Presentation is loading. Please wait.

Presentation is loading. Please wait.

GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.

Published byOscar Greene Modified over 9 years ago

Similar presentations

Presentation on theme: "GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK."— Presentation transcript:

1 GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK

2 15 February 2006Andrew McNab – GridSite Outline ● Recent “bulk file” oriented additions to the GridSite ( www.gridsite.org ) systemwww.gridsite.org – GridSite overview – Security model – Read/write access via HTTP(S) – Onetime passcodes – Third party transfers – SiteCast file location

3 15 February 2006Andrew McNab – GridSite GridSite Overview GridSite has evolved from the GridPP website management system Now provides a Grid-oriented security toolkit (libgridsite) and extensions to the Apache webserver Supports Grid/Web services on Apache using CGI – C/C++, Perl, other scripting languages See GridSite Web Services poster for more details

4 15 February 2006Andrew McNab – GridSite Design philosophy Most Grid deployments (eg LCG + EGEE) are based on protocols and security technologies derived from the Web So we attempt to reuse high quality implementations like Apache from the mainstream This significantly reduces our support burden, since core Apache, mod_ssl, OpenSSL,... is “RedHat's Problem” (or whoever does your distribution...)

5 15 February 2006Andrew McNab – GridSite Security model Authentication is done in Apache's mod_ssl using the client's X.509 certificate or GSI proxy – mod_gridsite dynamically modifies the OpenSSL callbacks to handle GSI proxies correctly VOMS attributes are extracted if present, and the server has access to a cache of any DN-Lists which have been fetched asynchronously. XML policy engine based on GACL or XACML languages decides whether access is permitted

6 15 February 2006Andrew McNab – GridSite Read / write access Almost all web traffic uses the GET method to fetch files, or POST to send the results of a form – But the HTTP/WebDAV RFCs also define PUT, DELETE and MOVE methods mod_gridsite adds support for these “write” methods, subject to the policy-based access model – So HTTP(S) servers act as read/write file stores Our htcp etc commands (cf scp) provide clients, but curl and many standard clients can be used too

7 15 February 2006Andrew McNab – GridSite Onetime passcodes For bulk files, may want an unencrypted data stream – cf GridFTP's use of an encrypted control channel and unencrypted data channel GridSite achieves this using an HTTPS GET/PUT to establish access rights – The server then issues an HTTP redirect to an HTTP URL – A onetime passcode is returned as a cookie This “GridHTTP” protocol works with unmodified versions of curl etc, and our htcp command

8 15 February 2006Andrew McNab – GridSite Third-party transfers WebDAV RFC defines a COPY method, which can be used for a client C to orchestrate a transfer of a file from remote server A to server B GridSite now implements this, both in the server (gridsite-copy.cgi) and client (htcp) We use onetime passcodes as a simple form of delegation from C to B, to give it the right to access the file – Supports both single stream and multistream HTTP

9 15 February 2006Andrew McNab – GridSite Third-party transfers A - has fileB - wants file C – Client/User “in charge” Onetime passcode GET - fetches passcode over HTTPS COPY - tells B to get file, gives passcode as cookie, over HTTPS GET file, using passcode, over HTTP file returned to B

10 15 February 2006Andrew McNab – GridSite SiteCast ● Current work is looking at how to locate local replicas of files on GridSite HTTP(S) servers ● Have designed a simple replica location system for farms with many disks/hosts – Implemented in server-side (mod_gridsite) and htcp – Uses multicast of Hypertext Cache Protocol queries to find lists of replicas of a given file: looks at filesystem rather than any database – no database to keep in sync; automatically avoids replicas on dead machines; multicast can be filtered / routed by network hardware

11 15 February 2006Andrew McNab – GridSite Summary ● GridSite ( www.gridsite.org ) is already used forwww.gridsite.org – Website/server management – Secured Web Services for grids, in C/C++/Scripts ● Now also has features for bulk file transfer – Fine grained, VOMS-aware access control – Secure Read/write using HTTP or HTTPS – Third party transfers using COPY ● Current work is on file location within a site – Using HTCP multicast to locate files – Very lightweight: no database needed

Download ppt "GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK."

Similar presentations

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.

30-31 Jan 2003J G Jensen, RAL/WP5 Storage Elephant Grid Access to Mass Storage.
Security middleware Andrew McNab University of Manchester.

Security middleware Andrew McNab University of Manchester.
DataGrid is a project funded by the European Union CHEP 2003 – 24-28 March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,

DataGrid is a project funded by the European Union CHEP 2003 – March 2003 – Grid-based access control – n° 1 Grid-based access control for Unix environments,
Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.

Andrew McNabTestbed / HTTPS, GridPP6, 30 Jan 2003Slide 1 UK Testbed Status Andrew McNab High Energy Physics University of Manchester.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org GridSite Storage Andrew McNab University of Manchester.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.

The GridSite Toolbar Shiv Kaushal The University of Manchester All Hands Meeting 2006.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.

Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.

Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.
GridFTP: File Transfer Protocol in Grid Computing Networks

GridFTP: File Transfer Protocol in Grid Computing Networks
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.

The GridSite Security Framework Andrew McNab University of Manchester.
20 March 2007 VOMS etc - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.

20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Andrew McNab - Manchester HEP - 6 November 2001 www.gridpp.ac.uk Old version of website was maintained from Unix command line => needed (gsi)ssh access.

Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.

Similar presentations

Ads by Google