1 / 22

Hamza Mehammed Senior Trainer National e-Science Centre (Edinburgh) 15.04.2009

Hamza Mehammed Senior Trainer National e-Science Centre (Edinburgh) 15.04.2009. Getting Started with NGS. hamza.mehammed@nesc.ac.uk. Outline. How to apply for Access Authentication Authorisation Methods of Accessing the NGS NGS Portal. Apply for Access. Joining as: An individual user

kyrie
Download Presentation

Hamza Mehammed Senior Trainer National e-Science Centre (Edinburgh) 15.04.2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hamza MehammedSenior Trainer National e-Science Centre (Edinburgh)15.04.2009 Getting Started with NGS hamza.mehammed@nesc.ac.uk

  2. Outline • How to apply for Access • Authentication • Authorisation • Methods of Accessing the NGS • NGS Portal

  3. Apply for Access • Joining as: • An individual user • A site wishing to offer resources • A Virtual Organisation (VO) • Two-stage application process (as a user) • Apply for a UK e-Science certificate • Fill in the online application form for an NGS • account

  4. Certificates Get a user certificate (X.509 Format) for 1 year from https://ca.grid-support.ac.uk Visit local ‘RA Operator’ (ID) You’ll receive an email with a link in it to download your certificate into your browser You may need to export and/or convert the certificates to use the CLI options Certificate containes: Subject, public key, CA info, DN, dates…

  5. Accounts Apply online at : https://www.ngs.ac.uk/apply.php Fill in a form Contact details and a brief task description (achievement) Fill in number of CPU hours you need => Submit! All applications processed in a week Information on how to get started in the welcome email The NGS website has online tutorials Check your NGS account details (resource usage)

  6. Grid Security Infrastructure (GSI) Public Key Infrastructure (PKI) Public key and pivate key pair (pass phrase) (Mutual) Authentication: User/host Authorisation: Access control Used for Single-Sign-On (SSO) International Grid Trust Federation (IGTF) - EUGridPMA, APGridPMA and TAGGridPMA GSI versus Visa Card

  7. Proxy • Proof of identity using DN: • C=UK/O=eSciece/OU=NeSC/CN=Hamza Mehammed • Avoiding re-authentication • New certificate signed by the owner • New private and public keys • Delegation: acting on a user's behalf • Short lifetime (default 12 hours) • Protected only by the file permission

  8. Extracting the Keys • In your browser you will get a .p12 file • To get the certificate: openssl pkcs12 -in myCert.p12 -clcerts -nokeys \ -out $HOME/.globus/usercert.pem • To get the encrypted private key: openssl pkcs12 -in myCert.p12 -nocerts -out $HOME/.globus/userkey.pem • File permission: • Private key 600 and public key 644

  9. AA Life Cycle Create keys (public & private) Grid gateway RA mapping 1 DN => Account (e.g.: ngs0230) 2 results ID 6 3 job 4 5 unsigned certificate job 4b 4a 4 credentials signed certificate CA Myproxy server

  10. Become a Partner or Affiliate Site • Both partners and affiliates • Run NGS compatible software • Integrate monitoring • Support arrangements with the NGS • Site application form • Takes notlonger than 3 months • Install NGS Software Stack • Middleware, compilers and libraries • - Testing is performed by the NGS Inca framework

  11. Certificate Renewal and Revocation Renew certificates CA will warn (30 days before expiration) Import your certificate to your Browser You don't have to prove your identity to the RA RA checks that you are still entitled Revoke if Laptop was stolen Machine was compromised

  12. Methods of Accessing the NGS Grid GRID • Grid Sevices • Single-Sign-On • Myproxy servers Portal Command line • Complex • Flexible • Linux • C/C++ • Java • Python, ... API SSH / GSISSH • OpenSSH + GSI • Sinlge-Sign-On • Linux/Windows

  13. Myproxy • Credentials repository, global access and renewal of credentials username/ password 2 Portal 2 user proxy Gridnode username/ password 3 4 user proxy Myproxy Server Gridnode Gridnode 1 Credential upload Gridnode

  14. NGS Portals • Based on HTTPS and P-GRADE Portal • No knowledge of Grid systems implementation • No authentication for browsing • Support Globus Toolkit 2 • Provides: Job submission, File transfer, • Information service • Provides myproxy upload java tool • Testing and monitoring NGS resources (INCA)

  15. Job Submission

  16. Authentication to Use NGS Portal • Upload credentials to Myproxy server • Use upload tool (java web start) • Two myproxy server are available

  17. Loading Applications • Personal Applications • Different status • Examples / Tutorials • Load Applications

  18. Browse and Transfer Files

  19. Using GSI-SSH 1) 2) 3)

  20. Getting a certificate today Get a certificate and an account today Stay after the talks to chat to us with any questions Visit the NGS website www.ngs.ac.uk Bypass the ‘visit the local RA operator’ section Apply for a certificate during the drop-in session and get it approved there and then Need a USB stick to store it on and photographic id such as a driving licence or university id

  21. NGS Live CD • GSI-SSHTerm (Standalone) •  Globus, VDT, MyProxy and GSI-SSH CLI • PeCR: Perl Certificate Requestor • Availability • Download ISO • As a virtual machine (run under Windows or Linux with the free  VMWare Player

  22. Links Mailing lists • http://www.jiscmail.ac.uk/lists/NGS-NEWS.html • http://www.jiscmail.ac.uk/lists/NGS-STATUS.html • Quarterly Newsletter: new resource, stuff members, … • Research Papers from different discipline • Conferences and events The End!

More Related