Web Access to the Grid using the Grid Resource Broker
advertisement
University of Lecce, Italy Web Access to the Grid using the Grid Resource Broker Giovanni Aloisio Massimo Cafaro Italo Epicoco giovanni.aloisio@unile.it massimo.cafaro@unile.it italo.epicoco@unile.it Center for Advanced Computational Technologies Outline • Grid Portals • The Grid Resource Broker (GRB) • GRB Architecture • GRB Services Overview • GRB tools & technologies • GRB Security • GRB Services in depth • GRB libraries Grid Portals Grid Portals • web sites providing specific contents and related services to the scientific community • computational & data grids as back-end • potentially managing a large number of resources on behalf of the users The GRB Portal • User centric • User friendly, ubiquitous web GUI • Globus based, but: • No need to know Globus • No need to write Globus code • No need to rewrite legacy code • C APIs will be released soon under the GNU Public License GRB Architecture Architecture First Tier Second Tier GRB Web Server MyProxy Server GRB Libraries GRB Web Services Security Info Jobs File/Data GSI MDS GRAM GridFTP Third Tier a user’s grid GRB Services GRB Services 1 • User’s profile management • Access to Monitoring & Discovery Services • Job Submission • Interactive • Batch, with support for X-Windows apps • Pararameter Sweep • Data-Flow GRB Services II • Resource brokering • Job tracking • Grid Status • High Performance File Transfers • third-party • parallel file transfer • partial file transfer • single file & directory transfer GRB technologies & tools GRB builds on the Globus Toolkit • GSI • MDS • GRAM • GridFTP GRB technologies I • C / Unix system calls • Globus Toolkit v2.4 • HTML • CGI • MyProxy package • TLS GRB technologies II • HTTP / HTTPS • Ephemeral Cookies • LDAP • gSOAP • GSI plugin for gSOAP GRB Security Security 1 • MyProxy package used to store & retrieve short-lived user’s credentials • HTTPS used to send user’s proxy pwd • Sessions established via ephemeral cookies Security II • Cookies contain the following information • User’s login • Timestamp • Expiration date • Message Authentication Code (MAC) for the previous data Security III • GRB uses the keyed, non-malleable MAC HMAC-SHA1 • it is computationally intractable to generate a valid ciphertext starting from a plaintext message related to a plaintext message with a known ciphertext. This key property guarantees that no adversary is able to generate a valid ciphertext without the knowledge of both the server secret key and the plaintext, independently of how many samples of valid plaintext and ciphertext pairs the adversary owns • Cookies are encrypted with TLS • GRB uses GSI Authentication Authorization Web MyProxy, HTTPS Ephemeral Cookies GRB GRB Grid Globus GSI Authentication Authorization GRB services in depth I User’s Profile Management • Each user manages his/her grid by adding, removing and editing: • computational resources • applications (work in progress) • job submission sessions (work in progress) GRB services in depth II Access to MDS (GIIS) Q uickTim e™ and a G r aphics decom pr essor ar e needed t o see t his pict ur e. Q uickTim e™ and a G r aphics decom pr essor ar e needed t o see t his pict ur e. GRIS GRIS GIIS GRIS GRB G RI S Allows queries to arbitrary GIIS Substring search Numeric search GRB services in depth III Access to MDS (GRIS) Q uickTim e™ and a G r aphics decom pr essor ar e needed t o see t his pict ur e. GRIS GRB GRB services in depth IV Interactive Job Submit • Interactive here means that the job output is sent directly back to the client browser • Useful for little things such as listing the user’s home directory, browsing the contents of a file etc • Support for automatic staging executable and/or input files of Executable and/or input staging JobÕs output GRB services in depth V Batch Job Submit • Remote execution with support for automatic staging of executable, input and output files • automatic redirection of X-windows display allows steering graphical apps • simply starting an xterm allows writing, editing, compiling and debugging source code GRB services in depth VI Parameter Sweep Jobs • Allows remote execution on a user selected pool of machines of several instances of the same executable, each with a different input • The pool of machine can also be automatically selected by the system (brokering) GRB services in depth VII Data-Flow Jobs • A simple Java applet allows drawing a DAG whose vertices represent batch jobs to be executed and whose edges models precedence constraints • The data-flow engine schedules the jobs according to a topological sort of the DAG using a depth-first-search traversal GRB services in depth VIII Resource Brokering Q uickTim e™ and a G r aphics decom pr es sor ar e needed t o see t his pict ur e. Q uickTim e™ and a G r aphics decom pr es sor ar e needed t o see t his pict ur e. GRIS GRIS Query GIIS GRIS G RI S Q uic kTim e™ and a G r aphic s decom pr essor ar e needed t o see t his pic t ur e. G R B Q uickTim e™ and a G r aphics decom pr essor ar e needed t o see