Service-Oriented Science Scaling e Science Application Impact

Скачать презентацию Service-Oriented Science Scaling e Science Application Impact

eaaaf386a8852867a87782826bed5719.ppt

Количество слайдов: 47

Service-Oriented Science Scaling e. Science Application & Impact Ian Foster Argonne National Laboratory University of Chicago Univa Corporation

2 Acknowledgements l Carl Kesselman, with whom I developed many of these slides l Bill Allcock, Charlie Catlett, Kate Keahey, Jennifer Schopf, Frank Siebenlist, Mike Wilde @ ANL/UC l Ann Chervenak, Ewa Deelman, Laura Pearlman @ USC/ISI l Karl Czajkowski, Steve Tuecke @ Univa l Numerous other fine colleagues l NSF, DOE, IBM for research support

Context: System-Level Science 3 Problems too large &/or complex to tackle alone …

4 Seismic Hazard Analysis (T. Jordan & SCEC) Seismicity Paleoseismology Local site effects Geologic structure Faults Seismic Hazard Model Stress transfer Crustal motion Crustal deformation Seismic velocity structure Rupture dynamics

5 SCEC Community Model 1 2 3 4 5 Standardized Seismic Hazard Analysis Ground motion simulation Physics-based earthquake forecasting Ground-motion inverse problem Other Data Geology Geodesy Structural Simulation Unified Structural Representation Faults FSM Motions Stresses RDM AWM FSM = Fault System Model RDM = Rupture Dynamics Model Ground Motions SRM 3 Earthquake Forecast Model 4 Invert Anelastic model 2 Attenuation Relationship 1 Intensity Measures AWP = Anelastic Wave Propagation SRM = Site Response Model 5

7 Science Takes a Village … l Teams organized around common goals u l With diverse membership & capabilities u l Expertise in multiple areas required And geographic and political distribution u l People, resource, software, data, instruments… No location/organization possesses all required skills and resources Must adapt as a function of the situation u Adjust membership, reallocate responsibilities, renegotiate resources

8 Virtual Organizations l From organizational behavior/management: u l "a group of people who interact through interdependent tasks guided by common purpose [that] works across space, time, and organizational boundaries with links strengthened by webs of communication technologies" (Lipnack & Stamps, 1997) The impact of cyberinfrastructure u u People computational agents & services Communication technologies IT infrastructure, i. e. Grid “The Anatomy of the Grid”, Foster, Kesselman, Tuecke, 2001

Beyond Science Silos: Service-Oriented Architecture 9 Function Resource l Decompose across network l Clients integrate dynamically u u Select “best of breed” providers u l Select & compose services Users Discovery tools Analysis tools Publish result as a new service Data Archives Decouple resource & service providers Fig: S. G. Djorgovski

Service-Oriented Systems: The Role of Grid Infrastructure 10 Users l u u l Composition Service-oriented applications Wrap applications as services Compose applications into workflows Service-oriented Grid infrastructure u Workflows Invocation Appln Service Provisioning Provision physical resources to support application workloads “The Many Faces of IT as Service”, Foster, Tuecke, 2005

Forming & Operating (Scientific) Communities l Define VO membership and roles, & enforce laws and community standards u l Build, buy, operate, & share community infrastructure u u l I. e. , policy Data, programs, services, computing, storage, instruments Service-oriented architecture Define and perform collaborative work u Use shared infrastructure, roles, & policy u Manage community workflow 11

Defining Community: Membership and Laws l Identify VO participants and roles u l For people and services Specify and control actions of members u Empower members delegation u Enforce restrictions federate policy B A 1 1 10 A 1 2 10 1 B 16 1 2 13

14 Security Services Objectives l It’s all about “policy” u u l Define a VO’s operating rules Security services facilitate the enforcement Policy facilitates “business objectives” u l Related to goals/purpose of the VO Security policy often delicate balance u Legislation may mandate minimum security u More security Higher costs u Less security Higher exposure to loss u Risk versus Rewards

15 Policy Challenges in VOs l Restrict VO operations based on characteristics of requestor u l Intra-VO u u l Effective Access VO dynamics create challenges VO specific roles Mechanisms to specify/enforce policy at VO level Policy of site to community Inter-VO u Entities/roles in one VO not necessarily defined in another VO Access granted by community to user Site admissioncontrol policies

16 Core Security Mechanisms l Attribute Assertions u l Authentication and digital signature u l C asserts that S can perform O on behalf of C Attribute mapping u l Allows signer to assert attributes Delegation u l C asserts that S has attribute A with value V {A 1, A 2… An}vo 1 {A’ 1, A’ 2… A’m}vo 2 Policy u Entity with attributes A asserted by C may perform operation O on resource R

17 Trust in VOs l Do I “believe” an attribute assertion? u Used to evaluate cost vs. benefit of performing an operation l E. g. , perform untrusted operation with extra auditing l Look at attributes of assertion signer l Rooting trust u Externally recognized source, e. g. , CA u Dynamically via VO structure delegation u Dynamically via alternative sources, e. g. , reputation

18 Security Services for VO Policy l Attribute Authority (ATA) Issue signed attribute assertions (incl. identity, delegation & mapping) u l Authorization Authority (AZA) Decisions based on assertions & policy u l Use with message/transport level security Delegation Assertion VO Resource Admin User A User B can use Service A Attribute VO ATA Mapping ATA VO Me mber Attribu te VO Member Attribute VO User B VO AZA VO A Service VO-A Attr VO-B Attr VO B Service

19 Closing the Loop Authz Callout: SAML, XACML SSL/WS-Security with Proxy Services (running Certificates on user’s behalf) Access Compute Center Rights CAS or VOMS issuing SAML or X. 509 ACs Users Rights Local policy on VO identity or attribute authority My. Proxy VO Rights’ KCA

Forming & Operating Scientific Communities l Define VO membership and roles, & enforce laws and community standards u l Build, buy, operate, & share community infrastructure u u l I. e. , policy Data, programs, services, computing, storage, instruments Service-oriented architecture Define and perform collaborative work u Use shared infrastructure, roles, & policy u Manage community workflow 20

Bootstrapping a VO by Assembling Services 1) Integrate services from other sources u Virtualize external services as VO services Content Services Capacity Community Services Provider Capacity Provider 2) Coordinate & compose u Create new services from existing ones “Service-Oriented Science”, Foster, 2005 21

22 Providing VO Services: (1) Integration from Other Sources l Negotiate service level agreements l Delegate and deploy capabilities/services l Provision to deliver defined capability l Configure environment l Host layered functions Community A … Community Z

23 Virtualizing Existing Services into a VO l Establish service agreement with service u l E. g. , WS-Agreement Delegate use to VO user User A VO User VO Admin Existing Services User B

24 Deploying New Services Policy Client Allocate/provision Configure Initiate activity Monitor activity Control activity Interface Activity Environment Resource provider

25 Activities Can Be Nested Client Policy Client Environment Interface Resource provider

Open Science Grid 26 Ø 50 sites (15, 000 CPUs) & growing Ø 400 to >1000 concurrent jobs Ø Many applications + CS experiments; includes long-running production operations Ø Up since October 2003; few FTEs central ops Jobs (2004) www. opensciencegrid. org

27 Embedded Resource Management Client-side VO Admin Deleg GRAM Headnode Resource Manager VO User Deleg GRAM Cluster Resource Manager Monitoring and control Deleg VO Scheduler • • • . . . Other Services VO Job GRAM Cluster Resource Manager VO admin delegates credentials to be used by downstream VO services. VO admin starts the required services. VO jobs comes in directly from the upstream VO Users VO job gets forwarded to the appropriate resource using the VO credentials Computational job started for VO VO Job

Providing VO Services: (2) Coordination & Composition l Take a set of provisioned services … … & compose to synthesize new behaviors l This is traditional service composition u u But must also be concerned with emergent behaviors, autonomous interactions See the work of the agent & Planet. Lab communities “Brain vs. Brawn: Why Grids and Agents Need Each Other, " Foster, Kesselman, Jennings, 2004. 28

The Globus-Based LIGO Data Grid 29 LIGO Gravitational Wave Observatory Birmingham • §Cardiff AEI/Golm Replicating >1 Terabyte/day to 8 sites >40 million replicas so far MTBF = 1 month www. globus. org/solutions

30 Data Replication Service l Pull “missing” files to a storage system Data Location Data Movement Data Replication List of required Files Replica Location Index Grid. FTP Reliable File Transfer Service Grid. FTP Local Replica Catalog Replica Location Index Data Replication Service “Design and Implementation of a Data Replication Service Based on the Lightweight Data Replicator System, ” Chervenak et al. , 2005

31 Composing Resources … Composing Services Deploy service Deploy container Deploy virtual machine Deploy hypervisor/OS Procure hardware DRS JVM VM Grid. FTP LRC Grid. FTP VO Services VM Hypervisor/OS Physical machine Provisioning, management, and monitoring at all levels

