An Overview of Computational Grid Technologies Marlon Pierce

An Overview of Computational Grid Technologies Marlon Pierce Community Grids Laboratory Indiana University mpierce@cs. indiana. edu

Grids in I 533 Context Workflow, Information, Sharing, Ontology Services Gaussian, Logical File Pub. Chem, etc Data Mining Systems General Data General Exec General File Services Web Service Core Specifications (Verbal description on next slide) Security, Reliability, etc Client Environments: Portals, Taverna, etc

Grids in I 533 Context n n n I 533 covers a diverse set of topics. (Web) Services are the core abstraction q Execution Services: computational chemistry, data mining, text processing q Data Services: Pub. Chem, OGSA-DAI q Information and metadata services: Ontologies, information discovery and sharing. q Orchestration services (workflow): Taverna, BPEL, etc. Grids are collections of services with some glue q Decentralized security, information system agreements (from monitoring to metadata), abstract execution protocols, etc. q Service Oriented Architecture

Brief History of Grids n n The term “Grid Computing” was coined by Dr. Larry Smarr, then director of NCSA, back in 1992. The original concept: computing power should be available on demand, for a fee. q n n Just like the electrical power grid. Today, Grids are thought of as federations of services that span organizations. Grids are usually driven by science applications. q Most core funding from the DOE, NSF, UK e-Science, and other scientific agencies in the EU, Japan, China, Korea, etc. n q q These agencies all cooperate to some degree. DOD has its own version of things, the Global Information Grid, that is currently unrelated. IBM, MS, Oracle, Sun, etc have varying degrees of interest. .

Grid Computing Research n Historically, grid computing has been targeted at simplifying access to high performance computing and giant scientific data sets. q Example: NSF Tera. Grid includes both hardware and software along with a common administration infrastructure. n n n www. tergrid. org IU is one of the partners. There are many overviews of Grid computing. q q See for example Globus World presentations from 2004, 2005 Show lots of “gee whiz” pictures of big science problems using the Grid. Usually mention seti@home, and more recently, Google and Bittorent. These annoy me. n Seti@home has nothing to do with Grid computing.

Grid Computing Research n Grid computing is large scale distributed computing research. q n n n “Middleware” It’s not the pervasive computing power Grid originally envisioned. As long as its research, we get to keep working on it. I’ll examine some key technologies for building a Grid installation, but not “the” Grid. There is no Grid! Dr. Dave Semeraro has his doubts.

n Some Desirable Grid Characteristics Grids are collections of services. q q n Accessing computational facilities to run codes. Accessing remote databases, data warehouses and file systems. Transferring large data sets. Accessing remote instruments and sensors. Collections are created from multiple partners: Virtual Organizations q Must support decentralized management. q Common security abstraction layer n n q Common information infrastructure n n q n Authentication: required and solved. Authorization: Research 4 Ever! Monitoring hardware and networks: required and solved Finding resources (i. e. “Semantic Grid”) Research 4 Ever! Ex: Tera. Grid combines NCSA, SDSC, IU, TACC, ORNL, Purdue, . . . Generations q Generation 1: UNIX daemons, command-line clients, protocol-based. q Generation 2: Based on Web Service standards

Physical Organisation Virtual Organisation Physical Organisation Virtual Organization View of Deployment Virtual Organisation I. Foster, www. usipv 6. com/ppt/fosteripv 6 and. Grid. June 2003. ppt Physical Organisation

Grid Computing Software Examples Globus Toolkit Job managers for science applications, Grid security (ANL, ISI) frameworks, file management tools, etc. Condor (UW) A job scheduler and cycle scavenger optimally running applications on available resources. “High throughput computing” Storage Resource Middleware that provides a uniform interface for Broker connecting to heterogeneous data resources over a network and accessing replicated data sets. (SDSC) OMII UK e-Science program’s software arm. OGSA-DAI (U. Edinburgh) From UK e-Science program. Wraps XML and relational databases as Grid services and provides a workflow client library for query processing.

