Download presentation
Presentation is loading. Please wait.
Published byCaitlin Brooks Modified over 9 years ago
1
The Globus Toolkit and OMII-Europe Neil Chue Hong EPCC, University of Edinburgh Thanks to Ian Foster and the Globus Team for slides
2
EU project: RIO31844-OMII-EUROPE 2 What specific problem is the Globus Toolkit designed to address?
3
EU project: RIO31844-OMII-EUROPE 3 Ultimately, the Globus Toolkit is designed to enable the creation and maintenance of Virtual Organizations
4
EU project: RIO31844-OMII-EUROPE 4 R R R R R R R R R R R R VO-A VO-B Virtual Organizations Distributed resources and people Linked by networks, crossing admin domains Sharing resources, common goals Dynamic Fault tolerant
5
EU project: RIO31844-OMII-EUROPE 5 Layers in the Grid
6
EU project: RIO31844-OMII-EUROPE 6 The Globus Toolkit: “Standard Plumbing” for the Grid Not turnkey solutions, but building blocks & tools for application developers & system integrators –Some components (e.g., file transfer) go farther than others (e.g., remote job submission) toward end-user relevance Easier to reuse than to reinvent –Compatibility with other Grid systems comes for free Today the majority of the GT public interfaces are usable by application developers and system integrators –Relatively few end-user interfaces –In general, not intended for direct use by end users (scientists, engineers, marketing specialists)
7
EU project: RIO31844-OMII-EUROPE 7 A Typical eScience Use of Globus: Network for Earthquake Eng. Simulation Links instruments, data, computers, people
8
EU project: RIO31844-OMII-EUROPE 8 Without the Globus Toolkit Web Browser Compute Server Data Catalog Data Viewer Tool Certificate authority Chat Tool Credential Repository Web Portal Compute Server Resources implement standard access & management interfaces Collective services aggregate &/or virtualize resources Users work with client applications Application services organize VOs & enable access to other services Database service Database service Database service Simulation Tool Camera Telepresence Monitor Registration Service A B C D E Application Developer 10 Off the Shelf12 Globus Toolkit0 Grid Community0
9
EU project: RIO31844-OMII-EUROPE 9 With the Globus Toolkit Web Browser Compute Server Globus MCS/RLS Data Viewer Tool Certificate Authority CHEF Chat Teamlet MyProxy CHEF Compute Server Resources implement standard access & management interfaces Collective services aggregate &/or virtualize resources Users work with client applications Application services organize VOs & enable access to other services Database service Database service Database service Simulation Tool Camera Telepresence Monitor Globus Index Service Globus GRAM OGSA DAI Application Developer 2 Off the Shelf9 Globus Toolkit4 Grid Community4
10
EU project: RIO31844-OMII-EUROPE 10 The Globus Toolkit is a Collection of Components A set of loosely-coupled components, with: –Services and clients –Libraries –Development tools GT components are used to build Grid-based applications and services –GT can be viewed as a Grid SDK GT components can be categorized across two different dimensions –By broad domain area –By protocol support
11
EU project: RIO31844-OMII-EUROPE 11 GT Domain Areas Core runtime –Infrastructure for building new services Security –Apply uniform policy across distinct systems Execution management –Provision, deploy, & manage services Data management –Discover, transfer, & access large data Monitoring –Discover & monitor dynamic services
12
EU project: RIO31844-OMII-EUROPE 12 GT Protocols Web service protocols –WSDL, SOAP –WS Addressing, WSRF, WSN –WS Security, SAML, XACML –WS-Interoperability profile Non Web service protocols –Standards-based, such as GridFTP –Custom
13
EU project: RIO31844-OMII-EUROPE 13 “Stateless” vs. “Stateful” Services Without state, how does client: –Determine what happened (success/failure)? –Find out how many files completed? –Receive updates when interesting events arise? –Terminate a request? Few useful services are truly “stateless”, but WS interfaces alone do not provide built-in support for state Client FileTransfer Service move (A to B) move
14
EU project: RIO31844-OMII-EUROPE 14 FileTransferService (without WSRF) Developer reinvents wheel for each new service –Custom management and identification of state: transferID –Custom operations to inspect state synchronously (whatHappen) and asynchronously (tellMeWhen) –Custom lifetime operation (cancel) Client FileTransfer Service move (A to B) : transferID move state whatHappen tellMeWhen cancel
15
EU project: RIO31844-OMII-EUROPE 15 WSRF in a Nutshell Service State representation –Resource –Resource Property State identification –Endpoint Reference State Interfaces –GetRP, QueryRPs, GetMultipleRPs, SetRP Lifetime Interfaces –SetTerminationTime –ImmediateDestruction Notification Interfaces –Subscribe –Notify ServiceGroups RPs Resource Service GetRP GetMultRPs SetRP QueryRPs Subscribe SetTermTime Destroy EPR
16
EU project: RIO31844-OMII-EUROPE 16 FileTransferService (w/ WSRF) Developer specifies custom method to createResource and leaves the rest to WSRF standards: –State exposed as Resource + Resource Properties and identified by Endpoint Reference (EPR) –State inspected by standard interfaces (GetRP, QueryRPs) –Lifetime management by standard interfaces (Destroy) Client FileTransferService createResource (A to B) : EPR createResource RPs Transfer getRP queryRPs destroy
17
EU project: RIO31844-OMII-EUROPE 17 Data MgmtSecurity Common Runtime Execution Mgmt Info Services Non-WS Components Pre-WS Authentication Authorization GridFTP C Common Libraries Globus Toolkit version 2 (GT2) Grid Resource Alloc. Mgmt (GRAM) Monitoring & Discovery (MDS) Web Services Components
