Docstoc

Building a Grid Portal in Vietnam National University - Welcome to

Document Sample
Building a Grid Portal in Vietnam National University - Welcome to Powered By Docstoc
					Status of VNU-HCM
Grid Portal Project
    PRAGMA Workshop
(Fukuoka, 23-24/01/2003)


             Hoang Le Minh, PhD
       VNU-HCM Software Technology Center
           http://igrid.vnuhcm.edu.vn
                        Outline

• VNU-HCM Networking
  Services
• Grid Computing in
  VNU-HCM
• uPortal Framework:
  Architecture & Extensions
• Integrating Grid Services:
  Current & Future Work
• Conclusions
              PRAGMA Workshop - Fukuoka - Jan 23, 2003   2
    Where we are ?




PRAGMA Workshop - Fukuoka - Jan 23, 2003   3
                Hochiminh City




Population: 6 millions            Area: 2,093 sq km
19% of total GDP                  30% of state budget
30 Univ. & Inst.                  300.000 students
            PRAGMA Workshop - Fukuoka - Jan 23, 2003    4
          VNU-HCM Network

Current Campus Network Backbone:
  (since 1998) 2/100Mbps, > 2500 hosts,
  7 Universities and Institutions in HCMC
• All on private IP (172.x.x.x)
• Internet connection: 1.2 Mbps (Jan 03)
• NAT mapping with 32 IPs (203.162.x.x)
• A lots of proxies, firewalls, NAS, …
Planed upgrades: 1Gbps backbone,
  2-4 Mbps Internet connection, IP-based
  services VC, VoIP, Grid, … (2003-2005)
            PRAGMA Workshop - Fukuoka - Jan 23, 2003   5
VNU-HCM Intranet (1998)




   PRAGMA Workshop - Fukuoka - Jan 23, 2003   6
VNU-HCM Intranet (2003-2005)




      PRAGMA Workshop - Fukuoka - Jan 23, 2003   7
      VNU-HCM Networking Services

• Provided E-mail, website, Internet access
  network-related services & management for >
  25,000 full-time students, 2500 staff members
• User management to access central services: e-
  mail, e-learning, databases, applications,
  computing resources
• VNU-HCM Information Portal is being developed
  based on the Open Source uPortal Framework
  (www.ja-sig.org)
• A lots of work has been done: single-sign on,
  news, e-mail, address book, LDAP user profile,
  user & group management, applications …
               PRAGMA Workshop - Fukuoka - Jan 23, 2003   8
     Why Portal ? Why Grid Portal ?

• Private Network Addresses (Proxy)
• Different Access from inside/outside (NAT)
• Dial-up access, Low bandwidth backbone,
  Internet connectivity
• Information and Computing Resource
  Sharing, Security,
  Management, etc…

The Challenge:
                                     Domain 1
Develop/Integrate
Portal-to-Grid                          Domain 2

Computing
              PRAGMA Workshop - Fukuoka - Jan 23, 2003   9
    Grid Computing in VNU-HCM
• 1998-2001: Cluster parallel computing
• 2002: uPortal Framework (iPortal)
• 2002: Grid Computing Experiences with
  GLOBUS 2.x
     + Installed on 10 Linux PC servers
     + Self-certified (DNS, simpleCA)
     + LDAP/MDS
     + GRAM
     + GridFTP (Globus 2.2)
  Command line interface: very difficult
  to use. Cannot access from out side
• 2003: Grid integration with Portal
           PRAGMA Workshop - Fukuoka - Jan 23, 2003   10
             What users prefer to ?
• Single sign-on
• Selection of channels
  and layouts
• Common look & fell
  for all contents
• Information
  exchange
• Jobs control
• Personal data
  management



                PRAGMA Workshop - Fukuoka - Jan 23, 2003   11
         Required capabilities of Portal




Type of portal

Enterprise portal   √     √      √       √      √      √       √   ?   ?
Content
   Management        ?     √      √      ?      ?      ?       √   ?   ?
Web front-end       ?      √      ?      ?      ?      ?       ?   ?   √
uPortal
  (Java/XML)        √     √      √      √      √      √        √   √   √
www.ja-sig.org
                    PRAGMA Workshop - Fukuoka - Jan 23, 2003               12
       Our solution: uPortal

• Enterprise portal capacities
• Common Framework for presenting
  aggregated contents (channels)
• Single sign-on & Personalization
• Group-based access control
• Open source, collaborative effort
• Java/XML/Web service technology
• User Interface to Grid Computing
  (our current project)