Making Interoperable Tools n n There a large number of Grid-related research projects and tools. They need some common protocols q n Two most important q q n n Not just wire protocols but also security procedure protocols. GSI: A global security system GRAM: a global method for executing remote operations. Grid standards and would-be standards are defined through the Global Grid Forum. We will concentrate on the Globus Toolkit in these lectures, but GSI and GRAM are important to several other projects. q Condor, SRB, Sun Grid Engine, etc.

Globus Services Landscape We’ll start here. www. griphyn. org/documents/document_server/uploaded_documents/doc--1515 --GT 4_Gri. Phy. N. ppt

Grid Security Infrastructure An overview

Grid Security Infrastructure Public Key Infrastructure (PKI) Keywords Most Grid use asymmetric encryption keys n q q q Based on Open. SSL but with GSSAPI extensions Users have a public key and a private key. n n n q I encrypt with your public key and sign with my private key. n n n Public keys can decrypt messages encrypted by private keys and vice versa. Public key: encrypts a message Private key: signs a message. Only you have the private key, so only you can generate that specific signature. Only you can unencrypt, and you know it came from me. PKI tools are part of Java’s SDK, so try them out. Certificate Authorities: establishing trust. q Can you trust a public key? q Yes, if you trust the signer. q Large Grids have CAs. q You can run your own with Simple. CA. q CAs can be hierarchical.

More Keywords: GSS API n n Generic Security Service API (GSSAPI) q PKI is slow and symmetric keys are much faster. q GSSAPI establishes a “context” between two communicators by sharing a secret symmetric session key. q Very similar protocol to WS-Secure. Conversation Java implementation part of standard SDK release. q Try it out, but it requires Kerberos GSI uses the GSSAPI to establish security contexts. We will see how to program clients in the next lecture.

Single Sign On and Delegation n Single Sign On q A “Grid” implies that you can access lots of machines, but not necessarily anonymously. n q q n Charged for usage: supercomputer centers issue allocations. SSO is the ability to login once, get a ticket, and access many machines without constantly providing username and password. GSI is very similar to a somewhat older system called Kerberos, which you can still get. Delegation is the security concept that supports this. q q In practice, GSI handles delegation by resigning credentials. Take advantage of hierarchical CA organization for trust.

Credential Delegation in GSI Butler et al, http: //www. globus. org/alliance/publications/papers/butler. pdf

A Public Key rainier. extreme. indiana. edu% more usercert. pem Bag Attributes local. Key. ID: 01 00 00 00 subject=/DC=org/DC=doegrids/OU=People/CN=Marlon Pierce 64229 issuer= /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 -----BEGIN CERTIFICATE----MIIDJj. CCAg 6 g. Aw. IBAg. ICFMYw. DQYJKo. ZIhvc. NAQEFBQAwa TETMBEGCgm. SJom. T 8 ixk -----------[Stuff deleted]----------------rl. Cbtrv. Qj. T 79 q. YIutf. FSxwre 52 OV 7 p 7 f/3 Uufj 0 w. O 4 f 4 hq 5 Jt 05 uof QU -----END CERTIFICATE-----

