Скачать презентацию Globus Toolkit 4 Ian Foster Argonne National Laboratory Скачать презентацию Globus Toolkit 4 Ian Foster Argonne National Laboratory

43f60fcf0f4306bce55b0487b9bb8bdb.ppt

  • Количество слайдов: 123

Globus Toolkit® 4 Ian Foster Argonne National Laboratory University of Chicago Univa Corporation Globus Toolkit® 4 Ian Foster Argonne National Laboratory University of Chicago Univa Corporation

2 Credits l Globus Toolkit v 4 is the work of many talented Globus 2 Credits l Globus Toolkit v 4 is the work of many talented Globus Alliance members, at u u USC Information Sciences Corporation u National Center for Supercomputing Applns u U. Edinburgh u Swedish PDC u Univa Corporation u l Argonne Natl. Lab & U. Chicago Other contributors at other institutions Supported by DOE, NSF, UK EPSRC, and other sources

3 On April 29, 2005 the Globus Alliance released the finest version of the 3 On April 29, 2005 the Globus Alliance released the finest version of the Globus Toolkit to date! Don’t take our word for it! Read the UK e. Science Evaluation of GT 4 www. nesc. ac. uk/technical_papers/UKe. S-2005 -03. pdf (Reachable from www. globus. org, under “News”)

4 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future 4 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future directions l Related tools

5 “… A new age has dawned in scientific and engineering research, pushed by 5 “… A new age has dawned in scientific and engineering research, pushed by continuing progress in computing, information, and communication technology, and pulled by the expanding complexity, scope and scale of today’s challenges. The capacity of this technology has crossed thresholds that now make possible a comprehensive cyberinfrastructure on which to build new types of scientific and engineering knowledge environments and organizations, and to pursue research in new ways and with increased efficacy…” National Science Foundation Blue Ribbon Advisory Panel, 2003

8 History In the early 90 s, I (Foster) and others (e. g. , 8 History In the early 90 s, I (Foster) and others (e. g. , Carl Kesselman, USC-ISI) enjoyed helping scientists apply distributed computing u u Opportunities seemed ripe for the picking Application of technology always uncovers new and interesting requirements u Science is cool u Big/innovative science is even cooler

9 History (continued) While helping to build/integrate a diverse range of applications, the same 9 History (continued) While helping to build/integrate a diverse range of applications, the same problems kept showing up over and over again u u Too many different security systems Too many different scheduling/execution mechanisms Too many different storage systems Too many different monitoring/status/event systems

10 What Kinds of Applications? l Computation intensive u u u l Interactive simulation 10 What Kinds of Applications? l Computation intensive u u u l Interactive simulation (climate modeling) Large-scale simulation and analysis (galaxy formation, gravity waves, event simulation) Engineering (parameter studies, linked models) Data intensive u u l Experimental data analysis (e. g. , physics) Image & sensor analysis (astronomy, climate) Distributed collaboration u u Online instrumentation (microscopes, x-ray) Remote visualization (climate studies, biology) Engineering (large-scale structural testing)

11 Key Common Feature The size and/or complexity of the problem requires that people 11 Key Common Feature The size and/or complexity of the problem requires that people in several organizations collaborate and share computing resources, data, instruments

12 An Example Problem l The Large Hadron Collider (LHC) l Largest machine ever 12 An Example Problem l The Large Hadron Collider (LHC) l Largest machine ever built by humans! l Located at CERN, Geneva Switzerland l Particle accelerator and collider with a circumference of 16. 8 miles l Scheduled to go into production in 2007

13 An Example Problem (continued) l Will generate 10 Petabytes (107 Gigabytes) of information 13 An Example Problem (continued) l Will generate 10 Petabytes (107 Gigabytes) of information per year l This information must be processed and stored somewhere l It is beyond the scope of a single institution to manage this problem

14 Virtual Organizations • Distributed resources and people • Linked by networks, crossing admin 14 Virtual Organizations • Distributed resources and people • Linked by networks, crossing admin domains • Sharing resources, common goals • Dynamic R R R VO-A R VO-B

15 Virtual Organizations • Distributed resources and people • Linked by networks, crossing admin 15 Virtual Organizations • Distributed resources and people • Linked by networks, crossing admin domains • Sharing resources, common goals • Dynamic • Fault tolerant R R R VO-A R VO-B

16 The Globus Approach 16 The Globus Approach

17 The Role of the Globus Toolkit l l A collection of solutions to 17 The Role of the Globus Toolkit l l A collection of solutions to problems that come up frequently when building collaborative distributed applications Heterogeneity u l A focus, in particular, on overcoming heterogeneity for application developers Standards We capitalize on and encourage use of existing standards (IETF, W 3 C, OASIS, GGF) u GT also includes reference implementations of new/proposed standards in these organizations u

18 Layers in the Grid 18 Layers in the Grid

19 A Typical e. Science Use of Globus: Network for Earthquake Eng. Simulation Links 19 A Typical e. Science Use of Globus: Network for Earthquake Eng. Simulation Links instruments, data, computers, people

20 Without the Globus Toolkit Web Browser Application Developer 0 Grid Community 0 Data 20 Without the Globus Toolkit Web Browser Application Developer 0 Grid Community 0 Data Viewer Tool Chat Tool Credential Repository Application services organize VOs & enable access to other services Camera Telepresence Monitor Camera C Collective services aggregate &/or virtualize resources Database service D Database service E Data Catalog Certificate authority Users work with client applications Compute Server Registration Service 12 Globus Toolkit Web Portal Compute Server B Simulation Tool 10 Off the Shelf A Database service Resources implement standard access & management interfaces

21 With the Globus Toolkit Globus Web Browser GRAM Simulation Tool Globus GRAM Globus 21 With the Globus Toolkit Globus Web Browser GRAM Simulation Tool Globus GRAM Globus Index Service CHEF Compute Server Camera Application Developer 2 Off the Shelf Data Viewer Tool 9 Globus Toolkit Grid Community 4 4 CHEF Chat Teamlet My. Proxy Telepresence Monitor Globus DAI Globus MCS/RLS Application services organize VOs & enable access to other services Globus DAI Globus Certificate Authority Users work with client applications Camera DAI Collective services aggregate &/or virtualize resources Database service Resources implement standard access & management interfaces

22 The Globus Toolkit: “Standard Plumbing” for the Grid l Not turnkey solutions, but 22 The Globus Toolkit: “Standard Plumbing” for the Grid l Not turnkey solutions, but building blocks & tools for application developers & system integrators u l Easier to reuse than to reinvent u l Some components (e. g. , file transfer) go farther than others (e. g. , remote job submission) toward enduser relevance Compatibility with other Grid systems comes for free Today the majority of the GT public interfaces are usable by application developers and system integrators u u Relatively few end-user interfaces In general, not intended for direct use by end users (scientists, engineers, marketing specialists)

23 The Application-Infrastructure Gap Dynamic and/or Distributed Applications Shared Distributed Infrastructure B A 1 23 The Application-Infrastructure Gap Dynamic and/or Distributed Applications Shared Distributed Infrastructure B A 1 1 9 9

24 Bridging the Gap: Grid Infrastructure Users l u u l Composition Service-oriented applications 24 Bridging the Gap: Grid Infrastructure Users l u u l Composition Service-oriented applications Wrap applications as services Compose applications into workflows Service-oriented Grid infrastructure u Provision physical resources to support application workloads Workflows Invocation Appln Service Provisioning

25 Grid Infrastructure l Distributed management u u Of software services u l Of 25 Grid Infrastructure l Distributed management u u Of software services u l Of physical resources Of communities and their policies Unified treatment u u u Build on Web services framework Use WS-RF, WS-Notification (or WS-Transfer/Man) to represent/access state Common management abstractions & interfaces

Globus is Open Source Grid Infrastructure l Implement key Web services standards u l Globus is Open Source Grid Infrastructure l Implement key Web services standards u l Software for Grid infrastructure u u u l Service-enable new & existing resources E. g. , GRAM on computer, Grid. FTP on storage system, custom application services Uniform abstractions & mechanisms Tools to build applications that exploit Grid infrastructure u l State, notification, security, … Registries, security, data management, … Enabler of a rich tool & service ecosystem 26

27 An e. Business Use of Globus: SAP Demonstration @ Globus. World l 3 27 An e. Business Use of Globus: SAP Demonstration @ Globus. World l 3 Globus-enabled applns: u u u l CRM: Internet Pricing Configurator (IPC) CRM: Workforce Management (WFM) Web Browsers / Batch Processes SCM: Advanced Planner & Optimizer (APO) Applications modified to: u u (typically several thousand requests) Adjust to varying demand & resources Use Globus to discover & provision resources Request: Price Query 1 2 IPC Server IPC Delegation of Dispatcher Request 2 IPC Response: Pricelist. Server Depending on: - Time - Discount - Number of Items -… 3 SAP AG R/3 Internet Pricing & Configurator (IPC)

28 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future 28 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future directions l Related tools

29 The Globus Toolkit is a Collection of Components l A set of loosely-coupled 29 The Globus Toolkit is a Collection of Components l A set of loosely-coupled components, with: u u Libraries u l Services and clients Development tools GT components are used to build Gridbased applications and services u l GT can be viewed as a Grid SDK GT components can be categorized across two different dimensions u By broad domain area u By protocol support

30 GT Domain Areas l Core runtime u l Security u l Provision, deploy, 30 GT Domain Areas l Core runtime u l Security u l Provision, deploy, & manage services Data management u l Apply uniform policy across distinct systems Execution management u l Infrastructure for building new services Discover, transfer, & access large data Monitoring u Discover & monitor dynamic services

31 GT Protocols l l Web service protocols u WSDL, SOAP u WS Addressing, 31 GT Protocols l l Web service protocols u WSDL, SOAP u WS Addressing, WSRF, WSN u WS Security, SAML, XACML u WS-Interoperability profile Non Web service protocols u Standards-based, such as Grid. FTP u Custom

32 “Stateless” vs. “Stateful” Services File. Transfer Service move l Client Without state, how 32 “Stateless” vs. “Stateful” Services File. Transfer Service move l Client Without state, how does client: u u l move (A to B) Determine what happened (success/failure)? Find out how many files completed? Receive updates when interesting events arise? Terminate a request? Few useful services are truly “stateless”, but WS interfaces alone do not provide built-in support for state

33 File. Transfer. Service (without WSRF) File. Transfer Service move (A to B) : 33 File. Transfer. Service (without WSRF) File. Transfer Service move (A to B) : transfer. ID Client what. Happen state tell. Me. When cancel l Developer reinvents wheel for each new service u u u Custom management and identification of state: transfer. ID Custom operations to inspect state synchronously (what. Happen) and asynchronously (tell. Me. When) Custom lifetime operation (cancel)

34 WSRF in a Nutshell l l Service EPR EPR u Get. RP Get. 34 WSRF in a Nutshell l l Service EPR EPR u Get. RP Get. Mult. RPs Resource Set. RP Query. RPs Service State representation u l State identification u l u l Set. Termination. Time Immediate. Destruction Notification Interfaces u u l Get. RP, Query. RPs, Get. Multiple. RPs, Set. RP Lifetime Interfaces u Destroy Endpoint Reference State Interfaces Subscribe Set. Term. Time Resource Property Subscribe Notify Service. Groups

35 File. Transfer. Service (w/ WSRF) File. Transfer. Service create. Resource Transfer Client get. 35 File. Transfer. Service (w/ WSRF) File. Transfer. Service create. Resource Transfer Client get. RP RPs create. Resource (A to B) : EPR query. RPs destroy l Developer specifies custom method to create. Resource and leaves the rest to WSRF standards: u u u State exposed as Resource + Resource Properties and identified by Endpoint Reference (EPR) State inspected by standard interfaces (Get. RP, Query. RPs) Lifetime management by standard interfaces (Destroy)

