Date post: | 27-Mar-2015 |
Category: |
Documents |
Upload: | avery-maclean |
View: | 218 times |
Download: | 2 times |
Thailand National Grid Project
Putchong Uthayopas1 and Vara Varavithya2
1 DirectorHigh Performance Computing and Networking Center
Kasetsart University, Bangkok, [email protected]
2 Department of Electrical Engineering
Faculty of EngineeringKing Mongkut’s Institute of Technology North Bangkok
TNGP, APAN2005@BKK 2
Thai Grid Current Status
Currently in OperationDelivered Grid Monitoring and
Management Tools to CommunitiesGovernment Approve approx. 6M US$
funding the project for 3 yearsSupports
CertificationTechnical
Grid Technology Promotions
TNGP, APAN2005@BKK 3
AgendaThailand National Grid ProjectThaiGrid Status UpdateCurrent Development in ThaiGrid
TNGP, APAN2005@BKK 4
TNGP ObjectivesPromote the use of Grid TechnologiesExcellence in Grid TechnologyHuman Resource DevelopmentProvide Grid Infrastructure
Computing InfrastructureCommunication Structure
Help Establishing Standard and PracticesHouse the ThaiGrid Office
TNGP, APAN2005@BKK 5
National Grid Committee
Business
StructureMinistry of ICT
Grid TechnologyExcellence Center
SIPA
ResearchInstitutions
Grid Users
Gov.Agencies
Com Sci. Eng. People
AcademicInstitutions
Researchers
TNGP, APAN2005@BKK 6
Computing InfrastructureTera Flops
Machine
SatelliteClusters
32-proc.Machine
SatelliteClusters
32-proc.Machine
SatelliteClusters
32-proc.Machine
SatelliteClusters
32-proc.Machine
16 Satellite Sites
High Speed Network
TNGP, APAN2005@BKK 7
Participated Organizations
KU, CU, KMITNB, KMUTT, KMITL, Mahidol, KKU, SUT, WU, AIT
Weather Forecast ServicesNECTEC
TNGP, APAN2005@BKK 8
Human ResourceHousing Dozen of Grid Engineers
and Scientists at the excellence center
Systematically trains Grid Admins via series of tutorials and workshopsTarget 2,000 in three years
TNGP, APAN2005@BKK 9
ApplicationsHealth Care Data Grid High Performance Computing
ApplicationsDrug DesignCFDFEMEvolutionary Computing
Financial Application
Based on Participated Inst.
Expertise
TNGP, APAN2005@BKK 10
Targeted OutcomesRobust Grid Enable High Performance
Computing InfrastructureA set, 3-4, of Grid Applications Show
CasesSocial impact to Thai’s well beingSupports sciences and technology
2,000 HR DevelopmentGrid Technology Promotion
TNGP, APAN2005@BKK 11
ThaiGrid Project Found Jan 2002
Build up a long term research partnership to explore The construction of Grid testbed and production
environment The building of Grid tools and middleware. The deployment of grid technology to support the mission
of scientific discovery The development of Grid application
TNGP, APAN2005@BKK 12
ThaiGrid Overall Status
10 Clusters total AMATA – KU GASS – KU MAEKA – KU WARINE – KU CAMETA – SUT OPTIMA - AIT ENQUEUE – KMITNB PALM – KMITNB SPIRIT – CU INCA - KMUTT
110 Hosts (From SCMS)
158 CPUs (From SCMS)
TNGP, APAN2005@BKK 13
ThaiGrid Status Map
TNGP, APAN2005@BKK 14
SoftwareROCKS-3.2.0 (Shasta) with
HPC RollGrid RollSCE RollScheduler Roll
Globus Toolkits 2.4SCMSWeb Monitoring ToolShared Certificate Authority
TNGP, APAN2005@BKK 15
ThaiGrid ToolsTGCheckPort – Checking the
firewall between sites
TGregister – Grid user management and automatically updated grid-mapfile system
TNGP, APAN2005@BKK 16
TGregister
TNGP, APAN2005@BKK 17
ApplicationDrug Design
ThaiGrid Drug Design PortalHIV Drug DesignAvian Flu Drug Design
TNGP, APAN2005@BKK 18
Drug Design
TNGP, APAN2005@BKK 19
Proxy Certificate
Delegation
X.509SSL
Multi-Level User Implementation on X.509
ThaiGrid User Services
Two core concepts:
• X.509 digital certificates used as identity credentials
• Proxy Certificate used to delegate identity temporarily to other credentials
Grid Security : Security VO manage• Management of VO - Discover VO by Grid participants - Authentication and authorization of participants to join VO - Access control: Participants access shared resources in VO
• The problem of VO security - Large number of distributed resources - Dynamic and complex relationships among organizations across trust domains - Resource utilization scenarios are complex and changing dynamically