A Private Key rainier. extreme. indiana. edu% more userkey. pem Bag Attributes local. Key. ID: 01 00 00 00 1. 3. 6. 1. 4. 1. 311. 17. 1: Microsoft Enhanced Cryptographic Provider v 1. 0 friendly. Name: 6 f 50 c 542 f 27 d 23 ca 349 e 371673 b 2 ff 8 d_2586 cc 29 -aa 58 -4 f 69 b 023 -bbcac 12 e 129 e Key Attributes X 509 v 3 Key Usage: 10 -----BEGIN RSA PRIVATE KEY----Proc-Type: 4, ENCRYPTED DEK-Info: DES-EDE 3 -CBC, 42533 BEF 0 D 5016 EB xx. Q 8 IF 5 UL 1 r. Fe. Wm 4 hb. ZBNYNB 5 Tp. Hl 8 Fqe. RPOJk 03 fltc. Hy. ETdnd. P 4 GJq. LNx HMcxk fy 9 As 9 v 49 HDSp. Hde/3 j. Mu 9 L 9 q 8 LXSk. G 6 Wm. FZg. I 35 nsqj. CTcst. Md. Nn. Z 2 P+jxp 9 sk 7 ------------[Stuff Deleted]-----------------------------1 rts 6 i 6 ZDYFzs. Cpnu+r. Osa 0 kolp+r 0 z. RI 0 uii. Ib. Ox. U 9 j. Ot. VTi. HPs. Ug== -----END RSA PRIVATE KEY-----

My. Proxy Credential Repository n Private keys are troublesome and dangerous. q q q n You need to put one on every machine that you may use for initial login. This increases chance it will get stolen. Can be placed on expensive smart cards. Solution: My. Proxy Server q q q On-line credential repository. Issues short-term keys to any client that knows the username and password. Very convenient for Web portal applications. J. Basney, http: //grid. ncsa. uiuc. edu/myproxy/talks. html

Grid as a Virtual Organization n n Now that we have an SSO, we can set this up across many different partner sites. Use one super-CA or at least mutually trust our partner CAs. q n n n This is the beginnings of a “Virtual Organization”. Real organizations contribute resources to the VO. VOs can be long-lived. q n That is, my org will trust messages signed by your CA. Tera. Grid, Open Sciences Grid Ad-hoc Grids are more of a research issue.

GSI in Action: Grid. FTP n n n GSI is not a service itself. You use it to build secure services. These services inherit several capabilities q q They can authenticate to each other. Messages are secure n q n You can delegate two remote services to take an action on your behalf. Grid. FTP is an example of a GSI enabled service. q q q n Encrypted, non-repudiated, tamper-proof, replay-proof, etc. File operations and transfers, based on standard IETF FTP protocol. Supports parallel TCP Supports striping: several Grid. FTP servers can act as a logical Grid. FTP server, each working on a different data subset. A nice summary: www. nesc. ac. uk/talks/563/Day 2_1020_Grid. FTP. ppt

Grid. FTP Third Party Transfer Cartoon Grid. FTP Client Credential “Move File X to Host B. ” Delegated Credential Host A Grid. FTP Source Server Host B Grid. FTP Destination Server

Grid. FTP Clients n Command line clients q q n globus-url-copy uberftp Programming interfaces: build your own client. q q Java and Python Co. G Kits Java Co. G reviewed next lecture.

Grid Resource Allocation Management (GRAM)

What Is GRAM? n n GRAM is a protocol for mapping generic user requests to specific actions. Heritage: must execute jobs on supercomputers. q Interactive: use Unix fork. q Queue Systems: PBS, LSF, Condor, Sun Grid Engine, etc. This must take place as the user. q Allocation accounting, logging, general peace of mind at stodgy HPC centers. Note this is very different from e-Business. q You don’t need a database account to buy something from Amazon.

Pre-Web Service GRAM Components Client MDS: Grid Index Info Server MDS client API calls to locate resources Site boundary MDS client API calls to get resource info GRAM client API calls to MDS: request resource allocation and process creation. GRAM client API state change callbacks Globus Security Grid Resource Info Server Query current status of resource Local Resource Manager Infrastructure Request Create Gatekeeper Job Manager Parse RSL Library Yikes. . . Monitor & control Allocate & create processes Process

GRAM Job Specifications n The major purpose of GRAM is to execute one or more remote commands on the user’s behalf. q n n n Abstract UNIX shell, PBS, Condor, etc. So how do you specify the command? Pre-Web Service Grids (i. e. based on Globus 2) uses the Resource Specification Language (RSL). Web Service Grids (i. e. based on Globus 4) use the XML Job Description Language.