Globus Toolkit version 2 (GT 2) 36 Web Services Components Pre-WS Authentication Authorization Grid. Globus Toolkit version 2 (GT 2) 36 Web Services Components Pre-WS Authentication Authorization Grid. FTP Security Data Mgmt Grid Resource Monitoring Alloc. Mgmt & Discovery (GRAM) (MDS) Execution Mgmt Info Services C Common Libraries Common Runtime Non-WS Components

Globus Toolkit version 3 (GT 3) Community Data Access Authorization & Integration WS Authentication Globus Toolkit version 3 (GT 3) Community Data Access Authorization & Integration WS Authentication Authorization Pre-WS Authentication Authorization Reliable File Transfer Grid Resource Alloc. Mgmt (WS GRAM) Grid. FTP Grid Resource Monitoring Alloc. Mgmt & Discovery (GRAM) MDS 3 (MDS) Replica Location Security Data Mgmt Java WS Core C Common Libraries e. Xtensible IO (XIO) Execution Mgmt Info Services Common Runtime 37 Web Services Components Non-WS Components

Globus Toolkit version 4 (GT 4) Grid Telecontrol Protocol Community Scheduling Framework 38 Contrib/ Globus Toolkit version 4 (GT 4) Grid Telecontrol Protocol Community Scheduling Framework 38 Contrib/ Preview Deprecated Web. MDS Python WS Core Community Data Access Workspace Authorization & Integration Management Trigger C WS Core Reliable File Transfer Grid Resource Allocation & Management Index Java WS Core Pre-WS Authentication Authorization Grid. FTP Pre-WS Grid Resource Monitoring Alloc. & Mgmt & Discovery C Common Libraries Credential Mgmt Replica Location www. globus. org e. Xtensible IO (XIO) Security Data Mgmt Delegation Authentication Authorization Data Replication Core Execution Mgmt Info Services Common Runtime Web Services Components Non-WS Components

39 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. 39 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. globus. org Credential Mgmt Replica Location Grid Telecontrol Protocol Delegation Data Access & Integration Community Scheduling Framework Web. MDS Python Runtime Community Authorization Reliable File Transfer Workspace Management Trigger C Runtime Authentication Authorization Grid. FTP Grid Resource Allocation & Management Index Java Runtime Security Data Mgmt Execution Mgmt Info Services Common Runtime

40 4. 0 is not a typical “. 0” release, but the culmination of 40 4. 0 is not a typical “. 0” release, but the culmination of months of testing 3. 0. 2 3. 0. 1 3. 0. 0 3. 2. 1 3. 2. 0 3. 9. 0 3. 3. 0 4. 0. 1 3. 9. 2 3. 9. 1 3. 9. 3 CVS trunk Stable release branch Development release Stable release 3. 9. 4 4. 0. 0 3. 9. 5

41 GT 4 Components SERVER Your Python Client Your C Service py. Globus WS 41 GT 4 Components SERVER Your Python Client Your C Service py. Globus WS Core C WS Core Java Services in Apache Axis Python hosting, Plus GT Libraries and Handlers GT Libraries Pre-WS MDS Your Python Service Pre-WS GRAM X. 509 credentials = common authentication RLS Your Java Service GRAM RFT Delegation Index Trigger Archiver CAS OGSA-DAI GTCP Interoperable WS-I-compliant SOAP messaging Your C C Client Your Java Client Your Python Client My. Proxy Your C C Client Simple. CA Your Java Client Grid. FTP CLIENT C Services using GT Libraries and Handlers

42 Our Goals for GT 4 l Usability, reliability, scalability, … u u l 42 Our Goals for GT 4 l Usability, reliability, scalability, … u u l Web service components have quality equal or superior to pre-WS components Documentation at acceptable quality level Consistency with latest standards (WS-*, WSRF, WS-N, etc. ) and Apache platform u u l WS-I Basic Profile compliant WS-I Basic Security Profile compliant New components, platforms, languages u And links to larger Globus ecosystem

43 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. 43 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. globus. org Credential Mgmt Replica Location Grid Telecontrol Protocol Delegation Data Access & Integration Community Scheduling Framework Web. MDS Python Runtime Community Authorization Reliable File Transfer Workspace Management Trigger C Runtime Authentication Authorization Grid. FTP Grid Resource Allocation & Management Index Java Runtime Security Data Mgmt Execution Mgmt Info Services Common Runtime

44 GT 4 Web Services Runtime l Supports both GT (GRAM, RFT, Delegation, etc. 44 GT 4 Web Services Runtime l Supports both GT (GRAM, RFT, Delegation, etc. ) & user-developed services l Redesign to enhance scalability, modularity, performance, usability l Leverages existing WS standards u u l WS-I Basic Profile: WSDL, SOAP, etc. WS-Security, WS-Addressing Adds support for emerging WS standards u l WS-Resource Framework, WS-Notification Java, Python, & C hosting environments u Java is standard Apache

45 GT 4 WS Core in a Nutshell Service EPR EPR Get. RP Get. 45 GT 4 WS Core in a Nutshell Service EPR EPR Get. RP Get. Mult. RPs Resource Set. RP Query. RPs Subscribe Set. Term. Time Destroy Implementation of WSRF: Resources, Endpoint. References, Resource. Properties Operation Providers: pre-build implementations of WSRF operations Notification implementation: Topics, Topic. Set, Embedded Notification Consumer service Implementations of Resources (Reflection. Resource, Persistent. Reflection. Resource) and Resource. Properties (Simple. Resource. Property, Reflection. Resource. Property)

47 GT 4 WS Core in a Nutshell Service Container Service Get. RP Get. 47 GT 4 WS Core in a Nutshell Service Container Service Get. RP Get. Mult. RPs EPR Get. Mult. RPs Set. RP EPRResource EPR Set. RP EPRResource Query. RPs RPs Query. RPs Subscribe Set. Term. Time Resource. Home Destroy Service Container: host multiple services in container; one JVM process …more details: based on AXIS service container, processes SOAP messages, Resource. Context extension.