32 Decomposition Enables Separation of Concerns & Roles S 1 User D S 3 “Provide access to data D at S 1, S 2, S 3 with performance P” Service Provider “Provide storage with performance P 1, network with P 2, …” Resource Provider S 2 S 1 D S 2 S 3 Replica catalog, User-level multicast, … S 1 D S 2 S 3

33 Community Commons l What capabilities are available to VO? u l Membership changes, state changes Require mechanisms to aggregate and update VO information The age of information A A S VO-specific indexes S Information S MORE A S FRESH

34 Monitoring and Discovery Services WS-Service. Group GT 4 Container Clients (e. g. , Web. MDS) MDSIndex Registration & WSRF/WSN Access GT 4 Container MDSIndex Automated registration in container GRAM adapter GT 4 Cont. Custom protocols for non-WSRF entities MDSIndex Grid. FTP User RFT

Service-Oriented Systems: The Role of Grid Infrastructure 35 Users l u u l Composition Service-oriented applications Wrap applications as services Compose applications into workflows Service-oriented Grid infrastructure u Workflows Invocation Appln Service Provisioning Provision physical resources to support application workloads “The Many Faces of IT as Service”, Foster, Tuecke, 2005

37 Collaborative Work Executed Executing Query Executable Not yet executable What I Did What I Am Doing What I Want to Do Execution environment Time Schedule Edit …

38 Managing Collaborative Work l Process as “workflow, ” at different scales, e. g. : Run 3 -stage pipeline u Process data flowing from expt over a year u Engage in interactive analysis u l Need to keep track of: What I want to do (will evolve with new knowledge) u What I am doing now (evolve with system config. ) u What I did (persistent; a source of information) u

Trident: The Gri. Phy. N Virtual Data System Workflow spec VDL Program Virtual Data catalog Virtual Data Workflow Generator Abstract workflow Create Execution Plan Statically Partitioned DAG Dynamically Planned DAG Local planner 39 Grid Workflow Execution DAGman & Condor-G Job Planner Job Cleanup

40 Functional MRI Analysis Workflow courtesy James Dobson, Dartmouth Brain Imaging Center

41 Functional MRI – Mapping Brain Function using Grid Workflows <>

Functional MRI Virtual Data Queries Which transformations can process a “subject image”? l Q: xsearchvdc -q tr_meta data. Type subject_image input l A: f. MRIDC. AIR: : align_warp List anonymized subject-images for young subjects: l Q: xsearchvdc -q lfn_meta data. Type subject_image privacy anonymized subject. Type young l A: 3472 -4_anonymized. img Show files that were derived from patient image 3472 -3: l Q: xsearchvdc -q lfn_tree 3472 -3_anonymized. img l A: 3472 -3_anonymized. img 3472 -3_anonymized. sliced. hdr atlas. img … atlas_z. jpg 3472 -3_anonymized. sliced. img 42

43 Quark. Net: Leveraging Trident for Science Education

PUMA: Analysis of Metabolism 44 PUMA Knowledge Base Information about proteins analyzed against ~2 million gene sequences Analysis on Grid Natalia Maltsev et al. http: //compbio. mcs. anl. gov/puma 2 Involves millions of BLAST, BLOCKS, and other processes

Astronomy: A Small Montage Workflow ~1200 node workflow, 7 levels Mosaic of M 42 created on Tera. Grid 45

46 Summary (1): Community Services l Community roll, city hall, permits, licensing & police force u l Directories, maps u l Composed services Day-to-day activities u l Deployed services Shops, businesses u l Information services City services: power, water, sewer u l Assertions, policy, attribute & authorization services Workflows, visualization Tax board, fees, economic considerations u Barter, planned economy, eventually markets

47 Summary (2) l Community based science will be the norm u l Many different types of communities u l Increasingly the community infrastructure will become the scientific observatory Scaling requires a separation of concerns u l Differ in coupling, membership, lifetime, size Must think beyond science stovepipes u l Requires collaborations across sciences— including computer science Providers of resources, services, content Small set of fundamental mechanisms required to build communities

48 For More Information l Globus Alliance u l www. globus. org NMI and GRIDS Center u u l www. nsf-middleware. org www. grids-center. org Infrastructure u u l www. opensciencegrid. org www. teragrid. org Background u www. mcs. anl. gov/~foster 2 nd Edition www. mkp. com/grid 2