GRAM Client Tools n n You can execute remote commands using clients tools We will develop Java clients next time. GT 2 command line examples (with RSL) q globusrun: all purpose client q globus-job-run: interactive jobs q globus-job-submit: batch jobs q globus-job-cancel: stop batch jobs GT 4 command line examples (with JDL) q globusrun-ws: all purpose client q globus-job-run-ws: interactive job submission q globus-job-submit-ws: batch job submission q globus-job-clean-ws: stop batch jobs.

Sample RSL String n n n The following runs the UNIX echo and the This is an argument to globusrun. Use this to execute “echo” and “mpi-hello”. (* Multijob Request *) +(&(executable = /bin/echo) (arguments = Hello, Grid From Subjob 1) (resource_manager_name = resource-manager-1. globus. org) (count = 1) ) ( &(executable = mpi-hello) (arguments = Hello, Grid From Subjob 2) (resource_manager_name = resource-manager-2. globus. org) (count = 2) (jobtype = mpi) )

A Very Simple Job Description <job> <executable>/bin/echo</executable> <directory>/tmp</directory> <argument>12</argument> <argument>abc</argument> <argument>this is an example string </argument> <environment> <name>PI</name> <value>3. 141</value> </environment> <stdin>/dev/null</stdin> <stdout>stdout</stdout> <stderr>stderr</stderr> </job> http: //www. globus. org/toolkit/docs/4. 0/execution/wsgram/user-index. html#s-wsgram-user-commandline

More Details on Job Submission n The full Job Description Schema is here: q http: //www. globus. org/toolkit/docs/4. 0/execution/wsgram/schema s/gram_job_description. html#Schema. Properties You can do much more complicated things. q Run sequences of jobs. q Stage files with Grid. FTP. q Delegate jobs to other GRAMs. But this is controversial. q Lots of people have worked on job management workflow systems. q Several based on Apache Ant, for example. q BPEL is the Web Service standard.

Grids and Web Services

Globus Services Landscape Now we are up here. www. griphyn. org/documents/document_server/uploaded_documents/doc--1515 --GT 4_Gri. Phy. N. ppt

Grids and Web Services n n The requirements of Grids are very similar to those of Service Oriented Architecture-based systems. Grid and Web Service integration began in 2002. q Open Grid Services Architecture: “Physiology of the Grid” paper for Foster et al. q Aborted start in Globus Toolkit 3, OGSI q Current Globus Toolkit 4 much more successful. OGSA-DAI, Condor, and SRB all have Web Service interfaces. Many UK e-Science projects also follow a similar approach. q Sometimes referred to as the “WS-I+” approach to distinguish it from the Globus/IBM approach. q See http: //grids. ucs. indiana. edu/ptliupages/publications/Web. Servi ce. Grids. pdf q See OMII releases

GT 4 GRAM Structure: WSRF/WSN Poster Child Job tions func Delegate GT 4 Java Container GRAM services Delegation Transfer request RFT File Transfer Compute element Local job control Deleg ate sudo Client Service host(s) and compute element(s) GRAM adapter Grid. FTP control Local scheduler User job FTP data Grid. FTP Remote storage element(s) www. griphyn. org/documents/document_server/uploaded_documents/doc--150 VDS_1. 4_Plans. 2005. 0429. ppt

Reliable File Transfer: Third Party www. griphyn. org/documents/document_server/uploaded_documents/doc--150 VDS_1. 4_Plans. 2005. 0429. ppt Transfer n n Fire-and-forget transfer Web services interface Many files & directories Integrated failure recovery RFT Client SOAP Messages RFT Service Grid. FTP Server Master DSI Protocol Interpreter Grid. FTP Server Data Channel IPC Link IPC Receiver Notifications (Optional) Protocol Interpreter Master DSI IPC Link Slave DSI Data Channel Slave DSI IPC Receiver

Grid Web Service Extensions n n n WSDL and SOAP form the core of Grid services. WS-Addressing and WS-Security family are important. Globus and friends are working to extend core Web Service standards through OASIS. q q WS-Resource Framework (WSRF): modeling stateful resources. WS-Notification: Web Service version of one-tomany messaging.