t his pict ur e. Prog Input Job execution Output GRB services in depth IX Job Tracking • Allows monitoring job status & related file transfers for: • batch jobs • parameter sweep jobs • data-flow jobs (work in progress) GRB services in depth X Grid Status • Allows verifying that Globus daemons are up and running on the machines belonging to the user’s grid GRB services in depth XI High Performance File Transfers • GRB library based on Globus GridFTP control library • File/directory transfer status is monitored by GRB • Supports third-party, parallel & partial file transfers • Very simple to use GRB Libraries Almost ready to be released under GNU Public license GRB libraries: lib_grb • Proxy management • Job submission • File transfer • Monitoring & Discovery Services • Job status GRB libraries: lib_cookies • cookie setup • cookie encryption • retrieving cookie information GRB libraries: lib_dataflow • DAG management • DAG topological sort GRB libraries: lib_myproxy • proxy retrieval • checking if a proxy is valid GRB libraries: lib_gsiftp • Connection management • Standard FTP commands • Third-party transfers • Parallel transfers using multiple streams • Partial file transfers • Support for directory transfers lib_gsiftp experimental testbed Country Hostname OS TCP buffer size gridsurfer.unile.it linux 2.4.3 65535 dev04.hepgrid.clrc.ac. uk linux 2.2.16 65535 clipper.lbl.gov solaris 2.7 65535 lib_gsiftp experimental results I Put one MB file test Put 1 MB on dev04.hepgrid.clrc.ac.uk Put 1 MB on clipper.lbl.gov 160 Throughtput (KB/s) Throughput (KB/s) 200 180 160 140 120 1 2 4 Streams BufSize 4096 BufSize 8192 BufSize 32768 BufSize 65536 From Italy to UK 8 16 BufSize 16384 140 120 100 80 60 1 2 Streams 4 BufSize 4096 BufSize 8192 BufSize 32768 BufSize 65536 8 16 BufSize 16384 From Italy to California lib_gsiftp experimental results II Put ten MB file test Put 10 MB on clipper.lbl.gov Put 10 MB on dev04.hepgrid.clrc.ac.uk 210 200 Throughput (KB/s) Throughput (KB/s) 220 180 160 140 120 190 170 150 130 110 90 1 2 4 Streams BufSize 4096 BufSize 8192 BufSize 32768 BufSize 65536 From Italy to UK 8 16 BufSize 16384 1 2 Streams 4 BufSize 4096 BufSize 8192 BufSize 32768 BufSize 65536 8 From Italy to California 16 BufSize 16384 lib_gsiftp experimental results IIItransfer Third-party one, ten and one hundred MB files Third-party transfer Throughput (KB/s) 3750 3000 2250 1500 750 0 1 2 4 8 16 Streams FileSize 1MB FileSize 10 MB FileSize 100MB From UK to California Conclusions Heterogeneous Heterogeneousand and geographically geographically spread spreadcomputing computing resources resources Low LowLevel Level Middleware Middlewarefor for Grid Gridmanagement management Web Webaccess accesstotothe the grid: grid:secure, secure,easy, easy, transparent transparent Computational Computational Grid Grid Globus Globus Toolkit Toolkit Grid Grid Resource Resource Broker Broker To Do... In Progress • Migration to GT3, OGSA & OGSI • Better HCI • GridLab GridSphere Portlet Framework • support for customization • logging • additional support for job scheduling/checking More Information • The Grid Resource Broker • http://sara.unile.it/grb • Giovanni Aloisio • giovanni.aloisio@unile.it • Massimo Cafaro • massimo.cafaro@unile.it • Italo Epicoco • italo.epicoco@unile.it References • • • • • • • • G. Aloisio, M. Cafaro , C. Kesselman, R. Williams, “Web Access to SuperComputing using the Grid”, IEEE Computing in Science and engineering, Volume 3 Number 6 (2001), pp. 6672 G. Aloisio, M. Cafaro, I. Epicoco, E. Blasi, “The Grid resource Broker, a ubiquitous grid computing framework”, Journal of Scientific Programming, Volume 10, Number 2 (2002), pp. 113-119, Special Issue on Grid Computing, IOS Press, Amsterdam G. Aloisio, M. Cafaro, “Web-based access to Grid using the Grid Resource Broker”, Concurrency and Computation: Practice and Experience Journal, Volume 14 Issue 13-15 (2002), pp. 1145-1160, Special Issue on Grid Computing Environments. G. Aloisio, M. Cafaro, I. Epicoco, “Early experiences with the GridFTP protocol using the GRB-GSIFTP library”, Future Generation Computer Systems journal, Volume 18, Number 8 (2002), pp. 1053-1059, Special issue on Grid Computing: Towards a New Computing Infrastructure G. Aloisio, M. Cafaro, D. Lezzi, “The Desktop Grid Environment Enabler”, Computing and Informatics, Volume 21, Number 4 (2002), pp. 333-345, Special Issue on Grid Computing G. Aloisio, M. Cafaro, P. Falabella, C. Kesselman, R. Williams, “Grid Computing on the Web using the Globus Toolkit”, Proc. HPCN Europe 2000, Amsterdam, Netherlands, Lecture Notes in Computer Science, Springer-Verlag, N. 1823, pp. 32-40, 2000 G. Aloisio, M. Cafaro, E. Blasi, L. Depaolis, I. Epicoco, “The GRBLibrary: Grid Programming with Globus in C”, Proc. HPCN Europe 2001, Amsterdam, Netherlands, Lecture Notes in Computer Science, Springer-Verlag, N. 2110, pp. 133-140, 2001 G. Aloisio, M. Cafaro, D. Lezzi, R. Van Engelen, "Secure Web Services with Globus GSI and gSOAP", to appear in proceedings of Euro-Par 2003, 26th - 29th August 2003, Klagenfurt, Austria Q&A
