thailand national grid project putchong uthayopas 1 and vara varavithya 2 1 director high...
TRANSCRIPT
![Page 1: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/1.jpg)
Thailand National Grid Project
Putchong Uthayopas1 and Vara Varavithya2
1 DirectorHigh Performance Computing and Networking Center
Kasetsart University, Bangkok, [email protected]
2 Department of Electrical Engineering
Faculty of EngineeringKing Mongkut’s Institute of Technology North Bangkok
![Page 2: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/2.jpg)
TNGP, APAN2005@BKK 2
Thai Grid Current Status
Currently in OperationDelivered Grid Monitoring and
Management Tools to CommunitiesGovernment Approve approx. 6M US$
funding the project for 3 yearsSupports
CertificationTechnical
Grid Technology Promotions
![Page 3: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/3.jpg)
TNGP, APAN2005@BKK 3
AgendaThailand National Grid ProjectThaiGrid Status UpdateCurrent Development in ThaiGrid
![Page 4: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/4.jpg)
TNGP, APAN2005@BKK 4
TNGP ObjectivesPromote the use of Grid TechnologiesExcellence in Grid TechnologyHuman Resource DevelopmentProvide Grid Infrastructure
Computing InfrastructureCommunication Structure
Help Establishing Standard and PracticesHouse the ThaiGrid Office
![Page 5: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/5.jpg)
TNGP, APAN2005@BKK 5
National Grid Committee
Business
StructureMinistry of ICT
Grid TechnologyExcellence Center
SIPA
ResearchInstitutions
Grid Users
Gov.Agencies
Com Sci. Eng. People
AcademicInstitutions
Researchers
![Page 6: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/6.jpg)
TNGP, APAN2005@BKK 6
Computing InfrastructureTera Flops
Machine
SatelliteClusters
32-proc.Machine
SatelliteClusters
32-proc.Machine
SatelliteClusters
32-proc.Machine
SatelliteClusters
32-proc.Machine
16 Satellite Sites
High Speed Network
![Page 7: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/7.jpg)
TNGP, APAN2005@BKK 7
Participated Organizations
KU, CU, KMITNB, KMUTT, KMITL, Mahidol, KKU, SUT, WU, AIT
Weather Forecast ServicesNECTEC
![Page 8: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/8.jpg)
TNGP, APAN2005@BKK 8
Human ResourceHousing Dozen of Grid Engineers
and Scientists at the excellence center
Systematically trains Grid Admins via series of tutorials and workshopsTarget 2,000 in three years
![Page 9: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/9.jpg)
TNGP, APAN2005@BKK 9
ApplicationsHealth Care Data Grid High Performance Computing
ApplicationsDrug DesignCFDFEMEvolutionary Computing
Financial Application
Based on Participated Inst.
Expertise
![Page 10: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/10.jpg)
TNGP, APAN2005@BKK 10
Targeted OutcomesRobust Grid Enable High Performance
Computing InfrastructureA set, 3-4, of Grid Applications Show
CasesSocial impact to Thai’s well beingSupports sciences and technology
2,000 HR DevelopmentGrid Technology Promotion
![Page 11: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/11.jpg)
TNGP, APAN2005@BKK 11
ThaiGrid Project Found Jan 2002
Build up a long term research partnership to explore The construction of Grid testbed and production
environment The building of Grid tools and middleware. The deployment of grid technology to support the mission
of scientific discovery The development of Grid application
![Page 12: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/12.jpg)
TNGP, APAN2005@BKK 12
ThaiGrid Overall Status
10 Clusters total AMATA – KU GASS – KU MAEKA – KU WARINE – KU CAMETA – SUT OPTIMA - AIT ENQUEUE – KMITNB PALM – KMITNB SPIRIT – CU INCA - KMUTT
110 Hosts (From SCMS)
158 CPUs (From SCMS)
![Page 13: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/13.jpg)
TNGP, APAN2005@BKK 13
ThaiGrid Status Map
![Page 14: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/14.jpg)
TNGP, APAN2005@BKK 14
SoftwareROCKS-3.2.0 (Shasta) with
HPC RollGrid RollSCE RollScheduler Roll
Globus Toolkits 2.4SCMSWeb Monitoring ToolShared Certificate Authority
![Page 15: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/15.jpg)
TNGP, APAN2005@BKK 15
ThaiGrid ToolsTGCheckPort – Checking the
firewall between sites
TGregister – Grid user management and automatically updated grid-mapfile system
![Page 16: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/16.jpg)
TNGP, APAN2005@BKK 16
TGregister
![Page 17: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/17.jpg)
TNGP, APAN2005@BKK 17
ApplicationDrug Design
ThaiGrid Drug Design PortalHIV Drug DesignAvian Flu Drug Design
![Page 18: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/18.jpg)
TNGP, APAN2005@BKK 18
Drug Design
![Page 19: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/19.jpg)
TNGP, APAN2005@BKK 19
![Page 20: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/20.jpg)
Proxy Certificate
Delegation
X.509SSL
Multi-Level User Implementation on X.509
ThaiGrid User Services
Two core concepts:
• X.509 digital certificates used as identity credentials
• Proxy Certificate used to delegate identity temporarily to other credentials
![Page 21: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/21.jpg)