48 GT 4 WS Core in a Nutshell Service Container Service Get. RP Get. 48 GT 4 WS Core in a Nutshell Service Container Service Get. RP Get. Mult. RPs EPR Get. Mult. RPs Set. RP EPRResource EPR Set. RP EPRResource Query. RPs RPs Query. RPs Subscribe Set. Term. Time Resource. Home Destroy PIP PDP Secure Communication: Transport, Message, Conversation (Transport demonstrates best performance) Configurable Security Policies: Policy Information Points (PIPs), Policy Decision Points (PDP) -- chained Example authorization PDPs: Grid. Map, SAML implementations, XACML policies

49 GT 4 WS Core in a Nutshell Service Container Service PIP Get. RP 49 GT 4 WS Core in a Nutshell Service Container Service PIP Get. RP Get. Mult. RPs EPR Get. Mult. RPs Set. RP EPRResource EPR Set. RP EPRResource Query. RPs RPs Query. RPs Subscribe Set. Term. Time Resource. Home Destroy Work. Manager DB Conn Pool PDP JNDI Directory Work. Manager: “thread pool”, site independent “work” manager Apache Database Connection Pool library (JDBC “Data. Source” implementation) JNDI Directory: manages internal, shared objects (Resource. Homes, Work. Manager, Configuration objects, …)

50 GT 4 WS Core in a Nutshell Apache Tomcat Service Container Service PIP 50 GT 4 WS Core in a Nutshell Apache Tomcat Service Container Service PIP Get. RP Get. Mult. RPs EPR Get. Mult. RPs Set. RP EPRResource EPR Set. RP EPRResource Query. RPs RPs Query. RPs Subscribe Set. Term. Time Resource. Home Destroy Work. Manager DB Conn Pool PDP JNDI Directory Deploy Service Container “standalone” or within Apache Tomcat

51 GT 4 Web Services Runtime Custom Web Services Custom GT 4 WSRF Web 51 GT 4 Web Services Runtime Custom Web Services Custom GT 4 WSRF Web Services WS-Addressing, WSRF, WS-Notification WSDL, SOAP, WS-Security Registry Administration GT 4 Container User Applications

52 Modeling State in Web Services Resource allocation Authentication & Authorization are applied to 52 Modeling State in Web Services Resource allocation Authentication & Authorization are applied to all requests Entity eate Stateful Cr Factory service s State Addres State inspection Lifetime mgmt Notifications Service requestor (e. g. , user application) Discovery Stateful Entities Register Stateful Entity Interactions standardized using WSDL and SOAP Registry

53 WSRF & WS-Notification l Naming and bindings (basis for virtualization) u l Every 53 WSRF & WS-Notification l Naming and bindings (basis for virtualization) u l Every resource can be uniquely referenced, and has one or more associated services for interacting with it Lifecycle (basis for fault resilient state mgmt) u u l Resources created by services following factory pattern Resources destroyed immediately or scheduled Information model (basis for monitoring, discovery) u u Operations for querying and setting this info u l Resource properties associated with resources Asynchronous notification of changes to properties Service groups (basis for registries, collective svcs) u l Group membership rules & membership management Base Fault type

54 GT 4 -C py. Grid. Ware WSRF: : Lite WSRF. NET Languages supported 54 GT 4 -C py. Grid. Ware WSRF: : Lite WSRF. NET Languages supported WSRF/WSNs Compared (HPDC 2005) GT 4 -Java C Python Perl C#/C++/VBasic, etc. WS-Security password profile Yes No In progress Yes WS-Security X. 509 profile Yes In progress Yes WS-Secure. Conversation Yes No Yes TLS/SSL Yes Yes Yes Multiple Callout None Yes Not default Yes Yes Memory Footprint JVM + 10 M 22 KB 12 MB Depends Memory size per WS-Resource Depends on resource state 70 B Depends on resource state 0 (file/DB) or 10 B (process) Depends on resource state Unmodified hosting environment Yes No Yes (Apache) Yes Compliance with WS-I Basic Profile Yes Yes In progress Yes Compliance with WS-I Basic Security Profile Yes Yes No Yes Log 4 J Yes Yes WSE diagnostics WS-Resource. Lifetime Yes Yes Yes WS-Resource. Properties Yes Yes Yes WS-Service. Group Yes Yes Yes WS-Base. Faults Yes Yes Yes WS-Base. Notification Yes Consumer Yes No Yes WS-Brokered. Notification Partial No No No Yes WS-Topics Partial No Partial Authorization Persistence of WS-Resources Logging

55 Get. RP Test Distributed client and service on same LAN (times in milliseconds) 55 Get. RP Test Distributed client and service on same LAN (times in milliseconds) 149. 67 No Security 25. 57 X 509 Signing HTTPS 181. 96 17. 1 140. 5 55. 6 81. 39 10. 05 8. 23 2. 34 GT GT py W W 4 4 Gri SR SR - J - C d. W F: F. av ar : Lite NET a e N/A 14. 8 11. 46 2. 85 12. 91 GT GT py W W Gr SR SR 4 4 Gri SR SR 4 4 - J - C d. W F: F. - J - C id. W F: F. : L NE av av ar ite T ar : Lite NET a a e e

GT 4 WS Core Performance 56 (1) Message-level security (times in milliseconds) GT 4 GT 4 WS Core Performance 56 (1) Message-level security (times in milliseconds) GT 4 Java GT 4 C GT 4 Python WSRF. NET Get. RP 181. 96 14. 77 140. 50 81. 39 Set. RP 182. 04 14. 99 142. 21 82. 48 Create. R 188. 46 14. 98 132. 26 96. 22 Destroy. R 182. 03 15. 76 136. 12 86. 89 Notify 219. 51 N/A 244. 93 101. 57 (2) Transport-level security (times in milliseconds) GT 4 Java GT 4 C GT 4 Python WSRF. NET get. RP 11. 46 2. 85 149. 67 12. 91 set. RP 11. 47 2. 86 150. 79 12. 3 create. R 18. 00 2. 82 132. 60 20. 84 destroy. R 14. 92 2. 71 149. 21 16. 05 Notify 29. 26 9. 67 169. 07 45. 0 “WSRF/WSNs Compared, ” HPDC 2005.