           PRAGMA Workshop - Fukuoka - Jan 23, 2003   13
Vietnam National University -
       Hochiminh City
http://iportal.vnuhcm.edu.vn




    PRAGMA Workshop - Fukuoka - Jan 23, 2003   14
LDAP User Profile /
Group Management




PRAGMA Workshop - Fukuoka - Jan 23, 2003   15
          User Interface Design
• Authentication
  (what‟s your
  identity)
• Authorization (what
  you can access)
• Directory services
  (LDAP user profile)
• User Preferences
  (database back-end)
• Channels for
  displaying content
  (XML feeding, XSL
  formatting)
            PRAGMA Workshop - Fukuoka - Jan 23, 2003   16
                     A piped view

Rendering/
Integrating
  process




              PRAGMA Workshop - Fukuoka - Jan 23, 2003   17
                 Grid interface
• Globus command-line interfaces may be
  good for programmers, but not for users
 globusrun –s –r igrid.vnuhcm.edu.vn
 “&(executable=„/home/users/hdung/submit‟)
 (arguments=„/home/users/hdung/script.job‟)
• Computational science environment is
  complex:
  – Users should access to a variety of distributed
    resources
  – Interfaces, OS‟s, Grid tools vary and change often
  – Environment changes: Relocation/upgrade/Policies
  – Using multiple resources can be cumbersome
• Grid adds complexity for programmers
            PRAGMA Workshop - Fukuoka - Jan 23, 2003     18
      Software Technologies in use
• Portal framework for GSI: authentication,
  authorization, secure data transfer, computing
  resource sharing & management
  + Authentication: LDAP/Proxy/Certificate
  + Security: PKI-based system
  + Information management: LDAP/MDS
  + Resource management: GRAM, Job broker
  + Data management: GSI-SSH, Grid-FTP
• Grid Portal to Globus infrastructure services
  (upgrade to Globus 3.0 needed)
• Open Source Technologies: Commodity Grid
  (Java CoG), GPDK -> uPortal framework
  (Java/XML), Web services
• www.globus.org, dast.nlanr.net , www.ja-
  sig.org
               PRAGMA Workshop - Fukuoka - Jan 23, 2003   19
           uPortal and Globus

• Multi-tier web application with
  scalability
• HTML/WML browser communicate with
  Portal server by http/https
• Portal services can integrate /
  communicate with Java Commodity Grid
  services of Globus
• Globus provides access to Gatekeeper,
  MDS, PKI.
• Web Services/XML as main data/service
  exchange format between tiers
           PRAGMA Workshop - Fukuoka - Jan 23, 2003   20
             Security Terminology

• Certificates: file(s) that identify a person
  digitally

• Keyfile: the key to unlock the certificate,
  contains encrypted passphrase

• Certificate Authority: an entity which creates
  certificates

• Proxy certificate: a short-lived unencrypted
  certificate/key pair (one file)

• DN: distinguished name. A unique identifier for a
  person (/C=VN/O=VNUHCM/OU=Physics
  Department/CN=Hoang Dung /USERID=hdung)

                PRAGMA Workshop - Fukuoka - Jan 23, 2003   21
        Grid Service Terminology
• GSI: Uniform authentication,
  authorization, secure protection, single
  sign-on, delegation, identity mapping
• Public key technology, SSL, X.509, GSS-
  API
• Certificate Authorities: certificate & key
  management
• GRAM: Job instantiation, management
• MDS: Information discovery
• GridFTP: Data management, File transfer
             PRAGMA Workshop - Fukuoka - Jan 23, 2003   22
            Authentication challenge

• To run on behalf of the user:
   –   User needs to have access to the end resource
   –   User needs to delegate permission to the portal
   –   User gives proxy certificate to the portal
   –   Portal uses proxy certificate to access resources
• X.509 Certificates: Digital identification
   – Usercert.pem
   – Userkey.pem
• Allows for delegation of authority
   – Create proxy certificate
   – Short lived unencrypted certificate/key


                 PRAGMA Workshop - Fukuoka - Jan 23, 2003   23
               X.509 Certificates:
               Proxy Generation


Usercert.pem                                              Userkey.pem



                          passphrase




                        Proxy File


               PRAGMA Workshop - Fukuoka - Jan 23, 2003                 24
                Portal Functions

• Secure authentication /
  authorization to remote
  resources.
• View/store resource/user
  info on remote LDAP
  databases (MDS)                         Proxy
• Proxy retrieve/delegation
• Schedule jobs on remote
  hosts
• Move large data between
  machines
                                           Job

