www.eu-eela.org e-science grid facility for europe and latin america the genius grid portal giuseppe...
TRANSCRIPT
www.eu-eela.org
E-science grid facility for Europe and Latin America
The GENIUS Grid Portal
Giuseppe LA ROCCAINFN [email protected]
Joint EELA/EGEEIII Tutorial for Trainers,
30.06.2008 – 04.07.2008, Catania (Italy)
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Grid portal technology
GENIUS/EnginFrame: new version 4.0
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
Outline
2
3www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
A grid portal: why and how
• It can be accessed from everywhere and by “everything” (desktop, laptop, PDA, cell phone).
• It can keep the same user interface to several back-ends.
• It must be redundantly “secure” at all levels: – 1) secure for web transactions, – 2) secure for user credentials, – 3) secure for user authentication, – 4) secure at VO/VOMS level.
• All available grid services must be incorporated in a logic way, just “one mouse click away”.
• Its layout must be easily understandable and user friendly.
4www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
• A Grid Portal improves usability of Grids– Lowering end-user requirements for accessing the
Grid– Hiding the complexity of data and job services
management in the Grid
• A Grid Portal improves utilization of Grids– Making the Grid (r)evolution transparent to the
end-user– Providing an appealing user-friendly Web
interface – Enforcing Grid utilization policies
GRID Portal benefits
5www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
InteractiveApplications
Grid / Compute Farm
Internal Users
BatchApplications
Storage and Data
Grid Portal/ Gateway
ProjectManagers
Client Apps
Sta
nd
ard
pro
toco
ls
Licenses
Home Users
The GRID Portal / Gateway
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Grid portal technology
GENIUS/EnginFrame: new version 4.0
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
6
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
What EnginFrame is ?
• It is a web-based technology able to expose Grid services running on Grid infrastructures
• It allows organizations to provide application-oriented computing and data services to both users (via Web browsers) and applications (via SOAP/WSDL and/or RSS)
• It’s a Grid gateway
• It greatly simplifies the development of Web Portals exposing computing services that can run on a broad range of different computational Grid systems
7
8www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Spoolers
HTML page
Customplugin
Script
Browser
SDF
XML
EnginFrame
Server
HTMLXSLT
GridCompute
Farm
GridCompute
Farm
MetaFrame
+ NFuse
MetaFrame
+ NFuse ApplicationServer
ApplicationServer
EnginFrame
Agent
Execute
Service
Req
XML output
Service Req
User
Authorize
Groups, ACLs
XML
Layout
XSL
Service Submission
EnginFrame Working Environment
9www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
<ef:service id="gzip"> <ef:name>gzip sample</ef:name> <ef:option id="level" label="Compression level" type="list"> <ef:option id="9">maximum</ef:option> <ef:option id="4">medium</ef:option> <ef:option id="0">none</ef:option> </ef:option> <ef:option id=”FILE" label="File to compress" type="file"/> <ef:action id="submit" label="Submit job"> EF_SPOOLER_NAME="gzip $file” export EF_SPOOLER_NAME ${EF_ROOT}/plugins/lsf/bin/bsub -o output.txt gzip -$level \"$FILE\” <ef:result type="text/xml"/></ef:action> </ef:service>
Service example
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Who uses EnginFrame?
• Mechanical – Ferrari, Audi, BMW, FIAT
Auto, Elasis, Magneti Marelli, P+Z, Swagelok, Toyota, TRW
• Manufacturing – Bridgestone, Procter &
Gamble, Galileo Avionica
• Oil&Gas – Slavneft, Schlumberger,
TOTAL, VNIIGaz
• Electronics – STMicroelectronics, Accent,
SensorDynamics, Motorola
• Biotech – ENEA, EGEE LS community
• Telecom – Telecom Italia
• Research – INFN, ASSC, CCLRC, CERN,
CILEA, CINECA, CNR, CNRS/IN2P3, ENEA, FzU, ICI, IFAE, ITEP, JSC G.G.M., KU Leuven, SSC-Russia, SDSC
• Education – Dresda University, Ferrara
University, ITU, Messina University, Politecnico of Milan, Technische Universität Dresden, Trinity College Dublin, Salerno University, S-PACI
10
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
• GENIUS is a powerful Grid Portal that allows scientists to exploit Grid resources only using a conventional Web browser
• It has been built on top of the EnginFrame framework
• It’s a gateway to European EGEE Project middle-ware
• It allows to expose gLite-enabled applications via Web-browser as well as Web Services
What GENIUS is ?
11
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS architecture
Globusmiddleware
Computeresources
EGEE middlewareLCG-2 / gLite
Local DataDistributed
Data
Classic GENIUS
Authentication – ACL management
Data Management & VirtualizationGeneral XMLApplication Kits
VO n - XMLApplication Kit
VO 1 - XMLApplication Kit
Monitoring& Accounting
VNC remoteDesktop over SSL
X509 Proxy w/ VOMS extensions
End users
Presentation engine
WSDL/SOAP
3rd partyApps
HTTP
RSSClients
JSR168
PortletContainers
Portlet GW WS GW RSS GW
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Reference Web Site: https://genius.ct.infn.it
13
14www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: files management
15www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Grid Preferences
16www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Job Submission
17www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Job Submission
18www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Job Submission
19www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Code for Job Queue management rewritten using GridML tags
GENIUS: Job(s) Queue
20www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
New Confirmation Message!
GENIUS: Job Retrieving
21www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Data Spooler
22www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Tight VNC
GENIUS: Interactive Services
23www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Local Browse on laptop
Remote Browse
on UI
(GENIUS Server)
Extended Remote
File Browse
on LFC Catalog
GENIUS: Data Management
24www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Extended Multiple Remote File Browsing on Catalog!
GENIUS: Data Management
25www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Workflow
26www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Workflow
27www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Workflow
28www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Workflow
29www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Workflow
30www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Workflow
31www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Workflow
32www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Submit Workflow
33www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Submit Workflow
34www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Submit Workflow
35www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Submit Workflow
36www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Submit Workflow
37www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Submit Workflow
38www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
GENIUS: Submit Workflow
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
• All web transactions are executed under the Secure Socket Layer (SSL) via HTTPS
• The user must have an account on the User Interface
• When the user wants to interact with the file-system of the UI, he gets prompted for the username and password of the account on that machine
• All the glite functionalities are integrated in the portal and accessible only after the creation of the voms-proxy through the applet
GENIUS: security infrastructure
39
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
1. Authentication with the User Interface
2. Authentication to the Grid.
Input password of the proxy
( specified when you execute myproxy-init )
Input password of the user account
Improved Security
40
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Grid portal technology
GENIUS/EnginFrame: new version 4.0
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
41
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
A CAPTCHA Code is required to start the VOMS Proxy Applet for the proxy initialization
The Java plugin 1.6.0 or higher is mandatory required.
42
VOMS Proxy Init Service
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Jointly developed by NICE and INFN Catania
43
VOMS Proxy Init Service
44www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
VOMS Proxy Init Service
45www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
VOMS Proxy Init Service
46www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
VOMS Proxy Init Service
47www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
VOMS Proxy Init Service
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Now the user is authenticated on gLite middleware
48
VOMS Proxy Init Service
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Grid portal technology
GENIUS/EnginFrame: new version 4.0
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
49
50www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
1. Starting from Feb. 2008 also the Italian INFN CA will start to issue Robot Certificates. Thanks to these new certificates biologists will be able to access the grid sharing the certificate installed on the portal.
2. UK and NL CA are already issuing robot certificates
3. The decision of the INFN CA is a great success of the BioinfoGRID project
Robot Certificates
51www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Your identity: /C=IT/O=GILDA/OU=Robots/L=INFN Catania/CN=Robot:MrBayes - Giuseppe La Rocca
Creating temporary proxy ................................ Done
Contacting voms.ct.infn.it:15001 [/C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it] "gilda" Done
Creating proxy ............................................................................... Done
Your proxy is valid until Thu May 8 21:42:05 2008
Robot Certificates
52www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
• In order to strong reduce the risks of having the portal certificate compromised and improve the security, the INFN CA has decided to issue this new certificate on board of the Aladdin eToken PRO smart card.
– http://www.aladdin.com/etoken/
• Each smart card can support several robot certificates: one for each application user wants to share with the other. – An user’s PIN is prompted every time user try to read
the certificate on board of the smart card to generate a proxy.
53www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Admin
User
Play live video
GENIUS & Robot Certificates
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Grid portal technology
GENIUS/EnginFrame: new version 4.0
VOMS Proxy Init Service
Robot Certificates
Summary and Conclusions
58
www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Summary and ConclusionsGENIUS offers the following advantages:• it is a complete production-ready environment which combines the
concepts of “user portal” and “science portal”;• absolutely no client software needs to be installed on the user’s
workstation apart from the web browser with its usual plug-ins like Java (at least JRE 1.6.0 or higher);
• it provides a new unique tool to authorize users, in a very strong secure way, into the grid environment with or without VOMS support as well, easy to use;
• it includes support for both single and composite jobs (including DAG’s);
• interactive analysis and web access to personal spooling areas are possible;
• environment and settings customizable for the users;• security for data management and sessions.
59
60www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
References
• NICE web-site http://www.nice-italy.com• EnginFrame Framework
http://www.enginframe.com• GENIUS Portal https://genius.ct.infn.it • GENIUS Repository at
https://geniuscvs.ct.infn.it• GENIUS based on gLite at
https://glite-tutor2.ct.infn.it
GENIUS Installation• GENIUS Repository at
https://geniuscvs.ct.infn.it• Write an email message to
[email protected] or [email protected] for an account request to download the GENIUS package
61www.eu-eela.eu Catania (Italy) , Joint EELA/EGEEIII Tutorial for Trainers, 30.06.2008 – 04.07.2008
Questions …