57 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. 57 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. globus. org Credential Mgmt Replica Location Grid Telecontrol Protocol Delegation Data Access & Integration Community Scheduling Framework Web. MDS Python Runtime Community Authorization Reliable File Transfer Workspace Management Trigger C Runtime Authentication Authorization Grid. FTP Grid Resource Allocation & Management Index Java Runtime Security Data Mgmt Execution Mgmt Info Services Common Runtime

58 Globus Security l Control access to shared services u l Address autonomous management, 58 Globus Security l Control access to shared services u l Address autonomous management, e. g. , different policy in different work-groups Support multi-user collaborations u u l Federate through mutually trusted services Local policy authorities rule Allow users and application communities to set up dynamic trust domains u Personal/VO collection of resources working together based on trust of user/VO

59 Virtual Organization (VO) Concept l VO for each application or workload l Carve 59 Virtual Organization (VO) Concept l VO for each application or workload l Carve out and configure resources for a particular use and set of users

60 GT 4 Security Authz Callout: SAML, XACML SSL/WS-Security with Proxy Services (running Certificates 60 GT 4 Security Authz Callout: SAML, XACML SSL/WS-Security with Proxy Services (running Certificates on user’s behalf) Access Compute Center Rights CAS or VOMS issuing SAML or X. 509 ACs Users Rights Local policy on VO identity or attribute authority My. Proxy VO Rights’ KCA

61 GT 4 Security l Public-key-based authentication l Extensible authorization framework based on Web 61 GT 4 Security l Public-key-based authentication l Extensible authorization framework based on Web services standards u SAML-based authorization callout l u Integrated policy decision engine l l As specified in GGF OGSA-Authz WG XACML policy language, per-operation policies, pluggable Credential management service u My. Proxy (One time password support) l Community Authorization Service l Standalone delegation service

62 GT 4’s Use of Security Standards Supported, Fastest, but slow but insecure so 62 GT 4’s Use of Security Standards Supported, Fastest, but slow but insecure so default

63 GT-XACML Integration l e. Xtensible Access Control Markup Language u OASIS standard, open 63 GT-XACML Integration l e. Xtensible Access Control Markup Language u OASIS standard, open source implementations l XACML: sophisticated policy language l Globus Toolkit ships with XACML runtime u Included in every client and server built on GT u Turned-on through configuration l … that can be called transparently from runtime and/or explicitly from application … l … and we use the XACML-”model” for our Authz Processing Framework

64 GT Authorization Framework 64 GT Authorization Framework

65 Other Security Services Include … l My. Proxy u u Web portal integration 65 Other Security Services Include … l My. Proxy u u Web portal integration u l Simplified credential management Single-sign-on support KCA & kx. 509 u l Simple. CA u l Bridging into/out-of Kerberos domains Online credential generation PERMIS u Authorization service callout

66 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. 66 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. globus. org Credential Mgmt Replica Location Grid Telecontrol Protocol Delegation Data Access & Integration Community Scheduling Framework Web. MDS Python Runtime Community Authorization Reliable File Transfer Workspace Management Trigger C Runtime Authentication Authorization Grid. FTP Grid Resource Allocation & Management Index Java Runtime Security Data Mgmt Execution Mgmt Info Services Common Runtime

67 GT 4 Data Management l Stage/move large data to/from nodes u u l 67 GT 4 Data Management l Stage/move large data to/from nodes u u l Grid. FTP, Reliable File Transfer (RFT) Alone, and integrated with GRAM Locate data of interest u l Replicate data for performance/reliability u l Replica Location Service (RLS) Distributed Replication Service (DRS) Provide access to diverse data sources u u File systems, parallel file systems, hierarchical storage: Grid. FTP Databases: OGSA DAI

Grid. FTP in GT 4 l Disk-to-disk on Tera. Grid 100% Globus code u Grid. FTP in GT 4 l Disk-to-disk on Tera. Grid 100% Globus code u No licensing issues u Stable, extensible l IPv 6 Support l XIO for different transports l Striping multi-Gb/sec wide area transport u l 27 Gbit/s on 30 Gbit/s link Pluggable u Front-end: e. g. , future WS control channel u Back-end: e. g. , HPSS, cluster file systems u Transfer: e. g. , UDP, Net. BLT transport 68

69 Reliable File Transfer: Third Party Transfer l Fire-and-forget transfer l Web services interface 69 Reliable File Transfer: Third Party Transfer l Fire-and-forget transfer l Web services interface l Many files & directories l Integrated failure recovery l Has transferred 900 K files RFT Client SOAP Messages RFT Service Grid. FTP Server Master DSI Protocol Interpreter Grid. FTP Server Data Channel IPC Link IPC Receiver Notifications (Optional) Protocol Interpreter Master DSI IPC Link Slave DSI Data Channel Slave DSI IPC Receiver

70 Replica Location Service l Identify location of files via logical to physical name 70 Replica Location Service l Identify location of files via logical to physical name map l Distributed indexing of names, fault tolerant update protocols l l GT 4 version scalable & stable Managing ~40 million files across ~10 sites Index Local Update Bloom DB send filter (secs) (bits) 10 K <1 2 1 M 2 24 10 M 5 M 7 175 50 M

Reliable Wide Area Data Replication 71 LIGO Gravitational Wave Observatory Birmingham • §Cardiff AEI/Golm Reliable Wide Area Data Replication 71 LIGO Gravitational Wave Observatory Birmingham • §Cardiff AEI/Golm Replicating >1 Terabyte/day to 8 sites >30 million replicas so far MTBF = 1 month www. globus. org/solutions

72 OGSA-DAI l Provide service-based access to structured data resources as part of Globus 72 OGSA-DAI l Provide service-based access to structured data resources as part of Globus l Specify a selection of interfaces tailored to various styles of data access—starting with relational and XML

73 The OGSA-DAI Framework Application Client Toolkit OGSA-DAI service Engine SQLQuery read. File XPath 73 The OGSA-DAI Framework Application Client Toolkit OGSA-DAI service Engine SQLQuery read. File XPath XSLT GZip Grid. FTP Activities JDBC XMLDB File Data Resources SQL My. SQL DB 2 Server XIndice SWISS PROT Databases