Stateful Resources and Grids n n Web Service Architectures and thus Grids are really message oriented, not RPC based. q All state should be in the SOAP message. q This allows messages to go through many SOAP intermediaries. Request/response does not really map to Grid requirements. q Services may take hours or days to complete, so need callbacks. n q Services may need to push information to listeners. n n n Ex: computational chemistry codes on Tera. Grid, RFT for many TB of data. “Big file 1 is done, now move big file 2” Grid resources may also come and go. q Instruments typically generate data at scheduled times. q Down for maintenance, upgrades, reconfiguration, etc. WSRF and WS-Notification attempt to solve these Grid requirements.

Web Service Resource Framework n WSRF is a collection of WSDL specifications and associated messages. q q q n WS-Resource. Properties WS-Resource. Lifetime WS-Service. Group WS-Base. Fault See http: //www. oasisopen. org/committees/tc_home. php? wg_abbr ev=wsrf

WS-Resource n n n The WS-Resource decouples a (stateful) resource from the Web Service that accesses it. For example, a database is a resource that may be accessed through a Web Service. The resource may be defined by metadata. q q q Our database needs to provide clues to the type of data it contains. Need this for discovery. This metadata is contained in WS-Resource. Properties

Goals of WS-Resource. Properties n n Provide a metadata property framework for describing resources. Provide a Web Service interface for performing operations on these properties. q q q Query and retrieve properties. Update values on a resource (controversial). Subscribe to property changes. n n n Use XML Schemas to hold WSDL message definitions that define the resource properties. Associate these messages with WSDL port. Types. The actual values of the Schema are in an XML document. q Store it in memory, put it in a database, derive it at query time, . . . This requires some understanding of WSDL and SOAP. Upcoming lecture will cover this.

Goals of WS-Resource. Lifetime n Resources may have lifetimes. q n n For example, your quantum chemistry calculation may take a few hours. This may be associated with a WS-Resource. Lifetime defines methods for q q q Destroying a resource at some future time (and t=0 allowed). Learning the lifetime of a resource. Extending the lifetime of a resource.

WS-Notification Core Specs n WS-Base. Notification q q n WS-Topics q q n Specs for controlling publications and subscriptions of events (i. e. resource property changes. ) Subscribers subscribe directly to publishers. Topics are used to organize messages. You may publish or subscribe to a topic rather than a specific resource endpoint. WS-Brokered. Notification q Brokers decouple publishers from subscribers.

WS-Notification n n Stateful resources will need to notify one or more listeners when their state changes. For example, a Web lecture has many events. q q q n Beginning and end of the lecture. Changes in slides. To my knowledge, no one has tried this. Real examples based on WS-GRAM, RFT.

A Skeptical View of WSRF n n n WSRF has several independent implementations. q WSRF. NET (UV), Python (LBL), Perl (UK), C/C++ (ANL) , . . . But is this critical mass? q What about MS, Oracle, and other big Web Service players. OASIS specification approval is glacial. q Many specs, even if approved, have died on the vine for lack of backing. q Many more a mess because of complicated dependencies. n n n WS-Addressing has released many versions, screwing up many dependent specs. Competing specs exists. q MS’s WS-Eventing, for example. “Semantic Grid” using an entirely different approach for metadata. q RDF, OWL provide more natural modeling of metadata than treebased XML Schemas. Ignores UDDI as an information system. I ran out of room.

Future Challenges n n Real time interaction Joy of use Intuitive user interface Global scalability q q n 1000 s of simultaneous users Addictive (Observation courtesy Prof. Fran Berman)