Embed Size (px)
Citation preview
Introduction
GENIUS/EnginFrame: new version 4.1
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
Outline
• Grid technology allows users to share a wide pletora of distributed computational resources regardless of their geographical location.
Virtual services are exposed to the users through rather complex Command Line Interfaces or API languages.
Grid security is indeed based on the Public Key Infrastructure (PKI) of X.509 certificates and the procedure to get and manage those certificates is unfortunately not straightforward;
Up to now, the high security policy requested to access distributed computing resources has been a rather big limiting factor when trying to broaden the usage of Grids into a wide community of users;
+
+
User has to adhere to a Virtual Organization (VO)
User needs an account on one of the trusted User Interface (UI)
??VO VO
VOUniversity of Catania
Italian CNR
Italian institute of Particle Physics
Garr-B
+
+
=
Grid portals provide an added value to make Grids more
appealing for non-expert users.
5
A grid portal: why and how
• It can be accessed from everywhere and by “everything” (desktop, laptop, PDA, cell phone).
• It can keep the same user interface to several back-ends.
• It must be redundantly “secure” at all levels:
– 1) secure for web transactions, – 2) secure for user credentials, – 3) secure for user authentication, – 4) secure at VO/VOMS level.
• All available grid services must be incorporated in a logic way, just “one mouse click away”.
• Its layout must be easily understandable and user friendly.
• A Grid Portal improves usability of Grids
– Lowering end-user requirements for accessing the Grid
– Hiding the complexity of data and job services management in the Grid
• A Grid Portal improves utilization of Grids
– Making the Grid (r)evolution transparent to the end-user
– Providing an appealing user-friendly Web interface
– Enforcing Grid utilization policies
Grid Portal Benefits
InteractiveApplications
Intranet Clients
Win LX
UXMac
Grid / Compute Farm
Internal Users
BatchApplications
Storage and Data
Grid Portal/ Gateway
ProjectManagers
Client Apps
Standard protocols
Licenses
Home Users
The Grid Portal / Gateway
Introduction
GENIUS/EnginFrame: new version 4.1
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
What is EnginFrame ?
• It is a web-based technology able to expose Grid services running on Grid infrastructures
• It allows organizations to provide application-oriented computing and data services to both users (via Web browsers) and applications (via SOAP/WSDL and/or RSS)
• It’s a Grid gateway
• It greatly simplifies the development of Web Portals exposing computing services that can run on a broad range of different computational Grid systems
Spoolers
HTML page
Customplugin
Script
Browser
SDF
XML
EnginFrame
Server
HTMLXSLT
GridCompute
Farm
GridCompute
Farm
MetaFrame+ NFuse
MetaFrame+ NFuse
ApplicationServer
ApplicationServer
EnginFrame
Agent
Execute
Service
Req
XML output
Service Req
User
Authorize
Groups, ACLs
XML
Layout
XSL
Service Submission
EnginFrame Working Environment
<ef:service id="gzip"> <ef:name>gzip sample</ef:name> <ef:option id="level" label="Compression level" type="list"> <ef:option id="9">maximum</ef:option> <ef:option id="4">medium</ef:option> <ef:option id="0">none</ef:option> </ef:option> <ef:option id=”FILE" label="File to compress" type="file"/> <ef:action id="submit" label="Submit job"> EF_SPOOLER_NAME="gzip $file” export EF_SPOOLER_NAME ${EF_ROOT}/plugins/lsf/bin/bsub -o output.txt gzip -$level \"$FILE\” <ef:result type="text/xml"/></ef:action> </ef:service>
Service example
Who does use EnginFrame?