74 Extensibility Example OGSA-DAI service Engine SQLQuery Multiple JDBC SQL GDS SQL JDBC My. 74 Extensibility Example OGSA-DAI service Engine SQLQuery Multiple JDBC SQL GDS SQL JDBC My. SQL SQL JDBC

OGSA-DAI: A Framework for Building Applications l Supports data access, insert and update u OGSA-DAI: A Framework for Building Applications l Supports data access, insert and update u u u l Supports data delivery u u l SOAP over HTTP FTP; Grid. FTP E-mail Inter-service Supports data transformation u u l Relational: My. SQL, Oracle, DB 2, SQL Server, Postgres XML: Xindice, e. Xist Files – CSV, Bin. X, EMBL, OMIM, SWISSPROT, … XSLT ZIP; GZIP Supports security u X. 509 certificate based security 75

76 OGSA-DAI: Other Features l A framework for building data clients u l A 76 OGSA-DAI: Other Features l A framework for building data clients u l A framework for developing functionality u u l Client toolkit library for application developers Extend existing activities, or implement your own Mix and match activities to provide functionality you need Highly extensible u u Customise our out-of-the-box product Provide your own services, client-side support, and data-related functionality

77 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. 77 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. globus. org Credential Mgmt Replica Location Grid Telecontrol Protocol Delegation Data Access & Integration Community Scheduling Framework Web. MDS Python Runtime Community Authorization Reliable File Transfer Workspace Management Trigger C Runtime Authentication Authorization Grid. FTP Grid Resource Allocation & Management Index Java Runtime Security Data Mgmt Execution Mgmt Info Services Common Runtime

78 Execution Management (GRAM) l Common WS interface to schedulers u l Unix, Condor, 78 Execution Management (GRAM) l Common WS interface to schedulers u l Unix, Condor, LSF, PBS, SGE, … More generally: interface for process execution management u u Stage data u Monitor & manage lifecycle u l Lay down execution environment Kill it, clean up A basis for application-driven provisioning

79 GT 4 WS GRAM l 2 nd-generation WS implementation optimized for performance, flexibility, 79 GT 4 WS GRAM l 2 nd-generation WS implementation optimized for performance, flexibility, stability, scalability l Streamlined critical path u l Flexible credential management u l Use only what you need Credential cache & delegation service Grid. FTP & RFT used for data operations u Data staging & streaming output u Eliminates redundant GASS code

80 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func 80 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func Delegate GT 4 Java Container GRAM services Delegation Transfer request RFT File Transfer SEG Compute element Local job control Deleg ate sudo Client Job events GRAM adapter Grid. FTP control Local scheduler User job FTP data Grid. FTP Remote storage element(s)

81 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func 81 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func Delegate GT 4 Java Container GRAM services Delegation Transfer request RFT File Transfer SEG Compute element Local job control Deleg ate sudo Client Job events GRAM adapter Grid. FTP control Local scheduler User job FTP data Delegated credential can be: Made available to the application Grid. FTP Remote storage element(s)

82 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func 82 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func Delegate GT 4 Java Container GRAM services Delegation Transfer request RFT File Transfer SEG Compute element Local job control Deleg ate sudo Client Job events GRAM adapter Grid. FTP control Local scheduler User job FTP data Delegated credential can be: Used to authenticate with RFT Grid. FTP Remote storage element(s)

83 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func 83 GT 4 WS GRAM Architecture Service host(s) and compute element(s) Job tions func Delegate GT 4 Java Container GRAM services Delegation Transfer request RFT File Transfer SEG Compute element Local job control Deleg ate sudo Client Job events GRAM adapter Grid. FTP control Local scheduler User job FTP data Delegated credential can be: Used to authenticate with Grid. FTP Remote storage element(s)

84 WS GRAM Performance l Time to submit a basic GRAM job Pre-WS GRAM: 84 WS GRAM Performance l Time to submit a basic GRAM job Pre-WS GRAM: < 1 second u WS GRAM: 2 seconds u l Concurrent jobs Pre-WS GRAM: 300 jobs u WS GRAM: 32, 000 jobs u l Various studies are underway to test latest software

85 GT 4 WS GRAM Performance Number of Client Threads (M) 2 4 8 85 GT 4 WS GRAM Performance Number of Client Threads (M) 2 4 8 16 32 64 128 1 7 15 29 57 80 69 69 70 2 15 29 58 79 74 70 70 64 4 29 58 78 77 68 69 52 69 8 59 77 77 72 65 27 69 16 77 77 75 64 27 50 32 76 75 68 64 67 64 75 73 70 66 65 128 Sustained Job Load Per Client Thread (N) 1 80 72 64 63 71 All numbers are simple jobs/minute, no delegation or staging

86 Workspace Service: The Hosted Activity Policy Client Allocate/provision Configure Initiate activity Monitor activity 86 Workspace Service: The Hosted Activity Policy Client Allocate/provision Configure Initiate activity Monitor activity Control activity Interface Activity Environment Resource provider

87 Activities Can Be Nested Client Policy Client Environment Interface Resource provider 87 Activities Can Be Nested Client Policy Client Environment Interface Resource provider

88 For Example … Deploy service Deploy container Deploy virtual machine Deploy hypervisor/OS Procure 88 For Example … Deploy service Deploy container Deploy virtual machine Deploy hypervisor/OS Procure hardware JVM VM VM Hypervisor/OS Physical machine Provisioning, management, and monitoring at all levels

89 Dynamic Service Deployment Community A • Community scheduling logic • Data distribution • 89 Dynamic Service Deployment Community A • Community scheduling logic • Data distribution • Community management • Science services • . . . … Community Z Requirements: • Community control • Persistence • Resource guarantees • Non- interference

90 Virtual Machine Costs Job in booted VM GRAM job in paused VM GRAM 90 Virtual Machine Costs Job in booted VM GRAM job in paused VM GRAM job

91 Virtual OSG Clusters OSG cluster Xen hypervisors Tera. Grid cluster 91 Virtual OSG Clusters OSG cluster Xen hypervisors Tera. Grid cluster

