FTS3 a file transfer service for Grids, HPCs and Clouds

Similar documents
WLCG Transfers Dashboard: a Unified Monitoring Tool for Heterogeneous Data Transfers.

Monitoring of large-scale federated data storage: XRootD and beyond.

PoS(EGICF12-EMITC2)106

Evolution of the ATLAS PanDA Workload Management System for Exascale Computational Science

Tests of PROOF-on-Demand with ATLAS Prodsys2 and first experience with HTTP federation

The evolving role of Tier2s in ATLAS with the new Computing and Data Distribution model

System upgrade and future perspective for the operation of Tokyo Tier2 center. T. Nakamura, T. Mashimo, N. Matsui, H. Sakamoto and I.

The PanDA System in the ATLAS Experiment

The CORAL Project. Dirk Düllmann for the CORAL team Open Grid Forum, Database Workshop Barcelona, 4 June 2008

EGEE and Interoperation

DIRAC pilot framework and the DIRAC Workload Management System

Data Transfers Between LHC Grid Sites Dorian Kcira

CMS users data management service integration and first experiences with its NoSQL data storage

HammerCloud: A Stress Testing System for Distributed Analysis

An Analysis of Storage Interface Usages at a Large, MultiExperiment Tier 1

Streamlining CASTOR to manage the LHC data torrent

Challenges and Evolution of the LHC Production Grid. April 13, 2011 Ian Fisk

Large scale commissioning and operational experience with tier-2 to tier-2 data transfer links in CMS

Andrea Sciabà CERN, Switzerland

Massive Scalability With InterSystems IRIS Data Platform

Reliability Engineering Analysis of ATLAS Data Reprocessing Campaigns

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

AGIS: The ATLAS Grid Information System

Constant monitoring of multi-site network connectivity at the Tokyo Tier2 center

Safelayer's Adaptive Authentication: Increased security through context information

The DMLite Rucio Plugin: ATLAS data in a filesystem

SLATE. Services Layer at the Edge. First Meeting of the National Research Platform Montana State University August 7-8, 2017

Importance of User Deprovisioning from Services

Using a dynamic data federation for running Belle-II simulation applications in a distributed cloud environment

Storage Virtualization. Eric Yen Academia Sinica Grid Computing Centre (ASGC) Taiwan

Worldwide Production Distributed Data Management at the LHC. Brian Bockelman MSST 2010, 4 May 2010

Development of new security infrastructure design principles for distributed computing systems based on open protocols

The ATLAS PanDA Pilot in Operation

PoS(ISGC 2016)035. DIRAC Data Management Framework. Speaker. A. Tsaregorodtsev 1, on behalf of the DIRAC Project

AutoPyFactory: A Scalable Flexible Pilot Factory Implementation

CernVM-FS beyond LHC computing

Federated Data Storage System Prototype based on dcache

Service Mesh and Microservices Networking

UK Tier-2 site evolution for ATLAS. Alastair Dewhurst

From raw data to new fundamental particles: The data management lifecycle at the Large Hadron Collider

Efficient HTTP based I/O on very large datasets for high performance computing with the Libdavix library

Evolution of Database Replication Technologies for WLCG

Operating the Distributed NDGF Tier-1

File Access Optimization with the Lustre Filesystem at Florida CMS T2

DIRAC data management: consistency, integrity and coherence of data

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

Scientific data processing at global scale The LHC Computing Grid. fabio hernandez

glite Grid Services Overview

Monitoring HTCondor with the BigPanDA monitoring package

Grid Architectural Models

Federated Authentication with Web Services Clients

Striped Data Server for Scalable Parallel Data Analysis

Bootstrapping a (New?) LHC Data Transfer Ecosystem

Using the VMware vcenter Orchestrator Client. vrealize Orchestrator 5.5.1

Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

The ATLAS EventIndex: an event catalogue for experiments collecting large amounts of data

The ATLAS Software Installation System v2 Alessandro De Salvo Mayuko Kataoka, Arturo Sanchez Pineda,Yuri Smirnov CHEP 2015

SPINOSO Vincenzo. Optimization of the job submission and data access in a LHC Tier2

Progress in building the International Lattice Data Grid

Clouds at other sites T2-type computing

Introduction to Grid Computing

Storage Resource Sharing with CASTOR.

DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS

Security in the CernVM File System and the Frontier Distributed Database Caching System

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

Using S3 cloud storage with ROOT and CvmFS

The TDAQ Analytics Dashboard: a real-time web application for the ATLAS TDAQ control infrastructure

Introduction to SciTokens

Understanding StoRM: from introduction to internals

An Oracle White Paper October Release Notes - V Oracle Utilities Application Framework

I Tier-3 di CMS-Italia: stato e prospettive. Hassen Riahi Claudio Grandi Workshop CCR GRID 2011

Conference The Data Challenges of the LHC. Reda Tafirout, TRIUMF

STATUS OF PLANS TO USE CONTAINERS IN THE WORLDWIDE LHC COMPUTING GRID

A Simplified Access to Grid Resources for Virtual Research Communities

Overview of ATLAS PanDA Workload Management

Distributed Computing Framework. A. Tsaregorodtsev, CPPM-IN2P3-CNRS, Marseille

ATLAS operations in the GridKa T1/T2 Cloud

WHEN the Large Hadron Collider (LHC) begins operation

The ALICE Glance Shift Accounting Management System (SAMS)

Sentinet for Windows Azure VERSION 2.2

New strategies of the LHC experiments to meet the computing requirements of the HL-LHC era

The Materials Data Facility

Lessons Learned in the NorduGrid Federation

Federated data storage system prototype for LHC experiments and data intensive science

A scalable storage element and its usage in HEP

Interoperating AliEn and ARC for a distributed Tier1 in the Nordic countries.

Analisi Tier2 e Tier3 Esperienze ai Tier-2 Giacinto Donvito INFN-BARI

Cooperation among ALICE Storage Elements: current status and directions (The ALICE Global Redirector: a step towards real storage robustness).

PoS(EGICF12-EMITC2)081

INDIGO AAI An overview and status update!

State of the Dolphin Developing new Apps in MySQL 8

The LCG 3D Project. Maria Girone, CERN. The 23rd Open Grid Forum - OGF23 4th June 2008, Barcelona. CERN IT Department CH-1211 Genève 23 Switzerland

Report. Middleware Proxy: A Request-Driven Messaging Broker For High Volume Data Distribution

Application of Virtualization Technologies & CernVM. Benedikt Hegner CERN

CouchDB-based system for data management in a Grid environment Implementation and Experience

Authentication in the Cloud. Stefan Seelmann

Benchmarking third-party-transfer protocols with the FTS

The CMS data quality monitoring software: experience and future prospects

Service Availability Monitor tests for ATLAS

Batch Services at CERN: Status and Future Evolution

Transcription:

FTS3 a file transfer service for Grids, HPCs and Clouds PNPI, NRC KI, CERN Gatchina, Russia E-mail: Andrey.Kiryanov@cern.ch Alejandro Alvarez Ayllon CERN Geneva, Switzerland E-mail: Alejandro.Alvarez.Ayllon@cern.ch Michail Salichos CERN Geneva, Switzerland E-mail: Michail.Salichos@cern.ch Oliver Keeble CERN Geneva, Switzerland E-mail: Oliver.Keeble@cern.ch FTS3, the service responsible for globally distributing the majority of the LHC data across the WLCG infrastructure, is now available to everybody. Already integrated into LHC experiment frameworks, a new Web interface now makes the FTS3's transfer technology directly available to end users. In this contribution we describe this intuitive new interface, WebFTS, which allows users to easily schedule and manage large data transfers right from the browser, profiting from a service which has been proven at the scale of petabytes per month. We will shed light on new development activities to extend FTS3 transfers capabilities outside Grid boundaries with support of non-grid endpoints like Dropbox and S3. We also describe the latest changes integrated into the transfer engine itself, such as new data management operations like deletions and staging files from archive, all of which may be accessed through our standardscompliant REST API. For the Service Manager, we explain such features as the service's horizontal scalability, advanced monitoring and its zero configuration approach to deployment made possible by specialised transfer optimisation logic. For the Data Manager, we will present new tools for management of FTS3 transfer parameters like limits for bandwidth and max active file transfers per endpoint and VO, user and endpoint banning and powerful command line tools. We finish by describing the impact of extending WebFTS's captivating graphical interface with support of Federated Identity technologies, thus demonstrating the use of Grid resources without the burden of X.509 certificate management. In this manner we show how FTS3 can cover the needs of wide range of parties from casual users to high-load services. 1 Speaker Copyright owned by the author(s) under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike Licence. 1

