An Example Grid Middleware - The Globus Toolkit. MCSN N. Tonellotto Complements of Distributed Enabling Platforms

Similar documents
Grid Architectural Models

Grid Computing Fall 2005 Lecture 16: Grid Security. Gabrielle Allen

Layered Architecture

Grid Computing. MCSN - N. Tonellotto - Distributed Enabling Platforms

Day 1 : August (Thursday) An overview of Globus Toolkit 2.4

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

Grid Computing Middleware. Definitions & functions Middleware components Globus glite

Grid Computing Fall 2005 Lecture 5: Grid Architecture and Globus. Gabrielle Allen

Using the MyProxy Online Credential Repository

The Globus Toolkit Lecture of the course of Complements of Enabling Platforms

Cloud Computing. Up until now

Grid Compute Resources and Job Management

Grid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007

Grid services. Enabling Grids for E-sciencE. Dusan Vudragovic Scientific Computing Laboratory Institute of Physics Belgrade, Serbia

Globus GTK and Grid Services

Deploying the TeraGrid PKI

Installation and Administration

GLOBUS TOOLKIT SECURITY

Credentials Management for Authentication in a Grid-Based E-Learning Platform

Classification and Characterization of Core Grid Protocols for Global Grid Computing

Introduction to GT3. Introduction to GT3. What is a Grid? A Story of Evolution. The Globus Project

By Ian Foster. Zhifeng Yun

GROWL Scripts and Web Services

Globus Toolkit Firewall Requirements. Abstract

Grid Compute Resources and Grid Job Management

glite Grid Services Overview

Grid Authentication and Authorisation Issues. Ákos Frohner at CERN

Globus Toolkit Manoj Soni SENG, CDAC. 20 th & 21 th Nov 2008 GGOA Workshop 08 Bangalore

Clusters & Grid Computing

CILogon. Federating Non-Web Applications: An Update. Terry Fleury

Introduction to GT3. Overview. Installation Pre-requisites GT3.2. Overview of Installing GT3

UNIT IV PROGRAMMING MODEL. Open source grid middleware packages - Globus Toolkit (GT4) Architecture, Configuration - Usage of Globus

Grid Security Infrastructure

Michigan Grid Research and Infrastructure Development (MGRID)

Design The way components fit together

Design The way components fit together

Programming Environment Oct 9, Grid Programming (1) Osamu Tatebe University of Tsukuba

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

GSI Online Credential Retrieval Requirements. Jim Basney

Grid Scheduling Architectures with Globus

THE GLOBUS PROJECT. White Paper. GridFTP. Universal Data Transfer for the Grid

The glite middleware. Ariel Garcia KIT

Scalable, Reliable Marshalling and Organization of Distributed Large Scale Data Onto Enterprise Storage Environments *

Globus Toolkit 4 Execution Management. Alexandra Jimborean International School of Informatics Hagenberg, 2009

First evaluation of the Globus GRAM Service. Massimo Sgaravatto INFN Padova

Grid Middleware and Globus Toolkit Architecture

Grid Computing Security hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 1

EUROPEAN MIDDLEWARE INITIATIVE

A Distributed Media Service System Based on Globus Data-Management Technologies1

UNICORE Globus: Interoperability of Grid Infrastructures

Single Sign-On Architectures. Jan De Clercq Senior Member of Technical Staff Technology Leadership Group Hewlett-Packard

Architecture Proposal

JOB SUBMISSION ON GRID

GT-OGSA Grid Service Infrastructure

How to build Scientific Gateways with Vine Toolkit and Liferay/GridSphere framework

LCG-2 and glite Architecture and components

The Integration of Grid Technology with OGC Web Services (OWS) in NWGISS for NASA EOS Data

Juliusz Pukacki OGF25 - Grid technologies in e-health Catania, 2-6 March 2009

The University of Oxford campus grid, expansion and integrating new partners. Dr. David Wallom Technical Manager

Managing Grid Credentials

A User-level Secure Grid File System

Chapter 4:- Introduction to Grid and its Evolution. Prepared By:- NITIN PANDYA Assistant Professor SVBIT.

