1 / 35

Status of VNU-HCM Grid Portal Project

Status of VNU-HCM Grid Portal Project. PRAGMA Workshop (Fukuoka, 23-24/01/2003). Hoang Le Minh, PhD VNU-HCM Software Technology Center http://igrid.vnuhcm.edu.vn. Outline. VNU-HCM Networking Services Grid Computing in VNU-HCM uPortal Framework: Architecture & Extensions

muireann
Télécharger la présentation

Status of VNU-HCM Grid Portal Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Status of VNU-HCM Grid Portal Project PRAGMA Workshop (Fukuoka, 23-24/01/2003) Hoang Le Minh, PhDVNU-HCM Software Technology Center http://igrid.vnuhcm.edu.vn

  2. Outline • VNU-HCM Networking Services • Grid Computing in VNU-HCM • uPortal Framework:Architecture & Extensions • Integrating Grid Services: Current & Future Work • Conclusions PRAGMA Workshop - Fukuoka - Jan 23, 2003

  3. Where we are ? PRAGMA Workshop - Fukuoka - Jan 23, 2003

  4. Hochiminh City Population: 6 millions Area: 2,093 sq km19% of total GDP 30% of state budget30 Univ. & Inst. 300.000 students PRAGMA Workshop - Fukuoka - Jan 23, 2003

  5. VNU-HCM Network Current Campus Network Backbone: (since 1998) 2/100Mbps, > 2500 hosts, 7 Universities and Institutions in HCMC • All on private IP (172.x.x.x) • Internet connection: 1.2 Mbps (Jan 03) • NAT mapping with 32 IPs (203.162.x.x) • A lots of proxies, firewalls, NAS, … Planed upgrades: 1Gbps backbone, 2-4 Mbps Internet connection, IP-based services VC, VoIP, Grid, … (2003-2005) PRAGMA Workshop - Fukuoka - Jan 23, 2003

  6. VNU-HCM Intranet (1998) PRAGMA Workshop - Fukuoka - Jan 23, 2003

  7. VNU-HCM Intranet (2003-2005) PRAGMA Workshop - Fukuoka - Jan 23, 2003

  8. VNU-HCM Networking Services • Provided E-mail, website, Internet access network-related services & management for > 25,000 full-time students, 2500 staff members • User management to access central services: e-mail, e-learning, databases, applications, computing resources • VNU-HCM Information Portal is being developed based on the Open Source uPortal Framework (www.ja-sig.org) • A lots of work has been done: single-sign on, news, e-mail, address book, LDAP user profile, user & group management, applications … PRAGMA Workshop - Fukuoka - Jan 23, 2003

  9. Why Portal ? Why Grid Portal ? • Private Network Addresses (Proxy) • Different Access from inside/outside (NAT) • Dial-up access, Low bandwidth backbone, Internet connectivity • Information and Computing Resource Sharing, Security, Management, etc… The Challenge:Develop/Integrate Portal-to-Grid Computing Domain 1 Domain 2 PRAGMA Workshop - Fukuoka - Jan 23, 2003

  10. Grid Computing in VNU-HCM • 1998-2001: Cluster parallel computing • 2002: uPortal Framework (iPortal) • 2002: Grid Computing Experiences with GLOBUS 2.x + Installed on 10 Linux PC servers + Self-certified (DNS, simpleCA) + LDAP/MDS + GRAM + GridFTP (Globus 2.2)Command line interface: very difficult to use. Cannot access from out side • 2003: Grid integration with Portal PRAGMA Workshop - Fukuoka - Jan 23, 2003

  11. What users prefer to ? • Single sign-on • Selection of channels and layouts • Common look & fell for all contents • Information exchange • Jobs control • Personal datamanagement PRAGMA Workshop - Fukuoka - Jan 23, 2003

  12. Required capabilities of Portal Grid Computing Type of portal Enterprise portal √ √ √ √ √ √ √ ? ? Content Management ? √ √ ? ? ? √ ? ? Web front-end ? √ ? ? ? ? ? ? √ uPortal (Java/XML) √ √ √ √ √ √ √ √ √ Internet Search Authentication Mngt & Accnt Authorization E-mail & Addr Web Services User Profile Group/Role www.ja-sig.org PRAGMA Workshop - Fukuoka - Jan 23, 2003

