Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Daniel Mallmann MWSG meeting Amsterdam 14-15 December 2005.

Published byJaden Gloster Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Daniel Mallmann MWSG meeting Amsterdam 14-15 December 2005."— Presentation transcript:

1 Security Daniel Mallmann d.mallmann@fz-juelich.de MWSG meeting Amsterdam 14-15 December 2005

2 2 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Architecture Overview Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client

3 3  Java application  User authentication via X.509 certificates  Global or local list of Unicore sites (Usites)  Connects to Gateway via SSL and Unicore Protocol Layer (UPL)  Job preparation ♦Workflow management ♦File management ♦Abstract Job Object (AJO) generation ♦Job signing  Job monitoring  Job control Job Preparation Job Monitor Workflow Management Usites Vsites

4 4 Client Internet Gateway Unicore Site list SSL Client

5 5 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Gateway

6 6  Authentication: ♦Connection only with valid certificates from accepted Certification Authorities ♦Forwards client certificate to NJS for authorisation  Single point of entry for all Unicore services of the Usite ♦Only one open port  List of Vsites  Connects to Vsites via UPL (SSL optional)

7 7 Gateway Internet Client Gateway SSL VSite list Vsite 2 Network Job Supervisor Vsite 1 Network Job Supervisor Vsite 3 Network Job Supervisor Firewall

8 8 Network Job Supervisor Usite B Vsite B2Vsite B1 Usite A Vsite A1 Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Network Job Supervisor

9 9  Checks integrity of jobs  Authorises the user by Unicore User Data Base (UUDB) ♦Mapping of Unicore user certificate to target system Xlogin  Forwards sub jobs to remote Vsites  Translates abstract job into target system specific tasks based on Incarnation Data Base (IDB)  Transfers files to work directory on the target system via socket connection  Submits jobs to Target System Interface (TSI) via socket connection

10 10 Network Job Supervisor Target System Interface Network Job Supervisor Gateway Incarnation Data Base Unicore User Data Base Network Job Supervisor Gateway Internet

11 11 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Target System Interface Gateway Internet Gateway Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Target System Interface

12 12 Target System Interface  Interfaces between Unicore and the Grid resource  Executes the specific tasks, translated by the NJS, or submits them to the batch sub system  Stores and sends files from/to the Unicore Client or local directories  Contains batch sub system, operating system and installation specific code  Runs as root

13 13 Target System Interface Network Job Supervisor Shepard Worker Batch Sub System File System Application Operating System

14 14 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Multiside Job Gateway Internet Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Gateway

15 15 Secondary Network Job Supervisor Primary Network Job Supervisor SSL Client Multiside Job = User certificate= NJS certificate Job Sub Job  Consigner ♦The entity (user client or NJS) that consigns a job or sub-job ♦Expressed by use in SSL connection  Endorser ♦The entity (user) that authorises the tasks to be performed ♦Expressed by signing of serialized AJO direct acyclic graph

16 16 Usite B Vsite B2Vsite B1 Usite A Vsite A1 Explicit Trust Delegation Gateway Internet Target System Interface Network Job Supervisor Target System Interface Network Job Supervisor Client Gateway Portal

17 17 SSL Network Job Supervisor SSL Portal WS- Client (Browser) Explicit Trust Delegation Job User: name = User certificate= Portal certificate  User ♦New role besides consignor and endorser ♦Entity (user) on whose behalf tasks will be performed  Trusted Agents (Portal) ♦Added to the UUDB explicitly ♦Allowed to endorse AJO on behalf of users

18 18 UniGrids project  All components are being moved to stateful Web Services ♦Based on the Open Grid Services Architecture (OGSA) ♦Compliant with the Web Services Resource Framework  Gateway handles multiple protocols  Web Service implementation of the UUDB

19 19 References  Unicore ♦Software: http://unicore.sourceforge.net ♦Whitepaper: http://www.unicore.org/...... documents/UNICOREPlus-Final-Report.pdf  Unicore Security ♦GGF Document GFD.18 “An Analysis of the UNICORE Security Model” http://www.gridforum.org/documents/GFD.18.pdf  UniGrids ♦ http://www.unigrids.org  Explicit Trust Delegation ♦Fujitsu Scientific & Technical Journal, Special Issue: Grid Computing, 2004-12 (Vol.40, No.2) “Explicit Trust Delegation: Security for Dynamic Grids” http://www.fujitsu.com/downloads/MAG/vol40-2/paper12.pdf

Download ppt "Security Daniel Mallmann MWSG meeting Amsterdam 14-15 December 2005."

Similar presentations

UNICORE – The Seamless GRID Solution Hans–Christian Hoppe A Member of the ExperTeam Group Pallas GmbH Hermülheimer Straße 10 D–50321 Brühl, Germany

UNICORE – The Seamless GRID Solution Hans–Christian Hoppe A Member of the ExperTeam Group Pallas GmbH Hermülheimer Straße 10 D–50321 Brühl, Germany
March 6 th, 2009 OGF 25 Unicore 6 and IPv6 readiness and IPv6 readiness

March 6 th, 2009 OGF 25 Unicore 6 and IPv6 readiness and IPv6 readiness
Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.

Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
The UNICORE GRID Project Karl Solchenbach Gesellschaft für Parallele Anwendungen und Systeme mbH Pallas GmbH Hermülheimer Straße 10 D-50321 Brühl, Germany.

The UNICORE GRID Project Karl Solchenbach Gesellschaft für Parallele Anwendungen und Systeme mbH Pallas GmbH Hermülheimer Straße 10 D Brühl, Germany.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Fujitsu Laboratories of Europe © 2003 Unicore Technology Dr. David Snelling Grid School July 17, 2003.

Fujitsu Laboratories of Europe © 2003 Unicore Technology Dr. David Snelling Grid School July 17, 2003.
PAWN: Producer-Archive Workflow Network University of Maryland Institute for Advanced Computer Studies Joseph Ja’Ja, Mike Smorul, Mike McGann.

PAWN: Producer-Archive Workflow Network University of Maryland Institute for Advanced Computer Studies Joseph Ja’Ja, Mike Smorul, Mike McGann.
Grid Programming Environment (GPE) Grid Summer School, July 28, 2004 Ralf Ratering Intel - Parallel and Distributed Solutions Division (PDSD)

Grid Programming Environment (GPE) Grid Summer School, July 28, 2004 Ralf Ratering Intel - Parallel and Distributed Solutions Division (PDSD)
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.

UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.
Member of the ExperTeam Group Ralf Ratering Pallas GmbH Hermülheimer Straße 10 50321 Brühl, Germany

Member of the ExperTeam Group Ralf Ratering Pallas GmbH Hermülheimer Straße Brühl, Germany
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug 2009 1.

Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.

Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)

- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET

Similar presentations

Ads by Google