Presentation is loading. Please wait.

Presentation is loading. Please wait.

GUMS Gabriele Carcassi PPDG Collaboration meeting June 27, 2004.

Published byClemence Hines Modified over 8 years ago

Similar presentations

Presentation on theme: "GUMS Gabriele Carcassi PPDG Collaboration meeting June 27, 2004."— Presentation transcript:

1 GUMS Gabriele Carcassi PPDG Collaboration meeting June 27, 2004

2 Goal Concentrate on job submission Production system for site authorization –Allow centralized management of all BNL gatekeeper access and mapping –Allow policy based mapping –Eliminate the need for grid-mapfiles (use callouts) –Enable role based authorization (different local user and/or different use of local resources) Make it a product

3 Features Logging: a thought out log system (working with BNL cybersecurity on this) Account pooling Error prone: be able to withstand various internal and enternal malfunctions Modularity: allow anybody to plug-in a site- specific policy by just dropping in a library Persistence layer: allow to integrate site specific autorization/human resources databases Scalability: multiple server with load balancing

4 Features Backup plans: always be able to revert to actually working technologies Accounting: multiple accounts per VO with grid 3 Collaboration with other groups Gradual changes: always have the system in production Fast release cycle: release every 1 or 2 months Unit tests: test driven development

5 Discussion Are other sites interested? “Auditing service” (allow other different site’s cibersecurity to query each other access logs)? “Test service” (an interface to perform internal tests and see if the service is running/configured correctly)

6 Architecture

7 No GUMS Globus gatekeeper/ jobmanager Gatekeeper(s) grid-mapfile Requests edg- mk- gridmap … VO … VO … VO

8 GUMS 0.5 Globus gatekeeper/ jobmanager Gatekeeper(s) grid-mapfile Requests gums cron GUMS server GUMS DB Command line tools … VO … VO … VO

9 GUMS 0.6 Globus gatekeeper/ jobmanager Gatekeeper(s) grid-mapfile Requests gums cron GUMS server GUMS DB Business logic … VO … VO … VO Web UI Cmd line

10 GUMS 0.7 (?) Globus gatekeeper/ jobmanager Gatekeeper(s) grid-mapfile Requests gums cron GUMS server GUMS DB Business logic … VO … VO … VO Web UI Cmd line Web service

11 GUMS 1.0 Globus gatekeeper/ jobmanager Gatekeeper(s) Requests GUMS server GUMS DB Business logic … VO … VO … VO Web UI Cmd line Web service callout

12 GUMS 1.0 (if all else fails) GUMS server GUMS DB … VO … VO … VO Globus gatekeeper/ jobmanager Gatekeeper(s) Requests callout Business logic Web UI Cmd line Web service

13 BNL siteAAA layout

14 ATLAS VO apply notify approve/deny Registration process applicant representative STAR VO PHENIX VO … VO Virtual organization management Server tools Site access management cyber security Resource management sysadmin Client tools user Credential storage Client authentication GRID resources

15 Couple of GUMS UML diagrams

16 Configuration HostnameMapping GroupMapper UserGroup AccountMapper String mapUser(String userDN) boolean isInGroup(String userDN); List getMemberList(); void updateMembers(); List retrieveGroupMappers(String hostname) * Hostname Mapping Impl *

17 Groups UserGroupMockUserGroup LDAPUserGroupVOMSUserGroup UserGroupDB ManualUserGroup ManualUserGroupDB

18 AccountMappers AccountMapperMockAccMapper GroupAccMapperNISAccountMapperManualAccMapper ManualAccMaperDBCompositeAccMapper *

19 Persistence layer PersistanceFactory MySQLAccMapperDB MockPersFactMySQLPersFact ManualAccountMapperDB ManualAccountMapperDB retrieveManualAccountMapperDB(String name); UserGroupDB retrieveUserGroupDB(String name); ManualUserGroupDB retrieveManualUserGroupDB(String name); AccountPoolMapperDB retrieveAccountPoolMapperDB(String name); >

20 From GUMS 0.6

21

22

23

24

25

26 <userGroup className='gov.bnl.gums.VOMSGroup' url='https://vo.racf.bnl.gov:8443/edg-voms-admin/star/services/VOMSAdmin' persistanceFactory='mysql' name='star' sslCertfile='/etc/grid-security/hostcert.pem' sslKey='/etc/grid-security/hostkey.pem'/>

27 <userGroup className='gov.bnl.gums.VOMSGroup' url='https://vo.racf.bnl.gov:8443/edg-voms-admin/phenix/services/VOMSAdmin' persistanceFactory='mysql' name='phenix' sslCertfile='/etc/grid-security/hostcert.pem' sslKey='/etc/grid-security/hostkey.pem'/>

Download ppt "GUMS Gabriele Carcassi PPDG Collaboration meeting June 27, 2004."

Similar presentations

CHEP 2000, 10.02.2000Roberto Barbera Roberto Barbera (*) GENIUS: a Web Portal for the GRID Meeting Grid.it, Bologna, 14.02.2003 (*) work in collaboration.

CHEP 2000, Roberto Barbera Roberto Barbera (*) GENIUS: a Web Portal for the GRID Meeting Grid.it, Bologna, (*) work in collaboration.
ATLAS/LHCb GANGA DEVELOPMENT Introduction Requirements Architecture and design Interfacing to the Grid Ganga prototyping A. Soroko (Oxford), K. Harrison.

ATLAS/LHCb GANGA DEVELOPMENT Introduction Requirements Architecture and design Interfacing to the Grid Ganga prototyping A. Soroko (Oxford), K. Harrison.
Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.

Dec 14, 20061/10 VO Services Project – Status Report Gabriele Garzoglio VO Services Project WBS Dec 14, 2006 OSG Executive Board Meeting Gabriele Garzoglio.
Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.
NorduGrid Grid Manager developed at NorduGrid project.

NorduGrid Grid Manager developed at NorduGrid project.
Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.

Site Authorization Service (SAZ) at Fermilab Vijay Sekhri and Igor Mandrichenko Fermilab CHEP03, March 25, 2003.
GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.

GUMS status Gabriele Carcassi PPDG Common Project 12/9/2004.
Futures – Alpha Cloud Deployment and Application Management.

Futures – Alpha Cloud Deployment and Application Management.
Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.

Implementing Finer Grained Authorization in the Open Science Grid Gabriele Carcassi, Ian Fisk, Gabriele, Garzoglio, Markus Lorch, Timur Perelmutov, Abhishek.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.
2006-12-19 1 VO Management in D-Grid, 2. WS, H. Enke (AstroGrid-D) 2006-12-19 AGD Grid Account Management.

VO Management in D-Grid, 2. WS, H. Enke (AstroGrid-D) AGD Grid Account Management.
Data Management Kelly Clynes Caitlin Minteer. Agenda Globus Toolkit Basic Data Management Systems Overview of Data Management Data Movement Grid FTP Reliable.

Data Management Kelly Clynes Caitlin Minteer. Agenda Globus Toolkit Basic Data Management Systems Overview of Data Management Data Movement Grid FTP Reliable.
SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.
OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.

OSG Services at Tier2 Centers Rob Gardner University of Chicago WLCG Tier2 Workshop CERN June 12-14, 2006.
OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.

OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.
1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

Similar presentations

Ads by Google