the irisgrid infrastructure
play

The IRISGrid Infrastructure Seamless Support for VOs JRES2005, - PowerPoint PPT Presentation

The IRISGrid Infrastructure Seamless Support for VOs JRES2005, Marseille Virtual Organisations Why a support infrastructure Users own and require resources Shared Collective User User Resource User Resource Resource User


  1. The IRISGrid Infrastructure Seamless Support for VOs JRES2005, Marseille

  2. Virtual Organisations Why a support infrastructure • Users own and require resources • Shared • Collective User User Resource User Resource Resource User Resource Resource Resource User Resource User Resource User User User User User A infrastructure to support this activities JRES2005, Marseille

  3. Virtual Organisations • A set of users • Working in a certain common area • Sharing similar needs • Data processing User Resource • Access to data sources User • Interaction among them Resource • Pursuing similar goals User • Plug-and-play Resource User • A set of resources • Operated by specialized teams • Operated by users Resource Resource • Plug-and-be-played User User JRES2005, Marseille

  4. The goals • Provide users with simple, ubiquitous and integrated access to all kind of resources • What resources are we talking about • Network access • Computational resources • Distributed computations, supercomputers, specific libraries,... • Storage resources • Temporary/permanent, centralised/distributed,... • Information resources • E-libraries, searchers and metasearchers, subject gateways,... • Interactive resources • Video- and multi-conference, virtual desktops,... JRES2005, Marseille

  5. A common support infrastructure The IRISGrid case • The eduroam infrastructure • Seamless and ubiquitous network access • The IRISGrid Directory • VO management: Users, centers, resources, research areas • pkIRISGrid • Trust fabric connecting all components • aaIRISGrid • Facilitate identity management • Grid middleware and portal toolkits • The foundations for computational and storage sharing • Collaborative tools • From mailing lists to real-time systems • Holistic resource location • Based on a federated approach JRES2005, Marseille

  6. eduroam • The inter-national roaming network access service • Based on a hierarchy of RADIUS servers • Institutional servers connect to root NREN servers • NREN servers are aggregated at the eduroam central server • Exploring new authentication possibilities through VOs Supplicant Authenticator RADIUS server RADIUS server User User (AP or switch) Institution A Institution B DB DB Guest Internet Guest Employee VLAN VLAN Central RADIUS Student Proxy server VLAN JRES2005, Marseille

  7. eduroam: Reaching further JRES2005, Marseille

  8. The IRISGrid Directory User MDS Center User User VO User MDS User Center User User VO User MDS Center User Area classification User The IRISGrid Directory Monitoring and Discovery Service in the IRISGrid Globus Directory JRES2005, Marseille

  9. The IRISGrid Directory Schemas • Support for VOs: irisgridVo • Support for Centers and/or departments: irisgridOu • Support for users: irisgridUser • Support for the PKI objects: pkirisAuthority, pkirisEndEntity, pkirisCertificate • Other iris-* schemas • irisPerson, irisInetEntity, copaObject, papiUser,... • Extensions to the eduPerson schema • Standardization in process through SCHAC • At least in the inter-institutional aspects • Heavy use of the COPA coding schema to support navigation and searching JRES2005, Marseille

  10. The IRISGrid Directory COPA coding schema • A coding schema to support (virtual) hierarchical access • Based in creating strings identifiers (URNs, for example) that resemble the hierarchy of a given classification (or ontology) • Identifiers are added to data available for a certain element • Mappings between COPA identifiers and their semantics are kept in a separate repository (directory branch, for example) • Simplifies searches and navigation • Decouples representation from the view offered at each moment • Several views can be offered in parallel • And hot-swap them • More on this at http://www.rediris.es/ldap/copa/copa-intro.en.pdf JRES2005, Marseille

  11. The IRISGrid Directory A sample VO entry COPA coding of the VO areas of research JRES2005, Marseille

  12. The IRISGrid Directory A sample center entry VOs this center is participating in JRES2005, Marseille

  13. The IRISGrid Directory A sample user entry VOs the user is member of Center the user belongs to JRES2005, Marseille

  14. The pkIRISGrid • Highly distributed infrastructure • A central CA • As many RAs as required by participant organizations • In the process of EUGridPMA accreditation • Expected by next meeting (Vienna, January 2006) • Own-developed software • OpenSSL • LDAP as main data store • COPA to identify entities, authorities and requests • URNs to store all the states in the life of a certificate • urn:mace:rediris.es:irisgrid:pki:csr:state:20050304142236:signed:10e190a0c7608...2d425e6af7 • XML/LDIF to exchange data between CA and RAs/Aux • PHP and Perl to implement the RAs and CA • PAPI for identity management JRES2005, Marseille

