Embed Size (px)
Citation preview
N
S
EW
Terms
• Globus is a US government-funded project that provides software tools that allow you to build grids and grid-based applications.
• Grid is a distributed computational tool that allows you to use geographically distributed resources for single computational project.
* “Grid computing : A practical guide to technology and applications”
N
S
EW
Virtual Organization
• The wide spectrum of problems, are associated with resource sharing for virtual organization
• VOs “share geographically distributed recourses, assuming the absence of global controller, and an existing trust relationship”
N
S
EW
Virtual Organization
• VO can be large or small, static or dynamic
• They may be only created to solve specific problem
N
S
EW
Virtual Organization
SUN
IBM
`
OTHERVO
N
S
EW
Differences between Grids and the older distributed tools
• Grid supports varied systems
• Grid could involve almost unlimited number of computational resources (the Internet)
• Security was considered a primary focus
Grid architectureGrid architecture
Application
Collective
Resource
Connectivity
Fabric
Application
Transport
Internet
LInk
Internet protocol Grid computing architecture
model
Includes protocols and Includes protocols and interfaces that provide access interfaces that provide access
to the resourcesto the resources
Includes core protocols from Includes core protocols from the Internet model.the Internet model.IP,DNS,BGP,IGRPIP,DNS,BGP,IGRP
Defines protocols that are Defines protocols that are necessary to control sharing of necessary to control sharing of
local resourceslocal resources
Includes protocols that provide Includes protocols that provide system oriented capabilitiessystem oriented capabilitiesIncludes protocols that are Includes protocols that are
targeted toward a specific targeted toward a specific applicationapplication
N
S
EW
Globus uses Certificate AuthorityGlobus uses Certificate Authority
• All grid resources need to be signed by a CA.• Registrant Authority works together with CA.• The RA approves or rejects request for
certificate and forwards information to CA.
N
S
EW
Certificate Authority
• Before CA can sign certificates for others, it must sign and issue certificates for itself.
• CA randomly generates its own key pair
• CA protects its private key
• CA creates its own certificate its info
• CA signs its certificate with its private key
N
S
EW
Certificate Authority
• Thus, its private key is sensitive to attacks from hackers.
• The most famous way to protect involves special hardware which doesn’t have network connection. The private key is stored inside the hardware and never leaves it. The hardware could support a smart card processor, if this is not very expensive tool. If this is not the case, dedicated hardware CA may be involved.
A hacker
N
S
EW
Grid certificate
• Provides identity
• Contains your information
• Contains your public key
• Will be used to decrypt the SSL session ID
• Has unique Distinguished Name (DN)
• Also called X.509
N
S
EW
Remote delegation: Grid proxy
• Acts as yourself:
• Submits a request to the foreign host on your behalf. Also called remote delegation
• Store proxy’s private key on the remote machine
N
S
EW
Conclusion
• Supercomputers are expensive and Supercomputers are expensive and specialized specialized
• Grid computers solve problems by Grid computers solve problems by using multiple computes instead of a using multiple computes instead of a single computer.single computer.
• This shift produces a dramatic This shift produces a dramatic increase in the speed and decrease in increase in the speed and decrease in the cost.the cost.
• However, it is also a shift from an However, it is also a shift from an environment that is secure by environment that is secure by definition to one that is public and definition to one that is public and secured like the Internet. Thus, secured like the Internet. Thus, security issues were considered a security issues were considered a primary focus on the way to primary focus on the way to developing this tool.developing this tool.
A hacker
A hacker
A hacker
A hacker
A hackerA hacker