Grid Security : Security VO manage• Management of VO - Discover VO by Grid participants - Authentication and authorization of participants to join VO - Access control: Participants access shared resources in VO
• The problem of VO security - Large number of distributed resources - Dynamic and complex relationships among organizations across trust domains - Resource utilization scenarios are complex and changing dynamically
![Page 22: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/22.jpg)
•Large and dynamic population•Different accounts at different sites •Personal and confidential data•Heterogeneous privileges (roles)•Desire Single Sign-On
UsersUsers
SitesSites• Heterogeneous Resources• Access Patterns • Local policies• Membership
• Group data • Access Patterns • Membership
GroupsGroups
Grid Security: VO’s Role
GridGrid
![Page 23: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/23.jpg)
Grid Security : Authorization management• Community Authorization Service
user
CA
CAS Server
Mutual authentication and access resource
Request proxyto CAS server
Reply restriced proxy to user
Delegation restriced proxy from CAS
CAS concept:• Reduce trust relationship by - Group user to community - Resource authorized community - Community authorized user - Constrain in proxy certificate
• But CAS cannot support authorization in small communities in VO and support only GridFTP
![Page 24: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/24.jpg)
Grid Security: Small Communities in VO
Component of small communities in VO Static users for assign authoritative Temporarily users accept authoritative from static users Users operation same jobs in small communities in VO Multi-level authoritative from user to user
Requirement of small communities in VOMechanism for direct assign authoritative
multi-level user management
![Page 25: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/25.jpg)
Authoritativecredentials
High-leveluser
Low-leveluser
Proxy generatorwith privilege authoritative
Authoritative privilege
generator
Gatekeeper
Check permitfor authorization
Grid mapfile
Run jobsCannot run jobs
GRID RESOURCEGRID RESOURCE
Multi-Level assign authoritative architecture
Generate assign authoritative
Request proxy with privilege authoritative
allow deny
Authentication & authorization with proxy privilege authoritative
![Page 26: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/26.jpg)
Multi-Level assign authoritative Concept
• Use Attribute Certificate concept for assign privilege authoritative
• Embed Attribute Certificate into X.509 Certificate
Subject:Subject:O=Grid, O=ThaiGrid, O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriyaOU=ee.kmitnb.ac.th, CN=suriyaIssuer: C=TH, O=Grid, O=ThaiGrid, Issuer: C=TH, O=Grid, O=ThaiGrid, CN=ThaiGrid CACN=ThaiGrid CAExpiration date: AugExpiration date: Aug 22 08:08:14 2005 22 08:08:14 2005 GMTSerial number: 625 (0x271)GMTSerial number: 625 (0x271)
CA Digital signatureCA Digital signature
Attribute CertificateAttribute Certificate::Issuer : Issuer : O=Grid, O=ThaiGrid, O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriyaOU=ee.kmitnb.ac.th, CN=suriyaHolder : O=Grid, O=ThaiGrid, Holder : O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=gridstaffOU=ee.kmitnb.ac.th, CN=gridstaffValidity date : JanValidity date : Jan 22 08:08:14 2005 GMTSerial 22 08:08:14 2005 GMTSerialextension : sun.ee.kmitnb.ac.th/allowextension : sun.ee.kmitnb.ac.th/allowIssuer Signature : MD5RSAEncryptionIssuer Signature : MD5RSAEncryption
Public KeyPublic Key
Concept :
![Page 27: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/27.jpg)
Transfer multi-level assign authoritative
Attribute Certificate:Attribute Certificate:Issuer : user AIssuer : user AHolder : user B,C,..XHolder : user B,C,..XPrivilege :host/allow/denyPrivilege :host/allow/denyValidity : 20050128:18:45Validity : 20050128:18:45Signature: user ASignature: user A
Proxy Certificate with ACProxy Certificate with ACIdentity : user BIdentity : user B
Public Key : user BPublic Key : user BValidity : 20050128:18:45Validity : 20050128:18:45Signature: CASignature: CA
Assign authoritative from user AAssign authoritative from user A
User B proxy-init with AC
User B
CA
User X
Resource
User A
User A is authoritative
privilege
User B can access
Step access same user B
Assign authoritative Assign authoritative to user B to user Xto user B to user X
![Page 28: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/28.jpg)
•
•
Current Development
Build tool support multi-level assign authoritative user management for small communities in VO
Modify Proxy Certificate by embedded
Attribute Certificate for access rights
![Page 29: Thailand National Grid Project Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University,](https://reader033.vdocuments.mx/reader033/viewer/2022061306/551490f7550346f06e8b5224/html5/thumbnails/29.jpg)
TNGP, APAN2005@BKK 29
ConclusionThe Start of Thailand National Grid
ProjectThaiGrid Operation has been in
operation and strong.Several applications, middleware
developmentLots more to come in human resource
development to foster grid efforts