VO Privilege Activity VO Privilege Activity The VO
- Slides: 30
VO Privilege Activity
VO Privilege Activity • The VO Privilege Project develops and implements fine-grained authorization to gridenabled resources and services • Started Spring 2004 • Sposored by US CMS (Fermilab) and US ATLAS (BNL) • People: Fermilab, BNL, PPDG • Technologies: VOMS, VOMRS, Gridmap and SRM/DCache callout interface, GUMS, g. PLAZMA, and SAZ
VO Privilege Activity Motivations • Improve user account assignment at grid sites – Make user-to-account mapping flexible and dynamic, using remote Grid Identity Mapping Services – Base user-to-account mapping on both user role and least privilege access • Reduce account management administrative overhead
VO Privilege Activity Architecture Local or Remote Client VOMS Proxy with VO Membership | Role Attributes Site Globus Gatekeeper PRIMA callout CE Site-wide Mapping Service PRIMA C SAML libraries GUMS PRIMA Authorization Service Auxiliary Mapping Service g. PLAZMA Storage metadata SRM-Grid. FTP g. PLAZMA callout SE PRIMA g. PLAZMA Java SAML g. PLAZMALite Authorization Services suite Site-wide Assertion Service SAZ
Resource Selection Service (Re. SS) Activity
The Resource Selection Activity • The Resource Selector is a component of the OSG Job Management Infrastructure. • The project started in Sep 2005 with a planned duration of 9 months • Sponsored by PPDG as a DZero contribution to the Common Project • People: Fermilab, OSG TG-MIG group, PPDG
The Resource Selection Activity Motivations • A Resource Selector allows… – …expressing requirements on the resources in the job description • without a Resource Selector, the user is responsible for selecting the resource for the job – …the user to refer to abstract characteristics of the resources in the job description • without a Resource Selector, the user must use concrete resource attribute values in the job description (e. g. to initialize the job environment)
The Resource Selection Activity Deliverables • The Resource Selection Activity has two major goals 1. Enable OSG resource usage by DZero. Jobs will be prepared and data will be handled by the SAM-Grid. 2. Develop and deploy a Resource Selection Service that VOs with requirements on job management similar to DZero can use.
The Resource Selection Activity Architecture job What Gate? Info Gatherer Condor Match Maker classads Condor Scheduler Gate 3 job classads Gate 1 CEMon info jobs CE classads job-managers CLUSTER classads Gate 2 CEMon info jobs CE job-managers CLUSTER Gate 3 CEMon info jobs CE job-managers CLUSTER
OSG Auditing Activity
OSG Auditing Activity • The activity develops a system to record a suitable audit trail for grid services – Audit trail is a set of log entries to determine who did what, when, where and how – Audit trail is critical for both debugging and security investigations • Started Winter 05
OSG Auditing Goals • Provide tools to the site to gather audit events, process them, correlate them, in order to facilitate post-mortem investigations and malicious use detection – Security concerns impose that a site auditing service could allow queries that do not expose much data (e. g. yes/no question such as: did this DN submit more than 10 jobs in the past 24 hours? ). The feasibility/utility of across-site auditing is under investigation. • Determining what has happened in a GRID environment – Chain of events to follow: user contacts a resource broker, which submits to a gatekeeper, which starts a batch job, which execute on a node, which starts a file transfer, …
Auditing at a site (an example) Site Cyber security GK GRAM Grid FTP … We need to make sure the services actually provide enough information. Parsing Centralized logging Some sites already have a way to collect and store logs, based on syslog or other standard practices. We want to leverage and integrate within the framework. Auditing Service Allows to search through events and make correlation. The user will use a GUI or command line tools to navigate through the data, and will retrieve pointers to the actual log entries when needed.
OSG Accounting Activity
OSG Accounting Activity • The goal of the activity is to develop a system to track the consumption of OSG services and resources user by user • Sponsored by SLAC, Fermilab and PPDG • Started Summer 2005 • More Info: google “osg accounting”
OSG Accounting Activity Motivation The OSG infrastructure must provide its users with precise and reliable information about resources consumption. Availability of such information will • allow resource providers to directly link resources consumption with VOs and science projects goals, • improve resource planning and organization at the resource providers sites • eventually, support automatic resource allocations and consumption based on an economic model.
OSG Accounting Activity Architecture
OSG Accounting Activity
OSG Edge Services Framework Activity
OSG Edge Services Framework Activity • In OSG, services on the “Edge” of the Grid/Fabric site boundaries grant users access to site private services. • Started in September 2005. • Collaboration: Physicists, Computer Scientists & Engineers, Software Architects. • People: USALTLAS, USCMS, Globus Alliance, ANL, U. Chicago, UC San Diego • Web collaborative area – http: //osg. ivdgl. org/twiki/bin/view/Edge. Services
OSG Edge Services Framework Activity Vision OSG site provides access to a shared compute & storage cluster via two types of services. Those shared between VOs, and those that are VO specific service deployment is made possible via a shared services framework.
OSG Edge Service Framework Activity Motivation • OSG has many VOs each with many different requirements • Resources may be partitioned into specific, VOdedicated servers along side shared, open grid services used by many VOs. • Each VO may want to use different software to implement any particular kind of an edge service • Each VO may put different requirements on edge service in terms of resource usage.
Role=VO Admin ESF - Phase 1 CMS XEN vm ESF Based on XEN & Gt 4 work spaces CE Site SE
Role=VO Admin ESF - Phase 1 ESF CMS dom 0 CE Site SE
Role=VO Admin ESF - Phase 1 ESF dom 0 CE Site SE
Role=VO Admin ESF - Phase 1 ESF dom 0 CE Site SE
Role=VO Admin ESF - Phase 1 ESF dom 0 CE Site CMS SE
Role=VO User ESF - Phase 1 XEN ESF dom. U CE Site CMS dom 0 SE
Role=VO User ESF - Phase 1 ESF dom. U CE Site CMS dom 0 SE
Role=VO User ESF - Phase 1 ESF dom. U CE Site CMS dom 0 SE
- Làm thế nào để 102-1=99
- Thiếu nhi thế giới liên hoan
- Chúa yêu trần thế
- Tia chieu sa te
- Một số thể thơ truyền thống
- Hệ hô hấp
- Tư thế ngồi viết
- Công của trọng lực
- Bảng số nguyên tố lớn hơn 1000
- đặc điểm cơ thể của người tối cổ
- Tỉ lệ cơ thể trẻ em
- Các châu lục và đại dương trên thế giới
- Phản ứng thế ankan
- ưu thế lai là gì
- Thẻ vin
- Các môn thể thao bắt đầu bằng tiếng nhảy
- Cái miệng bé xinh thế chỉ nói điều hay thôi
- Hát kết hợp bộ gõ cơ thể
- Từ ngữ thể hiện lòng nhân hậu
- Tư thế ngồi viết
- Trời xanh đây là của chúng ta thể thơ
- Thứ tự các dấu thăng giáng ở hóa biểu
- Gấu đi như thế nào
- Thể thơ truyền thống
- Khi nào hổ con có thể sống độc lập
- đại từ thay thế
- Thế nào là hệ số cao nhất
- Diễn thế sinh thái là
- Vẽ hình chiếu vuông góc của vật thể sau
- Frameset trong html5
- Thế nào là mạng điện lắp đặt kiểu nổi