Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Science Grid Project DASH: Securing Direct MySQL Database Access for the Grid D. Malon, E. May, D. Ratnikov, A. Vaniachine Argonne National Laboratory.

Published byByron Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "Open Science Grid Project DASH: Securing Direct MySQL Database Access for the Grid D. Malon, E. May, D. Ratnikov, A. Vaniachine Argonne National Laboratory."— Presentation transcript:

1 Open Science Grid Project DASH: Securing Direct MySQL Database Access for the Grid D. Malon, E. May, D. Ratnikov, A. Vaniachine Argonne National Laboratory M. Vranicar, J. Weicher PIOCON Technologies XV International Conference on Computing in High Energy and Nuclear Physics T.I.F.R., Mumbai, India February 13-17, 2006

2 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 2 Databases and Grids Databases also play a critical role in grid middleware: file catalogues, monitoring, etc. Crosscutting the computational grid infrastructure, a database hyper- infrastructure emerges In addition to petabytes of file-based event data, high energy physics applications require access to non-event data (detector conditions, calibrations, etc.) stored in relational databases

3 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 3 Project DASH As grid computing technologies mature, development must focus on database and grid integration New technologies are required to bridge the gap between data accessibility and the increasing power of grid computing used for distributed event production and processing The Database Access for Secure Hyperinfrastructure (DASH) project is funded by the DOE Small Business Innovative Research Program to build and test secure high-performance database access technology for distributed computing www.piocon.com/DASH.php A project of PIOCON Technologies, Inc and Argonne National Laboratory

4 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 4 Database Access on the Grid Two different architectures: A separate middleware server does the grid authorization: OGSA-DAI: SOAP/XML + XML binary extensions Spitfire (EDG WP2): SOAP/XML text-only data transport Perl DBI database proxy (ALICE): SQL data transport Oracle 10g (separate authorization layer) Grid middleware is integrated in database server process: Instead of surrounding database with external secure middleware layers the safety features are embedded inside of the code By pushing secure authorization into the database engine the inefficient data transfer bottlenecks are eliminated

5 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 5 Embedded Security Approach The embedded security approach is listed among the top ten innovations in security by the panel of experts convened by Battelle: –“The Global Cyber Net: Communications and information are the lifeblood of security. Today we enjoy a worldwide web, which is open but unsecured. In the future, we will have a global cyber net that is faster and better protected than today… Software will contain embedded safety features inside of the code rather than just surrounding it.” http://www.battelle.org/forecasts/defense.stm

6 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 6 End-to-End Secure Transport DASH technology bridges the gap between data accessibility and the increasing power of grid computing To overcome database access inefficiencies inherent in a traditional middleware approach the DASH project implements secure authorization on the transport level Pushing the grid authorization into the database engine eliminates the middleware message-level security layer and delivers transport- level efficiency of SSL/TLS protocols for grid applications The DASH proof-of-concept prototype provides Globus grid proxy certificate authorization technologies for MySQL database access control DASH technology brings database access efficiencies similar to the https advantages introduced in the Globus Toolkit 4.0 The database architecture with embedded grid authorization provides a foundation for secure end-to-end data processing solutions for the grids

7 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 7 Aspect-Oriented Programming To avoid a brittle, monolithic system DASH uses an aspect-oriented programming approach By localizing Globus security concerns in a software aspect, DASH achieves a clean separation of Globus Grid Security Infrastructure dependencies from the MySQL server code During the database server build, the AspectC++ tool automatically generates the transport-level code to support a grid security infrastructure www.aspectc.org

8 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 8 Automatic Code Generation

9 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 9 AOP is the Next ‘Big Thing’ A 2001 paper on Aspect Oriented Programming is on Top 10 Downloads from ACM’s Digital Library Paper by our collaborators from Illinois Institute of Technology ATLAS experience with AOP was first reported at the previous CHEP04

10 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 10 Testing New Functionalities Prototype servers built with DASH technology are being tested in ANL, BNL, CERN and U Geneva We thank to – Jason Smith (BNL) – Yuri Smirnov (BNL) – Frederik Orellana (U Geneva) Among the new functionalities are Check for the proxy expiration time Host name checking (to reject impersonation)

11 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 11 Packaging Challenge Initial response from our beta-testers suggested that because of the globus gsi libraries dependencies the preferred distribution would be the static build However test showed that static builds works best on the platforms (Linux distributions) very close to those that of the build machine We experienced unexpected sensitivities to the minor variations in the glibc library version We are now addressing that issue by developing the dynamic build that will have the static globus gsi and openssl libraries built in

12 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 12 Scalability Challenge The chaotic nature of opportunistic grid computations results in variations in daily production rates Database services capacities should be adequate for peak demand Large-scale world-wide distributed simulations performed by the ATLAS Collaboration show steady progress in grid computing

