause jobs belonging to 'Student Z’ to be killed or rescheduled to make way for his own jobs. September 27, 2003 I. Augustin, CERN

10 UC “Scheduled Changes”
Analysis groups A and B meet once every two weeks, in rotation, (as done in CMS!). Immediately after group A meets we want to give higher priority to group B, so they can finish last minute things before their next meeting. After the group meeting, group A takes higher priority again. Think of it as passing a 'my-turn-now token' around the groups. September 27, 2003 I. Augustin, CERN

11 UC “Conferences” Analyses due to be presented at conferences are a special case of UC “Scheduled Changes”.The people preparing papers for the conference get higher priority in the last few weeks leading up to the conference. September 27, 2003 I. Augustin, CERN

12 Use Cases In Reasonable State
VO Management Use Cases VO User/Group Uses Cases VO User/Group Information Uses Cases See our memo…. September 27, 2003 I. Augustin, CERN

13 Accounting Today: zilch, zero, nada Not in the near future
But: monitoring is needed even more than accounting. September 27, 2003 I. Augustin, CERN

14 Quotas VO space of SE (assigned by local policy?)
Management of the VO space itself Individual quotas Networking Number of jobs (concurrent) Percentage of Global resources of a VO Space management policies on resources (CE, WN) Indefinite possibilities, but without a starting point we have no clue about feasibility, desirability and other …ilities September 27, 2003 I. Augustin, CERN

15 Conclusion We want to know what’s going on on the Grid (Monitoring)!
We want something that is flexible! We want to have control of the use of our resources! In short: We need a running system to explore the possibilities… September 27, 2003 I. Augustin, CERN

Download ppt "AAA from HEP* Perspective"

Similar presentations

29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
1 User Analysis Workgroup Update  All four experiments gave input by mid December  ALICE by document and links  Very independent.

1 User Analysis Workgroup Update  All four experiments gave input by mid December  ALICE by document and links  Very independent.
OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
From Olivier to commissioning team plans for the start-up of regular operations of LHCb 30/06 to 4/07 : Global commissioning week, all detectors, full.

From Olivier to commissioning team plans for the start-up of regular operations of LHCb 30/06 to 4/07 : Global commissioning week, all detectors, full.
Ákos FROHNER – DataGrid Security Requirements- 2002-04-09 - n° 1 Security Group D7.5 Document and Open Issues

Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
SRM workshop – September’05 1 SRM: Expt Reqts Nick Brook Revisit LCG baseline services working group Priorities & timescales Use case (from LHCb)

SRM workshop – September’05 1 SRM: Expt Reqts Nick Brook Revisit LCG baseline services working group Priorities & timescales Use case (from LHCb)
Virtual Workspaces Kate Keahey Argonne National Laboratory.

Virtual Workspaces Kate Keahey Argonne National Laboratory.
CERN Using the SAM framework for the CMS specific tests Andrea Sciabà System Analysis WG Meeting 15 November, 2007.

CERN Using the SAM framework for the CMS specific tests Andrea Sciabà System Analysis WG Meeting 15 November, 2007.
Mine Altunay July 30, 2007 Security and Privacy in OSG.

Mine Altunay July 30, 2007 Security and Privacy in OSG.
Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.

US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Conference name Company name INFSOM-RI-1234567 Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.
Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005
INFSO-RI-508833 Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.

INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
1 Andrea Sciabà CERN Critical Services and Monitoring - CMS Andrea Sciabà WLCG Service Reliability Workshop 26 – 30 November, 2007.

1 Andrea Sciabà CERN Critical Services and Monitoring - CMS Andrea Sciabà WLCG Service Reliability Workshop 26 – 30 November, 2007.
CERN – Alice Offline – Thu, 20 Mar 2008 – Marco MEONI - 1 Status of Cosmic Reconstruction Offline weekly meeting.

CERN – Alice Offline – Thu, 20 Mar 2008 – Marco MEONI - 1 Status of Cosmic Reconstruction Offline weekly meeting.

Similar presentations

Ads by Google