Presentation is loading. Please wait.

Presentation is loading. Please wait.

GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.

Published byGerard Ralf Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda."— Presentation transcript:

1 GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda

2 Overview What is Cyberinfrastructure and Grid Computing? What is Cyberinfrastructure and Grid Computing? What is Teragrid? What is Teragrid? Authenticating users and securing credentials Authenticating users and securing credentials GSI-SSH GSI-SSH Grid Proxies Grid Proxies Shibboleth Shibboleth Clemson’s Use of Grid Security Clemson’s Use of Grid Security

3 What is Cyberinfrastructure and Grid Computing? Cyberinfrastructure is a buzz word for grid computing. Cyberinfrastructure is a buzz word for grid computing. Cyberinfrastructure is the coordinated aggregate of software, hardware and other technologies, as well as human expertise, required to support current and future discoveries in science and engineering.Cyberinfrastructure is the coordinated aggregate of software, hardware and other technologies, as well as human expertise, required to support current and future discoveries in science and engineering.

4 The Structure of Cyberinfrastructure

5 What is Teragrid? TeraGrid is an open scientific discovery infrastructure combining leadership class resources at nine partner sites to create an integrated, persistent computational resource. TeraGrid is an open scientific discovery infrastructure combining leadership class resources at nine partner sites to create an integrated, persistent computational resource.

6 What is Teragrid… Really? Services High Performance Computing Visualization Data Storage Accessibility

7 Why Do We Use Security On Teragrid? While Teragrid was designed to be openly used by the scientific community to share information and solve computationally intensive problems using distrubuted resources it must be protected from ignorant or malicious users who might accidentally or intentionally damage or misuse those resources. While Teragrid was designed to be openly used by the scientific community to share information and solve computationally intensive problems using distrubuted resources it must be protected from ignorant or malicious users who might accidentally or intentionally damage or misuse those resources.

8 Authenticating Users and Securing Credentials Users must submit their personal information by US Mail. Users must submit their personal information by US Mail. To speed up the process it helps to have someone on the inside vouch for you. To speed up the process it helps to have someone on the inside vouch for you. All returned credentials are sent via US Mail after they call you to confirm your identity. All returned credentials are sent via US Mail after they call you to confirm your identity.

9 Grid Proxies A short term grid proxy is a certificate made in the X.509 standard from a long term client certificate that was stored on a remote machine called MyProxy when a user account is added to Teragrid. A short term grid proxy is a certificate made in the X.509 standard from a long term client certificate that was stored on a remote machine called MyProxy when a user account is added to Teragrid. This short term credential is stored on the local machine and can been used to access remote machines without a login name and password via GSI-SSH. This short term credential is stored on the local machine and can been used to access remote machines without a login name and password via GSI-SSH.

10 GSI-SSH GSI-SSH is a modded version of OpenSSH that uses a grid credential to authenticate users instead of a user name and password. GSI-SSH stands for Grid Security - Secure Shell and was developed by Globus.

11

12 Shibboleth Shibboleth allows users to make grid credentials from existing credentials such as a user name and password. Shibboleth allows users to make grid credentials from existing credentials such as a user name and password. This credential is a EEC or End Entity Certificate which is the certificate at the end of the authentication chain. This credential is a EEC or End Entity Certificate which is the certificate at the end of the authentication chain.

13 How Clemson is Using Grid Security CPSC881 has set up a small cluster that is running ROCKS a prepackaged Cyberinfrastructure set up on the CentOS platform. CPSC881 has set up a small cluster that is running ROCKS a prepackaged Cyberinfrastructure set up on the CentOS platform. Tomcat with Globus has been set up so that users with a valid credential can use web services over https as long as the name in their grid credential is the same as the one in their.gridmap file that is mapped to a local account. Tomcat with Globus has been set up so that users with a valid credential can use web services over https as long as the name in their grid credential is the same as the one in their.gridmap file that is mapped to a local account.

14 Clemons’s Future With Grid Security Clemson’s future with grid computing is to get a campus wide allocation on Teragrid so that all users can simply use their student login in Grid Shib to get a grid credential for use on the Grid.

15 References http://www.teragrid.org/ http://www.teragrid.org/ http://www.teragrid.org/ http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://grid.ncsa.uiuc.edu/myproxy/t gsso.html http://en.wikipedia.org/wiki/Cyberinf rastructure http://en.wikipedia.org/wiki/Cyberinf rastructure

Download ppt "GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Test harness and reporting framework Shava Smallen San Diego Supercomputer Center Grid Performance Workshop 6/22/05.

Test harness and reporting framework Shava Smallen San Diego Supercomputer Center Grid Performance Workshop 6/22/05.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.

Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009. Chapter 1, pp 19-28. For educational use only.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
The Cactus Portal A Case Study in Grid Portal Development Michael Paul Russell Dept of Computer Science The University of Chicago

The Cactus Portal A Case Study in Grid Portal Development Michael Paul Russell Dept of Computer Science The University of Chicago
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.

Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.
Globus Computing Infrustructure Software Globus Toolkit 11-2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.

NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.

Similar presentations

Ads by Google