             PRAGMA Workshop - Fukuoka - Jan 23, 2003   25
         Delegation of Authority

• User generates proxy and delegates
  authority to portal
• Portal uses the proxy credential as the
  basis for acting on behalf of the user
• The proxy credential is passed to the
  computational resource by the portal
  through a grid service to prove
  authority to act for the user



            PRAGMA Workshop - Fukuoka - Jan 23, 2003   26
                     The challenge
• Proxy/MyProxy: Enabling secure, controlled remote
  access to heterogeneous computational resources and
  management of remote computation
      • Authentication and authorization
      • Resource discovery & characterization
      • Reservation and allocation
      • Computation monitoring and control
• Gatekeeper
   – Single point of entry
   – Authenticates user, maps to local security
     environment, runs service
   – In essence, a “secure inetd”
• Job manager
   – A gatekeeper service
   – Layers on top of local resource management system
     (e.g., PBS, LSF, etc.)
   – Handles remote interaction with the job
               PRAGMA Workshop - Fukuoka - Jan 23, 2003   27
                   Grid Interface

• Globus Toolkit includes several command line
  interfaces for job submission
  – globus-job-run: Interactive jobs
  – globus-job-submit: Batch/offline jobs
  – globusrun: Flexible scripting infrastructure
• GRIS Server which runs on each resource
  – Given the resource DNS name, you can find the GRIS
    server (well known port = 2135)
• GRIS Provides resource specific dynamic, on
  demand information:
  − Load, process information, storage information, etc.
• “White pages” lookup of resource information
  – How much memory does machine have?
• “Yellow pages” lookup of resource options
  – Which queues on machine allows large jobs?

                 PRAGMA Workshop - Fukuoka - Jan 23, 2003   28
         Portal components in use

My Proxy (dast.nlanr.net/Projects/MyProxy)
  + Provides secure access via limited GSI
  proxy
  + Runs myproxy-server on a trusted host
  + Users' Globus credentials are delegated to
  server from “home" machine
  + MyProxy credentials can be retrieved via
  Portal server
  + Reduces security risks
Java COG / Grid Portal Development Kit
  + But … no JSP/AWT/Swing/Applet
  + Modified to support XML/XSL/Web Services
              PRAGMA Workshop - Fukuoka - Jan 23, 2003   29
          Grid Portal Project Goals

iGrid channel
• Provides many Portal-based services
• Ready to integrate with Grid Services
• User can select a submission method
• User can edit job title and other data
• Portal selects host and target machines
• Portal transfers the job and required data
  to target hosts
• Portal starts and monitors the job
• On completion, Portal writes output result to a
  LDAP server and send an e-mail notice to user

               PRAGMA Workshop - Fukuoka - Jan 23, 2003   30
        Grid Portal Project Goals

Globus 3 integration

• Must be migrated to Globus 3
• Scheduling Algorithm: target machines should
  be selected automatically based on MDS info
  (load, CPU, memory, etc.)
• Web/Grid services integration
• hen job status have been checked, transfer
  the results to user repositories and LDAP
  directory automatically


             PRAGMA Workshop - Fukuoka - Jan 23, 2003   31
            Grid Portal Project Goals

Visualization to Grid Portal

•   View   simulation (code, resources, etc.)
•   View   Located/Acquired resources
•   View   Initiated/Steered computation
•   View   Collaborated jobs
•   View   Usage accounting
•   View   Results/Charts/Graphics

AccessGrid Portal ? Why not

                PRAGMA Workshop - Fukuoka - Jan 23, 2003   32
              Tentative Project Plan 2003


                  Demo
                                      PRAGMA
                                         4

      Feb           April             June               Aug             Oct          Dec




Jan         March             May               July              Sept         Nov


  iGrid channel          Globus 3.0                    Intranet           Visualization &
  development            migration                      Testing        Internet deployment


                            PRAGMA Workshop - Fukuoka - Jan 23, 2003                     33
             Conclusions
• Grid Portal - a user and programmer-
  friendly interface to Grid Computing
• Grid Computing and Existing Portal
  Technologies Integration
• Grid Portal provides single sign-on
• Grid Portal Home Pages for Universities,
  user groups and individual users
• Gateway to International Grid
  Computing Community Collaboration


            PRAGMA Workshop - Fukuoka - Jan 23, 2003   34
Thank you for attention




     PRAGMA Workshop - Fukuoka - Jan 23, 2003   35

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:5
posted:3/13/2011
language:Vietnamese
pages:35