Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -

Published byJohnathan Woods Modified over 9 years ago

Similar presentations

Presentation on theme: "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -"— Presentation transcript:

1 INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 - 29 September 2005 Editors S. Traylen, M. Schulz and J. Templon

2 Enabling Grids for E-sciencE INFSO-RI-508833 2 The Conclusion Sites want LCG to succeed and hence agree to deploy VO boxes where / when they are needed!!! Running a grid site is not easy; giving free reign to unknown software could make it much worse. Hence Sites are placing some constraints on what can be deployed

3 Enabling Grids for E-sciencE INFSO-RI-508833 3 Security Constraints installation, configuration and maintenance of privileged and untrusted software; inbound and outbound connectivity maybe through ports that are normally closed (due to site policies); potentially impossibility to trace real users due to the use of service credentials; use of standard X.509 digital certificates (i.e. no proxy) to run services, or requests to directly use the host certificate rather than service certificates. Raises concerns about responsibilities, authorization leaks and stolen / misused credentials. VO Box Deployment Must Follow guidelines in “VO Box Security Recommendations and Questionnaire” from Joint Security Policy GroupVO Box Security Recommendations and Questionnaire

4 Enabling Grids for E-sciencE INFSO-RI-508833 4 Operational Constraints Root cause analysis of operational failures is already tough; adding another active, dynamic, unknown and uncontrolled element can make life much harder if not sufficiently isolated Firm agreements are made on what is expected from the two parties operating a VO box, as the site maintains the hardware and the OS, the VO the rest … where exactly do we draw the line? Operational Holy Services: –Workload will be accepted ONLY through the standard gatekeeper  P.s. heads up gLite –Data for storage will be accepted ONLY through the standard SRM interface –If the VOBox requires the UI s/w to be installed on the base system, this will be the LCG UI. VOBox deployment must follow guidelines in “LCG VOBox Operations Recommendations and Questionnaire”LCG VOBox Operations Recommendations and Questionnaire

5 Enabling Grids for E-sciencE INFSO-RI-508833 5 Monitoring VO specific monitoring have to communicate –What? –How often? –How? –Stored where? –Accessible by whom? –Is it monitoring a quantity that is already monitored? Should not be taken as a given that all monitoring will be allowed Privacy –Current approaches break national rules (unfortunately different ones in each country) –Need to find some way (interaction sites/VOs) to let sites control monitoring info via policy specification …

6 Enabling Grids for E-sciencE INFSO-RI-508833 6 Other Concerns Capacity inflation –Request VO box to have 3 GB space per job slot == terabyte for medium site!! Resource Drain –Sites already have ~ five-box ‘tax’ to join grid; VO boxes increase this –Proportionally larger for smaller sites … sites may choose to drop ‘low-priority’ VOs –Answer: don’t ask for more than you need, and try to make it possible to run your stuff on shared box if at all possible Is the need to have “own” box due to a –Resource problem (really need whole machine) or –Organizational problem (so a VM would be OK)? Service Duplication –Not accepted –Extensions are OK if needed.

7 Enabling Grids for E-sciencE INFSO-RI-508833 7 The Future Part 1 We will deploy the VO boxes as long as the VOs do their best to be good citizens (mostly a question of education, not character :) The VO box should be re-discussed by Baseline Services group (is now significantly expanded from original idea in report) Also needs to be discussed in forum where site representation is on equal representation with that of experiments (was NOT the case in BS group).

8 Enabling Grids for E-sciencE INFSO-RI-508833 8 The Future Part 2 Need for VO-specific services will likely not go away How to deal with this in the future? –OSG edge services (VM image management) –Container technology (java applets in site-managed tomcat) –gsissh login that we now have –“Local” appearance of services via proxy mechansim? Keep pressure on generic middleware –Some things (monitoring) CAN be generic –A strong EGEE generic middleware is a great benefit to HEP, not only for our work but for being able to donate it to other communities … don’t underestimate how valuable this is

Download ppt "INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -"

Similar presentations

29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org www.glite.org The gLite middleware distribution OSG Consortium Meeting Seattle, 21-23.

EGEE-II INFSO-RI Enabling Grids for E-sciencE The gLite middleware distribution OSG Consortium Meeting Seattle,
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
Security Q&A OSG Site Administrators workshop Indianapolis August 6-7 2009 Doug Olson LBNL.

Security Q&A OSG Site Administrators workshop Indianapolis August Doug Olson LBNL.
1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.
OSG Site Provide one or more of the following capabilities: – access to local computational resources using a batch queue – interactive access to local.

OSG Site Provide one or more of the following capabilities: – access to local computational resources using a batch queue – interactive access to local.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org The GENIUS Grid portal Tony Calanducci INFN Catania - Italy First Latin American Workshop.

INFSO-RI Enabling Grids for E-sciencE The GENIUS Grid portal Tony Calanducci INFN Catania - Italy First Latin American Workshop.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Simply monitor a grid site with Nagios J.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.

INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks C. Loomis (CNRS/LAL) M.-E. Bégin (SixSq.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks C. Loomis (CNRS/LAL) M.-E. Bégin (SixSq.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Steven Newhouse EGEE’s plans for transition.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Steven Newhouse EGEE’s plans for transition.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks PPS All sites Meeting: Introduction & Agenda.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks PPS All sites Meeting: Introduction & Agenda.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Nagios for Grid Services E. Imamagic, SRCE.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Nagios for Grid Services E. Imamagic, SRCE.
Evolution of Grid Projects and what that means for WLCG Ian Bird, CERN WLCG Workshop, New York 19 th May 2012.

Evolution of Grid Projects and what that means for WLCG Ian Bird, CERN WLCG Workshop, New York 19 th May 2012.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.

Similar presentations

Ads by Google