13 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 13 Why Dynamic Deployment? The high level of sharing of computational resources achieved on grids result in increased fluctuations in demand for database services, because of the chaotic nature of shared resource availability Static services deployment require over-capacity Opportunistic production on non-LCG sites requires database services deployment on-demand To provide on-demand database services capability for Open Science Grid, the Edge Services Framework activity builds the DASH mysql-gsi database server into the virtual machine image, which is dynamically deployed via Globus Virtual Workspaces

14 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 14 Edge Services Services executing on the edge of the public and private network Site CDF CMS ATLAS Guest VO SE CE Compute nodes and Storage nodes See CHEP06 contribution id # 214 http://indico.cern.ch/contributionDisplay.py?contribId=214&sessionId=7&confId=048

15 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 15 Synergistic Collaboration CMS & ATLAS collaborate in OSG ESF Activity http://www.opensciencegrid.org/esf To achieve the ESF proof-of-concept milestone: The first ESF VM was deployed by CMS The first ESF service on that VM was by ATLAS: –Grid-enabled MySQL database built by the DASH project To access the server the grid job used proxy certificate (instead of the clear-text passwords hardwired in the scripts that are distributed world-wide)

16 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 16 Collaboration Benefits Celebrating ESF proof-of-concept milestone at Supercomputing 2005

17 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 17 Globus Folder at SC05 http://www.globus.org/alliance/events/sc05

18 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 18 Complementary Project A new collaborative project with the Globus team has just started at Argonne –to grid-enable the PostgreSQL database Both DASH and the new project target technology integration with OSGA-DAI Please contact us if you are interested to contribute to these projects

19 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 19 OGSA-DAI Complementarity Neil P Chue Hong, OGSA- DAI Status Summary Third OGSA- DAI Users Group Meeting, 6/1/2005 Through our continued interactions with OGSA-DAI team we have established working relationships to achieve technological compatibility

20 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 20 Additional Benefits Direct access to database servers unleashes a broad range of vendor-specific server capabilities for data processing applications: distributed XA transactions, binary data transport, etc. Grid proxy certificate technology opens technical opportunities to enable fine-grained delegation of rights for access control (attribute certificates) Grid-enabled relational database server technology has the potential for application beyond the domain of high energy physics, and is of interest to bioinformatics and other data-intensive sciences

21 CHEP06 Mumbai India Alexandre Vaniachine (ANL) Open Science Grid 21 DASH Outreach

Download ppt "Open Science Grid Project DASH: Securing Direct MySQL Database Access for the Grid D. Malon, E. May, D. Ratnikov, A. Vaniachine Argonne National Laboratory."

Similar presentations

Open Science Grid Living on the Edge: OSG Edge Services Framework Kate Keahey Abhishek Rana.

Open Science Grid Living on the Edge: OSG Edge Services Framework Kate Keahey Abhishek Rana.
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.

1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
 Contributing >30% of throughput to ATLAS and CMS in Worldwide LHC Computing Grid  Reliant on production and advanced networking from ESNET, LHCNET and.

 Contributing >30% of throughput to ATLAS and CMS in Worldwide LHC Computing Grid  Reliant on production and advanced networking from ESNET, LHCNET and.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Decision Support Tools CBR & Modeling Jeff Allan University of Sheffield.

Decision Support Tools CBR & Modeling Jeff Allan University of Sheffield.
A conceptual model of grid resources and services Authors: Sergio Andreozzi Massimo Sgaravatto Cristina Vistoli Presenter: Sergio Andreozzi INFN-CNAF Bologna.

A conceptual model of grid resources and services Authors: Sergio Andreozzi Massimo Sgaravatto Cristina Vistoli Presenter: Sergio Andreozzi INFN-CNAF Bologna.
1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.

Milos Kobliha Alejandro Cimadevilla Luis de Alba Parallel Computing Seminar GROUP 12.
Simo Niskala Teemu Pasanen

Simo Niskala Teemu Pasanen
Globus Computing Infrustructure Software Globus Toolkit 11-2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Database authentication and authorisation in LCG — 3D workshop 17-19 Oct 2005 1 Kuba Zajączkowski Database authentication and.

Database authentication and authorisation in LCG — 3D workshop Oct Kuba Zajączkowski Database authentication and.
Assessment of Core Services provided to USLHC by OSG.

Assessment of Core Services provided to USLHC by OSG.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Chapter 9 Moving to Design Part 2.

Chapter 9 Moving to Design Part 2.
Virtual Infrastructure in the Grid Kate Keahey Argonne National Laboratory.

Virtual Infrastructure in the Grid Kate Keahey Argonne National Laboratory.
 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.

 Cloud computing  Workflow  Workflow lifecycle  Workflow design  Workflow tools : xcp, eucalyptus, open nebula.

Similar presentations

Ads by Google