the genius grid portal

www.eu-eela.org

E-science grid facility for Europe and Latin America

The GENIUS Grid Portal

Giuseppe LA ROCCAINFN [email protected]

Joint EELA/EGEEIII Tutorial for Trainers,

30.06.2008 – 04.07.2008, Catania (Italy)

www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008

Grid portal technology

GENIUS/EnginFrame: new version 4.0

VOMS Proxy Init Service

Robot Certificates

Summary and Conclusions

Outline

2

www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008 3

A grid portal: why and how

• It can be accessed from everywhere and by “everything” (desktop, laptop, PDA, cell phone).

• It can keep the same user interface to several back-ends.

• It must be redundantly “secure” at all levels: – 1) secure for web transactions, – 2) secure for user credentials, – 3) secure for user authentication, – 4) secure at VO/VOMS level.

• All available grid services must be incorporated in a logic way, just “one mouse click away”.

• Its layout must be easily understandable and user friendly.


• A Grid Portal improves usability of Grids– Lowering end-user requirements for accessing the

Grid– Hiding the complexity of data and job services

management in the Grid

• A Grid Portal improves utilization of Grids– Making the Grid (r)evolution transparent to the

end-user– Providing an appealing user-friendly Web

interface – Enforcing Grid utilization policies

GRID Portal benefits


InteractiveApplications

Grid / Compute Farm

Internal Users

BatchApplications

Storage and Data

Grid Portal/ Gateway

ProjectManagers

Client Apps

Sta

nd

ard

pro

toco

ls

Licenses

Home Users

The GRID Portal / Gateway





Robot Certificates


6


What EnginFrame is ?

• It is a web-based technology able to expose Grid services running on Grid infrastructures

• It allows organizations to provide application-oriented computing and data services to both users (via Web browsers) and applications (via SOAP/WSDL and/or RSS)

• It’s a Grid gateway

• It greatly simplifies the development of Web Portals exposing computing services that can run on a broad range of different computational Grid systems

7


Spoolers

HTML page

Customplugin

Script

Browser

SDF

XML

EnginFrame

Server

HTMLXSLT

GridCompute

Farm

GridCompute

Farm

MetaFrame

+ NFuse

MetaFrame

+ NFuse ApplicationServer

ApplicationServer

EnginFrame

Agent

Execute

Service

Req

XML output

Service Req

User

Authorize

Groups, ACLs

XML

Layout

XSL

Service Submission

EnginFrame Working Environment


<ef:service id="gzip"> <ef:name>gzip sample</ef:name> <ef:option id="level" label="Compression level" type="list"> <ef:option id="9">maximum</ef:option> <ef:option id="4">medium</ef:option> <ef:option id="0">none</ef:option> </ef:option> <ef:option id=”FILE" label="File to compress" type="file"/> <ef:action id="submit" label="Submit job"> EF_SPOOLER_NAME="gzip $file” export EF_SPOOLER_NAME ${EF_ROOT}/plugins/lsf/bin/bsub -o output.txt gzip -$level \"$FILE\” <ef:result type="text/xml"/></ef:action> </ef:service>

Service example


Who uses EnginFrame?

• Mechanical – Ferrari, Audi, BMW, FIAT

Auto, Elasis, Magneti Marelli, P+Z, Swagelok, Toyota, TRW

• Manufacturing – Bridgestone, Procter &

Gamble, Galileo Avionica

• Oil&Gas – Slavneft, Schlumberger,

TOTAL, VNIIGaz

• Electronics – STMicroelectronics, Accent,

SensorDynamics, Motorola

• Biotech – ENEA, EGEE LS community

• Telecom – Telecom Italia

• Research – INFN, ASSC, CCLRC, CERN,

CILEA, CINECA, CNR, CNRS/IN2P3, ENEA, FzU, ICI, IFAE, ITEP, JSC G.G.M., KU Leuven, SSC-Russia, SDSC

• Education – Dresda University, Ferrara

University, ITU, Messina University, Politecnico of Milan, Technische Universität Dresden, Trinity College Dublin, Salerno University, S-PACI

10


• GENIUS is a powerful Grid Portal that allows scientists to exploit Grid resources only using a conventional Web browser

• It has been built on top of the EnginFrame framework

• It’s a gateway to European EGEE Project middle-ware

• It allows to expose gLite-enabled applications via Web-browser as well as Web Services

What GENIUS is ?

11


GENIUS architecture

Globusmiddleware

Computeresources

EGEE middlewareLCG-2 / gLite

Local DataDistributed

Data

Classic GENIUS

Authentication – ACL management

Data Management & VirtualizationGeneral XMLApplication Kits

VO n - XMLApplication Kit

VO 1 - XMLApplication Kit

Monitoring& Accounting

VNC remoteDesktop over SSL

X509 Proxy w/ VOMS extensions

End users

Presentation engine

WSDL/SOAP

3rd partyApps

HTTP

RSSClients

JSR168

PortletContainers

Portlet GW WS GW RSS GW


Reference Web Site: https://genius.ct.infn.it

13


GENIUS: files management


GENIUS: Grid Preferences


GENIUS: Job Submission


Code for Job Queue management rewritten using GridML tags

GENIUS: Job(s) Queue


New Confirmation Message!

GENIUS: Job Retrieving


GENIUS: Data Spooler


Tight VNC

GENIUS: Interactive Services


Local Browse on laptop

Remote Browse

on UI

(GENIUS Server)

Extended Remote

File Browse

on LFC Catalog

GENIUS: Data Management


Extended Multiple Remote File Browsing on Catalog!

GENIUS: Data Management


GENIUS: Workflow


GENIUS: Submit Workflow


• All web transactions are executed under the Secure Socket Layer (SSL) via HTTPS

• The user must have an account on the User Interface

• When the user wants to interact with the file-system of the UI, he gets prompted for the username and password of the account on that machine

• All the glite functionalities are integrated in the portal and accessible only after the creation of the voms-proxy through the applet

GENIUS: security infrastructure

39


1. Authentication with the User Interface

2. Authentication to the Grid.

Input password of the proxy

( specified when you execute myproxy-init )

Input password of the user account

Improved Security

40





Robot Certificates


41


A CAPTCHA Code is required to start the VOMS Proxy Applet for the proxy initialization

The Java plugin 1.6.0 or higher is mandatory required.

42



Jointly developed by NICE and INFN Catania

43



Now the user is authenticated on gLite middleware

48






Robot Certificates


49


1. Starting from Feb. 2008 also the Italian INFN CA will start to issue Robot Certificates. Thanks to these new certificates biologists will be able to access the grid sharing the certificate installed on the portal.

2. UK and NL CA are already issuing robot certificates

3. The decision of the INFN CA is a great success of the BioinfoGRID project

Robot Certificates


Your identity: /C=IT/O=GILDA/OU=Robots/L=INFN Catania/CN=Robot:MrBayes - Giuseppe La Rocca

Creating temporary proxy ................................ Done

Contacting voms.ct.infn.it:15001 [/C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it] "gilda" Done

Creating proxy ............................................................................... Done

Your proxy is valid until Thu May 8 21:42:05 2008

Robot Certificates


• In order to strong reduce the risks of having the portal certificate compromised and improve the security, the INFN CA has decided to issue this new certificate on board of the Aladdin eToken PRO smart card.

– http://www.aladdin.com/etoken/

• Each smart card can support several robot certificates: one for each application user wants to share with the other. – An user’s PIN is prompted every time user try to read

the certificate on board of the smart card to generate a proxy.


Admin

User

Play live video

GENIUS & Robot Certificates





Robot Certificates


58


Summary and ConclusionsGENIUS offers the following advantages:• it is a complete production-ready environment which combines the

concepts of “user portal” and “science portal”;• absolutely no client software needs to be installed on the user’s

workstation apart from the web browser with its usual plug-ins like Java (at least JRE 1.6.0 or higher);

• it provides a new unique tool to authorize users, in a very strong secure way, into the grid environment with or without VOMS support as well, easy to use;

• it includes support for both single and composite jobs (including DAG’s);

• interactive analysis and web access to personal spooling areas are possible;

• environment and settings customizable for the users;• security for data management and sessions.

59


References

• NICE web-site http://www.nice-italy.com• EnginFrame Framework

http://www.enginframe.com• GENIUS Portal https://genius.ct.infn.it • GENIUS Repository at

https://geniuscvs.ct.infn.it• GENIUS based on gLite at https://glite-

tutor2.ct.infn.it

GENIUS Installation• GENIUS Repository at

https://geniuscvs.ct.infn.it• Write an email message to

[email protected] or [email protected] for an account request to download the GENIUS package


Questions …


Hands-on

Login : cataniaXX

OS passwd : GridCATXX

PassPhrase : CATANIA

where XX = 01,..,30

https://glite-tutor2.ct.infn.it

the genius grid portal

Documents