Presentation is loading. Please wait.

Presentation is loading. Please wait.

QoS and SLA in INFN Grid INFN team: Andrea Ceccanti, Vincenzo Ciaschini, Alberto Forti, Andrea Ferraro, Valerio Venturi Location Catania (Italy) Date 4/3/2008.

Published byἈριδαίος Αγγελόπουλος Modified over 6 years ago

Similar presentations

Presentation on theme: "QoS and SLA in INFN Grid INFN team: Andrea Ceccanti, Vincenzo Ciaschini, Alberto Forti, Andrea Ferraro, Valerio Venturi Location Catania (Italy) Date 4/3/2008."— Presentation transcript:

1 QoS and SLA in INFN Grid INFN team: Andrea Ceccanti, Vincenzo Ciaschini, Alberto Forti, Andrea Ferraro, Valerio Venturi Location Catania (Italy) Date 4/3/2008

2 Points of this presentation
G-Pbox QoS and SLA with G-PBox

3 Accessing resources Grid infrastructures need to regulate:
access of users on resources sites actions of users on resources sites (once accessed) usage of whole grid resources (based on SLA) A comprehensive solution should handle: access policies (ACL) agreed by VOs and Sites more-than-access policies agreed by VOs and Sites

4 Current limits VO <-> Resource Providers configuration are uneasy and not automatic to set: agreed SLAs agreed ACLs and site-specific ACLs agreed policies and site-specific policies A lot of heterogeneous ACL/SLA/policies mechanisms: BDII exclusions LCAS/LCMAPS configurations WMS configuration DATA management configuration etc.

5 VO layer Grid layer Site layer PBox PBox PBox PBox PBox PBox PBox VO
The design objective was “Distribution of Policy to allow for AuthZ hierarchies and to implement replication & fault tolerance of the GPBox services” Site layer PBox PBox PBox SubFARM SubFARM SubFARM

6 G-PBox as policy engine
G-PBox core is a pure OASIS XACML PDP (Policy Decision Point) able to: receive and interpret XACML requests of resources answer with a pure XACML response G-PBox PEP user XACML req XACML response Storage CPU

7 used by VO WMS for CEs selection Site G-PBox used by Site CEs for:
VO G-PBox and Site G-PBox VO G-PBox used by VO WMS for CEs selection Site G-PBox used by Site CEs for: Accept/Deny users Map to right unix user

8 job-submission scenario
VOMS VO VO G-PBox USER RB Site G-PBox SITE CE CE CE

9 Distribution VO GridX Site1 Site2 Site3 A G-PBox admin can:
send policies to other G-PBoxes accept/reject incoming policies from other G-PBoxes VO G-PBox SLAs GridX G-PBox Site1 Site2 Site3 G-PBox G-PBox G-PBox MSWG, December 6-7, 2007, Berkeley

10 GUI 1/2 Used by VO/Site Administrators to manage policies Features:
“Off-line” policy management Policy editor to ease creation of XACML policies Policy distribution management GUI interacts with: G-PBox servers VOMS servers Proof of concept No formal requirements yet from Site/VO Admins No input/formal requirements from Site and VO admin Proof of concept Focus on usability In this phase, interoperability was not a requirement (that’s why RMI)

11 GUI 2/2‏ Basic management operations Send policies to other G-PBoxes
Enable/Disable Cut&Paste Change order Send policies to other G-PBoxes MSWG, December 6-7, 2007, Berkeley

12 Performance Test results
G-PBox performance has been tested in the EGEE preview testbed Results presented at the last EGEE All-Hands meetings No measurable overhead on the CE & WMS side Unexpected performance improvements in AuthZ & Mapping on the CE (G-Pbox faster than LCMAPS) Resource selection on the WMS Presentati all all-hands di giugno test ce e test wms presentazione vincenzo user forum

13 Points of this presentation
G-Pbox QoS and SLA with G-PBox

14 Why we (INFN) are interested to QoS and SLA
The scale of EGEE/LCG VOs has increased to a level where it is necessary to dedicate separate and well defined amounts of resources to different internal VO groups e.g.: /cms/production and /cms/analysis users should be able: to submit their jobs to different sites to use different resource shares in the target site

15 QoS and SLA for INFN QoS/SLA for INFN is : not only Advanced Reservation fair share among VO groups (requirement of LHC applications)

16 Current scenario The VO manager can’t enforce any fair sharing decision for internal VO users on remote sites Fair sharing of VO users are managed only at the site level, by the Site manager (through the local LRMS - e.g. LSF)

17 Allowing VO managers to enforce agreements with Site managers:
Envisioned scenario Allowing VO managers to enforce agreements with Site managers: resources utilization targets for their VO internal groups/roles which job execute first among the queued ones

18 The Service Class (SC) approach
Our approach focus on the definition of Service Classes (SC), published in the Information System by the resource providers SCs characterize different QoS of the resources

19 SC published for each CE
UniqueID= hostname:2119/jobmanager-lsf-atlas AccessControlBaseRule= /ATLAS VoView AccessControlBaseRule= SC:GOLD StateFreeJobSlots=700 AccessControlBaseRule= SC:BRONZE StateFreeJobSlots=100 AccessControlBaseRule= SC:SILVER StateFreeJobSlots=200

20 VO G-PBox and SC (1/2) G-PBox helps the VO Resource Broker (RB) to choose the most appropriate CEs based on Service Classes(SC) policies. The RB asks to G-PBox what is the SC for the group which user belongs to. Then the RB can choose the CEs associated with the SC provided by the G-PBox.

