1 / 25

Workflow repository, user specific monitor, and vulnerability analyzer in SEE-GRID

Workflow repository, user specific monitor, and vulnerability analyzer in SEE-GRID. 5 th EGEE User Forum, Uppsala, 12 April 2010. Robert Lovas , Sandor Acs, Akos Balasko, Zoltan Balaton, Miklos Kozlovszky MTA SZTAKI rlovas@sztaki.hu.

dot
Download Presentation

Workflow repository, user specific monitor, and vulnerability analyzer in SEE-GRID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Workflow repository, user specific monitor, and vulnerability analyzer in SEE-GRID 5th EGEE User Forum, Uppsala, 12 April 2010 Robert Lovas, Sandor Acs, Akos Balasko,Zoltan Balaton, Miklos Kozlovszky MTA SZTAKI rlovas@sztaki.hu The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no. 211338

  2. Overview • New tools and services in order to ease several tasks of end-users, application developers, and grid operators: • Grid Site Software Vulnerability Analyzer (GSSVA) • Common Workflow Repository Extension (CWRE), and • User/application Specific Grid Infrastructure Monitoring Extension (USGIME) of P-GRADE portal.

  3. SEE-GRID-SCI Contract n°: RI-211338 Project type: I3 Start date: 01/05/2008 Duration: 24 months Total budget: 3 214 690 € Funding from the EC: 2 500 000 € Total funded effort, PMs: 676.5 Web site: www.see-grid-sci.eu

  4. Operational & Monitoring Tools • Availability • System Load • Functionality • Security

  5. Security Issues • Grid user can be local user at sites • Software vulnerabilities (exploits,local root exploits) • Attacker can take control over site’s computers

  6. Software Vulnerability Testers • Investigated vulnerability checking programs (NESSUS, OpenVAS, PAKITI) • GSSVA is based on PAKITI • It is simple and opensource • Lightweight client • Problems with PAKITI • Firewallissues (HTTP) • Client software should be installed • Not sufficient user management (just one admin role is available) • No history

  7. Security Monitoring System should... • have a central registry, • use the gridinfrastructure (grid’s protocol), • be scalable and flexible, • log the change of the status of the nodes, • have well defined user roles and user friendly GUI.

  8. GSSVA: System architecture

  9. Running in SEE-GRID-SCI Production Grid

  10. Running in SEE-GRID-SCI Production Grid (2)

  11. P-GRADE portal in a nutshell Certificate and proxy management Grid and Grid resource management Graphical editor to define workflows and parametric studies Accessing resources in multiple VOs Built-in workflow manager and execution visualization GUI is customizable to certain applications

  12. Integrating P-GRADE portal with DSpace repository Portal DSpace repository • Goal: to make available workflow applications for the whole P-GRADE portal user community • Solution: Integrating P-GRADE portal with DSpace repository • Functions: • App developers can publish their ready-to-use and half-made applications in the repository • End-userscan download, parameterize and execute the applications stored in the repository End-users Portal Portal App developers • Advantage: • Appl. developers can collaborate with appl. developers and with end-users • Members of a portal user community can share their WFs • Different portal user communities can share their WFs

  13. Ranking of repositories 26

  14. New portlets • DSpace View • DSpace Download • DSpace Upload

  15. Implementation Lightweight Network Interface (LNI)

  16. Download dspace/48

  17. Upload

  18. Stand-alone view

  19. USGIME: Motivation • Available infrastructure monitoring tools.. • Developed for CE/Site/VO administrators • Are too complex for the users • Provide irrelevant information in the users’ point of view • Cannot be used to check the validity of the Certificate

  20. Goal • Allow users of P-GRADE Portal to test • The validity of their own Certificate • Accessibity of the connection between • Computing Elements and Storage Elements (using Remote Files and Logical File Catalog) • Portal Server and the Storage Elements (because of the possibility to create Parameter Study workflow using Autogenerator mechanism of P-GRADE Portal)

  21. Idea + List of Computing Elements,and Storage Elements P-GRADE Portal 2.7 List of SEs Pre-developed workflow Job generation is done accordingly the CE-list

  22. Implemented interface 1/3

  23. Implemented interface 2/3

  24. Implemented interface 3/3

  25. Summary • GSSVA addresses vulnerability issues of Grids, which can efficiently help administrators increase the security level of the site and leaving less chance for various attacks. • CWRE repository can be exploited as a bridge between more than 15 different P-GRADE portal installations worldwide, fostering the creation of new application developer communities from the individual developers, and provides more visibility of research achievements. • USGIME can assist the users to understand better the reasons for common critical failures and enable the execution of application specific tests systemically • The tools are in production and also available under GPL licence. • The future plans includes (among others) • the development of enhanced interfaces for visualization of historical information (GSSVA), • improvements towards more WEB2 functionalities (CWRE), and • enhancements based on the new users feedbacks (USGIME). • More SEE-GRID tools presented on 14 April 2010 (12:00) in the Auditorium: •  ANASTAS, Misev - Improvements of the grid infrastructure and services within SEE-GRID

More Related