• Mechanical – Ferrari, Audi, BMW, FIAT
Auto, Elasis, Magneti Marelli, P+Z, Swagelok, Toyota, TRW
• Manufacturing – Bridgestone, Procter &
Gamble, Galileo Avionica• Oil&Gas
– Slavneft, Schlumberger, TOTAL, VNIIGaz
• Electronics – STMicroelectronics,
Accent, SensorDynamics, Motorola
• Biotech – ENEA, EGEE LS
community
• Telecom – Telecom Italia
• Research – INFN, ASSC, CCLRC, CERN,
CILEA, CINECA, CNR, CNRS/IN2P3, ENEA, FzU, ICI, IFAE, ITEP, JSC G.G.M., KU Leuven, SSC-Russia, SDSC
• Education – Dresda University, Ferrara
University, ITU, Messina University, Politecnico of Milan, Technische Universität Dresden, Trinity College Dublin, Salerno University, S-PACI
• GENIUS is a powerful Grid Portal that allows scientists to exploit Grid resources only using a conventional Web browser
• It has been built on top of the EnginFrame framework• It’s a gateway to European EGEE Project middle-ware• It allows to expose gLite-enabled applications via Web-
browser as well as Web Services
What is GENIUS ?
www.enginframe.com
www.nice-italy.com
www.infn.it
GENIUS: Grid Preferences
16
GENIUS: Job Submission
17
GENIUS: Job Submission
Code for Job Queue management rewritten using GridML tags
GENIUS: Job(s) Queue
New Confirmation Message!
GENIUS: Job Retrieving
GENIUS: Data Spooler
Tight VNC
GENIUS: Interactive Services
22
Local Browse on laptop
Remote Browse
on UI
(GENIUS Server)
Extended Remote
File Browse
on LFC Catalog
GENIUS: Data Management
23
Extended Multiple Remote File Browsing on Catalog!
24
GENIUS: Workflow
25
26
27
28
29
Introduction
GENIUS/EnginFrame: new version 4.1
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
VOMS Proxy Init Service
A CAPTCHA Code is required to start the VOMS Proxy Applet for the proxy initialization
The Java plugin 1.6.0 or higher is mandatory required.
Jointly developed by NICE and INFN Catania
Introduction
GENIUS/EnginFrame: new version 4.1
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
• Robot certificates have been introduced to permit users, who are not familiar with deal personal certificates and don’t belong to any VOs, to experience the Grid paradigm for research activity and reduce the initial barriers.
– They are extremely useful for instance to automate grid service monitoring, data processing production, distributed data collection systems.
– Basically these certificates can be used to identify a person responsible for an unattended service or process acting as client and/or server.
Robot certificates in a nutshell
• In order to strong reduce the risks to have the portal certificate compromised the INFN CA decided to issue this new certificate on board of the Aladdin eToken PRO 32K smart card.
• Each smart card can support several robot certificates: one for each
application user wants to share with the other. – An user’s PIN is prompted every time user try to
read the certificate stored on the smart card to generate a proxy.
– A first prototype of Grid Portal using robot certificate to generate an user’s proxy has been successfully designed.
Robot certificates in a nutshell
1. ask for a service
2. create a
proxy
with the robot
certificate
5. get the results3. execute action4. get output
2’,3
’. track
use
r
User
Admin
The GENIUS Portal & Robot Certificates
The Users Tracking System (UTS)
ACL-based services that enable easier
access control customization for
users not belonging to any group!
Porting the „MrBayes” application to Grid
Case study from
CNR - ITB
General Introduction
• MrBayes is a program for the Bayesian estimation of phylogeny.
• Bayesian inference of phylogeny is based on the posterior probability distribution of trees, which is the probability of a tree conditioned on the observations.
– To approximate the posterior probability distribution of trees MrBayes uses a simulation technique called Markov Chain Monte Carlo (or MCMC).
• The program takes as input a character matrix in a NEXUS file format.
• The output is several files with the parameters that were sampled by the MCMC algorithm.
• The application is CPU demanding, especially if the MPI version of the software is used.
WMS
LFC Catalog
SE
Phylogenetic analysis on large scale
Robot Certificate
UI + GENIUS Portal
Job SubmissionTool
GRID
• Job Submission Tool: is driven by the concept of “Task” as the applications are
– Each task could be independent or could be described as depended from another “Task”
– Each task is described by a “status” – The task is executed by a wrapper that takes care of
monitoring the task:• If the task is correctly executed the wrapper can
change the status of the task from “Free” to “Done”
• If a single step on the job execution fails, the whole task is considered failed and automatically rescheduled
• JST tool takes care of submitting jobs, retrieving the output and monitoring the status of each task
• It is able to deal with accidental failure of grid services• It is possible to change at run time the priority of each
task/application
JST characteristics
Web Interfaces & Video
https://glite-tutor1.ct.infn.it
Case study from
Porting the „ASTRA” application to Grid
The ASTRA project in a nutshell
• The ASTRA (Ancient instrument Sound/Timbre Reconstruction Application) projects aims to reconstruct the sound or timbre of ancient instruments using archaeological data as fragments from excavations, written descriptions, pictures...
• The technique used is the physical modeling synthesis, a complex digital audio rendering technique which allows to recreate a model of the musical instrument and produce the sound by simulating its behavior as a mechanical system.
Modeling and computation on the Grid
Computer
model
The Grid Network
Reconstructed sounds
Archaeological findings
Load the sounds on a piano keyboard and
play
How does ASTRA reconstruct the sound of the instruments ?
• The modeling process is known as Physical Modeling Synthesis • Physical modeling creates a virtual model of the instrument and reproduces its sound by simulating its behaviour as a mechanical system.»This approach is also referred to as “synthesis by rule”.
•The higher is the quality of the audio files, the longer is the time required
To have an idea of the needed time for simulation, on a Pentium IV 3.73 Ghz, 2GB RAM Personal Computer to correctly reproduce a sound lasting for 30 seconds it could be required more than 90 min.
(image unisa.it)
ASTRA project is involved on..
GRID
UI
ASTRA software
VOMS Server
WMS
User
Ancient Epigonion concert video now available
In June 2009, the concert "Musica @ Fisica", was organized bythe Catania Division of the Italian National Institute of Nuclear Physics. It was an important event which aimed at presentingthe main achievements of the ASTRA (Ancient instrumentSound/Timbre Reconstruction Application) project to theCultural Heritage community and to the General Public.
This world premiere showcased the sounds of an instrument of the past, reconstructed via computer-intensive modelling, being performed alongside real instruments such as violins and flutes as well as voices. The sounds of the Epigonion have been recreated by a team of researchers from the ASTRA project using the high-speed networks GEANT2 and EUMEDCONNECT
References
• Associazione SCATOLA SONORA - http://www.scatolasonora.org/ • ASTRA – www.astraproject.org• CERN - http://www.cern.ch/ • Conservatory of Music of Parma - http://www.conservatorio.pr.it/• Conservatory of Music of Salerno – http://www.consalerno.com/• EGEE - http://www.eu-egee.org/• EUMEDCONNECT2 - http://www.eumedconnect2.net/• EUMEDGRID – www.eumedgrid.org• GEANT2 - http://www.geant2.net/• GILDA – https://gilda.ct.infn.it • INFN – www.ct.infn.it• Physical Modeling Synthesis -
http://www.dei.unipd.it/~musica/Dispense/cap7.pdf
Introduction
GENIUS/EnginFrame: new version 4.1
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
Summary and Conclusions
GENIUS offers the following advantages:• it is a complete production-ready environment which
combines the concepts of “user portal” and “science portal”;• absolutely no client software needs to be installed on the
user’s workstation apart from the web browser with its usual plug-ins like Java (at least JRE 1.6.0 or higher);
• it provides a new unique tool to authorize users, in a very strong secure way, into the grid environment with or without VOMS support as well, easy to use;
• it includes support for both single and composite jobs (including DAG’s);
• interactive analysis and web access to personal spooling areas are possible;
• environment and settings customizable for the users;• security for data management and sessions.
References
• NICE web-site http://www.nice-italy.com• EnginFrame Framework
http://www.enginframe.com• GENIUS Portal https://genius.ct.infn.it • GENIUS Repository at https://geniuscvs.ct.infn.it• GENIUS based on gLite at
https://glite-tutor.ct.infn.it
GENIUS Installation• GENIUS Repository at https://geniuscvs.ct.infn.it• Write an email message to
[email protected] or [email protected] for an account request to download the GENIUS package
