UGP and the UC Grid Portals

Similar documents
UCLA Grid Portal (UGP) A Globus Incubator Project

Leveraging the InCommon Federation to access the NSF TeraGrid

How to build Scientific Gateways with Vine Toolkit and Liferay/GridSphere framework

OGCE User Guide for OGCE Release 1

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

XSEDE Canonical Use Case 4 Interactive Login

The University of Oxford campus grid, expansion and integrating new partners. Dr. David Wallom Technical Manager

Grid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007

GAMA: Grid Account Management Architecture

SimPortal. Overview. Frank McKenna. What is SimpPortal Simple Example of Job Submission. UC Berkeley. OpenSees Parallel Workshop Berkeley, CA

Getting Started with XSEDE. Dan Stanzione

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Gridbus Portlets -- USER GUIDE -- GRIDBUS PORTLETS 1 1. GETTING STARTED 2 2. AUTHENTICATION 3 3. WORKING WITH PROJECTS 4

Using the VMware vrealize Orchestrator Client

Using the MyProxy Online Credential Repository

Using the VMware vcenter Orchestrator Client. vrealize Orchestrator 5.5.1

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

UNIT IV PROGRAMMING MODEL. Open source grid middleware packages - Globus Toolkit (GT4) Architecture, Configuration - Usage of Globus

The LGI Pilot job portal. EGI Technical Forum 20 September 2011 Jan Just Keijser Willem van Engen Mark Somers

NoMachine NX Client Configuration Guide

SUG Breakout Session: OSC OnDemand App Development

Cisco Virtual Application Container Services 2.0 Lab v1

Introduction to Change and Configuration Management

Table of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates

MULTI FACTOR AUTHENTICATION USING THE NETOP PORTAL. 31 January 2017

Web Self Service Administrator Guide. Version 1.1.2

UNT System Campus VPN Guide

Guidelines on non-browser access

CILogon Project

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

QuickStart Guide for Managing Computers. Version

Two factor authentication for Microsoft Remote Desktop Web Access

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

SUSE Cloud Admin Appliance Walk Through. You may download the SUSE Cloud Admin Appliance the following ways.

Gatlet - a Grid Portal Framework

QuickStart Guide for Managing Computers. Version

VII. Corente Services SSL Client

AT&T Connect Communications Center (ACC) User Guide Enterprise Edition Version 8.9 May 2010

CSU Talent Management User Guide Search Committee Member How to Log In and View Applications

Securing ArcGIS Server Services An Introduction

QuickStart Guide for Managing Computers. Version 9.73

Read the following information carefully, before you begin an upgrade.

Zadara Enterprise Storage in

Grid Architectural Models

VSP18 Venafi Security Professional

Overview of the Self-Service Portal

Hosted Microsoft Exchange Client Setup & Guide Book

SSH with Globus Auth

Load Balancing VMware Workspace Portal/Identity Manager

Dell Wyse Management Suite 1.2 Release Notes

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Managing Grid Credentials

NetExtender for SSL-VPN

Setting Up Resources in VMware Identity Manager

System Setup. Accessing the Administration Interface CHAPTER

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

Architectural Tradeoffs for Unifying Campus Grid Resources

Agent and Agent Browser. Updated Friday, January 26, Autotask Corporation

Installing and Configuring vcloud Connector

MAGNUM-SDVN Security Administration Manual

WebEx Integration User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA

Connecting to the Virtual Desktop Infrastructure (VDI)

Load Balancing FreePBX / Asterisk in AWS

VSP16. Venafi Security Professional 16 Course 04 April 2016

Red Hat CloudForms 4.6

Introduction to BioHPC

Remote Support 19.1 Web Rep Console

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

Architect your deployment using Chef

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Credentials Management for Authentication in a Grid-Based E-Learning Platform

Sophos Mobile Control Installation guide

Horizon Console Administration. 13 DEC 2018 VMware Horizon 7 7.7

SAML-Based SSO Configuration

XSEDE New User Training. Ritu Arora November 14, 2014

Breaking News CloudAXIS Suite 1.0

Implementing Infoblox Data Connector 2.0

glite Grid Services Overview

QuickStart Guide for Managing Computers. Version 9.32

An Exploration of Grid Computing to be Utilized in Teaching and Research at TU

An End-to-End Web Services-based Infrastructure for Biomedical Applications

SAML-Based SSO Configuration

Dell Wyse Management Suite 1.2 HF1 Release Notes

Accelerating the Scientific Exploration Process with Kepler Scientific Workflow System

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Introduction to Grid Computing!

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

Quick Start Guide for Intel FPGA Development Tools on the Nimbix Cloud

BIG-IP Access Policy Manager : Portal Access. Version 12.1

Introduction to BioHPC New User Training

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

Privileged Identity App Launcher and Session Recording

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

AD105 Introduction to Application Development for the IBM Workplace Managed Client

Infrastructure Navigator User's Guide

Quick Start Guide. Table of Contents

e-frr SYSTEM USER GUIDE

Transcription:

UGP and the UC Grid Portals OGF 2007 Documentation at: http://www.ucgrid.org Prakashan Korambath & Joan Slottow Research Computing Technologies UCLA

UGP (UCLA Grid Portal) Joins computational clusters into a Grid Under development at UCLA since 2002. Built on top of: Globus Toolkit 4.n GridSphere Portlet Framework 2.n (production systems) and 3.n (under development) Zimbra, YUI, and GWT toolkits Shibboleth Tomcat MySQL

Motivation Need to share resources among the campus clusters: Better equipment utilization Conserve energy Diverse cluster ownership and operation Owners reluctant to give login ids to any but their users A number of users have login ids on multiple clusters Need to get to them from one interface/location

Design Goals: Do not change the way individuallymanaged clusters do business. --> Grid Appliance. Web Portal: Hide certificates and the complexity of the Grid from users. No software for users to install. Single sign on. Common web interface to all clusters.

I. Architecture

Single Campus Architecture Head node Cluster I Credential mapped to local ID Grid Portal Grid Appliance https Uniform browser based interface Head node Cluster II Credential mapped to local ID MyProxy Server Storage Server ION Visualization Server Grid Appliance

Grid Appliance Enables a cluster to participate in the Grid. Provided by the Grid administrators. In no way modifies policy decisions at the cluster level. Cluster head node can always also be used directly. Globus Toolkit is installed on the Appliance. Port forwarding for VNC done here.

Demo 1. 2.

UC Grid Multi-Campus Architecture UC Grid CA UC Register Service UC User Database UC MyProxy Single CA is shared among all campuses UC Portal A C Storage Server UCLA Portal UCLA MyProxy A C C A C A C C A A UCSB MyProxy UCSB Portal Storage Server All appliances talk to both their campus portal and the UC portal UCI Portal UCI MyProxy Storage Server

The UC Grid The umbrella Grid and aggregation point for all the campuses. Users can work with clusters from all the campuses Every appliance is open to the Campus Grid Portal and the UC Grid Portal Each user of a Campus Grid can also use the UC Grid Portal Single sign on to transfer files across the campuses. Single Sign on to make use of the cluster and pooled resources across the campuses.

UC Grid -- Status Received UC approval in November 2006. Currently have three campuses connected UCLA, UCSB, and UCI 16 clusters (UCLA 10, UCSB 5, UCI 1) 1214 nodes, > 2428 CPUs 12.92 TFlops UC Davis and UC Berkeley are in the process of bringing their portals up.

Demo

Web Services that make the Hierarchy Possible Register Service -- Synchronizes User Creation Sync Service -- Synchronizes changes to the Grid When an administrator of a Campus Grid Portal adds/removes a cluster, application or pool The UC Grid Portal is updated in real time accordingly.

Pools Resource Pools Applications and cycles Pool-Only Users Students and faculty members who: Do not have accounts on any campus cluster Have low-level or sporadic usage requirements Need for a specific application, compiler, visualization tool Cluster users are also pool users Target cluster selected by the UGP Currently runs applications only

User Types vs. Portals Portal View Campus Portal UC Portal U s e r T y p e Pool-only User Cluster User Can submit jobs to the campus pool Can use those clusters on campus he/she can access Can submit jobs to the campus pool Can submit jobs to campus and UC pools Best choice for those with access to clusters on different campuses -- can use all clusters, UC-wide, he/she can Access Can submit jobs to campus and UC pools

II. Workflow for Handling Usernames/Passwords

To Login to a Portal a User Needs: A certificate A gridsphere account Additionally: A Cluster User must be added to the GridMap file on the clusters on which he/she has login ids. A Pool-Only user needs to be assigned disk space on the Grid Portal s file server.

Apply for Grid Access

New User Workflow - 1 User Campus Grid Portal All authentication is done at the campus level Authenticates UC Certificate Authority UC CA UC Database UC Of user names MyProxy UC Register Service Unique? Fills in Form Requested username pending Sends a message To campus resource admin Res Admin Adds Cluster User to grid-mapfile. Assigns Storage for Pool-Only User Sends a message To campus grid admin Clicks on link in message Validates Clicks on Approve

New User Workflow - 2 Campus Grid Admin Clicks on link in message Authenticates Clicks on Approve UC Certificate Machine UC CA UC Database UC Of user data MyProxy UC Register Service Request + Host Cert Create and sign User certificate Create GridSphere account at UC Push certificate to UC MyProxy Push certificate to campus MyProxy UGP Creates GridSphere Account for Campus Portal UC Register Client Campus MyProxy

III. Grid Portal Services and User Interface

Demo

Pool Job Setup Currently applications only Each cluster must have: Guest login id With a certificate In the grid-mapfile Scheduling mechanism for pool jobs UGP has: Table of pool applications by cluster Passwords for guest user certificates

Pool Job Submission UGP: Chooses the best cluster for the job Maps the portal user to the guest user Generates the proxy certificate for the guest user Stages the input files to the target cluster Submits the job to the target cluster Retrieves the output for downloading

Grid Development Environment Like a desktop program development environment. Grid Appliances and clusters normally of different architecture Uses an instantaneous queue ssh or xterm under Interactive tab is an alternative.

Demo

Federation with Other Grids UGP can act as a client to some other Grids provided: Their Globus Toolkit nodes are open to all of their users and any computer. They allowed us to get the CA Signing Policy and CA Certificate Public Key for each of their clusters. They have an accessible MyProxy Server. Their users push their proxy certificates to that MyProxy. Current policy prevents Globus access from outside: We don't give out the CA Signing Policy and CA public keys for our Grid Appliances We don t give the user s their user certificates Our Grid Appliances are behind firewalls.

Demo

Conventional Web Interfaces vs. AJAX User interfaces AJAX = asynchronous XMLHttpRequests and JavaScript JavaScript runs in the Browser Java code on the server processes the requests Interactivity gains and efficiency benefits

Demo

IV. Interactive Applications

Interactive Applications via VNC Pioneers in this area are: Purdue University s nanohub University of Florida s In-VIGO University of Texas Advanced Computer Center (TACC)

Prerequisites Password-less SSH access from the Grid Appliance to the cluster node on which the VNC Server will run. The VNC Server and TWM Window Manager installed on the cluster node. (They are part of the standard linux installation.) OpenSSH on the cluster node must be version 3.6.1 or higher.

There is 1 Grid Portal One Grid Appliance per cluster Multiple VNC servers can be Running on an Appliance simultaneously Firewall User Portal Web Server Grid Appliance Compute Node Web Browser VNC Viewer applet Serve Applet Because of Applet security, the Applet can only talk to the Portal machine Tomcat UGP iptables Port forwarding GRAM Globus Public Network Fork Job iptables Port forwarding SSH Private Network VNC server Runs Under theuser s id GUI App

Iptables set up

VncPortMap Table VNC Portal Port (e.g. 90001) (Key) Appliance Name(e.g. 129.1.1.1) VNC Appliance Port (e.g. 70001) VNC Local Target (e.g. 10.0.0.2) VNC Local Port (e.g. 5901) User Name (Grid User Name, empty if available) Start Time (in Milisecond, empty if available) VNC Password (Encrypted with host certificate for reconnect, empty if available)

Killing VNC Server Sessions Users can have up to n concurrent sessions They can logout of the grid portal and later log back in and reconnect to the same VNC session. They can purge the VNC session. The VncPortMap table is updated when a VNC Server session times out.

Demo

appform Previous Work Purdue/nanoHub Rappture San Diego Supercomputer Center (SDSC) and National Biomedical Computation Resource (NBCR) Project Gemstone

How appform Works app_job.xml HTML + JavaScript + YUI rsl.xsl app_form.xml combine.jsp HTML + JavaScript + YUI for tabbed page trans.xsl HTML + JavaScript + YUI app_job.xml, app_form.xml and app_forrm_input.xsl must be written for each app.

Demo

How appform Works on Save File.xml <element name= name > <value>value</value> </element> Filled in Form JavaScript code Asynchronous XMLHttpRequest name=value,name=value Java servlet File.txt Input file for app app_form_input.xsl Client Side Server Side

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback