Globus Toolkit: Basics,

Components, and Services

Source: The Globus Project

Argonne National Laboratory &
University of Southern California
http:/www.globus.org

Compiled/Compacted for 433-678:

R. Buyya and S. Venugopal
1
 Agenda
 The evolution of Globus
 Security Services
 GSI (Grid Security Infrastructure)
 Data Services
 GridFTP
 RFT (Reliable File Transfer)
 Execution Management Services
 GRAM(Grid Resource Allocation and Management)
 Information Services
 MDS (Monitoring and Discovery System)
 Summary/Conclusion

2
 The Globus Project
 Basic research in grid-related technologies
 Resource & data management, security, QoS, policy, communication,
adaptation, etc.
 Development of Globus Toolkit
 Core services for grid-enabled tools & apps
 Construction of production grids & testbeds
 Multiple deployments to distributed organizations for production &
prototyping
 Impacts
 The Southern California Earthquake Center uses Globus

software to visualize earthquake simulation data.

 Scientists in the Earth System Grid (ESG) are producing, archiving,
and providing access to climate data that advances our
understanding of global climate change.
 Find more on http://www-unix.globus.org/alliance/impact/

3
 Grid and Web Services:
Convergence

Grid GT1
GT2
OGS
I
Started
far Have been
apart in converging WSRF
apps &
tech L2
WSD
L,
WSD
Web WS-*
HT T P
The definition of WSRF(Web Services Resource
Framework) means that Grid and Web communities
can move forward on a common base
Ack: Prof. Ian Foster, Globus Project
 Open Grid Services Architecture

Domain-Specific Services

Program
Standardization

Execution Data Services

Core Services

OpenWS-Resource
Grid ServicesFramework
Infrastructure

Web Services Messaging, Security, Etc.

Ack: Prof. Ian Foster, Globus Project

Globus Toolkit 4

6
Globus Toolkit Components

Applications

Third Party User

Level
- Middleware

Globus

Grid Data
Grid Resource Grid Information
Management
Management Services
(GridFTP, Replica
(GRAM,
(GRAM)
GASS) (MDS)
Catalog)

GSI Security Layer

Grid Resources and Local Services

7
 Security Services

Review of Security Services

8
Grid Security Infrastructure (GSI)

 Based on
 Public key cryptography
 X.509 certificate
 Certificate/Proxy - Single Sign-on
 Gives information about the proxy
 $ grid-proxy-info
 Create proxy at /tmp/x509up_u<USER ID>
 Destroy proxy certificate

$ grid-proxy-destroy

9
PKI: Creating Private & Public Keys

 To request a
certificate a user USER
starts by generating a
key pair.
 The private key is
stored encrypted with
a pass phrase the user
gives
 The public key is put
Encrypted Certificate
into a certificate On local Request
request disk
Public Key
10
 PKI: Certificate Issuance
 The user then takes the
certificate to the CA
 The CA usually includes
a Registration Authority
(RA) which verifies the
request:
 The name is unique with
respect to the CA
 It is the real name of the
Certificate
user
Request
 Etc.
ID
Public Key

11
 PKI: Certificate Issuance
Certificate
 The CA then signs Request
the certificate
request and issues a Public Key

certificate for the

user.
Sign

Rajkumar Buyya
111, Barry Street State of Name
Victoria
Carlton Seal Issuer
BD 01-04-1971  Public Key
Male 165cms, 65Kg Signature
B&W Eyes 12
Mutual Authentication (between A
and B)
 A and B are two parties: Both need to trust each
others’ CA.
 A  B (A establishes connection to B and gives his
certificate (name,pub. Key) to B).
 B makes sure that it can trust CA of A.
 B generates random message A and asks it encrypt
it.
 A encrypts it and send to B
 B decrypts using A’s public key. If the msg. is same as
what B has sent, then A is who it is claiming to be.

