ca4bb741c47663d225e09047f913d0e4.ppt
- Количество слайдов: 18
HTASC - Report to HEP-CCC David Kelsey, RAL d. p. kelsey@ rl. ac. uk 8 July 2000, SLAC (http: //home. cern. ch/~eauge/htasc/public/) 8 -Jul-00 D. P. Kelsey, HTASC report 1
HTASC #15 8 th/9 th June 2000, CERN Agenda included: • HTASC sub-groups – Security group – Windows 2000 Coordination Group – LDAP coordination (not a group!) • • Roundtable reports Regional Centres X. 509 Certificates Future meetings/topics n. b. was to have been at Bologna - perhaps in October? 8 -Jul-00 D. P. Kelsey, HTASC report 2
Membership of HTASC • New members – E. Auge (France) replaced by Francois Etienne – C. Declercq (Belgium) replaced by Rosette Vandenbroucke – Jorge Gomes (Portugal) - new member • Good attendance this time • We still need to appoint a new Secretary – Nicanor Colino (Spain) has volunteered to maintain the web pages 8 -Jul-00 D. P. Kelsey, HTASC report 3
HTASC sub-groups • Security group (Tobias Haas, DESY) – action on HTASC to collect list of HEP security contacts • this continues - Tobias Haas will coordinate, with help from HTASC members • Tobias will leave HTASC now but stay as Security group Chair - next HTASC review in March 2001. • Windows 2000 Coordination group – this was created at Nov 99 HEP-CCC meeting – Christian Trachimow (DESY) reported to HTASC – Two meetings: DESY (30/31 March) and CERN (29/30 June) • June agenda: Active Dir, Kerberos/UNIX, App. support – W 2000 workshop at HEPi. X/HEPNT in October (USA) 8 -Jul-00 D. P. Kelsey, HTASC report 4
Directories/LDAP • At last HEP-CCC (March 2000) – Directories/LDAP are becoming very important - Windows 2000, GRIDs, common access rights (e-groups), etc. – Strong support from HEP-CCC - CERN/IN 2 P 3 group should organise an LDAP workshop for White Pages service • LDAP workshop has not yet happened – staff changes at CERN! • But various discussions about Globus Info Service • Proposal… – Ask Michel Jouvin to organise an LDAP workshop at next HEPi. X? (October 2000) (Advantage: USA+Europe) 8 -Jul-00 D. P. Kelsey, HTASC report 5
Roundtable reports • Germany – Univ of Mainz copied 100 GB from CERN (NA 48) in 10 days (1 MB/s overnight) but had to stop as CERN complained it was clogging the network – he believed he was using the network for good purpose – good example of need for Diff. Serv. • GRID will require large bulk transfers. • Many reported congested networking to USA • There is a need for dissemination of info about GRID activities 8 -Jul-00 D. P. Kelsey, HTASC report 6
Regional Centres • Aimed at coordination issues *between* the big data producers – particularly current experiments. – No wish to repeat/duplicate discussions in other places (MONARC, LHC Computing Review, Data. Grid, FOCUS. . . ) • Presentations – – 8 -Jul-00 Wojcik (IN 2 P 3) Luciano Barone (INFN) John Gordon (RAL) Kors Bos (NIKHEF) D. P. Kelsey, HTASC report 7
Regional Centres (2) HTASC summary • IN 2 P 3 and RAL - coordination issues • INFN and NIKHEF - plans for GRID facilities. – But, if the LHC GRID prototypes/testbeds are open to other experiments - will hit similar problems • Problems reported included – conflict between different experiments' choices of • hardware platform • operating systems (flavours and version numbers) • versions of compilers and libraries. – conflicts often make it very difficult to run a shared facility! 8 -Jul-00 D. P. Kelsey, HTASC report 8
Regional Centres (3) • Data exchange formats (physical and logical) also cause problems – The exchange formats should be based on standards, not internal formats, and the number of interfaces to the data should be minimised (e. g. use RFIO? ). • There are too many experiment-specific versions of general applications – Ba. Bar has its own modified version of Objectivity – LHC++ has flags for LHCb. 8 -Jul-00 D. P. Kelsey, HTASC report 9