  15. The pkIRISGRid Functional structure - Validate entity CSRs - Verify identity RA - Validate attributes RA RA - Request certs (CSR) - Validate unique igID (auto) Select an unique IRISGrid - Export approved CSRs identifer (igID) - Revocation request - Revocation request (CRR) XML USR - Approved CSRs - Revocation request Aux LDIF - Notify certificate/revoked cert availability - Certificate - CRLs - Issue certs - Revoke certs - Download certs - Publish certificates - Generate CRLs - Download CRLs - Publish CRLs - No network RAs, Entities, CSRs, Certs, CRRs, CRLs, ... adapter - Stored in vault JRES2005, Marseille

  16. pkIRISGrid COPA- and LDAP-based storage pkIRISGrid LDAP tree ... RA 1 RA 3 a3 a RAs data E 1 E 2 E 1 ... E N E 2 E 105 ... a3b105 b Entities data Cert 1 Cert 2 Cert N Cert 1 Cert 2 ... c Cert/CSR data a3b105c1 a3 identifies RA 3 a3b105 identifies RA 3, entity 105 a3b105c1 identifies RA 3, entity 105, and certificate/CSR 1 JRES2005, Marseille

  17. aaIRISGrid • The authentication and authorization infrastructure supporting • Access to resources • Certificate management • Single sign-on across applications and services • Not a substitute for the PKI • Based upon it • Enhances usability • Simplifies administration • Based on the PAPI technology (http://papi.rediris.es/) • Evolving in the framework of the eduGAIN infrastructure • Including full SSO • And the results of GridShib JRES2005, Marseille

  18. eduGAIN Architecture JRES2005, Marseille

  19. Computational and storage sharing • 35 participant organizations • And a NoE for coordinating middleware activities • Core middleware is Globus Toolkit 2.4 • Plus specific add-ons for network monitoring and ranking • Front-end based on GridWay (http://www.gridway.org/) • Support for the submit-and-forget paradigm • In the process of migrating to GT 4 • Already supported by GridWay • Better support for integration with other services • Exploring federation of infrastructures JRES2005, Marseille

  20. Geographical distribution • UniCan • EHU • IFCA • UniOvi • USC • UDC • PIC • CESGA • IFAE • CIC • UAB • USAL • CEPBA • UPC • RedIRIS ESCA • UAM • UIB • UCM • IMEDEA • CIEMAT • CNB • UV • CAB • IFIC • INTA • UPV • UM • UCIIIM • IAA • UGR • UAL • UMA • URJES A • IAC JRES2005, Marseille

  21. Collaborative tools The good old mailing lists • Essential for basic interactions • General coordination lists • Participants, support staff, middleware staff,... • General areas: HEP, biotech, astro-sciences,... • Owned by the IRISGrid admins • A specific list per VO • Connected to the general areas the VO is classified in • Owned by the VO managers • Based on listserv • The current mailing list software at RedIRIS • Migration to Sympa has been started • Better integration with the supporting infrastructure JRES2005, Marseille

  22. Collaborative tools Presence and instant messaging • Informal and direct interaction • Both P2P and collective • Automatic roster initialization • People in the VO(s) a user is included • Loose control • Direct management of contacts • Free creation and management of chat rooms • Based on Jabber • Hosted at the RedIRIS server • Experiments with a server mesh • Experimenting with the integration of real-time • aaIRISGrid-enabled Wiki JRES2005, Marseille

  23. Collaborative tools Real-time interactions • Few Access Grid rooms • ROI perception by institutional responsibles • Well-established network of H.323 conference rooms • Public directory available for users • GDS in operation and expanding • Specific RedIRIS community in VRVS • Four reflectors in Spain (2 at the RedIRIS premises) • ~1500 registered users, ~800 reserved hours per month • Training activities • Good contact with the VRVS developers • Exploring incorporation of AAI technologies • Evaluating SIP.edu JRES2005, Marseille

  24. The RedIRIS VRVS community JRES2005, Marseille

Recommend


More recommend