Presentation is loading. Please wait.

Presentation is loading. Please wait.

WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep"— Presentation transcript:

1 WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep hep-proj-grid-fabric-gridify@cern.ch

2 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 2 WP4 Subsystems and relationships (D4.2)

3 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 3 Job submission protocol & interface u Current Globus design n Client tools connect to gatekeeper n GRAM (attributes over HTTPS) n Gatekeeper does authentication, authorization and user mapping n RSL passed to JobManager u Identified design differences n authorization and user mapping done too early in process u Identical components n Protocol must stay the same (GRAM) n Separation of JobManager (closer to RMS) and GateKeeper will remain u Issue: scalability problems with many jobs within one centre (N jobmanagers)

4 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 4 Authorization and AAA u Current Globus design: n Authorization and user mapping are intermingled n No scalable/dynamic per-site Authorization in Globus u Identified design points n new design, taking concepts from generic AAA architectures n coordination with EDG security group u Identical components n generic AAA architectures/servers n distributed AAA decisions/brokering n generic policy languages

5 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 5 Credential Mapping u Current Globus design: n Authorization and user mapping are intermingled n Currently by GateKeeper (on connection establishment) n Kerberos by external service (sslk5) u Identified design points n Extend for multiple credential types n move to later in the process (after AAA decision) u Identical components n gridmapdir patch by Andrew McNab n sslk5/k5cert service u Issues in current design n mapping may be expensive (updating password files, NIS, LDAP, etc.)

6 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 6 Local security service (FLIdS) u Current Globus design: n Component does not exist n Technology ubiquitous (X.509 PKI) u Identified design points n Policy driven automatic service n policy language design (based on generic policy language or EACLs) u Identical components n PKI X.509 technology (OpenSSL) n use by GSI and HTTPS u Issues: n mainly useful in untrusted environments (e.g., outside a locked computer centre)

7 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 7 Information Services (GriFIS) u Current Globus design: n GIS: LDAP based with caching backend n Modular information providers u Identified design points n Many more information providers (CDB) n Correlators between RMS, Monitoring and CDB (internal WP4 components) u Identical components n GIS or EDG equivalent (GMA/R-GMA) n Some of the information providers u Issues in current design n Evaluation of WP3 framework still in progress n Wide variety of frameworks in general, but all seem currently interchangeable

8 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 8 Network access to large fabrics u Current Globus design n Is not in scope of Globus toolkit u Identified design differences n Needed component for large farms n Needed for bandwidth brokerage and user/job based QoS u Identical components n 0 st order: no functionality n 1 st order: IP Masquerading routers n 2 nd order: IP Masq & protocol translation (IPv6 → IPv4 and v.v.) n use of intelligent edge devices, managed bandwidth (and connections) per job, AAA interaction (with LCAS)

9 David Groep – WP4 gridification subsystem overlaps – 2001.11.27 - 9 Key overlaps & differences u Globus provides adequate prototypes for much of the functionality u Lacking components n Generic and distributed AAA n too-early relinquishing of credential mapping capabilities in gatekeeper n does not address intra-fabric security concerns (FLIdS) n information providers for whatever the framework will be n managed network access u Key components to be compatible n GRAM protocol & RSL forwarding [Globus] n Information framework (GIS, GMA, R-GMA, …) [Globus and EDG WP3] n Security methods and protocols (X.509, SSL, …)

Download ppt "WP4 Gridification Subsystem overlap & existing systems for Gridification Task: David Groep"

Similar presentations

GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.

The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.
NorduGrid Grid Manager developed at NorduGrid project.

NorduGrid Grid Manager developed at NorduGrid project.
Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep

Gridification Task Development Plan for Release 1.1 – 2.0 For Gridification: David Groep
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
A Computation Management Agent for Multi-Institutional Grids

A Computation Management Agent for Multi-Institutional Grids
DataGrid is a project funded by the European Union 22 September 2003 – n° 1 EDG WP4 Fabric Management: Fabric Monitoring and Fault Tolerance

DataGrid is a project funded by the European Union 22 September 2003 – n° 1 EDG WP4 Fabric Management: Fabric Monitoring and Fault Tolerance
WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep

WP4 Gridification Subsystem overlap Globus & existing systems LCAS and AAA in WP4 for Gridification Task: David Groep
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
USING THE GLOBUS TOOLKIT This summary by: Asad Samar / CALTECH/CMS Ben Segal / CERN-IT FULL INFO AT:

USING THE GLOBUS TOOLKIT This summary by: Asad Samar / CALTECH/CMS Ben Segal / CERN-IT FULL INFO AT:
Status of Globus activities within INFN Massimo Sgaravatto INFN Padova for the INFN Globus group

Status of Globus activities within INFN Massimo Sgaravatto INFN Padova for the INFN Globus group
Copyright © 1995-2002 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CS582: Distributed Systems Lecture 19 - November.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CS582: Distributed Systems Lecture 19 - November.
A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.
2001.04.02 / David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.

/ David GroepSummary of Security Workshop - DataGRID WP4 workshop1 DataGrid Security WS Summary Targets: Identify requirements from WP's Define.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
WP4 Security Update For WP4: David Groep

WP4 Security Update For WP4: David Groep
WP4 Gridification Security Components in the Fabric overview of the WP4 architecture as of D4.2 for Gridification Task: David Groep

WP4 Gridification Security Components in the Fabric overview of the WP4 architecture as of D4.2 for Gridification Task: David Groep

Similar presentations

Ads by Google