Regional Centres (4) • AFS has been a success – a useful tool for remote use of s/w – but concerns about stability and scaling • GRID will require greater standardisation • HTASC encourages HEP-CCC to consider how to coordinate with HEP outside of Europe. – Worldwide coordination is highly desirable. 8 -Jul-00 D. P. Kelsey, HTASC report 10
Regional Centres (5) • HTASC recommends – coordination between labs and experiments (how? ) – early involvement of Regional centres in planning of new experiments – Continue standardisation on reduced h/w platforms. – Linux coordination would be very useful • working together on certification of new versions (as suggested at last HEPi. X) • better tools for keeping s/w in step (between centres) 8 -Jul-00 D. P. Kelsey, HTASC report 11
X. 509 Certificates • Presentations to HTASC – Per Hagen (CERN) – Denise Heagerty (CERN) – also input from Roberto Cecchini (INFN) 8 -Jul-00 D. P. Kelsey, HTASC report 12
X. 509 Certificates (2) HTASC summary • Driving reason for X. 509 Certificate Authorities (CA’s) in HEP is GRID/Globus software. • HTASC recommends that any infrastructure for Globus should also support other uses (if desirable? ) • We need sufficient CA’s for the PP GRID – Who will operate them? – Which users will they support? – One model: Accelerator Lab issues certificates to all GRID users on an experiment – Alternatively: home institutes or national authorities. 8 -Jul-00 D. P. Kelsey, HTASC report 13
X. 509 Certificates (3) • Whatever, the advice of the GLOBUS team is to minimise the number of CA’s. – these need to be coordinated across HEP – all Globus clients/servers have a list of "trusted" CA’s. – easy way to distribute/maintain this list - should be static • Does a CA hierarchy add value? – hierarchy of real CA’s - a root HEP CA certifies the hierarchy of CA’s below it. – Or a few CA’s issuing the actual certificates for all HEP • but supported by a hierarchy of user registration authorities checking user credentials. 8 -Jul-00 D. P. Kelsey, HTASC report 14
X. 509 Certificates (4) • Must agree procedures for CA’s – to check user identities – to protect their servers and CA keys – so we can trust each other's certificates. • Many institutes are considering issuing certificates – for certifying exchange of official documents – Use same certificates for GRID? (Maybe - long term) 8 -Jul-00 D. P. Kelsey, HTASC report 15
X. 509 Certificates (5) • In the short term – we need an infrastructure for GRID testbeds – The Data. Grid testbeds meeting in Lyon (30 Jun) • create a Task Force - coordinate national CA’s – must compare benefits of official institute-based scheme with the scaling problem of lists of "trusted" CA’s. • Security is a vital part of the GRID – need testing of certificates and CA’s (e. g. interworking) • And no mention of Smartcards! 8 -Jul-00 D. P. Kelsey, HTASC report 16
Future HTASC meetings/Topics (provisional dates/plans) • 19/20 October 2000 (Provisional - Bologna? ) – Markup Languages – Networking (evolution of WAN costs)/Diffserv/Qo. S – revisit LDAP? (if after the HEPi. X meeting) • March 2001 (CERN) – review network security – Windows 2000 review • Other topics: – ideas always welcome! 8 -Jul-00 D. P. Kelsey, HTASC report 17
Summary • HTASC invites HEP-CCC to consider/give advice on – LDAP coordination - White pages (and GRID? ) • Workshop at next HEPi. X? – Regional Centres • how to standardise s/w? how to coordinate? – HEP-CCC and/or HEPi. X? • Other approaches? (HTASC group? ) – X. 509 certificates • leave it to Data. Grid? • HTASC sub-group? • How to collaborate with USA? – future topics for HTASC consideration? 8 -Jul-00 D. P. Kelsey, HTASC report 18