New open source CA development as Grid research platform.

Gridbus Portlets -- USER GUIDE -- GRIDBUS PORTLETS 1 1. GETTING STARTED 2 2. AUTHENTICATION 3 3. WORKING WITH PROJECTS 4

Grid Computing Security: A Survey

Introduction to SciTokens

High Performance Computing Course Notes Grid Computing I

Independent Software Vendors (ISV) Remote Computing Usage Primer

EGEE and Interoperation

Network Working Group Request for Comments: 3820 Category: Standards Track. NCSA D. Engert ANL. L. Pearlman USC/ISI M. Thompson LBNL June 2004

DHANALAKSHMI COLLEGE OF ENGINEERING, CHENNAI

Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

Introduction to Programming and Computing for Scientists

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Security Digital Certificate Manager

How to Build a Service Using GT4

Research and Design Application Platform of Service Grid Based on WSRF

IBM. Security Digital Certificate Manager. IBM i 7.1

GSI-based Security for Web Services

UGP and the UC Grid Portals

The PRIMA Grid Authorization System

igrid: a Relational Information Service A novel resource & service discovery approach

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Web-based access to the grid using. the Grid Resource Broker Portal

Setting up and using a Globus Toolkit 5 based Grid

Axway Validation Authority Suite

IBM i Version 7.2. Security Digital Certificate Manager IBM

Network Security Essentials

Introduction to Grid Technology

The GridWay. approach for job Submission and Management on Grids. Outline. Motivation. The GridWay Framework. Resource Selection

Hardware Tokens in META Centre

XSEDE Software and Services Table For Service Providers and Campus Bridging

Introduction to Programming and Computing for Scientists

THEBES: THE GRID MIDDLEWARE PROJECT Project Overview, Status Report and Roadmap

User Authentication Principles and Methods

ELIMINATE SECURITY BLIND SPOTS WITH THE VENAFI AGENT

Dynamic Creation and Management of Runtime Environments in the Grid

Certificate Profile: Extensions. 5/7/2002 2:46 PM Some sample certificates provided by Jason Novotny DOE PKI certificate provided by John Long

Introduction to SRM. Riccardo Zappi 1

Configuring PKI CHAPTER

Transcription:

An Example Grid Middleware - The Globus Toolkit 1

Globus Toolkit A software toolkit addressing key technical problems in the development of Grid enabled tools, services, and applications Offer a modular bag of technologies Enable incremental development of Grid-enabled tools and applications Implement standard Grid protocols and APIs (the core of the hourglass) Is available under liberal open source license 2

General Approach Define Grid protocols & APIs Protocol-mediated access to remote resources Integrate and extend existing standards On the Grid = speak intergrid protocols Develop a reference implementation Open source Globus Toolkit Client and server SDKs, services, tools, etc. Grid-enable wide variety of tools Globus Toolkit, FTP, SSH, Condor, SRB, MPI, Integrate user experience gathered through deployment and application integration 3

Four Key Protocols 4

Globus Open Source Grid Software G T 4 Delegation Service Community Scheduler Framework [contribution] Python WS Core [contribution] C WS Core G T 3 Community Authorization Service WS Authentication Authorization OGSA-DAI Reliable File Transfer Grid Resource Allocation Mgmt (WS GRAM) Monitoring & Discovery System (MDS4) Java WS Core Web Services Components G T 2 Pre-WS Authentication Authorization GridFTP Grid Resource Allocation Mgmt (Pre-WS GRAM) Monitoring & Discovery System (MDS2) C Common Libraries Non-WS G T 3 Replica Location Service XIO Components G T 4 Credential Management Security Data Management Execution Management Information Services Common Runtime 5

Grid Security 6

Terminology Authentication Authorization Integrity Confidentiality Non-repudiation Delegation Single Sign On Digital Signature 7

Public Key Infrastructure PKI allows you to know that a given public key belongs to a given user PKI builds upon asymmetric encryption: Each entity has two keys: public and private Data encrypted with one key can only be decrypted with the other The private key is known only to the owner The public key is given to the world encapsulated in a X.509 certificate Similar to passport or driver s license Name Issuer Public Key Signature 8

