http://www.nesc.ac.uk/training
http://www.ngs.ac.uk
The National Grid Service
and OGSA-DAI
Mike Mineter
mjm@nesc.ac.uk
March 2008: The NGS Core,
Partners & Affiliates,
3
OGSA-DAI on the NGS
• Objective
– Encourage lots of data services to be provided for NGS VOs
to use!
– Stimulate new research!
• How?
– On a grid its easier to orchestrate distributed resources
• NGS spans the country – natural infrastructure for
collaborative research, service-oriented research for
many communities
– Light the touch-paper - establish the data services!
4
5
NGS software
• Computation services based on Globus Toolkit
– Sequential or parallel jobs, from batch queues
– Can run multiple jobs concurrently
• Data services:
– Storage Resource Broker:
• Primarily for file storage and access
• Virtual filesystem with replicated files
– NGS Oracle service
– “OGSA-DAI”: Data Access and Integration
• Primarily for grid-enabling data not on the SRB or Oracle (files, relational,
XML)
• Authorisation, Authentication
– Built on GSI, VOMS
6
NGS Software - 2
•
Middleware recently deployed
– Resource Broker
– Applications Repository (“NGS Portal”)
– GridSAM – alternative for job submission and monitoring
– GRIMOIRES – registry of services (e,g,GridSAM instances)
– VOMS - Virtual Organisation Membership Service
•
Developed by partners:
– Application Hosting Environment: AHE
– P-GRADE portal and GEMLCA
•
Being deployed
– WS-GRAM: GT4 job submission
•
Under development
– Shibboleth integration
7
Resource Broker
User describes job in text file
using Job Description Language
Local
Workstation
Submits job to Resource Broker
UI (user interface)
has preinstalled
client software
UI
(pre-production use at present)
Resource
Broker
NGS nodes
8
GridSAM
User describes job in XML using Job
Submission Description Language
Local
Workstation
Web services interfaces to chosen
GridSAM instance (SAM: Submission
and Monitoriing)
UI (user interface)
has preinstalled
client software
GridSAM
GridSAM
GridSAM
GridSAM
NGS nodes
9
OGSA-DAI on NGS
With release 3 is available, timely for:
• OGSA-DAI Servers to be deployed by
– Data services (EDINA, MIMAS, bio…, …..) for diverse communities
– VOs for its members
– Also one or more NGS core nodes – with Oracle access
• OGSA-DAI client software could then be run in
–
–
–
–
Desktop machines (with proxy certificate etc)
“user interface” machines – for resource broker
on NGS nodes (“stage” client to NGS worker)
in higher level services (like workflow)
10
One example
11
The Role of the Virtual
Organisation (VO)
Compute
Center
VO
slide based on presentation given by Carl Kesselman at GGF Summer School 2004
Service
Compute
Center
12
VOMS Virtual Organisation
Membership Service
• VO can have groups
– Different rights for each
– Nested groups
• VO has roles
– Assume role for specific purposes - when user
chooses
• E,g. system admin, updating files read by the VO
• voms-proxy-init
– Proxy certificate carries the additional attributes
13
Options for OGSA-DAI
service on NGS
• Authentication – X.509 based
– Proxy certificates – delegation, …
– Around end 2008, bridging of Shibboleth to NGS’s proxy world
• Authorisation options
– Service takes Distinguished Name from proxy associated with a request,
uses a look-up
• to map DN to e.g. local account / username / password for access to resource
• Call to external database of rights
– Use VOMS extension in proxy
• Use VO / VO group or role to assign rights
• (OMII-Europe releasing OGSA-DAI extension for this)
14
Web Sites
• NGS
– http://www.ngs.ac.uk
– Wiki service: http://wiki.ngs.ac.uk
– Training events: http://www.nesc.ac.uk/training
• Additional information
http://indico.cern.ch/conferenceDisplay.py?confId=24377
includes:
– about Oracle on NGS: See tutorial by Keir Hawker and Simon Collins, Thursday
17 January 2008
– About VOMS – talk by Mike Jones on 18 January 2008
15