Fraunhofer-Institute for Algorithms and Scientific Computing SCAI Licence Management in Grid - A result from the BEinGRID Project
Mar 27, 2015
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Licence Management in Grid- A result from the BEinGRID Project
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
BEinGRID
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
License Management BEinGRID
License management in BEinGRID Use-case and requirements analysis.
Design patterns and component descriptions.
License management architecture for Grids.
Requirements Flexible –must be usable in different scenarios
Generic –
Support for every middleware
Needs to support all currently existing client server license management mechanisms.
Local use (Cluster, workstation)
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
LM - Current Situation
Commercial applications in the industry are commonly used together with a fixed client server licence management system.
The authorization of currently used client-server based
license mechanisms relies on an IP-centric scheme. Any user of a shared (Grid) resources may access the
exposed license server.
Secure and authorized access to a local or remote license server in grid environments has not been possible so far.
The use of commercial ISV applications in grid environments therefore was not possible either.
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Use case
Organisation BSYS
owns a certain number of licenses for an ISV Code,
runs a corresponding FlexNet License Server
wants to use these licenses for calculations at a grid resource provider.
BSYS requires cost-unit accounting
The resource provider might not be known at job submission time.
In order to perform the calculation with the ISV Code, organization BSYS would have to open its firewall and allow any potential remote grid site to access its license server.
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Goals
Grid-friendly license management
Accepted by ISVs
Compatible with different grid middlewares
Adjustment of existing client-server license management systems to the grid:
Allows the usage of existing solutions in the grid, e.g. Flexnet
Idea: PIN/TAN concept
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
PIN/TAN Concept
Similar to Online-Banking a user that wants to submit jobs to the grid receives:
a list of one time passwords (TANs)
a license account (PIN)
When a user submits a job, he provides these as additional parameters.
Validation of PIN/TAN is done on the provider site.
If the validation was successful the user can access the licenses via a license proxy.
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Solution
Solution Authorize the upstream proxy access with one-time
passwords in order to provide a generic secure solution for hostile environments.
Transparently reroute the proprietary encrypted socket-based communication between application and license server via a SOCKS proxy-chain.
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
License Management Architecture
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Capabilities
Provider: Detailed accounting and billing through license
accounts.
Customer: License accounting web service.
Self-imposed budget-control.
Web service for handling of the one-time passwords (generation of tan lists, license accounts and their properties)
ISV: No need to modify their software.
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
GUI
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Server components
Grid Middleware
Socks5 proxy: tsocks
Tan management: via pam_sotp
Accounting records: mySQL Database
Webserver: Tomcat + Axis2
Client server license management, i.e. FlexNet
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Conclusion and outlook
We have designed and implemented a novel license management architecture which supports the entire class of client-server based license mechanisms in grid environments.
This support is a pre-requisite for the use of commercial ISV applications in grid environments.
The solution will hence substantially enlarge the grid market size in the area of on-demand computing by industry.
The license management architecture supports the required non-interruptive transition towards a pay-per-use business model for licenses.
Fraunhofer-Institute for Algorithms and Scientific Computing SCAI
Conclusion and outlook
Availability
Can be downloaded in the next view weeks from www.gridipedia.eu
Exploitation
Requests from T-Systems Spain (Automotive), HWW, German Institute for Reactor Safety (GRS) , German Aerospace Research (DLR)