  13. Our solution: uPortal • Enterprise portal capacities • Common Framework for presenting aggregated contents (channels) • Single sign-on & Personalization • Group-based access control • Open source, collaborative effort • Java/XML/Web service technology • User Interface to Grid Computing(our current project) PRAGMA Workshop - Fukuoka - Jan 23, 2003

  14. Vietnam National University -Hochiminh Cityhttp://iportal.vnuhcm.edu.vn PRAGMA Workshop - Fukuoka - Jan 23, 2003

  15. LDAP User Profile / Group Management PRAGMA Workshop - Fukuoka - Jan 23, 2003

  16. User Interface Design • Authentication (what’s your identity) • Authorization (what you can access) • Directory services (LDAP user profile) • User Preferences (database back-end) • Channels for displaying content (XML feeding, XSL formatting) PRAGMA Workshop - Fukuoka - Jan 23, 2003

  17. A piped view Rendering/Integrating process PRAGMA Workshop - Fukuoka - Jan 23, 2003

  18. Grid interface • Globus command-line interfaces may be good for programmers, but not for usersglobusrun –s –r igrid.vnuhcm.edu.vn “&(executable=‘/home/users/hdung/submit’)(arguments=‘/home/users/hdung/script.job’) • Computational science environment is complex: • Users should access to a variety of distributed resources • Interfaces, OS’s, Grid tools vary and change often • Environment changes: Relocation/upgrade/Policies • Using multiple resources can be cumbersome • Grid adds complexity for programmers PRAGMA Workshop - Fukuoka - Jan 23, 2003

  19. Software Technologies in use • Portal framework for GSI: authentication, authorization, secure data transfer, computing resource sharing & management+ Authentication: LDAP/Proxy/Certificate+ Security: PKI-based system+ Information management: LDAP/MDS+ Resource management: GRAM, Job broker+ Data management: GSI-SSH, Grid-FTP • Grid Portal to Globus infrastructure services (upgrade to Globus 3.0 needed) • Open Source Technologies: Commodity Grid (Java CoG), GPDK -> uPortal framework (Java/XML), Web services • www.globus.org, dast.nlanr.net , www.ja-sig.org PRAGMA Workshop - Fukuoka - Jan 23, 2003

  20. uPortal and Globus • Multi-tier web application with scalability • HTML/WML browser communicate with Portal server by http/https • Portal services can integrate / communicate with Java Commodity Grid services of Globus • Globus provides access to Gatekeeper, MDS, PKI. • Web Services/XML as main data/service exchange format between tiers PRAGMA Workshop - Fukuoka - Jan 23, 2003

  21. Security Terminology • Certificates: file(s) that identify a person digitally • Keyfile: the key to unlock the certificate, contains encrypted passphrase • Certificate Authority: an entity which creates certificates • Proxy certificate: a short-lived unencrypted certificate/key pair (one file) • DN: distinguished name. A unique identifier for a person (/C=VN/O=VNUHCM/OU=Physics Department/CN=Hoang Dung /USERID=hdung) PRAGMA Workshop - Fukuoka - Jan 23, 2003

  22. Grid Service Terminology • GSI: Uniform authentication, authorization, secure protection, single sign-on, delegation, identity mapping • Public key technology, SSL, X.509, GSS-API • Certificate Authorities: certificate & key management • GRAM: Job instantiation, management • MDS: Information discovery • GridFTP: Data management, File transfer PRAGMA Workshop - Fukuoka - Jan 23, 2003

  23. Authentication challenge • To run on behalf of the user: • User needs to have access to the end resource • User needs to delegate permission to the portal • User gives proxy certificate to the portal • Portal uses proxy certificate to access resources • X.509 Certificates: Digital identification • Usercert.pem • Userkey.pem • Allows for delegation of authority • Create proxy certificate • Short lived unencrypted certificate/key PRAGMA Workshop - Fukuoka - Jan 23, 2003

  24. X.509 Certificates: Proxy Generation Usercert.pem Userkey.pem passphrase Proxy File PRAGMA Workshop - Fukuoka - Jan 23, 2003

