- Количество слайдов: 30
COllaborative VIrtual TEams (COVITE) Project J. S. Pahwa, P. Burnap, L. Joita, W. A. Gray, O. F. Rana, John Miles Partners: Cardiff University Active. Plan Solutions Ltd
Overview • Project Concept • The Product Supplier Catalogue Database (PSCD) Application • Security Management • Collaboration • Data Definition • Data Search • Conclusions and further work
Project Concept • AEC (Architecture/ Engineering/ Construction) industry projects involve many individuals and companies forming a consortium for the duration of a project • Consortia members are geographically dispersed • Product/Service Manufacturers and Suppliers databases (if existent!) are heterogeneous • Product/Service Manufacturers’ product information is plentiful and the majority is unstructured and unreachable
The PSCD application – Grid-enabled data management tool that provides the data structure for storing and retrieving information across a number of product suppliers’ databases.
Collaborative Support Consideration Collaboration occurs between: • Product Suppliers and Contractors for procurement of supplies • Product Specification Designers for defining and building industry standards to describe available products • Members of the Consortium working on a particular construction project which require information on the products
The PSCD Specification Designers Product Class Supplier Databases Specification creation and management keep Suppliers up to date . NET Web Services PCD Master Data Security Service Multiple Database Search Service (MDSS) Cluster of GRID computers Master Grid Service (MGS) PSCD Application Poll and connect to relevant databases at runtime Users/User Groups COVITE GRID Services . NET Web Services Supplier Databases managed by suppliers Cardiff University activeplan
The PSCD • Software tools used: Ø Apache Tomcat web server, Axis, Ant Ø Microsoft IIS web server Ø GT 3. 0. 2 core Ø Servlet, ASP, JSP, VBScript, C# • Resources used on the server side: Ø 2 computers in Welsh e. Science, in the Grid network (bouscat, agents-comsc) Ø 6 computers in the local network
Grid Security Infrastructure (GSI) • GSI uses the Public Key Infrastructure (PKI), X. 509 certificates and Secure Socket Layer (SSL) • X. 509 certificates provide users with a unique global identification • Authorization to access a resource is controlled by a mapping between the user’s distinguished name and a local Unix/Linux ID via a grid-mapfile
Grid Security Infrastructure (GSI) • X. 509 Certificate: subject : C=UK, O=e. Science, OU=Cardiff, L=We. SC, CN=liviu joita issuer : C=UK, O=e. Science, OU=Authority, CN=CA, E=ca-operator@grid-support. ac. uk start date : Tue Nov 12 15: 33: 51 GMT 2002 end date : Wed Nov 12 15: 33: 51 GMT 2003 • Distinguished Name: CN=liviu joita, L=We. SC, OU=Cardiff, O=e. Science, C=UK • Main advantages of using GSI: Ø Single sign-on Ø Users do not have username/passwords, instead they have public/private key pairs and identity certificates
Security Architecture 1. PSCD Application 3 IIS Application Server Tomcat Authentication Server 2 2. 3. Firewall 4 1 Submit user proxy certificate 4. First, a user has to have a valid proxy certificate. The user submits his proxy certificate, the VO who belongs to and his role within the VO to the Tomcat Authentication Server (AS) via a web interface using JSP - servlet interface. Tomcat AS authenticates the certificate and obtains the local user name for the PSCD application from the grid-mapfile. Tomcat AS passes the local user name, the user role and the VO to the IIS server that runs the PSCD system (which is a. NET web application environment). IIS then matches the username, the role and the VO to its local DB and creates a session for that user. User preferences are applied to the ‘index’ page of the PSCD system and the user is presented with the home page of the application. Client Side Web Browser The PSCD Authentication Architecture using a valid proxy certificate
Security Architecture PSCD Application 1. First, a user has to have a valid proxy certificate on the My. Proxy Server machine. 2. The user submits his username/password pair credentials, the VO who belongs to My. Proxy and his role within the VO to the Tomcat Server 3 Authentication Server (AS) via a web 4 interface using JSP - servlet interface. IIS 3. Tomcat AS uses the username/password 5 Application Tomcat pair to authenticate and authorize the user Server Authentication Server against his proxy certificate from My. Proxy server 4. Tomcat AS authenticates the proxy certificate uploaded from My. Proxy server Firewall and obtains the local username for the 2 6 PSCD application from the Grid-map file. 5. Tomcat AS passes the local user name the user role and the VO to the IIS server that runs the PSCD system (which is a. NET 1 web application environment). IIS then Submit username/ matches the user name to its local DB and password creates a session for that user. 6. User preferences are applied to the ‘index’ page of the PSCD system and the user is Client Side Web Browser presented with the home page of the application. The PSCD Authentication Architecture using username/password credentials
The Product Class • A standard product definition for providing product information. • Acts as a template and provides meta information for creating actual product information. • Is made up of a number of specifications conforming to different specification types. • Can be used by Product Suppliers for population of product information in their databases.