The evolution of FTS3 is addressing technical and performance requirements and challenges for LHC Run 2, moreover, its simplicity, generic design, web portal and REST interface makes it an ideal file transfer scheduler both inside and outside of HEP community. International Symposium on Grids and Clouds (ISGC) 2015 15-20 March 2015, Academia Sinica, Taipei, Taiwan 2

1. Introduction FTS3 (File Transfer Service, version 3.0) is one of the projects of critical importance for data management at CERN [1]. It has been designed in a modular and extensible way to allow good scalability. Core functionality of FTS3 is extended with various Web-oriented tools like versatile monitoring and WebFTS user interface with support of Federated Identity (IdF). The components of the FTS (shown in Fig. 1) are: command-line clients, a daemon process responsible for transfer submission, status retrieval and general VO (Virtual Organization) and service configuration, another daemon process responsible for bulk deletion and stage-in of files from archive using the SRM [2] protocol (BringOnline operation), and, finally, the database back-end. The service scales horizontally very well by adding more resources with identical configuration into an FTS3 cluster, since the configuration is stored in the database and is being read during start-up of the service. A single configuration file is used only to store the database credentials. Fig. 1. FTS3 architecture 3. Main features FTS3 offers features and functionality that have been requested by the experiments and sites following their initial usage of FTS2 [3, 4] and the needs that the new FTS3 service should address. Most of these have already been implemented or are in the process of being finalized. For example: 3 2. System architecture

transfer auto-tuning / adaptive optimization; endpoint-centric VO configuration; transfer multi-hop; VO activity shares; multiple replica support; REST-style interface for transfer submission and status retrieval; retry failed transfers mechanism; staging files from archive; bulk deletions; support for Oracle and MySQL database back-ends; transfer and access protocols support on top of GFAL2 plug-in mechanism (SRM, GridFTP [5], HTTP, xroot); session / connection reuse (GridFTP, SSL, etc), which is ideal for many small file transfer jobs. In order to be a credible long-term platform for data transfer, FTS3 has been designed to exploit upcoming developments in networking, such as integrating monitoring data from perfsonar for further transfer optimization, resource management and monitoring of network state. 3.1. Adaptive optimization Adaptive optimization is the mechanism introduced in FTS3 to address the shortcomings of its predecessor FTS2. FTS2 required file transfers to be performed on channels which must be defined and configured explicitly. The FTS3 auto-tuning algorithm and channel-less transfer model allows moving from a predefined structured topology to a full-mesh (as shown in Fig. 2) for network links and storage elements without any configuration and, at the same time, optimizing transfers based on information stored in the database. Fig. 2. move from hierarchical topology to full mesh using FTS3 4

The plot in Fig. 3 demonstrates how the adaptive optimization algorithm is influenced by the achieved throughput and success rate of distinct links, and dynamically adjusts the number of concurrent file transfers based on this information. A sample is taken every 30 seconds and the decisions of the optimization are stored into the database for persistence and service monitoring. Fig. 3. Adaptive optimization 3.2. Managing resources In the FTS3 world resource management is Storage Element (SE) centric and it can be done at three different levels: sharing the resources between Virtual Organizations, specifying the number of concurrent transfer jobs and defining custom protocol parameters (TCP buffer size, number of open sockets per transfer job, etc.). The motivation for the SE-centricity was the change in computing model from a strict hierarchy to a mesh [6]. While in the case of a channel based policy the number of configurations required for full-mesh connectivity grows quadratically with the number of SEs, in case of a SE-centric policy the growth is linear (for example, a set-up of 6 SEs requires either 15 channel configurations or 6 SE-centric configurations). There are four types of configurations available in FTS3: The standalone SE configuration type has been created so the user can address the problem of overloaded SEs by limiting the total number of outgoing and incoming transfers. Those limits can be imposed per-vo in order to create so called 'VO-shares'. While transfer jobs are carried out between two SEs with standalone configurations, the limits for both the source and the destination are respected. On the other hand, their protocol configurations are merged resulting in consistent settings for the given pair (e. g. FTS3 will pick the smallest timeout value). The SE pair configuration allows configuring explicitly the link between two SEs. This type of configuration should be used only in case when standalone configurations do not apply to this particular pair (e. g. the destination SE is in an unusual location and requires much bigger time-out than other SEs). The SE 5 Time

