Virtual Communities and Science in the Large Dr

Virtual Communities and Science in the Large Dr. Carl Kesselman ISI Fellow Director, Center for Grid Technologies Information Sciences Institute Research Professor Computer Science Viterbi School of Engineering University of Southern California

2 Acknowledgements l Ian Foster, with whom I developed many of these slides l Bill Allcock, Charlie Catlett, Kate Keahey, Jennifer Schopf, Frank Siebenlist, Mike Wilde @ ANL/UC l Ann Chervenak, Ewa Deelman, Laura Pearlman, Mike D’Arcy, Gaurang Mehta, SCEC @ USC/ISI l Karl Czajkowski, Steve Tuecke @ Univa l Numerous other fine colleagues l NSF, DOE, IBM for research support

Context: System-Level Science 3 Problems too large &/or complex to tackle alone …

4 Seismic Hazard Analysis (T. Jordan & SCEC) Seismicity Paleoseismology Local site effects Geologic structure Faults Seismic Hazard Model Stress transfer Crustal motion Crustal deformation Seismic velocity structure Rupture dynamics

5 SCEC Community Model 1 2 3 4 5 Standardized Seismic Hazard Analysis Ground motion simulation Physics-based earthquake forecasting Ground-motion inverse problem Other Data Geology Geodesy Structural Simulation Unified Structural Representation Faults FSM Motions Stresses RDM AWM FSM = Fault System Model RDM = Rupture Dynamics Model Ground Motions SRM 3 Earthquake Forecast Model 4 Invert Anelastic model 2 Attenuation Relationship 1 Intensity Measures AWP = Anelastic Wave Propagation SRM = Site Response Model 5

6 Science Takes a Village … l Teams organized around common goals u l With diverse membership & capabilities u l Expertise in multiple areas required And geographic and political distribution u l People, resource, software, data, instruments… No location/organization possesses all required skills and resources Must adapt as a function of the situation u Adjust membership, reallocate responsibilities, renegotiate resources

7 Virtual Organizations l From organizational behavior/management: u l "a group of people who interact through interdependent tasks guided by common purpose [that] works across space, time, and organizational boundaries with links strengthened by webs of communication technologies" (Lipnack & Stamps, 1997) The impact of cyberinfrastructure u u People computational agents & services Communication technologies IT infrastructure, i. e. Grid “The Anatomy of the Grid”, Foster, Kesselman, Tuecke, 2001

Forming & Operating (Scientific) Communities l Define VO membership and roles, & enforce laws and community standards u l Build, buy, operate, & share community infrastructure u l I. e. , policy Data, programs, services, computing, storage, instruments Define and perform collaborative work u Use shared infrastructure, roles, & policy u Manage community workflow 8

Forming & Operating (Scientific) Communities l Define VO membership and roles, & enforce laws and community standards u l Build, buy, operate, & share community infrastructure u u l I. e. , policy Data, programs, services, computing, storage, instruments Service-oriented architecture Define and perform collaborative work u Use shared infrastructure, roles, & policy u Manage community workflow 9

Defining Community: Membership and Laws l Identify VO participants and roles u l For people and services Specify and control actions of members u Empower members delegation u Enforce restrictions federate policy B A 1 1 10 A 1 2 10 1 B 16 1 2 10

11 Policy Challenges in VOs l Restrict VO operations based on characteristics of requestor u l Intra-VO u u l Effective Access VO dynamics create challenges VO specific roles Mechanisms to specify/enforce policy at VO level Policy of site to community Inter-VO u Entities/roles in one VO not necessarily defined in another VO Access granted by community to user Site admissioncontrol policies

12 Core Security Mechanisms l Authentication and digital signature u l Attribute Assertions u l C asserts that S can perform O on behalf of C Namespaces and Attribute mapping u l C asserts that S has attribute A with value V Delegation u l “Identity” of communicating party {A 1, A 2… An}vo 1 {A’ 1, A’ 2… A’n}vo 2 Policy u Entity with attributes A asserted by C may perform operation O on resource R

13 Security Services for VO Policy l Attribute Authority (ATA) Issue signed attribute assertions (incl. identity, delegation & mapping) u l Authorization Authority (AZA) Decisions based on assertions & policy u l Use with message/transport level security Delegation Assertion VO Resource Admin User A User B can use Service A Attribute VO ATA Mapping ATA VO Me mber Attribu te VO Member Attribute VO User B VO AZA VO A Service VO-A Attr VO-B Attr VO B Service

14 Security Services in Practice Authz Callout: SAML, XACML SSL/WS-Security with Proxy Services (running Certificates on user’s behalf) Access Compute Center Rights CAS or VOMS issuing SAML or X. 509 ACs Users Rights Local policy on VO identity or attribute authority My. Proxy VO Rights’ KCA

Forming & Operating Scientific Communities l Define VO membership and roles, & enforce laws and community standards u l Build, buy, operate, & share community infrastructure u l I. e. , policy Data, programs, services, computing, storage, instruments Define and perform collaborative work u Use shared infrastructure, roles, & policy u Manage community workflow 15

Beyond Science Silos: Service-Oriented Architecture 17 Function Resource l Decompose across network l Clients integrate dynamically u u Select “best of breed” providers u l Select & compose services Users Discovery tools Analysis tools Publish result as a new service Data Archives Decouple resource & service providers Fig: S. G. Djorgovski

18 Decomposition Enables Separation of Concerns & Roles S 1 User D S 3 “Provide access to data D at S 1, S 2, S 3 with performance P” Service Provider “Provide storage with performance P 1, network with P 2, …” Resource Provider S 2 S 1 D S 2 S 3 Replica catalog, User-level multicast, … S 1 D S 2 S 3

19 Providing VO Services: (1) Integration from Other Sources l Negotiate service level agreements l Delegate and deploy capabilities/services l Provision to deliver defined capability l Configure environment l Host layered functions Community A … Community Z

20 Deploying New Services Policy Client Allocate/provision Configure Initiate activity Monitor activity Control activity Interface Activity Environment Resource provider Current mechanisms include: GRAM, Workspaces (Keahey, et al), HAND (Qi, et al)

21 Virtualizing Existing Services into a VO l Establish service agreement with service u l E. g. , WS-Agreement, GRAM Delegate use to VO user User A VO User VO Admin Existing Services User B

Open Science Grid 22 Ø 50 sites (15, 000 CPUs) & growing Ø 400 to >1000 concurrent jobs Ø Many applications + CS experiments; includes long-running production operations Ø Up since October 2003; few FTEs central ops Jobs (2004) www. opensciencegrid. org

23 Embedded Resource Management Client-side VO Admin Deleg GRAM Headnode Resource Manager VO User Deleg GRAM Cluster Resource Manager Monitoring and control Deleg VO Scheduler • • • . . . Other Services VO Job GRAM Cluster Resource Manager VO admin delegates credentials to be used by downstream VO services. VO admin starts the required services. VO jobs comes in directly from the upstream VO Users VO job gets forwarded to the appropriate resource using the VO credentials Computational job started for VO VO Job

24 The Condor Brick VO Admin Public Network Private Network Deploy Brick GRAM VO User Local Condor Environment GRAM Allocate resources Initiate job starters (i. e. glidein) Allocate resources Initiate management services Execute Jobs via Condor-C

25 Policy for Dynamic VO Service VO PDP Add. User VO ATA Do. It Service Do. It if VO_PDP(Attrs)=yes & Role=HE/Doer Service PDP Add. Policy if Role=VO/Admin Container PDP Create doit Role=HE/Service_Creator Do. It if Role=VO/Doer Hosting Environment Create. Service if Role=HE/Service. Creator

Providing VO Services: (2) Coordination & Composition l Take a set of provisioned services … … & compose to synthesize new behaviors l This is traditional service composition u u But must also be concerned with emergent behaviors, autonomous interactions See the work of the agent & Planet. Lab communities “Brain vs. Brawn: Why Grids and Agents Need Each Other, " Foster, Kesselman, Jennings, 2004. 26

The Globus-Based LIGO Data Grid 27 LIGO Gravitational Wave Observatory Birmingham • §Cardiff AEI/Golm Replicating >1 Terabyte/day to 8 sites >120 million replicas so far MTBF = 1 month www. globus. org/solutions

28 Data Replication Service l Pull “missing” files to a storage system Data Location Data Movement Data Replication List of required Files Replica Location Index Grid. FTP Reliable File Transfer Service Grid. FTP Local Replica Catalog Replica Location Index Data Replication Service “Design and Implementation of a Data Replication Service Based on the Lightweight Data Replicator System, ” Chervenak et al. , 2005

29 Composing Resources … Composing Services Deploy service Deploy container Deploy virtual machine Deploy hypervisor/OS Procure hardware DRS JVM VM Grid. FTP RLS Grid. FTP VO Services VM Hypervisor/OS Physical machine Provisioning, management, and monitoring at all levels

30 Community Commons l What capabilities are available to VO? u l Membership changes, state changes Require mechanisms to aggregate and update VO information The age of information A A S VO-specific indexes S Information S MORE A S FRESH

31 Monitoring and Discovery Services WS-Service. Group GT 4 Container Clients (e. g. , Web. MDS) MDSIndex Registration & WSRF/WSN Access GT 4 Container MDSIndex Automated registration in container GRAM adapter GT 4 Cont. Custom protocols for non-WSRF entities MDSIndex Grid. FTP User RFT

Forming & Operating Scientific Communities l Define VO membership and roles, & enforce laws and community standards u l Build, buy, operate, & share community infrastructure u u l I. e. , policy Data, programs, services, computing, storage, instruments Service-oriented architecture Define and perform collaborative work u Use shared infrastructure, roles, & policy u Manage community workflow 32

33 Collaborative Work Executed Executing Query Executable Not yet executable What I Did What I Am Doing What I Want to Do Execution environment Time Schedule Edit …

34 Managing Collaborative Work l Process as “workflow, ” at different scales, e. g. : Run 3 -stage pipeline u Process data flowing from expt over a year u Engage in interactive analysis u l Need to keep track of: What I want to do (will evolve with new knowledge) u What I am doing now (evolve with system config. ) u What I did (persistent; a source of information) u

35 Problem Refinement l Given: desired result and constraints u u l Find: an executable job workflow u u u l desired result (high-level, metadata description) application components resources in the Grid (dynamic, distributed) constraints & preferences on solution quality A configuration that generates the desired result A specification of resources to be used Sequence of operations: create agreement, move data, request operation May create workflow incrementally as information becomes available "Mapping Abstract Complex Workflows onto Grid Environments, " Deelman, Blythe, Gil, Kesselman, Mehta, Vahi, Arbree, Cavanaugh, Blackburn, Lazzarini, Koranda, 2003.

Trident: The Gri. Phy. N Virtual Data System Workflow spec VDL Program Virtual Data catalog Virtual Data Workflow Generator Abstract workflow Create Execution Plan Statically Partitioned DAG Dynamically Planned DAG Local planner 36 Grid Workflow Execution DAGman & Condor-G Job Planner Job Cleanup

37 Seismic Hazard Curve Exceeded every year Exceeded 1 time in 100 years Exceeded 1 time in 10, 000 years Annual frequency of exceedance Exceeded 1 time in 10 years Ground motion that will be exceeded every year Ground motion that a person can expect to be exceeded during their lifetime Typical design for buildings Typical design for hospitals 10% probability of exceedance in 50 years Carl’s house during Northridge Typical design for nuclear power plant Minor damage 0. 1 0. 2 Moderate damage 0. 3 0. 4 0. 5 0. 6 Ground Motion – Peak Ground Acceleration

38 SCEC Cybershake l Calculate hazard curves by generating synthetic seismograms from estimated rupture forecast Hazard Map Strain Green Tensor Rupture Forecast Synthetic Seismogram Spectral Acceleration Hazard Curve

39 Cybershake on the SCEC VO Provenance Catalog Data Catalog Workflow Scheduler/Engine VO Service Catalog SCEC Storage Tera. Grid Storage VO Scheduler Tera. Grid Compute

40 Summary (1): Community Services l Community roll, city hall, permits, licensing & police force u l Directories, maps u l Composed services Day-to-day activities u l Deployed services Shops, businesses u l Information services City services: power, water, sewer u l Assertions, policy, attribute & authorization services Workflows, visualization Tax board, fees, economic considerations u Barter, planned economy, eventually markets

41 Summary (2) l Community based science will be the norm u l Many different types of communities u l Increasingly the community infrastructure will become the scientific observatory Scaling requires a separation of concerns u l Differ in coupling, membership, lifetime, size Must think beyond science stovepipes u l Requires collaborations across sciences— including computer science Providers of resources, services, content Small set of fundamental mechanisms required to build communities

42 For More Information l Globus Alliance u l www. globus. org NMI and GRIDS Center u u l www. nsf-middleware. org www. grids-center. org Infrastructure u u l www. opensciencegrid. org www. teragrid. org Background u www. isi. edu/~carl 2 nd Edition www. mkp. com/grid 2