EGI-In. SPIRE EGI interoperability with OSG Peter Solagna – EGI. eu OSG All Hands meeting 2013 -0311 3/16/2018 EGI-In. SPIRE RI-261323 V 1. 5 1 www. egi. eu
European Grid Infrastructure • ~350 sites • 35 partners • 58 countries, including integrated • 1 coordination body: EGI. eu 30/05/2012 EGI-In. SPIRE RI-261323 Project Presentation – May 2012 www. egi. eu
Outline • Middleware • Operational infrastructure • Security OSG EGI 3/16/2018 EGI-In. SPIRE RI-261323 3 www. egi. eu
Middleware testing and support • EGI performs software verification and staged rollout after the software has been released by the technology providers • Deployed in production by expert site managers Possible areas of cooperation: • VO Workflows/applications using both OSG&EGI resources to be specifically tested vs the early adopter sites • Collaboration for the testing and the support of middleware products commonly deployed in the two infrastructures EGI-In. SPIRE RI-261323 www. egi. eu
SHA-2 • Starting from August 1 st 2013 CA part of EUGrid. PMA will be authorized to release production SHA-2 certificates • Most of the EMI-2 products support SHA-2 and RFC proxies • EMI-1 is being decommissioned in 2 months time • In the next months EGI will start to monitor the deployed services for SHA-2 compliance • All EMI-3 components support SHA-2 • EGI is verifying the new components released in UMD for the SHA-2 support. EGI-In. SPIRE RI-261323 www. egi. eu
GLUE 2 • EGI is pushing for the GLUE 2 adoption • EGI sites must deploy glue 2 enabled BDII • GOCDB is implementing a GLUE 2 XML feed • At the TF in September 2012 OSG had no plans for GLUE 2 adoption • Anything changed? • IGE is developing some in-house GLUE 2 information providers for GRAM 5, GSISSH and Grid. FTP, to be released at the end of March EGI-In. SPIRE RI-261323 www. egi. eu
• Middleware • Operational infrastructure • Security OSG EGI 3/16/2018 EGI-In. SPIRE RI-261323 7 www. egi. eu
Accounting Current status • Gratia sends summarized records to APEL accounting • Using SSM 1. 2 from June 2012 • EGI accounting portal produces WLCG reports including the OSG data Future plans • There are plans to send back accounting summary to the Gratia database for VOs relevant for OSG • Summarized VO, Site, Month records EGI-In. SPIRE RI-261323 www. egi. eu
EGI Helpdesk • GGUS is the EGI and WLCG helpdesk system • GGUS integrates • operational tools (e. g. operations portal, vo dashboard) • national ticketing systems (e. g. CERN, NGI_FRANCE), • ticketing systems of other infrastructures (e. g. OSG) 3/16/2018 EGI-In. SPIRE RI-261323 Guenter Grein OSG All Hands Meeting March 11 th, 2013 9 www. egi. eu
Data synchronization Tickets • Both ticketing systems GGUS and OSG Footprints are fully synchronized • Ticket routing in both directions • Ticket updates propagation in both directions • Attachment sychronization • Synchronization based on SOAP web services Site data • GGUS retrieves data of ATLAS and CMS resources from OIM DB • • Resource name (site in EGI terminology) Group ID SMS address (only for WLCG T-1 resources) Email address • Data is being retrieved every night. 3/16/2018 EGI-In. SPIRE RI-261323 Guenter Grein OSG All Hands Meeting March 11 th, 2013 10 www. egi. eu
WLCG T-1 Alarm Process • A small group of LHC VO experts is privileged raising ALARM tickets in GGUS • ALARM tickets are bypassing the 1 st line support and routed to the relevant site directly • GGUS uses the SMS address for paging site admins in case of serious problems at any time 3/16/2018 EGI-In. SPIRE RI-261323 Guenter Grein OSG All Hands Meeting March 11 th, 2013 11 www. egi. eu
• Middleware • Operational infrastructure • Security OSG EGI 3/16/2018 EGI-In. SPIRE RI-261323 12 www. egi. eu
Security activities • Security for Collaborating Infrastructures (SCI) • EGI, OSG, XSEDE, PRACE and others • Framework to enable: interoperations, managing operational security risks and to develop policy standards • A Trust Framework for Security Collaboration among Infrastructures • EGI and OSG security teams cooperate as part of the WLCG security activities • WLCG security meeting in December at FNAL • Strengthen collaboration with periodic phone calls between EGI and OSG security teams? EGI-In. SPIRE RI-261323 www. egi. eu
Central emergency user suspension • Suspend one or more DNs in case of a security incident involving compromised user certificates • EGI-CSIRTs target time for suspending a reported user DN is 4 (office) hours. • Security challenges show that ~20% sites fail to meet the target • Extension of the service operation security policy under evaluation: “You should implement the access limitations and banning lists defined centrally by Security Operations and should give them priority over local policies. The site implementation of the central banning service should be configured such that any ban or restore action made by Security Operations is effective within the specified time period. ” • This policy is meant to be used only for security temporary emergency user suspension EGI-In. SPIRE RI-261323 www. egi. eu
From theory to practice EGI-In. SPIRE funded a small project to carry out the technical implementation: • Central ARGUS server provides suspension information • Managed by the EGI and WLCG security officers • Deployed by CERN • Repository where authorized users can download a plain-text list of suspended DNs • To be automatically downloaded and deployed on the services • Active monitor of the implementation of the central suspension in the EGI sites for the following 10 months These tools and procedures can be used by OSG as well EGI-In. SPIRE RI-261323 www. egi. eu
Thank you for your attention • Questions? OSG EGI 3/16/2018 EGI-In. SPIRE RI-261323 16 www. egi. eu
Скачать презентацию EGI-In SPIRE EGI interoperability with OSG Peter Solagna
e38a9655b1d6edaaa9b4bdbbca5f5bbc.ppt