92 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. 92 Globus Toolkit: Open Source Grid Infrastructure Data Replication Globus Toolkit v 4 www. globus. org Credential Mgmt Replica Location Grid Telecontrol Protocol Delegation Data Access & Integration Community Scheduling Framework Web. MDS Python Runtime Community Authorization Reliable File Transfer Workspace Management Trigger C Runtime Authentication Authorization Grid. FTP Grid Resource Allocation & Management Index Java Runtime Security Data Mgmt Execution Mgmt Info Services Common Runtime

93 Monitoring and Discovery l “Every service should be monitorable and discoverable using common 93 Monitoring and Discovery l “Every service should be monitorable and discoverable using common mechanisms” u l WSRF/WSN provides those mechanisms A common aggregator framework for collecting information from services, thus: u u MDS-Trigger: perform action on condition u l MDS-Index: Xpath queries, with caching (MDS-Archiver: Xpath on historical data) Deep integration with Globus containers & services: every GT 4 service is discoverable u GRAM, RFT, Grid. FTP, CAS, …

GT 4 Monitoring & Discovery WS-Service. Group Clients (e. g. , Web. MDS) GT GT 4 Monitoring & Discovery WS-Service. Group Clients (e. g. , Web. MDS) GT 4 Container Registration & WSRF/WSN Access GT 4 Container MDSIndex Automated registration in container GRAM 94 MDSIndex adapter GT 4 Cont. Custom protocols for non-WSRF entities MDSIndex Grid. FTP User RFT

95 Index Server Performance l As the MDS 4 Index grows, query rate and 95 Index Server Performance l As the MDS 4 Index grows, query rate and response time both slow, although sublinearly l Response time slows due to increasing data transfer size u u l Full Index is being returned Response is re-built for every query Real question – how much over simple WSN performance?

96 Information Providers l GT 4 information providers collect information from some system and 96 Information Providers l GT 4 information providers collect information from some system and make it accessible as WSRF resource properties l Growing number of information providers u u l Ganglia, Clu. Mon, Nagios SGE, LSF, Open. PBS, PBSPro, Torque Many opportunities to build additional ones u E. g. , network monitoring, storage systems, various sensors

97 GT 4 Summary SERVER Your Python Client Your C Service py. Globus WS 97 GT 4 Summary SERVER Your Python Client Your C Service py. Globus WS Core C WS Core Java Services in Apache Axis Python hosting, Plus GT Libraries and Handlers GT Libraries Pre-WS MDS Your Python Service Pre-WS GRAM X. 509 credentials = common authentication RLS Your Java Service GRAM RFT Delegation Index Trigger Archiver CAS OGSA-DAI GTCP Interoperable WS-I-compliant SOAP messaging Your C C Client Your Java Client Your Python Client My. Proxy Your C C Client Simple. CA Your Java Client Grid. FTP CLIENT C Services using GT Libraries and Handlers

98 GT 4 Documentation is Much Improved! 98 GT 4 Documentation is Much Improved!

99 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future 99 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future directions l Related tools

100 The Globus Commitment to Open Source l Globus was first established as an 100 The Globus Commitment to Open Source l Globus was first established as an open source project in 1996 l The Globus Toolkit is open source to: u allow for inspection l u encourage adoption l u in pursuit of ubiquity and interoperability encourage contributions l l for consideration in standardization processes harness the expertise of the community The Globus Toolkit is distributed under the (BSD-style) Apache License version 2

101 The Future: Structure l NSF Community Driven Improvement of Globus Software (CDIGS) project 101 The Future: Structure l NSF Community Driven Improvement of Globus Software (CDIGS) project u u l 5 years of funding for GT enhancement Regular Globus roadmaps outlining plans Glob. Dev http: //dev. globus. org u Apache-like community development site u Community governance of components u “Globus Toolkit” & other related software u Open for business early 2006 u “Globus Alliance” = “Glob. Dev committers”

102 Glob. Dev l The current set of Globus components will be organized into 102 Glob. Dev l The current set of Globus components will be organized into several “Globus Projects” u l Each project will have its own group of “Committers” u l Projects release products committers are responsible for governance on matters relating to their products The “Globus Management Committee” will u u provide overall guidance and conflict resolution approve the creation of new Globus Projects

103 The Future: Content l We now have a solid and extremely powerful Web 103 The Future: Content l We now have a solid and extremely powerful Web services base l Next, we will build an expanded open source Grid infrastructure u u Virtualization New services for provisioning, data management, security, VO management u u l End-user tools for application development Etc. , etc. And of course responding to user requests for other short-term needs

104 The Future l We now have a solid and extremely powerful Web services 104 The Future l We now have a solid and extremely powerful Web services base l Next, we will build an expanded open source Grid infrastructure u u Virtualization New services for provisioning, data management, security, VO management u u l End-user tools for application development Etc. , etc. And of course responding to user requests for other short-term needs

105 Short-Term Priorities: Security l Improve GSI error reporting & diagnostics l Secure password, 105 Short-Term Priorities: Security l Improve GSI error reporting & diagnostics l Secure password, one-time password, Kerberos support for initial log on l Trust roots, use of Grid. Logon l Identity/attribute assertions in GT auth. callouts (e. g. , Shib, PERMIS, VOMS, SAML) l Extend CAS admin & policy support l Security logging with management control for audit purposes

106 Short-Term Priorities: Data Management l Space & bandwidth management in Grid. FTP l 106 Short-Term Priorities: Data Management l Space & bandwidth management in Grid. FTP l Concurrency in globus-url-copy l Priorities in RFT l Data replication service l Enhance policy support in data services l Physical file name creation service l Scalable & distributed metadata manager

107 Short-Term Priorities: Execution Management l Implement GGF JSDL once finalized l Advance reservation 107 Short-Term Priorities: Execution Management l Implement GGF JSDL once finalized l Advance reservation support l Policy-driven restart of “persistent” jobs l Improved information collection for jobs l Improved management of job collections l Credential refresh l Development of workspace service l Integration of virtual machines (Xen, VMware) and associated services l Windows port of WS GRAM