18
EU project: RIO31844-OMII-EUROPE 18 Data MgmtSecurity Common Runtime Execution Mgmt Info Services Web Services Components Non-WS Components Pre-WS Authentication Authorization GridFTP C Common Libraries WS Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Alloc. Mgmt (WS GRAM) MDS3 Java WS Core Community Authorization Replica Location eXtensible IO (XIO) Globus Toolkit version 3 (GT3) Grid Resource Alloc. Mgmt (GRAM) Monitoring & Discovery (MDS)
19
EU project: RIO31844-OMII-EUROPE 19 Data MgmtSecurity Common Runtime Execution Mgmt Info Services Web Services Components Non-WS Components Pre-WS Authentication Authorization GridFTP Pre-WS Grid Resource Alloc. & Mgmt Pre-WS Monitoring & Discovery C Common Libraries Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Java WS Core Community Authorization Replica Location eXtensible IO (XIO) Credential Mgmt Community Scheduling Framework Delegation Globus Toolkit version 4 (GT4) Data Replication Trigger C WS Core Python WS Core WebMDS Workspace Management Grid Telecontrol Protocol Contrib/ Preview Core Depre- cated www.globus.org
20
EU project: RIO31844-OMII-EUROPE 20 Data Mgmt Security Common Runtime Execution Mgmt Info Services GridFTP Authentication Authorization Reliable File Transfer Data Access & Integration Grid Resource Allocation & Management Index Community Authorization Data Replication Community Scheduling Framework Delegation Replica Location Trigger Java Runtime C Runtime Python Runtime WebMDS Workspace Management Grid Telecontrol Protocol Globus Toolkit v4 www.globus.org Credential Mgmt Globus Toolkit: Open Source Grid Infrastructure
21
EU project: RIO31844-OMII-EUROPE 21 Java Services in Apache Axis Plus GT Libraries and Handlers Your Java Service Your Python Service Your Java Service RFT GRAM Delegation Index Trigger Archiver pyGlobus WS Core Your C Service C WS Core RLS Pre-WS MDS CAS Pre-WS GRAM SimpleCAMyProxy OGSA-DAI GTCP GridFTP C Services using GT Libraries and Handlers SERVER CLIENT Interoperable WS-I-compliant SOAP messaging Your Java Client Your C Client Your Python Client Your Java Client Your C Client Your Python Client Your Java Client Your C Client Your Python Client Your Java Client Your C Client Your Python Client X.509 credentials = common authentication Python hosting, GT Libraries GT4 Components
22
EU project: RIO31844-OMII-EUROPE 22 OMII-Europe / Globus activities OGSA DAIBESVOMSRUS Grid Sphere Etc. Identified Components EGEE (GLite) UNICORE Globus Etc. OMII-UK, USA, China Port OGSA- DAI WS-GRAM w/ BES and JSDL Common Accounting Security
23
EU project: RIO31844-OMII-EUROPE 23 GT4 Security VO Rights Users Rights’ Compute Center Access Services (running on user’s behalf) Rights Local policy on VO identity or attribute authority CAS or VOMS issuing SAML or X.509 ACs SSL/WS-Security with Proxy Certificates Authz Callout: SAML, XACML KCA MyProxy
24
EU project: RIO31844-OMII-EUROPE 24 GT4 Security Public-key-based authentication Extensible authorization framework based on Web services standards –SAML-based authorization callout As specified in GGF OGSA-Authz WG –Integrated policy decision engine XACML policy language, per-operation policies, pluggable Credential management service –MyProxy (One time password support) Community Authorization Service Standalone delegation service
25
EU project: RIO31844-OMII-EUROPE 25 GT4’s Use of Security Standards Supported, Supported, Fastest, but slow but insecure so default
26
EU project: RIO31844-OMII-EUROPE 26 GT-XACML Integration eXtensible Access Control Markup Language –OASIS standard, open source implementations XACML: sophisticated policy language Globus Toolkit ships with XACML runtime –Included in every client and server built on GT –Turned-on through configuration … that can be called transparently from runtime and/or explicitly from application … … and we use the XACML-”model” for our Authz Processing Framework
27
EU project: RIO31844-OMII-EUROPE 27 GT Authorization Framework
28
EU project: RIO31844-OMII-EUROPE 28 Other Security Services Include … MyProxy –Simplified credential management –Web portal integration –Single-sign-on support KCA & kx.509 –Bridging into/out-of Kerberos domains SimpleCA –Online credential generation PERMIS –Authorization service callout
29
EU project: RIO31844-OMII-EUROPE 29 GT4 WS GRAM 2nd-generation WS implementation optimized for performance, flexibility, stability, scalability Streamlined critical path –Use only what you need Flexible credential management –Credential cache & delegation service GridFTP & RFT used for data operations –Data staging & streaming output –Eliminates redundant GASS code
30
EU project: RIO31844-OMII-EUROPE 30 GRAM services GT4 Java Container GRAM services Delegation RFT File Transfer request GridFTP Remote storage element(s) Local scheduler User job Compute element GridFTP sudo GRAM adapter FTP control Local job control Delegate FTP data Client Job functions Delegate Service host(s) and compute element(s) GT4 WS GRAM Architecture SEG Job events
31
EU project: RIO31844-OMII-EUROPE 31 Summary The Globus Toolkit is a collection of reuseable components to help application builders harness the Grid In OMII-Europe, the challenge is to allow components from different middleware stacks to interact and interoperate well For Globus, the main areas are: –Job Submission –Data Services –Accounting and Security
32
EU project: RIO31844-OMII-EUROPE 32 Thank you for listening Any questions? http://www.omii-europe.com http://www.globus.org
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.