13
 Example: Secure Remote
Startup in Globus
1. Exchange certificates, jobmanager
authenticate, delegate
2. Check gridmap file 4.
3. Lookup service
4. Run service program map services
(e.g. jobmanager) 2. 3. cert
cert
1.
key
key client gatekeeper

14
 Data Services

Overview of Data Services

15
 Data Services

 Handle movement, access, replication

and updates of data
 Example services in Globus Toolkit
 GridFTP
 Reliable File Transfer (RFT)

16
 Data Services - GridFTP
 Basic tool provided with Globus Toolkit
 globus-url-copy [-tcp-bs TCPBufSizeBytes] [-p
parallelism] sourceURL destURL
 URL format = protocol://[host]:[port]/path
 Supported protocols
 gsiftp://, file://(on a local machine only), ftp://,
http://, https://
 It is legal to specify a user name and
password in the the URL as follows
 gsiftp://myname:
[mypassword]@myhost.mydomain.com/file.dat

17
 Data Services - GridFTP

 local -> local

 $ globus-url-copy gsiftp://localhost/etc/hosts
file:///tmp/hosts_copy
 remote -> local
 $ globus-url-copy gsiftp://ng2.vpac.org/etc/hosts
file:///tmp/hosts_copy
 local -> remote
 $ globus-url-copy file:///tmp/hosts_copy
gsiftp://ng2.vpac.org/tmp

18
 Data Services - Reliable File
Transfer (RFT)
 Manages a set of third-party GridFTP
transfers
 Uses a database to checkpoint transfer
state
 Recovers from
 Source/destination server failures
 Network failures
 Container failures
 Transfers retried with exponential backoff
 Resumes transfers where they left off

19
 Execution Management
Services

Grid Resource Allocation and

Management (GRAM)

20
 What is GRAM?
 Grid resource access & job execution
services:
 Handles placement, provisioning and lifetime
management of jobs
 GRAM is a unifying remote interface for
remote job submission and resource
management
 GRAM is for stateful job control
 Reliable operation
 Asynchronous monitoring and control
21
 Grid Job Management Goals
Provide a service to securely:
 Create an environment for a job

 Stage files to/from environment

 Cause execution of jobs

 Monitor execution of jobs

 Signal important state changes to client

 Enable client access to output files

22
 Secure Submission Model
 Secure submit protocol
 PKI authentication
 Authorization and mapping
 Based on Grid ID
 Further authorization by scheduler
 Based on local user ID
 Secure control/cancel
 Also PKI authenticated
 Owner has rights to his jobs and not others’

23
 Job Submission Monitoring
 Monitor job lifecycle
 GRAM and scheduler states for job
 StageIn, Pending, Active, Suspended,
StageOut, Cleanup, Done, Failed
 Multiple monitoring methods
 Synchronously query for current state
 Asynchronous notifications to client

24
 Pre-WS GRAM (GT2) Command
Line Tools
 Pre-WS GRAM (GT2) Command Line Tools
 Interactive job submission
 globus-job-run host:port/jobmanager-pbs
command
 Batch job submission
 globus-job-submit command
 Checking job status when done output
 globus-job-status jobID
 globus-job-output –out|err jobID
 Kill a job
 globus-job-cancel jobID

25
Grid Information Service

MDS (Monitoring and Discovery

Service)

26
 The Need for Information

 System information is critical to operation of

the grid and construction of applications
 How does an application determine what resources
are available?
 What is the “state” of the computational grid?
 How can we optimize an application based on
configuration of the underlying system?
 We need a general information infrastructure
to answer these questions

27
 Using Information for
Resource Brokering
“10 GFlops, EOS data, Info service:
20 Mb/sec -- for 20 mins” location + selection
Metacomputing
Resource “What computers?” Directory
Broker “What speed?” Service
“20 Mb/sec” “When available?”

GRAM
Globus Resource
Allocation Managers “50 processors + storage
from 10:20 to 10:40 pm”

GRAM GRAM GRAM

Fork
LSF
EASYLL
Condor
etc. 28
Examples of Useful Information

 Characteristics of a compute resource

 IP address, software available, system
administrator, networks connected to, OS
version, load
 Characteristics of a network
 Bandwidth and latency, protocols, logical topology
 Characteristics of the Globus infrastructure
 Hosts, resource managers(PBS, Condor etc)

29
 What we have learned
 Globus
 Four major services

Security Service
 GSI

Data Service
 GridFTP
 Reliable File Transfer

Execution Management Service

GRAM(Grid Resource Allocation and Management )
 Information Service
 MDS (Monitoring and Discovery Service)
 Basic command line tools to use GT-4

30
 Problems with Globus

 Very complex system, need a strong

administration skills to install/maintain
 The biggest trouble maker as far as I
know is
 To maintain all the certificates
 Deep learning curve for developers who
need to work with APIs
 Lack of comprehensive documentation

31
Good Luck in looking-for useful commands,
services and guide in:

http://www.globus.org/toolkit/docs/

32