pair configuration overrides all the settings from the respective standalone configurations. The SE group configuration is meant to address a particular use case when a group of SEs shares a common resource (e. g. a common network link) that may limit their aggregated performance. Hence, the SE group configuration allows imposing a limit on the total number of incoming and outgoing transfer jobs for the whole group of SEs. If an SE has a standalone configuration and is also a member of a group, both limits are respected: the one imposed by the standalone configuration and the one imposed by the group configuration. The SE group pair configuration (analogous to the SE pair configuration) allows to override the group configuration settings for a pair of two particular SE groups. Each of the above-mentioned configurations can be hybridized with the autotuner mechanism through replacing any configured value with the 'auto' keyword. 3.3. REST interface FTS3 provides a REST [7] interface to submit transfers and query their state. This interface is to a great extent self-discoverable, as it provides information about how to reach each resource, and which sort of interaction they support [8]. We have tried to honour the restrictions imposed by some authors to consider a RESTful interface implementation a proper RESTful interface [9]: Each resource has its own URI: Collection of jobs: https://fts3.cern.ch:8446/jobs/ Single given job: https://fts3.cern.ch:8446/jobs/083ac623-5649-4127-1234abcdef123456 Meaningful use of HTTP verbs GET <job-uri> retrieves information about the given job DELETE <job-uri> cancels a job POST <job-collection-uri> submits a new job Hypermedia. Although this third point is not complete not every resource provides information about the actions that can be performed we do provide self-discovery information on the root level of our API using the JSON Hypertext Application Language [10]. Even though the default deployment configuration is to have all interfaces running on all the FTS3 machines, the FTS3 REST interface can easily be deployed separately. It is worth noting that we also provide the JSON Schema of the expected JSON messages sent for submission. Using this schema, a client application can easily validate its messages before sending them to the server to check compliance with the expected format. 6

3.4. Protocol support FTS3 relies on the GFAL2 [11] library, which provides an abstraction layer over the complex Grid storage systems. Support for several protocols is provided by a collection of plug-ins. This plug-ins based system has three big advantages: As mentioned, FTS3 in principle can support any protocol that GFAL2 supports. Currently, these are DCAP, GridFTP, HTTP(S)/WebDAV, RFIO, SRM and XROOTD. It is worth mentioning that, from this list, only GridFTP and SRM were supported by the previous version, FTS2. 4. IdF-enabled Web interface In the attempt of making all the features of FTS3 easily accessible to the end users a new standalone Web-oriented interface was developed: WebFTS. With its pointand-click commander-like two-panel interface individual users can submit and monitor their own transfer jobs. WebFTS provides the same multi-protocol support as FTS3 which makes it a very handy tool for transferring files between Grid and non-grid resources. In the first version of WebFTS it was necessary to manually delegate user's X.509 credentials to the service by providing unencrypted copy of the private key. There was no security compromise in this, because private key was only used inside browser's JavaScript context to sign delegation request and was never made available to any external service including FTS3 itself. However this operation was tricky and required access to the command line OpenSSL tool. As an ultimate solution to X.509 burden in the view of accessing Grid resources with Web browser it was decided to add Federated Identity (IdF) support to WebFTS which would allow transparent transition from X.509-based credentials to Web-based ones (SSO) with help of two additional services: STS [12] and IOTA CA [13]. STS (Security Token Service) is a service that consumes SAML2 assertion produced by IdF-enabled SSO and transforms it into a short-living X.509 certificate. IOTA CA (Identifier-Only Trust Assurance Certification Authority) is a CA with specific profile that is eligible of issuing short-living X.509 certificates that are necessary for STS. All the security machinery that is happening behind the scenes and transparently to the user is shown on Fig. 4: 7 1. Independence: The client application FTS3 in our this case can be written independently of the protocol, or set of protocols, that will be used. Thanks to this we can avoid pulling dependencies for unneeded protocols. 2. Isolation: The protocol-specific logic is contained inside the corresponding plugin, so the addition of new functionality, fixes or any other changes can be done without risk of affecting the behaviour of the other protocols. 3. Extensibility: Adding a new protocol is just a matter of writing or installing a new plug-in.

It's important to mention that all the sensitive information like private keys never leaves user's computer and all the cryptographic operations necessary for delegation are performed in the browser context by JavaScript code. Fig. 4. IdF-enabled WebFTS IdF integration allows to make WebFTS completely X.509-free from the user's point of view. With Identity Federations like edugain it's now possible to expose FTS3 powers to user communities that were never accustomed to X.509 infrastructure necessary for the Grid. One of the ramaining problems though is that in order to have a chance of accessing Grid storage endpoints with X.509 credentials received from STS such endpoints need to trust IOTA-profile CAs. This involves administrative work of convincing resource owners into making their resources available to IdF users. 8 1. When user opens WebFTS page a standard SSO login link is shown ( LogIn or LogOut <user name> depending on the state). 2. User logs in to IdF-enabled SSO and SAML2 assertion is made available to the server hosting WebFTS. 3. WebFTS JavaScript application in user's browser fetches SAML2 assertion from the server, generates a key pair, and forwards public key along with the assertion to STS. 4. STS uses IOTA CA to issue a certificate and sends signed certificate back to WebFTS JavaScript application. VOMS extensions may be added to the certificate if requested by the user. 5. WebFTS JavaScript application uses certificate and private key to delegate user's credentials to FTS3 server via REST API.

5. HPC integration Fig. 5. FTS3 and HPC 9 LHC experiments show more and more interest in using available HPC resources in addition to the usual Grid ones. The difference here is that HPCs usually have unique architecture that does not match one of a normal Grid site from WLCG. In order to submit tasks to HPCs one have to use a software that was designed to work specifically with a given HPC. Arisen from the LHC ATLAS experiment workload management system software called PanDA, which eventually turned into not-atlas-specific Big PanDA, have shown to be very effective in handling millions of jobs, and also acted as a bridge for accessing supercomputer resources in Oak Ridge LCF. One thing that was missing from PanDA is a data management subsystem, which became a bottleneck with HPCs where input and output data for thousands of concurrently running jobs have to be effectively staged in and out of the internal file system. Doing these transfers from inside HPC have shown to be ineffective because of wasted CPU time that could have been used for computation if needed data were prestaged and made available before the job start, not to mention that computing nodes of many HPCs simply do not have usual TCP/IP network connectivity and can only access data on shared internal file system. There's a work in progress shown on Fig. 5 of integrating FTS3 with PanDA and making FTS3 capable of relaying file transfers between non-grid HPC resources and standard Grid storage endpoints.

6. Conclusions Fig. 6. FTS3 usage at GridPP 7. Acknowledgements Andres Abad Rodriguez Martin Hellmich Andrea Manzi Markus Schulz Michal Simon Christina Skarpathiotaki This work was funded in part by the Russian Ministry of Education and Science under contract 14.Z50.31.0024 References [1] Critical services in the LHC computing, A Sciaba 2010 J. Phys.: Conf. Ser. 219 [2] Abadie L et al 2007 24th IEEE Conference on Mass Storage Systems and Technologies pp.47,59, 24-27 [3] Data management in EGEE, A Frohner et al 2010 J. Phys.: Conf. Ser. 219 10 The service has already undergone extensive pre-production validation and we have demonstrated the results of high volume production transfers performed on the pilot service and production-ready instances. The plot in Fig. 6 shows the usage of FTS3 instance at GridPP, used by ATLAS and CMS for production and debug transfers. It is worth mentioning that the volume shown below (first bar = 370TB), was achieved using zero configuration (adaptive optimization) on top of MySQL database running on a VM. Anticipating the upcoming data movement needs of WLCG, and building on the lessons learned during the first run of LHC, we present a new, scalable and highlyoptimized data movement service, which provides a simple interface for transfer job submission, status retrieval, advanced monitoring capabilities, multiple access and transfer protocols support and simplified configuration.

11 [4] Abadie L et al 2007 24th IEEE Conference on Mass Storage Systems and Technologies pp.60,71, 24-27 [5] Allcock W et al 2005 ACM/IEEE Supercomputing pp.54,54, 12-18 [6] The evolving role of Tier2s in ATLAS with the new Computing and Data Distribution model, S Gonzalez de la Hoz 2012 J. Phys.: Conf. Ser. 396 [7] Architectural Styles and the Design of Network-based Software Architectures, Roy T. Fielding Dissertation, 2000 [8] Principled Design of the Modern Web Architecture, Roy T. Fielding and Richard N. Taylor, ACM Transactions on Internet Technology, Vol. 2, No.2, May 2002, Pages 115-150 [9] Justice Will Take Us Millions Of Intricate Moves, Leonard Richardson, talk at the International Software Development Conference (QCon), 2008 [10] JSON Hypertext Application Language (Draft), M. Kelly, IETF Draft, October 2013 [11] GFAL 2.0, Adrien Devresse, Presentation at the GDB, November 2012 [12] Security Token Service, Henri Mikkonen, Presentation at EGI Technical Forum, September 2012 [13] https://www.igtf.net/ap/iota/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback