1 / 26

Review resources access policy, procedures, rules and challenges: The Italian experience and future challenges

Review resources access policy, procedures, rules and challenges: The Italian experience and future challenges . Antonia Ghiselli INFN-CNAF Workshop on eInfrastructures (Internet and Grids) The new foundation for knowledge-base Societies Roma, Accademia Nazionale dei Lincei 9 December 2003.

ellis
Télécharger la présentation

Review resources access policy, procedures, rules and challenges: The Italian experience and future challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Review resources access policy, procedures, rules and challenges:The Italian experience and future challenges Antonia Ghiselli INFN-CNAF Workshop on eInfrastructures (Internet and Grids) The new foundation for knowledge-base Societies Roma, Accademia Nazionale dei Lincei 9 December 2003

  2. Outline • Introduction: • INFN resource sharing experience in the past • INFN-Grid and the national research grid • Goals and Results • Italian-Grid present status • Resource access mechanism and management tools • production service :Management, operations and support organization • International Grid scenario: LCG and EGEE • Challenges: Multi-grids for multi-VOs • Multi–grids :definitions and issues • Conclusions

  3. INFN Computing Resource sharing in the past user • 80th • RJE to INFN resources by INFN users • Resource sharing within a single distributed community (agreement between sites based on common convenience ) • Access policy agreement: • low priority queues during the night • Proxy logins mechanism TRENTO user UDINE MILANO PADOVA TORINO LNL PAVIA TRIESTE user FERRARA PARMA GENOVA Network CNAF BOLOGNA PISA FIRENZE S.Piero user PERUGIA LNGS ROMA ROMA2 L’AQUILA user LNF SASSARI NAPOLI BARI LECCE SALERNO CAGLIARI COSENZA PALERMO CATANIA LNS VAX/VMS cluster

  4. INFN Computing Resource sharing in the past user • 90th : Condor – INFN collaboration • Condor submit to INFN desktops and workstations • Users Resource sharing by INFN users • Access policy agreement: transparent access through CPU cycle stealing • ~300 machines, still up. TRENTO user UDINE MILANO PADOVA TORINO LNL PAVIA TRIESTE user FERRARA PARMA GENOVA Condor on WAN CNAF BOLOGNA PISA FIRENZE S.Piero user PERUGIA LNGS ROMA ROMA2 L’AQUILA user LNF SASSARI NAPOLI BARI LECCE SALERNO CAGLIARI COSENZA PALERMO CATANIA LNS

  5. INFN Computing Resource sharing in the past user • 1999 • Globus evaluation on WAN • Preliminary grid tests to the INFN-Grid project. TRENTO user UDINE MILANO PADOVA TORINO LNL PAVIA TRIESTE user FERRARA PARMA GENOVA Globus test CNAF BOLOGNA PISA FIRENZE S.Piero user PERUGIA LNGS ROMA ROMA2 L’AQUILA user LNF SASSARI NAPOLI BARI LECCE SALERNO CAGLIARI COSENZA PALERMO CATANIA LNS

  6. INFN-Grid – goals (started at 2000) • To promote computational grid technologies research & development: Middleware • Through european and international projects • DataGrid, DataTAG, GLUE • Internal R&D activities • To implement the INFN grid infrastructure • National layout: 20 sites • To set up the national Grid Infrastructure for the national research community • FIRB: Grid.it • To participate to the implementation of the global Grid infrastructure for the LHC community • LCG: Tier1 and n*Tier2 • To set up the eInfrastructure for the European Research Area • EU FP6: EGEE, IG-BIGEST

  7. INFN-Grid – collaborations and results • EU - Datagrid : middleware development • WMS = job submission to the Grid, • CE and SE selection on the basis of job requirements specification, CPU load, CE-SE network conditions….. • Support for interactive jobs • Job checkpointing • Support for parallel jobs • Virtual Organization authentication and authorization service: VOMS (VO Membership Service, EDG/EDT) • EU – DataTAG : inter-grid Interoperability; EU-US collaboration within the GLUE framework • Grid Resources Information modeling: GLUE schema for Computing and Storage Element • Authorization/authentication service : VOMS-VOX integration (EDT-Fnal/CMS coll.) • First WorldGrid demo by nov.2002 within IST2002 and SC2002 events • Grid monitoring system based on GLUE schemas extension • Italian Grid.it : Grid management and support infrastructure • First tools in production • R&D on Resource Utilization Policies

  8. Italian – Grid now (Site/resource map) INFN CMS T2 T2/3 Atlas T2 T2/3 Alice T2 T2/3 LHCb T2 T2/3 Babar VIRGO T2 (50-80 nodes) T3 (10-15 nodes) T1 Cnaf (~200) grid.it resources INFN (15-25 nodes) INAF (5-10 nodes) INGV (NEC computers), BIO (tbd) general purpose resources (8-15 nodes) TRENTO UDINE MILANO PADOVA TORINO LNL PAVIA National Grid (Internet) TRIESTE FERRARA PARMA GENOVA CNAF BOLOGNA PISA FIRENZE S.Piero PERUGIA LNGS ROMA ROMA2 L’AQUILA LNF SASSARI NAPOLI BARI LECCE SALERNO CAGLIARI COSENZA PALERMO CATANIA LNS Tot. ~ 600 nodes , next year~ 1000

  9. Resource access policies: Basic grid Authorization, authentication mechanisms Security characteristics: • Login via X.509 certificates from PKI/Certificate Authorities (CA) • Single sign-on. • The user is not required to repeat login procedures on the grid more than once. • Delegation. • Once a user has successfully identified himself with the Grid, it is possible for grid services to act on the behalf of the user as if they were the user himself. • User-based trust relationship. • All trust mechanism have the user’s credential at their core. • If a user wants to access farms A and B, there should be no need for farms A and B to trust each other. • Integrated with local systems. • The grid security mechanism does not supplant the local authorization mechanism, but instead work on top of it. • New membership concept: user belongs to a Virtual Organization