108 Short-Term Priorities: Information Services l Many more information sources, including gateways to other 108 Short-Term Priorities: Information Services l Many more information sources, including gateways to other systems l Automated configuration of monitoring l Specialized monitoring displays l Performance optimization of registry l Archiver service l Helper tools to streamline integration of new information sources

109 Short-Term Priorities: WS Core l Streamlined container configuration l Remote management interface l 109 Short-Term Priorities: WS Core l Streamlined container configuration l Remote management interface l Dynamic service deployment l Service isolation: multiple service instances l WS-Notification, subscription performance l Full functionality in C WS Core l Optimized WS-Service. Group support l WS-Secure. Conversation support

110 What to Expect from the Globus Alliance in the Coming Months l Support 110 What to Expect from the Globus Alliance in the Coming Months l Support for users of GT 4 u Working to make sure the toolkit meets user needs u Answering questions on the mailing lists u Further improving documentation l Normal evolution of performance, scalability and feature enhancements l Further development of tools and services in support of VOs l Expanding contributions to Globus

111 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future 111 Overview l Background and Globus approach l Globus Toolkit: current capabilities l Future directions l Related tools

112 The Globus Ecosystem l Globus components address core issues relating to resource access, 112 The Globus Ecosystem l Globus components address core issues relating to resource access, monitoring, discovery, security, data movement, etc. u l A larger Globus ecosystem of open source and proprietary components provide complementary components u l GT 4 being the latest version A growing list of components These components can be combined to produce solutions to Grid problems u We’re building a list of such solutions

113 Many Tools Build on, or Can Contribute to, GT 4 -Based Grids l 113 Many Tools Build on, or Can Contribute to, GT 4 -Based Grids l l l l l Condor-G, DAGman MPICH-G 2 GRMS Nimrod-G Ninf-G Open Grid Computing Env. Commodity Grid Toolkit Gri. Phy. N Virtual Data System Virtual Data Toolkit Grid. Xpert Synergy l l l Platform Globus Toolkit VOMS PERMIS GT 4 IDE Sun Grid Engine PBS scheduler LSF scheduler Grid. Bus Tera. Grid CTSS NEES IBM Grid Toolbox …

114 Documenting The Grid Ecosystem: Software Components for Grid Systems And Applications www. grids-center. 114 Documenting The Grid Ecosystem: Software Components for Grid Systems And Applications www. grids-center. org

115 Example Solutions l Portal-based User Reg. System (PURSE) l VO Management Registration Service 115 Example Solutions l Portal-based User Reg. System (PURSE) l VO Management Registration Service l Service Monitoring Service l Tera. Grid TGCP Tool l Lightweight Data Replicator l Gri. Phy. N Virtual Data System

116 Condor-G l l The Condor Project @ U Wisconsin Madison develops software for 116 Condor-G l l The Condor Project @ U Wisconsin Madison develops software for high-throughput computing on collections of distributed compute resources Condor-G is an interface to GRAM created by the Condor team that allows users to submit jobs to GRAM servers

117 Grid. Shib l Allows the use of Shibboleth-transported attributes for authorization in GT 117 Grid. Shib l Allows the use of Shibboleth-transported attributes for authorization in GT 4 deployments u And, more generally, SAML support l 2 year project started December 1, 2004 l Participants u u Kate Keahey, UChicago/Argonne (PI) u Frank Siebenlist, Argonne u l Von Welch, UIUC/NCSA (PI) Tom Barton, UChicago Beta software released September 16, 2005

118 Handle System l The Handle System from CNRI (http: //www. handle. net) is 118 Handle System l The Handle System from CNRI (http: //www. handle. net) is a generalpurpose global name service enabling secure name resolution over the internet l The Handle System-GT Integration Project leverages the Handle System for identifier and resolution services through tight integration with GT 4’s Web services protocols

119 MPICH-G 2 l MPICH-G 2, developed at Northern Illinois University and Argonne National 119 MPICH-G 2 l MPICH-G 2, developed at Northern Illinois University and Argonne National Lab, is a grid-enabled implementation of the MPI v 1. 1 standard l MPICH-G 2 is implemented using the pre-WS GRAM component in GT 4; integration with GT 4 WS GRAM is expected in the near future

120 Nimrod/G l Nimrod is a specialized parametric modeling system from Monash University l 120 Nimrod/G l Nimrod is a specialized parametric modeling system from Monash University l Nimrod/G uses a simple declarative parametric modeling language to express parameter sweep experiments. Based on GT 4 WS services, Nimrod/G enables the formulation, execution and monitoring of multiple individual parametric experiments

121 Ninf-G 4 l Ninf-G 4, from AIST, is a reference implementation of the 121 Ninf-G 4 l Ninf-G 4, from AIST, is a reference implementation of the GGF standard Grid. RPC API l Ninf-G 4 is provides higher-level programming APIs for the development and execution of parallel applications on the Grid

122 PERMIS l PERMIS is an EU-funded Privilege Management service that implements Role. Based 122 PERMIS l PERMIS is an EU-funded Privilege Management service that implements Role. Based Access Control l Thanks to the work of the UK Grid Engineering Task Force, services running in a Java WS Core container can use PERMIS via GT 4’s SAML authorization callouts

123 SRB l SRB is a package from SDSC providing a uniform interface for 123 SRB l SRB is a package from SDSC providing a uniform interface for connecting to network -based heterogeneous data resources l GT 4’s Grid. FTP includes an interface to SRB data sources, and vice versa

124 Sun Grid Engine l Sun Grid Engine is an open source distributed resource 124 Sun Grid Engine l Sun Grid Engine is an open source distributed resource management system from Sun Microsystems l In a collaboration between the London e. Science Centre, Gridwise and MCNC, the Sun Grid Engine has been integrated with GT 4

125 Tells Us About Your Grid Tools & Solutions l We list links to 125 Tells Us About Your Grid Tools & Solutions l We list links to related projects on the “Related Software” of the Globus Toolkit web www. globus. org/toolkit/tools/ l “Solutions” are documented on the Globus web www. globus. org/solutions/ l If we’ve got details wrong or you have a GT 4 -related tool to list on our website, please send mail to [email protected]. org

126 Questions? 126 Questions?