StoRM configuration. namespace.xml

Similar documents
Understanding StoRM: from introduction to internals

Introduction to SRM. Riccardo Zappi 1

Introduction Data Management Jan Just Keijser Nikhef Grid Tutorial, November 2008

Introduction to LAN Introduction to TDC 363 Lecture 05 Course Outline What is NOS?

glite Grid Services Overview

Best practices and recommendations for attribute translation from federated authentication to X.509 credentials

Managing Certificates

Configuring Microsoft ADAM

The glite middleware. Presented by John White EGEE-II JRA1 Dep. Manager On behalf of JRA1 Enabling Grids for E-sciencE

How to Configure Authentication and Access Control (AAA)

A scalable storage element and its usage in HEP

Automating Administration with Windows PowerShell 2.0

Cisco Expressway Authenticating Accounts Using LDAP

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids

User Management in Resource Manager

YAIM Overview. Bruce Becker Meraka Institute. Co-ordination & Harmonisation of Advanced e-infrastructures for Research and Education Data Sharing

DIRAC distributed secure framework

An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids

Scientific data management

Active Directory. Learning Objective. Active Directory

Authentication via Active Directory and LDAP

SPINOSO Vincenzo. Optimization of the job submission and data access in a LHC Tier2

Edinburgh (ECDF) Update

SAS Viya 3.4 Administration: Logging

Administration Guide

[GSoC Proposal] Securing Airavata API

Proxy POP3S. then authentication occurs. POP3S is for a receiving . IMAP4S. and then authentication occurs. SMTPS is for sending .

Smart Grid Security. Selected Principles and Components. Tony Metke Distinguished Member of the Technical Staff

Grid Authentication and Authorisation Issues. Ákos Frohner at CERN

MCSE Server Infrastructure. This Training Program prepares and enables learners to Pass Microsoft MCSE: Server Infrastructure exams

NETWRIX PASSWORD EXPIRATION NOTIFIER

CA IdentityMinder. Glossary

SA1 CILogon pilot - motivation and setup

Active Directory Replicationm

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Authenticating Cisco VCS accounts using LDAP

Architecture Proposal

EGEE and Interoperation

Configuring a Virtual-Domain Server with LDAP

Simplifying Wide-Area Application Development with WheelFS

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

Information Network Systems The application layer. Stephan Sigg

Argus: The Simplified Policy Language

I Tier-3 di CMS-Italia: stato e prospettive. Hassen Riahi Claudio Grandi Workshop CCR GRID 2011

INDIGO AAI An overview and status update!

Configuring SAML-based Single Sign-on for Informatica Web Applications

Create OData API for Use With Salesforce Connect

MCSE- Windows Server 2012

Public Key Enabling Oracle Weblogic Server

UNIT I. A protocol is a precise set of rules defining how components communicate, the format of addresses, how data is split into packets

Novell Access Manager

Configuring Ambari Authentication with LDAP/AD

Enabling Semantic Web Programming by Integrating RDF and Common Lisp

Using an LDAP With ActiveWorkflow

Data Management. Enabling Grids for E-sciencE. Vladimir Slavnic Scientific Computing Laboratory Institute of Physics Belgrade, Serbia

NETCONF Client GUI. Client Application Files APPENDIX

OLAP Drill-through Table Considerations

Configuring Ambari Authentication with LDAP/AD

Getting Started with FPM BOPF Integration (FBI)

DIRAC Distributed Secure Framework

EMI Deployment Planning. C. Aiftimiei D. Dongiovanni INFN

Infoblox VMware vrealize Log Insight Content Pack User Manual Version 1.1

Microsoft Exam MB2-702 Microsoft Dynamics CRM 2013 Deployment Version: 6.1 [ Total Questions: 90 ]

ACS 5.x: LDAP Server Configuration Example

Computer Networks.. By Nidhi Jindal

Enterprise Manager: Scalable Oracle Management

glideinwms architecture by Igor Sfiligoi, Jeff Dost (UCSD)

New Topic: Naming. Differences in naming in distributed and non-distributed systems. How to name mobile entities?

Windows Server 2008 Administration

Certificate Management

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Increasing Performance for PowerCenter Sessions that Use Partitions

EUROPEAN MIDDLEWARE INITIATIVE

Novell Identity Manager

Realms and Identity Policies

PxM Proof of Concept Configuration. June 2018 Version 3.1

How to configure Sophos for all other clients

Grid Data Management

Introduction to SciTokens

Web Services for Integrated Management: a Case Study

RSA NetWitness Platform

BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.0

CS 3201 Computer Networks 2014/2015 Handout: Lab 4

ADFS Authentication and Configuration January 2017

and the GridKa mass storage system Jos van Wezel / GridKa

Progress in building the International Lattice Data Grid

Fundamentals of edirectory

StorageGRID Webscale 11.0 Tenant Administrator Guide

Technical Trust Policy

Realms and Identity Policies

Computing Parable. New Topic: Naming

Windows Server 2003 Network Administration Goals

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

User Manual. Active Directory Change Tracker

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

Parallelism. Master 1 International. Andrea G. B. Tettamanzi. Université de Nice Sophia Antipolis Département Informatique

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 5 Introduction to DNS in Windows Server 2008

glite Java Authorisation Framework (gjaf) and Authorisation Policy coordination

CounterACT User Directory Plugin

Transcription:

StoRM configuration. namespace.xml 13 November 2007

Outline About this talk Mapping concepts Namespace concepts Namespace algorithms Namespace in practise

Mapping Concepts Mapping concepts Mapping The mapping functionality is the process of retrieving or building the transport URL (TURL) of a file addressed by a Site URL (SURL) and a grid user credential. The SURL is the logical identifier for a local data entity Data access and data transfer are made through the TURLs The TURL identify a physical location of a replica SRM services retrieve the TURL from a namespace database (like DPNS component in DPM) or build it through other mechanisms (like StoRM)

Mapping Concepts Mapping functionalities In StoRM, the mapping functionality is provided by the namespace component (NS). The Namespace component (NS) works without a database. The Namespace component is based on an XML configuration. It relies on the physical storage structure.

Namespace Component works without a database.. The basic features of the namespace component are: The configuration is modular and structured (representation is based on XML) The loading and the parsing of the configuration file occurs: at start-up of the back-end service when configuration file is modified An efficient structure of namespace configuration lives in memory. No access to disk or database is performed StoRM is different from the other solution, where typically, for every SRM request a query to the data base have to be done in order to establish the physical location of file and build the correct transfer URL.

Mapping parameters Namespace component exposes a simple interface to the other StoRM internal components. The namespace functions use parameters derived from the SRM requests, that are: the grid user credential (a subject or a service acting on behalf of the subject) the SURLs

Grid identity credentials Two credential types are supported and managed by Namespace Component: X.509 Distinguished Name (DN) Country Name (C), State (ST), Organization Name (O), Organizational Unit Name (OU), Locality Name (L), Common Name (CN) /C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Riccardo Zappi/ VOMS Fully Qualified Attribute Name /VO/group and Role currently the NS ignore capability and other VOMS attributes.

Simple form and Query form Two SURL types are supported by StoRM:

Namespace Component Model The Namespace Component is based on three main concepts: 1 NS-File system: is the representation of a Storage Area 2 Mapping rule: represents the basic rule for the mapping functionalities 3 Approachable rule: represents the coarse grain access control to the Storage Area.

NS-File system as Storage Area representation The storage area is a logical portion of storage assigned to a VO. In StoRM the SA is defined with NS-file system. The NS-File system contains: SA attributes: SSToken Description, Online Size, Retention Policy,... NS-File System specific attributes: Driver class, FS-Type, Authz-source,...

File system as Storage Area representation Storage Area could be shared by different VO. In the StoRM namespace model, this situation is represented with different NS-file system definition, one per VO.

Approachable rules Defines, in terms of user credential, which file systems can be approached. Access rules are expressed as regular expression by user DN and FQAN.

Approachable rules sample All users: < dn > < /dn > All user with VOMS credentials): < dn > < /dn > < vo name > < vo name > DN rules (all user named John): < dn > CN = John < /dn > VO rules (all users belonging to infngrid): < dn > < /dn > < vo name > infngrid < /vo name >

Mapping Rule The Mapping rule represents the relation between the StFN-Root part of the StFN and the NS-File system (addressed by FS-name attribute).

Namespace configuration elements High view of the namespace main elements. 1 File system 2 Mapping rule 3 Approachable rule

Namespace Algorithm Namespace mapping algorithm

Namespace Algorithm A mapping example

Namespace built by YAIM StoRM specific variables in YAIM The Namespace Component configuration file is the namespace.xml. During the YAIM configuration a basic namespace.xml is created. It reflects the storage configuration as specified by StoRM specific variables. To further details, please, wait the next session Hand-On where we will have a practical sample.

Namespace built by YAIM Adding a SA for a VO Site admin can modify the file namespace.xml created by YAIM for tuning and customization purposes. As generic rule, when you add a new support for a SA you have to add: 1 A NS-file system 2 The corresponding mapping rule, and 3 The corresponding approachable rule. Anyway, during the next session Hands-On we will see a practical example.

Notes and Summary StoRM team

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback