Grid Tech Team Certificates, Monitoring, & Firewall September 15, 2003 Chiang Mai, Thailand Allan Doyle, NASA With the help of the entire Grid Tech Team.

Grid Tech TeamGrid Tech TeamCertificates, Monitoring, & Certificates, Monitoring, &

FirewallFirewall

September 15, 2003September 15, 2003

Chiang Mai, ThailandChiang Mai, ThailandAllan Doyle, NASAAllan Doyle, NASA

With the help of the entire Grid Tech TeamWith the help of the entire Grid Tech Team

September 15, 2003

Grid Tech Team 2

CertificatesCertificates

September 15, 2003

Grid Tech Team 3

Virtual Organization Virtual Organization DefinitionDefinition

• Grid Virtual Organization (VO)– Set of resources (computers, storage

systems)– Distributed among participating

organizations– Available for use by a group of users– Is defined by the grouping of resources plus

the grouping of individuals, brought together for a common purpose under mutually acceptable governing rules.

September 15, 2003

Grid Tech Team 4

Organizations, Resources, Users, Organizations, Resources, Users, and Virtual Organizationsand Virtual Organizations

S

C

Storage Resource

Compute Resource

SS

SSC

CC C

C

CC

C C

CC

SS

SS

SS

OrgA OrgB OrgC

VOX

VOY

U2U1

September 15, 2003

Grid Tech Team 5

Creating a VOCreating a VO

• Hosts and users must obtain certificates• Users are then granted access to hosts

(by the owners of the hosts).• The set of users coupled with the set of

hosts they are allowed onto is what “defines” the VO

S

C Storage Resource

Compute Resource

SS

SS

CC

C CC

CC

C C

CC

SS

SS

SS

OA OB OC

VOX

VOY

U2U1

September 15, 2003

Grid Tech Team 6

CEOS GridCEOS Grid

QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.

USGS EDCUSGS EDC

NOAA NOMADSNOAA NOMADSUAHUAH

GMUGMUESA ESRINESA ESRIN

Test-SGTTest-SGT

Test-IITest-IINASA ADGNASA ADG

CNESCNES

CoCololorsrsBlue - CEOS CertificatesBlue - CEOS CertificatesGreen - DataGrid CertificatesGreen - DataGrid CertificatesBlack - TBDBlack - TBD

CoCololorsrsBlue - CEOS CertificatesBlue - CEOS CertificatesGreen - DataGrid CertificatesGreen - DataGrid CertificatesBlack - TBDBlack - TBD

September 15, 2003

Grid Tech Team 7

CEOS Grid - CAsCEOS Grid - CAs

• CEOS Grid Users will not all have the same CA

• We want to limit the number of CAs to the smallest possible set.– Makes management easier– Makes policy decisions easier

• European users already have a high-quality operational CA

• US Users are encouraged to obtain certificates from NASA IPG

September 15, 2003

Grid Tech Team 8

CEOS Certificates from CEOS Certificates from NASA IPGNASA IPG

• NASA Information Power Grid (IPG) already runs a high-quality CA that is accepted by most VOs.

• NASA IPG is providing CA resources for the CEOS Grid.

• Current status– Certificate request software has been delivered &

tested.– Operating well at 2 test sites (II, SGT) and at GMU.– Others are encouraged to try it out.

• Availabilityhttp://grid-tech.ceos.org/gridwiki/CeosGridVirtualOrganizationUsername ceos-grid, password grid-tech– Small tar file & quick installation instructions

September 15, 2003

Grid Tech Team 9

MonitoringMonitoring

September 15, 2003

Grid Tech Team 10

Network MonitoringNetwork Monitoring

September 15, 2003

Grid Tech Team 11

Grid Tools MonitoringGrid Tools Monitoring

September 15, 2003

Grid Tech Team 12

FirewallFirewall

September 15, 2003

Grid Tech Team 13

General Firewall IssuesGeneral Firewall Issues

• Using the Grid means that you have to make new services accessible to the internet– System administrators and security people will be

uncomfortable with this– Some sites have different policies, some are set up

to allow experimentation outside the firewall

• What you can do1. Familiarity - install & test on a machine outside the

firewall, learn about the Grid2. Provide information about security issues to people

who need it3. Develop a relationship with the people you depend

on for access

September 15, 2003

Grid Tech Team 14

FirewallFirewall

• Tech Team has put together a firewall document

http://grid-tech.ceos.org/gridwiki/FirewallBestCommonPractices

• Contents– Introductory material

• CEOS Grid overview; Quick primer on Grids; Globus port numbers

– Site specific sections• Meant to be filled in by each site with anything you learned that

might help someone else

– Product specific info• Currently only one - Cisco instructions

– Miscellaneous• Open Questions; References; To Do

September 15, 2003

Grid Tech Team 15

CEOS Grid ToolkitCEOS Grid Toolkit

September 15, 2003

Grid Tech Team 16

CEOS Grid ComponentsCEOS Grid Components

• Baseline (Core)– Globus 2.4.2 with latest bug-fix packages - see advisories

page at:• http://www-unix.globus.org/toolkit/advisories.html?version=2.4

– Grid Packaging Toolkit (GPT) 2.2.9– IPG Certificate Authority Package 0.0.3

– EU Data Grid 2.0 (being used by ESA)• Globus 2.4

• Other Dependent Packages– Java Community Grid Kit (Java CoG) 1.1– Other COG’s (Perl/Python)

September 15, 2003

Grid Tech Team 17

Globus 2.4.2 Advisories*Globus 2.4.2 Advisories*

• GridFTP Server 1.9• Gram Job Manager 3.13• Gram Client Tools 3.6• GSI Sysconfig 0.10• Globus Common 3.14• LDAP Modules 0.12• GSI Credential 0.9• GSI Cert. Utils 0.12• GSI Proxy Core 0.8• GSI Proxy Utils 0.9• FTP Control 1.9

*As of 8/11/2003

September 15, 2003

Grid Tech Team 18

Grid Components we’re Grid Components we’re TrackingTracking

• Globus 3.0• Metadata Catalog Service (MCS) (Current

version as of 8/11/03)– Open Grid Services Architecture – Data Access &

Integration• (OGSA DAI 2.5 - http://www.ogsadai.org.uk/)

– Community Authorization Service (CAS) Alpha R2 Release

• OGSA DAI 3.0 – Ported version of MCS – planned

• MCS with Spatial Query capabilities – planned• Storage Resource Broker/Metadata Catalog

(SRB/MCAT) V. 2.1.2– Globus Grid Security Infrastructure (GSI)

September 15, 2003

Grid Tech Team 19

CEOS Grid ToolkitCEOS Grid Toolkit

• WGISS participants are developing higher-level tools & components

• GMU– OGC WCS with GridFTP back end– OGC WCS with Grid front end– OGC Catalog wrapper on Grid MCS– Reprojection service, 13 NASA EOS projections

• ESA– Grid Engine - multi-Grid job management– Web Notification - Grid-to-Web events– Grid Portal - Web control of Grid applications– Reprojection Service

September 15, 2003

Grid Tech Team 20

CEOS Grid Toolkit CatalogCEOS Grid Toolkit Catalog

• We need to put some thought into how we want to describe the components.

• Possible metadata elements (thanks to Stu

Doescher):–short name–long name–summary description–pointer to additional discussion–latest version and date–maturity - new, obsolete–other parts needed–recommendations

–Contact points•supported and by who•used by

–Technical parts•Language•how to install•problems

September 15, 2003

Grid Tech Team 21