1 / 15

UK Testbed Status

UK Testbed Status. Andrew McNab High Energy Physics University of Manchester. Overview. “Testbed 0” GridPP Testbed EU DataGrid Testbed EDG Version TB support for GridPP Future TB support TB Summary. “Testbed 0”. All HEP experiment sites are part of Gavin’s “green dot” map.

randi
Télécharger la présentation

UK Testbed Status

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. UK Testbed Status Andrew McNab High Energy Physics University of Manchester Testbed / HTTPS, GridPP6, 30 Jan 2003

  2. Overview • “Testbed 0” • GridPP Testbed • EU DataGrid Testbed • EDG Version • TB support for GridPP • Future TB support • TB Summary Testbed / HTTPS, GridPP6, 30 Jan 2003

  3. “Testbed 0” • All HEP experiment sites are part of Gavin’s “green dot” map. • At least a Globus gatekeeper was running at some point. • In almost all cases this is actually an EDG gatekeeper - ie with extra functionality. Testbed / HTTPS, GridPP6, 30 Jan 2003

  4. GridPP Testbed • Uses Resource Broker at IC, MDS at RAL and VO at Manchester. Yesterday’s snapshot: Birmingham 2 cpus Bristol 3 Cambridge 16 IC 16 (+ 80 BaBar) Liverpool 2 Manchester 8 (+ 60 DZero/Atlas) Oxford 1 RAL 6 UCL 2 Testbed / HTTPS, GridPP6, 30 Jan 2003

  5. EDG Testbed • Yesterday’s snapshot via CERN RB/II: CERN 59 + 20 nl: Nikhef 140 fr: CC Lyon 22? + 74? + 409? fr: Polytechnique/LLR 6 it: CNAF Bologna 48 it: Padova 11 it: Legnaro 48 uk: IC 16 + 80 uk: Liverpool 2 uk: Manchester 8 + 60 uk: Oxford 1 uk: RAL 6 (so we’re doing ok internationally) Testbed / HTTPS, GridPP6, 30 Jan 2003

  6. EDG Version • Current EDG production release is 1.4.3 • Last time I gave this talk was at 1.2.2 • This now finally includes fixes for the “showstopper” problems, largely with Globus • spent most of September - December including new patches from Globus to fix problems with Information system, Job submission and File transfer. • Current release works pretty-much as advertised, although some aspects of the user-interface and installation are “obscure” Testbed / HTTPS, GridPP6, 30 Jan 2003

  7. Testbed Support for GridPP • Centered on http://www.gridpp.ac.uk/tb-support/ • including our own LCFG installation recipes that fill in the gaps • Peer-to-peer support for site admins on tb-support@jiscmail.ac.uk • (Roughly) fortnightly phone meetings ~30-60 mins: go through EDG, GridPP and site status • aim is to flag problems and questions to deal with offline • sitting-in on this quickly gives a status overview • Seems to work for the current Testbed size. Testbed / HTTPS, GridPP6, 30 Jan 2003

  8. Future Testbed Support • Ticket-based helpdesk system • experimented with Bugzilla - but would be good to use same system as Tier1A centre. • ideally put site admins into the system too, since can refer problems up or down then. • Need to include site admins in all aspects of support • keep them up to date; provide help they need; help them help their users. • Can we use regional Tier2 structures as a devolved support network, using local experts? Testbed / HTTPS, GridPP6, 30 Jan 2003

  9. TB Summary • All experimental HEP sites are involved at some level in Testbeds. • 9 are genuinely “part of a Grid” and accessible via the IC Resource Broker. • 5 are part of the EDG Application Testbed • out of 12 across the EDG • Expect to be able to include the others rapidly • Additional GridPP support and documentation provided beyond that from EDG. • Current mailing list/WWW/phone system ok • will need extending as more sites/users join Testbed / HTTPS, GridPP6, 30 Jan 2003

  10. Grid HTTPS Extensions • HTTPS is an interesting and important protocol for several reasons: • it is by far the most widely deployed secure protocolhas a large amount of high quality software that we could leverage • has excellent interaction with Firewalls, Network Address Translation and Application Proxies • has the potential to solve some of the problems sites have with private IP farms • HTTPS security done using X509 certificates (including GSI) • “the piece of the Grid we already had” • HTTP/1.1 (rfc2616) and extensions like WebDAV (rfc2518) have a rich set of methods (GET, PUT, DELETE, COPY etc) headers (“Expires:” etc) and Errors (“413 Request Entity Too Large”) • HTTP redirection allows you to change from HTTPS negotiation to HTTP unencrypted data transfer • Can HTTP/HTTPS be fast compared to other protocols though? Testbed / HTTPS, GridPP6, 30 Jan 2003

  11. HTTP as a data protocol • Same advantages as HTTPS: large amount of existing high quality software, and good operation with Firewalls, NAT etc. • Kernel-based “zero-copy” HTTP servers like tux are very efficient • need to do something like that to fully use a machine’s gigabit interface • Multistream HTTP and standard webservers as fast as GridFTP for ~300 MB transfers • At ~1 MB, multistream HTTP is much faster Testbed / HTTPS, GridPP6, 30 Jan 2003

  12. Delegation over HTTPS • HTTPS would be even more useful if could delegate GSI credentials over HTTPS • for example, to do third party transfers between two remote sites • Proposal exists to do this (“G-HTTPS”) by adding extra methods to HTTPS • this is designed to leverage and interoperate with existing browsers, servers, www libraries • stress backwards and pass-through compatibility • Basic implemention of this now added to file version of GridSite. Testbed / HTTPS, GridPP6, 30 Jan 2003

  13. Secure, Trusted Caches • Existing HTTPS isn’t cache-able: • end-to-end client-server needed for SSL to work • best you get is opaque proxying/tunneling of SSL • one of the long standing shortcomings of HTTPS • With delegation, can improve this: • identify a local cache you trust (in your VO maybe?) • delegate a credential to it • makes a proxy request via HTTPS: GET https://a.b.c/def • cache fetches this for you, using delegated credential • if can get an ACL for this file, may also be able to return file from cache in subsequent requests by you or other users in ACL Testbed / HTTPS, GridPP6, 30 Jan 2003

  14. Delegation and Portals • Some form of delegation also needed for Grid portals • G-HTTPS would provide a standard way of inserting GSI proxies into portals • However, a portal could also use G-HTTPS approach to pull proxies from server like MyProxy • Possible to use MD5 digest passwords for this stage • MD5 hash of password generated in the user’s browser • passed to portal webserver without it seeing the password • portal provides MD5 hash to proxy server and gets proxy or other credential in return • So some very useful mechanisms possible with a few extensions to existing HTTP software. Testbed / HTTPS, GridPP6, 30 Jan 2003

  15. Summary • HTTP has the potential to be a competitive data transport protocol. • HTTPS is already a “Grid protocol” • Delegation would add many possibilities • third party transfers with HTTP/HTTPS • secured, trusted caches would address caching shortcomings of HTTPS • Delegation provides useful mechanisms for Portals • inserting proxies into portals • using MD5 passwords to authenticate with proxy server • G-HTTPS proposal hopes to standardise some of this Testbed / HTTPS, GridPP6, 30 Jan 2003

More Related