  25. Portal Functions • Secure authentication / authorization to remote resources. • View/store resource/user info on remote LDAP databases (MDS) • Proxy retrieve/delegation • Schedule jobs on remote hosts • Move large data between machines Proxy Job PRAGMA Workshop - Fukuoka - Jan 23, 2003

  26. Delegation of Authority • User generates proxy and delegates authority to portal • Portal uses the proxy credential as the basis for acting on behalf of the user • The proxy credential is passed to the computational resource by the portal through a grid service to prove authority to act for the user PRAGMA Workshop - Fukuoka - Jan 23, 2003

  27. The challenge • Proxy/MyProxy: Enabling secure, controlled remote access to heterogeneous computational resources and management of remote computation • Authentication and authorization • Resource discovery & characterization • Reservation and allocation • Computation monitoring and control • Gatekeeper • Single point of entry • Authenticates user, maps to local security environment, runs service • In essence, a “secure inetd” • Job manager • A gatekeeper service • Layers on top of local resource management system (e.g., PBS, LSF, etc.) • Handles remote interaction with the job PRAGMA Workshop - Fukuoka - Jan 23, 2003

  28. Grid Interface • Globus Toolkit includes several command line interfaces for job submission • globus-job-run: Interactive jobs • globus-job-submit: Batch/offline jobs • globusrun: Flexible scripting infrastructure • GRIS Server which runs on each resource • Given the resource DNS name, you can find the GRIS server (well known port = 2135) • GRIS Provides resource specific dynamic, on demand information: • Load, process information, storage information, etc. • “White pages” lookup of resource information • How much memory does machine have? • “Yellow pages” lookup of resource options • Which queues on machine allows large jobs? PRAGMA Workshop - Fukuoka - Jan 23, 2003

  29. Portal components in use My Proxy(dast.nlanr.net/Projects/MyProxy)+ Provides secure access via limited GSI proxy+ Runs myproxy-server on a trusted host+ Users' Globus credentials are delegated to server from “home" machine+ MyProxy credentials can be retrieved via Portal server+ Reduces security risks Java COG / Grid Portal Development Kit + But … no JSP/AWT/Swing/Applet + Modified to support XML/XSL/Web Services PRAGMA Workshop - Fukuoka - Jan 23, 2003

  30. Grid Portal Project Goals iGrid channel • Provides many Portal-based services • Ready to integrate with Grid Services • User can select a submission method • User can edit job title and other data • Portal selects host and target machines • Portal transfers the job and required datato target hosts • Portal starts and monitors the job • On completion, Portal writes output result to a LDAP server and send an e-mail notice to user PRAGMA Workshop - Fukuoka - Jan 23, 2003

  31. Grid Portal Project Goals Globus 3 integration • Must be migrated to Globus 3 • Scheduling Algorithm: target machines should be selected automatically based on MDS info (load, CPU, memory, etc.) • Web/Grid services integration • hen job status have been checked, transfer the results to user repositories and LDAP directory automatically PRAGMA Workshop - Fukuoka - Jan 23, 2003

  32. Grid Portal Project Goals Visualization to Grid Portal • View simulation (code, resources, etc.) • View Located/Acquired resources • View Initiated/Steered computation • View Collaborated jobs • View Usage accounting • View Results/Charts/Graphics AccessGrid Portal ? Why not PRAGMA Workshop - Fukuoka - Jan 23, 2003

  33. Feb Oct Aug June April Dec Sept May July Jan Nov March Tentative Project Plan 2003 Demo PRAGMA 4 Globus 3.0 migration Intranet Testing Visualization & Internet deployment iGrid channel development PRAGMA Workshop - Fukuoka - Jan 23, 2003

  34. Conclusions • Grid Portal - a user and programmer-friendly interface to Grid Computing • Grid Computing and Existing Portal Technologies Integration • Grid Portal provides single sign-on • Grid Portal Home Pages for Universities, user groups and individual users • Gateway to International Grid Computing Community Collaboration PRAGMA Workshop - Fukuoka - Jan 23, 2003

  35. Thank you for attention PRAGMA Workshop - Fukuoka - Jan 23, 2003

More Related