•Large and dynamic population•Different accounts at different sites •Personal and confidential data•Heterogeneous privileges (roles)•Desire Single Sign-On
UsersUsers
SitesSites• Heterogeneous Resources• Access Patterns • Local policies• Membership
• Group data • Access Patterns • Membership
GroupsGroups
Grid Security: VO’s Role
GridGrid
Grid Security : Authorization management• Community Authorization Service
user
CA
CAS Server
Mutual authentication and access resource
Request proxyto CAS server
Reply restriced proxy to user
Delegation restriced proxy from CAS
CAS concept:• Reduce trust relationship by - Group user to community - Resource authorized community - Community authorized user - Constrain in proxy certificate
• But CAS cannot support authorization in small communities in VO and support only GridFTP
Grid Security: Small Communities in VO
Component of small communities in VO Static users for assign authoritative Temporarily users accept authoritative from static users Users operation same jobs in small communities in VO Multi-level authoritative from user to user
Requirement of small communities in VOMechanism for direct assign authoritative
multi-level user management
Authoritativecredentials
High-leveluser
Low-leveluser
Proxy generatorwith privilege authoritative
Authoritative privilege
generator
Gatekeeper
Check permitfor authorization
Grid mapfile
Run jobsCannot run jobs
GRID RESOURCEGRID RESOURCE
Multi-Level assign authoritative architecture
Generate assign authoritative
Request proxy with privilege authoritative
allow deny
Authentication & authorization with proxy privilege authoritative
Multi-Level assign authoritative Concept
• Use Attribute Certificate concept for assign privilege authoritative
• Embed Attribute Certificate into X.509 Certificate
Subject:Subject:O=Grid, O=ThaiGrid, O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriyaOU=ee.kmitnb.ac.th, CN=suriyaIssuer: C=TH, O=Grid, O=ThaiGrid, Issuer: C=TH, O=Grid, O=ThaiGrid, CN=ThaiGrid CACN=ThaiGrid CAExpiration date: AugExpiration date: Aug 22 08:08:14 2005 22 08:08:14 2005 GMTSerial number: 625 (0x271)GMTSerial number: 625 (0x271)
CA Digital signatureCA Digital signature
Attribute CertificateAttribute Certificate::Issuer : Issuer : O=Grid, O=ThaiGrid, O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriyaOU=ee.kmitnb.ac.th, CN=suriyaHolder : O=Grid, O=ThaiGrid, Holder : O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=gridstaffOU=ee.kmitnb.ac.th, CN=gridstaffValidity date : JanValidity date : Jan 22 08:08:14 2005 GMTSerial 22 08:08:14 2005 GMTSerialextension : sun.ee.kmitnb.ac.th/allowextension : sun.ee.kmitnb.ac.th/allowIssuer Signature : MD5RSAEncryptionIssuer Signature : MD5RSAEncryption
Public KeyPublic Key
Concept :
Transfer multi-level assign authoritative
Attribute Certificate:Attribute Certificate:Issuer : user AIssuer : user AHolder : user B,C,..XHolder : user B,C,..XPrivilege :host/allow/denyPrivilege :host/allow/denyValidity : 20050128:18:45Validity : 20050128:18:45Signature: user ASignature: user A
Proxy Certificate with ACProxy Certificate with ACIdentity : user BIdentity : user B
Public Key : user BPublic Key : user BValidity : 20050128:18:45Validity : 20050128:18:45Signature: CASignature: CA
Assign authoritative from user AAssign authoritative from user A
User B proxy-init with AC
User B
CA
User X
Resource
User A
User A is authoritative
privilege
User B can access
Step access same user B
Assign authoritative Assign authoritative to user B to user Xto user B to user X
•
•
Current Development
Build tool support multi-level assign authoritative user management for small communities in VO
Modify Proxy Certificate by embedded
Attribute Certificate for access rights
TNGP, APAN2005@BKK 29
ConclusionThe Start of Thailand National Grid
ProjectThaiGrid Operation has been in
operation and strong.Several applications, middleware
developmentLots more to come in human resource
development to foster grid efforts