Documente Academic
Documente Profesional
Documente Cultură
2
The Globus Project
Basic research in grid-related technologies
Resource & data management, security, QoS, policy, communication,
adaptation, etc.
Development of Globus Toolkit
Core services for grid-enabled tools & apps
Construction of production grids & testbeds
Multiple deployments to distributed organizations for production &
prototyping
Impacts
The Southern California Earthquake Center uses Globus
3
Grid and Web Services:
Convergence
Grid GT1
GT2
OGS
I
Started
far Have been
apart in converging WSRF
apps &
tech L2
WSD
L,
WSD
Web WS-*
HT T P
The definition of WSRF(Web Services Resource
Framework) means that Grid and Web communities
can move forward on a common base
Ack: Prof. Ian Foster, Globus Project
Open Grid Services Architecture
Domain-Specific Services
Program
Standardization
Core Services
OpenWS-Resource
Grid ServicesFramework
Infrastructure
6
Globus Toolkit Components
Applications
Globus
Grid Data
Grid Resource Grid Information
Management
Management Services
(GridFTP, Replica
(GRAM,
(GRAM)
GASS) (MDS)
Catalog)
7
Security Services
8
Grid Security Infrastructure (GSI)
Based on
Public key cryptography
X.509 certificate
Certificate/Proxy - Single Sign-on
Gives information about the proxy
$ grid-proxy-info
Create proxy at /tmp/x509up_u<USER ID>
Destroy proxy certificate
$ grid-proxy-destroy
9
PKI: Creating Private & Public Keys
To request a
certificate a user USER
starts by generating a
key pair.
The private key is
stored encrypted with
a pass phrase the user
gives
The public key is put
Encrypted Certificate
into a certificate On local Request
request disk
Public Key
10
PKI: Certificate Issuance
The user then takes the
certificate to the CA
The CA usually includes
a Registration Authority
(RA) which verifies the
request:
The name is unique with
respect to the CA
It is the real name of the
Certificate
user
Request
Etc.
ID
Public Key
11
PKI: Certificate Issuance
Certificate
The CA then signs Request
the certificate
request and issues a Public Key
Rajkumar Buyya
111, Barry Street State of Name
Victoria
Carlton Seal Issuer
BD 01-04-1971 Public Key
Male 165cms, 65Kg Signature
B&W Eyes 12
Mutual Authentication (between A
and B)
A and B are two parties: Both need to trust each
others’ CA.
A B (A establishes connection to B and gives his
certificate (name,pub. Key) to B).
B makes sure that it can trust CA of A.
B generates random message A and asks it encrypt
it.
A encrypts it and send to B
B decrypts using A’s public key. If the msg. is same as
what B has sent, then A is who it is claiming to be.
13
Example: Secure Remote
Startup in Globus
1. Exchange certificates, jobmanager
authenticate, delegate
2. Check gridmap file 4.
3. Lookup service
4. Run service program map services
(e.g. jobmanager) 2. 3. cert
cert
1.
key
key client gatekeeper
14
Data Services
15
Data Services
16
Data Services - GridFTP
Basic tool provided with Globus Toolkit
globus-url-copy [-tcp-bs TCPBufSizeBytes] [-p
parallelism] sourceURL destURL
URL format = protocol://[host]:[port]/path
Supported protocols
gsiftp://, file://(on a local machine only), ftp://,
http://, https://
It is legal to specify a user name and
password in the the URL as follows
gsiftp://myname:
[mypassword]@myhost.mydomain.com/file.dat
17
Data Services - GridFTP
18
Data Services - Reliable File
Transfer (RFT)
Manages a set of third-party GridFTP
transfers
Uses a database to checkpoint transfer
state
Recovers from
Source/destination server failures
Network failures
Container failures
Transfers retried with exponential backoff
Resumes transfers where they left off
19
Execution Management
Services
20
What is GRAM?
Grid resource access & job execution
services:
Handles placement, provisioning and lifetime
management of jobs
GRAM is a unifying remote interface for
remote job submission and resource
management
GRAM is for stateful job control
Reliable operation
Asynchronous monitoring and control
21
Grid Job Management Goals
Provide a service to securely:
Create an environment for a job
22
Secure Submission Model
Secure submit protocol
PKI authentication
Authorization and mapping
Based on Grid ID
Further authorization by scheduler
Based on local user ID
Secure control/cancel
Also PKI authenticated
Owner has rights to his jobs and not others’
23
Job Submission Monitoring
Monitor job lifecycle
GRAM and scheduler states for job
StageIn, Pending, Active, Suspended,
StageOut, Cleanup, Done, Failed
Multiple monitoring methods
Synchronously query for current state
Asynchronous notifications to client
24
Pre-WS GRAM (GT2) Command
Line Tools
Pre-WS GRAM (GT2) Command Line Tools
Interactive job submission
globus-job-run host:port/jobmanager-pbs
command
Batch job submission
globus-job-submit command
Checking job status when done output
globus-job-status jobID
globus-job-output –out|err jobID
Kill a job
globus-job-cancel jobID
25
Grid Information Service
26
The Need for Information
27
Using Information for
Resource Brokering
“10 GFlops, EOS data, Info service:
20 Mb/sec -- for 20 mins” location + selection
Metacomputing
Resource “What computers?” Directory
Broker “What speed?” Service
“20 Mb/sec” “When available?”
GRAM
Globus Resource
Allocation Managers “50 processors + storage
from 10:20 to 10:40 pm”
29
What we have learned
Globus
Four major services
Security Service
GSI
Data Service
GridFTP
Reliable File Transfer
Execution Management Service
GRAM(Grid Resource Allocation and Management )
Information Service
MDS (Monitoring and Discovery Service)
Basic command line tools to use GT-4
30
Problems with Globus
31
Good Luck in looking-for useful commands,
services and guide in:
http://www.globus.org/toolkit/docs/
32