21 VO G-PBox and SC (2/2) ATLAS G-PBox VO Mapping Policies
Atlas group Service Class (SC) /atlas/production (SC:GOLD) /atlas/analysis (SC:SILVER) /atlas/students (SC:BRONZE) VO GROUP: /atlas/analysis USER: smith VO: atlas GROUP: analysis ATLAS RB SC:SILVER ATLAS CE ATLAS CE ATLAS CE ATLAS CE ATLAS CE ATLAS CE

22 Site G-Pbox and SC (1/2) G-PBox helps the CEs to choose the right Unix group for the submission to the LRMS: the CE asks to G-PBox if the user is allowed to submit a job G-PBox scans its policies and answers with a PERMIT or DENY and in the former case it returns a matching Unix group the CE submits (if PERMIT) to the LRMS with the Unix group provided by the G-PBox

23 Site G-Pbox and SC (2/2) Site G-PBox ATLAS CE LRMS (LSF)
USER: smith VO: atlas GROUP: analysis VO Mapping Policies Atlas group Service Class (SC) /atlas/production (SC:GOLD) /atlas/analysis (SC:SILVER) /atlas/students (SC:BRONZE) VO GROUP: /atlas/analysis ATLAS CE Site Mapping Policies Service Class (SC) Local UNIX group (SC:GOLD) atlas_hi_priority (SC:SILVER) atlas_mid_priority (SC:BRONZE) atlas_low_priority UNIX GROUP: atlas_mid_priority LRMS (LSF)

24 Conclusions How can G-PBox interact with a SLAManagement/ARManagement System? Which are the use cases for a production grid?

Download ppt "QoS and SLA in INFN Grid INFN team: Andrea Ceccanti, Vincenzo Ciaschini, Alberto Forti, Andrea Ferraro, Valerio Venturi Location Catania (Italy) Date 4/3/2008."

Similar presentations

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
The VOMS Attribute Authority and its relation with Shibboleth Presenter: Vincenzo Ciaschini 8 th TF-EMC2 Meeting Firenze, March 2007.

The VOMS Attribute Authority and its relation with Shibboleth Presenter: Vincenzo Ciaschini 8 th TF-EMC2 Meeting Firenze, March 2007.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.

INFSO-RI Enabling Grids for E-sciencE XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.
Grid Workload Management & Condor Massimo Sgaravatto INFN Padova.

Grid Workload Management & Condor Massimo Sgaravatto INFN Padova.
Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.
DataGrid WP1 Massimo Sgaravatto INFN Padova. WP1 (Grid Workload Management) Objective of the first DataGrid workpackage is (according to the project Technical.

DataGrid WP1 Massimo Sgaravatto INFN Padova. WP1 (Grid Workload Management) Objective of the first DataGrid workpackage is (according to the project "Technical.
Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.

Mar 28, 20071/9 VO Services Project Gabriele Garzoglio The VO Services Project Don Petravick for Gabriele Garzoglio Computing Division, Fermilab ISGC 2007.
VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.

VOMRS/VOMS-Admin Convergence and VO Services Project Status Tanya Levshina Computing Division, Fermilab.
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.

11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
EMI is partially funded by the European Commission under Grant Agreement RI-261611 Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.

EMI is partially funded by the European Commission under Grant Agreement RI Argus Policies Tutorial Valery Tschopp - SWITCH EGI TF Prague.
AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,

AN INTEGRATED FRAMEWORK FOR VO-ORIENTED AUTHORIZATION, POLICY-BASED MANAGEMENT AND ACCOUNTING Andrea Caltroni 3, Vincenzo Ciaschini 1, Andrea Ferraro 1,
June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.

June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
Conference name Company name INFSOM-RI-1234567 Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.
1 Andrea Sciabà CERN Critical Services and Monitoring - CMS Andrea Sciabà WLCG Service Reliability Workshop 26 – 30 November, 2007.

1 Andrea Sciabà CERN Critical Services and Monitoring - CMS Andrea Sciabà WLCG Service Reliability Workshop 26 – 30 November, 2007.
VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.

VO management: Progress since Chicago Workshop Vincenzo Ciaschini 23/5/2002 CNAF – Bologna.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org EGEE is a project funded by the European Union under contract INFSO-RI-508833 Grid Accounting.

INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract INFSO-RI Grid Accounting.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org G-PBox Auth meeting 13/9/2005 Presenter: Vincenzo Ciaschini.

INFSO-RI Enabling Grids for E-sciencE G-PBox Auth meeting 13/9/2005 Presenter: Vincenzo Ciaschini.

Similar presentations

Ads by Google