1 / 42

Outline

Widening the number of e-Infrastructure users with Science Gateways and Identity Federations Giuseppe Andronico (giuseppe.andronico@ct.infn.it) INFN - Italy. Workshop on Science Applications And Infrastructure In Clouds And Grids– Oxford,15-16 March 2012. Outline.

titus
Download Presentation

Outline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Widening the number of e-Infrastructure userswith Science Gateways and Identity FederationsGiuseppe Andronico (giuseppe.andronico@ct.infn.it) INFN - Italy Workshop on Science Applications And Infrastructure In Clouds And Grids– Oxford,15-16 March 2012

  2. Outline • Introduction and drivingconsiderations • The Science Gateway paradigm: • Architecture • Authentication and Authorisation Schema • Access workflow • Gridtransaction model • The Authenticationprocess • Use cases and statistics • The forthcomingCloudEngine • Summary and conclusions

  3. Path to technologyuptake The Rogers “bell-shape” curve - Rogers, E. M. (1962), “Diffusion of Innovations”, Glencoe: Free Press.

  4. IT acceptance model – the Web Development of web browsers The World Wide Web Davis, F. D. (1989), "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS Quarterly 13(3): 319–340

  5. The evolutionleap in web browsers evolutionleap

  6. The eResearch2020 report(http://www.eresearch2020.eu/eResearch%20Brochure%20EN.pdf) • Some barriers in the adoption of Grids: • Changes on Grids means changes on applications • Time required to adapt usual workflows • Lack of structure to support anonymous access • Download and installation of applications • Interface • Slow to get to compared to other resources • Difficult to use in the beginning • Time spent to get the application compiled and running 6

  7. Using Gridsisnotstraightforward Users have to cope with complex security procedures, execution scripts, job description languages, command line based interfaces and lack of standards. This makes the learning curve very steep and keeps non IT-experts away.

  8. Anotherconsideration… # of users VRCs Thereis a hugenumber of non IT-experts out there who do notbelong to anyconstituted Virtual Research Community. How can weattractthem ?

  9. Ihave a dream… Can weincreasethe number of potentialgridusers by a factor of 1,000 ? … or even by a factor of 25,000 and more ?

  10. A new paradigm: the Science Gateway “A Science Gateway is a community-developed set of tools, applications, and data that is integrated via a portal or a suite of applications, usually in a graphical user interface, that is further customized to meet the needs of a specific community.” Teragrid

  11. IT acceptance model – the Grid Development of Science Gateway Requirement for sustainability Davis, F. D. (1989), "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS Quarterly 13(3): 319–340

  12. Primaryrequirement: building Science Gatewaysshould be likeplaying with • Standards • Simplicity • Easiness of use • Re-usability Sc. Gtwy E Sc. Gtwy A Sc. Gtwy B Sc. Gtwy C Sc. Gtwy D

  13. Ourreference model Administrator Power User Basic User Embedded Applications ....... App.1 App.2 App.N Science Gateway Standard-based (SAGA) middleware-independent Grid Engine Users from differentorganisationshavingdifferentroles and privileges

  14. AuthN & AuthZ Schema Science Gateway Authorisation Authentication GrIDP (“catch-all”) 1. Register to a Service Social Networks’ Bridge IdP IDPCT (“catch-all”) IDP_y 2. Sign in LDAP .........

  15. The Grid IDentity Pool (GrIDP)(http://gridp.ct.infn.it) This is a “catch-all” Identity Federation

  16. eduGAIN(www.edugain.org) All the Science Gateways are registered as Service Providers of eduGAIN

  17. Catania Grid Engine LiferayPortlets Science GW 1 Science GW 3 Science GW 2 Grid Engine Science GW Interface eToken Server UsersTrack & Monit. Users Tracking DB Data Engine Job Engine SAGA/JSAGA API Grid MWs DONE BymidApril By end ofApril DONE DONE 17

  18. Job Engine - Architecture GRID INFRASTRUCTURE(S) Job Check Status/ Get Output Worker Threads for Status Checking MONITORING MODULE USER TRACKING DB WT WT WT WT WT WT WT WT WT WT Job Submission Job Queue Worker Threads for Job Submission

  19. Job Engine - Features • The Job Engine has been designed with the following features in mind: 19

  20. Job Engine – Scalability • Submission time scales linearlywith number of jobs • >10,000 jobs a hour Job submission time (h) Time to submit 10,000 jobs (h) 40,000 jobs submitted in parallel ! 20

  21. Job Engine – Middleware interoperability • Both sequential and MPI-enabled jobs successfully executed • Tests with Globus planned

  22. Job Engine – Accounting & Auditing • A powerful accounting & auditing system is included in the Job Engine • It is fully compliant with EGI VO Portal Policy and EGI Grid Security Traceability and Logging Policy • The following values are stored in the DB for each job submitted: • User ID • Job Submission timestamp • Job Done timestamp • Application name • Job ID • Robot certificate ID • VO name • Execution site (name, latitude, longitude)

  23. Catania Science Gateways in numbers Overall usage (arb. units)

  24. Data Engine – Requirements • A file browser shows Grid files in a tree • File system exposed by the Science Gateway is virtual • Easy transfers from/to Grid (through the SG at the moment) are done in a few clicks • Users do not need to care about how and where their files are really located

  25. Data Engine – Usage Workflow 3. Proxy request 4. Proxy transfer 1. Sign in eTokenServer 2. Upload request 7. Upload on Grid 7. Tracking 6. Update DB 5. File Upload User Track. DB DOGS DB 25

  26. DOGS: Data On Grid Services – Back-end implementation • JSAGA API used to transfer data from/to storage elements • Hibernate to manage the VFS collecting information on files stored on Grid; any changes/actions in the user view affect the VFS • MySQL as underlying RDBMS • An additional component has been developed in order to keep track of each transaction in the users tracking DB

  27. DOGS: Data On Grid Services – Front-end implementation • A portlet has been created wit access provided only to federated users with given roles and privileges • The portlet view component includes elFinder, a web-based file manager developed in Javascript using jQuery UI for a dynamic and user friendly interface • http://elrte.org/elfinder

  28. Data Engine in action (1/2)

  29. Data Engine in action (2/2) «Share» to be addedsoon

  30. Summary of standardsadopted • The framework for Science Gateways developed at Catania is fully web-based and adopts official worldwide standards and protocols, through their most common implementations • These are: • The JSR 168 and JSR 286 standards (also known as "portlet 1.0" and "portlet 2.0" standards) • The OASISSecurity Assertion Markup Language (SAML) standard and its Shibboleth and SimpleSAMLphpimplementations • The Lightweight Direct Access Protocol, and its OpenLDAPimplementation • The Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptokiimplementation • The Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGAimplementation

  31. Science Gateways in action: e-Culture Science Gateway @ INDICATE http://www.indicate-project.eu http://indicate-gw.consorzio-cometa.it INDICATE Review Roberto Barbera Lyon, 20/09/2011

  32. Science Gateways in action: e-Culture Science Gateway @ INDICATE Use the HTTPS interface of Storage Elements Important for large-sizefiles

  33. Science Gateways in action: e-Culture Science Gateway @ INDICATE

  34. Science Gateways in action: e-Culture Science Gateway @ INDICATE Thanks to the collaboration with

  35. Science Gateways in action: GATE @ EUMEDGRID

  36. Science Gateways in action: MrBayes @ GISELA

  37. Science Gateways in action: GridEEG @ DECIDE

  38. The CHAIN Application Database(www.chain-project.eu/applications) Project-specific Science Gateways can be accessed from the CHAIN AppDB

  39. The forthcoming Cloud Engine Cloud Gateway Cloud App 1 Cloud App N Cloud App 2 Cloud Engine UsersTrack & Monit. Users Tracking DB OCCI API AWS Cloud MW

  40. Virtualexecutionenvironment: CLEVER • Host Management Layer: Host Manager • Performs physical resources monitoring and VEs allocation • Cluster Management Layer: Cluster Manager • Monitoring the overall state of the cluster, “coordinates” HMs • External components: XMPP Server and Distributed Database • XMPP advantages: host presence, open standard • Central failure point does not exist: fault tolerance mechanism with multiple CM instances

  41. Summary and conclusions • e-Infrastructures can be very beneficial platforms (especially for cultural heritage), provided they are really «easy to use» • Science Gateways with support for Identity Federations and Social Networks can revolutionize the way Gridinfrastructures are used, hugelywideningtheirpotentialuser base, especially non-IT experts and the “citizen scientist” • The adoption of standards (JSR 286, SAGA, SAML, etc.) represents a concrete investmenttowardssustainability • By design, the components (the “portlets” – our “Lego bricks”) of our Science Gateways have maximum re-usability and, indeed, they have been already adopted in/by several projects (CHAIN, DECIDE, EarthServer, EUMEDGRID-Support, GISELA, INDICATE, etc.) • Ifyouwant to integrate yourapplications in our Science Gateways, or simplyenableyourwebsites with ourauthenticationtools, pleasecontact me atsg-licence@ct.infn.it

  42. Thankyou

More Related