  10. Authentication Request OK C=IT/O=INFN /L=CNAF/CN=Pinco Palla/CN=proxy VOMSpseudo-cert VOMSpseudo-cert VOMS user User: CA, VO and Resource Providers • Certificates are issued by a set of well-defined Certification Authorities (CAs). • Grant authorization at the VO level. • Each VO has its own VOMS server. • Contains (group / role / capabilities) triples for each member of the VO. • RP’s evaluate authorization granted by VO to a user and map into local credentials to access resources CAs: Policies and procedures  mutual thrust VO-Manager (administer user membership, roles and Capabilities) cert-request agreement cert signing Resource provider (map into Local credential) cert/crl update Service

  11. Resource access policies • Authentication/ authorization: coded and tested procedures and tools • New issue : resource sharing according to Service Level Agreement • first trials based on “grid level priority queues” • ongoing research on more sophisticated mechanisms based on accounting + resource utilization Policies management Grid release VO-users (Requirements Support) VO-managers (VOMS and SLA Control) Grid management organization Resource providers / AA/SLA Certificate Authorities Grid deployment planning Grid operations / support

  12. Service level Agreement Resource availability Shared resources Italian Grid organization : integrates all the actors to provide flexible and efficient grid computing service Experiments (VOs) GRID resources Projects/owners Grid Resource Coordination Coordination Committee Grid Technical coordination Experimemt or research org. support release Configuration management Operations coordination Management coordination • VO representatives, • Grid technical coord., • Operations resp. • grid experts • Deployment Planning • resource Policy application • ……. Central management Team GridService support VO User support Support for New VO-users VO admin VO admin User Application Site-man Resource admin New VO admin & support Release distribution, documentation and porting

  13. Tools for Operations • Software repository : release maintenance and distribution • Installation and configuration: • Configuration and automatic installation tools for the production infrastructure sites • Release validation: • Integration/customization of middleware release with application specific software • GRID Site and GRID service validation • Testing programs to verify and validate site and services installation • Site manager support • Grid services, VO services support and User support • Monitoring: GridICE • Based on automatic resource discovery from Grid Information System • Dynamic monitoring of Grid services, Grid resources and Jobs • Customized view for • Grid Operation Center operators, and site managers • VO-managers and Grid Users

  14. 0perations Portal • User documentation • site managers documentation • Software repository • Monitoring • Trouble tickets system • Knowledge base http://grid-it.cnaf.infn.it

  15. Get your personal certificate

  16. How to register to a VO

  17. Monitoring tool

  18. Grid services User Interface Grid Monitoring (GridICE) VO server atlas VO server ingv VO server atlas Resource Broker BDII Information Index INFN-Padova INGV-Bologna Computing Element Storage Element Computing Element Storage Element GIIS GRIS1 GIIS GRIS1 GRIS GRIS GRAM GRAM RLS WorkerNode WorkerNode WorkerNode WorkerNode WorkerNode ... WorkerNode ...

  19. Grid Service monitoring

  20. Outline • Introduction: • INFN resource sharing experience in the past • INFN-Grid and the national research grid • Goals and Results • Italian-Grid present status • Resource access mechanism and management tools • production service :Management, operations and support organization • International Grid scenario: LCG and EGEE • Challenges: Multi-grids for multi-VOs • Multi-grids: definitions and issues • Conclusions

  21. International Grids scenario • LCG : First international experience on sharing resources between national grids • Grid Resource sharing issues : • how to guarantee the committed CPU power and satisfy local needs • How to guarantee priorities on VO-owned resources • Different needs for different VOs (HEP experiments plans) • Management coordination • Support coordination • EGEE : project based on national grids interconnection for an increased number of VOs • Not only middleware but mainly policies, service level agreement and management coordination issues • Need to find a model …..

  22. Grid access challenge: Grid and Virtual Organisations • The real problem at the basis of the grid idea is how to implement a coordinated resource sharing on a large scale for amulti-institutional and dynamic virtual organisation. - • From computer sharing to grid sharing • From multiple users to multiple VOs (INFN experiments + others research organizations)

  23. Challenges: Capability to provide multi-Grid computing service to Multi-VO General scenario Shared Resources and Services VO services and private resources VO services and private resources Shared Resources and Services Shared Resources and Services VO services and private resources VO services VO services

  24. VO-Virtual Grid on top of Multi-Grids • International VO is a multi-institutional distributed user community • Etherogeneous grid environment • Dedicated VO services • Dedicated resources • Shared resources with different policies VO-User VO - Virtual Grid VO-User VO-User RB VO-monitoring RB VOMS Vo-RLS Coordinated Vo-support National and International Grids US-Grid Italian-Grid EGEE same core services same middleware shared resources

  25. multi - grids : definitions and issues • National grid identity and authority boundaries • A coordinated set of shared resources and services providing defined SLAs. • A single management and operations organization • Specific authorization, accounting and monitoring tools • A collection of user communities (VOs) • Federation of grids, what does’t mean? • Cooperating grids to provide services to the common VOs? • Which level of transparency to VO-users? • Which Interoperability Requirements: • common core services? • common or interoperable collective services? (level of service interoperability) • Common Resource sharing policies? • What level of management/operations/support coordinations?

  26. Conclusions • Production grid does not mean only efficient, stable services but also: • A topology/organizational model capable to provide the most flexible and efficient computing service to VO-users across multiple grids • Sufficient level of service quality (SLA) • Operations and support coordination • the minimum level of interoperability in order to allow VO virtual grid configuration across multiple grids

More Related