The Product Class Database • A tool for creating Product Classes and Product Class Specifications. • Enables Product Class versioning. • Releases Product Class for subscription by Product Suppliers. • Provides meta information for building product search criteria.
The Product Class and its various specification types Product Class Specification Value Table Specification List of Column Specifications where each column specification has list of values relative to other column specification values. List Specification Group Specification Value Table Spec List Specification … Sub-Specification Group Product Class Specification Sub Product Class Specification
Product Class Versioning • New products emerge • Existing products evolve and are assigned more attributes • New versions created and assigned • Product suppliers notified • New classes downloaded
Product Class Subscription Transport Layer Product Catalogue Database Table Product Supplier Database
Product Class Category Product Category Hierarchy Specification Product Class Version Product Class Definition List Version Specification Group Version List Specification Group List Definition Specification Group Definition Table Version Table Specification Sub Product Class Version Sub Product Class Table Definition Product Class Database Structure Sub Product Class Definition
Data Search • Information held by large number of data sources in a Wide Area Network. • Access to such information held by large number of organisations. • Information processing with aid of independent mechanisms, and • Sharing of information with those who need it.
Objectives • Searching autonomously managed data sources external to the Grid Environment. • Processing, analysing and sharing information in real time. • Collaborative working. • Collation of searched datasets. • Optimisation of data access operations. • Web Services support throughout. • Use of single proxy.
The Approach • Does a data source really need to be “Grid Enabled” to provide data access support to the Grid Environment? - may be not. • Instead, why not just Grid enable the data access process? - grid enabled data sources and grid enabled data access are two different things.
The MDSS • A virtual distributed database search model. • A database centric Grid service for accessing and processing information from large number of data sources. • Searches supplier data sources based on a search criteria. • Enables a channel for product suppliers for advertising products to a large user base. • Built using Globus Toolkit 3. 0. 2 (Core).
The Search • What to search? - a search criteria submitted by the user. • Where to search? - data sources that match user’s request. • What are the available resources to propagate the search? - the available Database Search Services in the MDSS
Search Criteria Where to Search?
MDSS Architecture Two major components: • Master Grid Service: identify resources available, register new resources, job allocation, data parsing and data aggregation. • Database Search Service: data search, data aggregation, data parsing, collaborative working.
Single user VO Grid Engine Metadata Product Classes Active Plan (Search Criteria Specified here) * Metadata Query Master Grid Service *Job Allocation Grid Service * Collation of datasets (based on the OGSA Model) Grid DB Search Service Apache Axis Soap Server <
Job Execution Database Search Service Grid Service Manager GSH Document Parser Master Grid Service Supplier Document Parser Data Aggregation Xml Converter OGSA Container Master Grid Service Modules
MDSS Design Features • Ability to register new data sources. • Ability to enhance MDSS capability by adding more machines in the Grid cluster. • Supplier databases free of Grid Complexities. • Ability to identify data sources to be searched in real time. • Distribute search equally among available GSHs. • New instance of Database Search Service for each operation.
Conclusions & Further Work • Product Class creation, versioning, subscription and search. • Peer Review System. • Multiple instances of Master Grid Services. • Data Streaming. • Data Caching. • Memory Resident databases.
Demonstration Please visit Welsh e-Science booth for the demonstration of the grid enabled PSCD Application between 1300 -1400 today.