Certificate Authorities A small set of trusted entities known as Certificate Authorities (CAs) are established to sign certificates A Certificate Authority is an entity that exists only to sign user certificates The CA signs it s own certificate which is distributed in a trusted manner Examples: Verisign, DFN, The public key from the CA certificate can then be used to verify other certificates Name Issuer Public Key Signature 9

Certificate Issuance To request a certificate a user starts by generating a key pair The private key is stored encrypted with a pass phrase the user gives The public key is put into a certificate request The user then takes the certificate to the CA The CA usually includes a Registration Authority (RA) which verifies the request: - The name is unique with respect to the CA - It is the real name of the user (through ID/passport check) The CA then signs the certificate request and issues a certificate for the user 10

Why Grid Security is Hard Resources being used may be valuable & the problems being solved sensitive Resources are often located in distinct administrative domains Each resource has own policies & procedures Set of resources used by a single computation may be large, dynamic, and unpredictable Not just client/server, requires delegation It must be broadly available & applicable Standard, well-tested, well-understood protocols; integrated with wide variety of tools 11

Grid Security Requirements User View 1) Easy to use 2) Single sign-on 3) Run applications FTP, SSH, MPI, Condor, Web, 4) User based trust model 5) Proxies/agents (delegation) Resource Owner View 1) Specify local access control 2) Auditing, accounting, etc. 3) Integration w/ local system Kerberos, AFS, license mgr. 4) Protection from compromised resources Developer View 1) API/SDK with authentication, flexible message protection, flexible communication, delegation, a) Direct calls to various security functions (e.g. GSS-API) b) Security integrated into higher-level SDKs 12

Grid Security Infrastructure (GSI) Extensions to standard protocols & APIs Standards: SSL/TLS, X.509 & CA, GSS-API Extensions for single sign-on and delegation Globus Toolkit reference implementation of GSI SSLeay/OpenSSL + GSS-API + single sign-on/delegation Tools and services to interface to local security Simple ACLs; SSLK5/PKINIT for access to K5, AFS, Tools for credential management Login, logout, etc. Smartcards MyProxy: Web portal login and delegation K5cert: Automatic X.509 certificate creation 13

Delegation: proxies (I) Delegation = remote creation of a (second level) proxy credential New key pair generated remotely on server Proxy cert and public key sent to client Clients signs proxy cert and returns it Server (usually) puts proxy in temp dir Allows remote process to authenticate on behalf of the user Remote process impersonates the user 14

Delegation: proxies (II) During delegation, the client can elect to delegate only a limited proxy, rather than a full proxy (no process creation allowed) Job submission client does this Each service decides whether it will allow authentication with a limited proxy Job manager service requires a full proxy File server allows either full or limited proxy to be used A restricted proxy is a generalization of the simple limited proxies Desirable to have fine-grained restrictions Reduces exposure from compromised proxies Embed restriction policy in proxy certificates Policy is evaluated by resource upon proxy use Reduces rights available to the proxy to a subset of those held by the user A proxy no longer grants full impersonation rights 15

Grid Security Infrastructure is Proxies and delegation (GSI extensions) for secure single sign-on Proxies and Delegation PKI (CAs and certificates) SSL/TLS PKI for credentials SSL for authentication and message protection 16

GSI in action Create Processes at A and B that Communicate & Access Files at C User Single sign-on via Grid-ID & generation of proxy or Retrieval of proxy from online repository User Proxy Proxy credential GSI-enabled server Site A Remote process creation requests* GSI-enabled server Site B Gridmap file Computer Restricted Proxy Process Local ID Remote file access request* GSI-enabled server Communication* Site C Process Gridmap file Computer Restricted Proxy Local ID - Authorize - Map to local ID - Create process - Generate credentials * With mutual authentication Gridmap file Computer Storaae Local ID - Authorize - Map to local ID - Access file 17

Grid Security in Globus 18

1. Obtaining a Certificate The program grid-cert-request is used to create a public/private key pair and unsigned certificate: usercert_request.pem: Unsigned certificate file userkey.pem: Encrypted private key file Mail usercert_request.pem to ca@globus.org Receive a Globus-signed certificate Other organizations use different approaches NCSA, NPACI, NASA, etc. have their own CA 19

Your New Certificate NTP is highly Certificate: Data: Version: 3 (0x2) Serial Number: 28 (0x1c) Signature Algorithm: md5withrsaencryption Issuer: C=US, O=Globus, CN=Globus Certification Authority Validity Not Before: Apr 22 19:21:50 1998 GMT Not After : Apr 22 19:21:50 1999 GMT Subject: C=US, O=Globus, O=NACI, OU=SDSC, CN=Richard Frost Subject Public Key Info: Public Key Algorithm: rsaencryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:bf:4c:9b:ae:51:e5:ad:ac:54:4f:12:52:3a:69: <snip> b4:e1:54:e7:87:57:b7:d0:61 Exponent: 65537 (0x10001) Signature Algorithm: md5withrsaencryption 59:86:6e:df:dd:94:5d:26:f5:23:c1:89:83:8e:3c:97:fc:d8: <snip> 8d:cd:7c:7e:49:68:15:7e:5f:24:23:54:ca:a2:27:f1:35:17: recommended 20

2. Logging on to the Grid To run programs, authenticate to Globus: % grid-proxy-init Enter PEM pass phrase: ****** Creates a temporary, local, short-lived proxy credential for use by our computations (RFC 3820) grid-proxy-init creates the local proxy file. User enters pass phrase, which is used to decrypt private key. Private key is used to sign a proxy certificate with its own, new public/private key pair. User s private key not exposed after proxy has been signed Proxy placed in temp dir, read-only by user NOTE: No network traffic! 21

3. Logging off from the Grid To destroy your local proxy that was created by grid-proxyinit: % grid-proxy-destroy This does NOT destroy any proxies that were delegated from this proxy. You cannot revoke a remote proxy Usually proxies with short lifetimes are created 22

Important Files (I) /etc/grid-security hostcert.pem: certificate used by the server in mutual authentication hostkey.pem: private key corresponding to the server s certificate (read-only by root) grid-mapfile: maps grid subject names to local user accounts (really part of gatekeeper) /etc/grid-security/certificates CA certificates: certs that are trusted when validating certs, and thus need not be verified ca-signing-policy.conf: defines the subject names that can be signed by each CA 23

Important Files (II) $HOME/.globus usercert.pem: User s certificate (subject name, public key, CA signature) userkey.pem: User s private key (encrypted using the user s pass phrase) /tmp Proxy file(s): Temporary file(s) containing unencrypted proxy private key and certificate (readable only by user s account) 24

Globus Toolkit 2 25

Grid Information Services 26

Resource Discovery/Monitoring R R R R? R R R R R? R R R R dispersed users? R R R network? R R R R VO-A VO-B Distributed resources and/or clients Resources status subject to change Dynamically variable connectivity and VOs 27

Resource Discovery Grid discovery What kind of resources could I use? Search status Resource Inquiry How can I compare resources (now)? Select status Resource Control How can I take control of resources Acquisition status It is not part of an information service! 28

Grid Information Service Provide access to static and dynamic information regarding system components A basis for configuration and adaptation in heterogeneous, dynamic environments Resource Description Services Supplies information about a specific resource Aggregate Directory Services Supplies collection of information which was gathered from multiple resource description services Customized naming and indexing 29

Requirements Performance Scalability Cost Uniformity Expressiveness Extensibility Multiple information sources Dynamic data Access flexibility Security Easy to employ Decentralized maintainability 30

Monitoring and Discovery Service 31

MDS-2 Information Model Object Class dn: ou=cnuce, loc=pisa, o=cnr ou=cnuce loc=palazzo A Entry dn: ou=people, ou=cnuce, loc=pisa, o=cnr ou = people dn: ou=devices, ou=cnuce, loc=pisa, o=cnr ou = devices dn: uid=194567, ou=people, ou=cnuce, loc=pisa, o=cnr cn = Nicola Tonellotto loc = Lab Arch Par loc = stanza 68 sn = khast uid = 194567 Directory Information Tree dn: uid=barolo, ou=devices, ou=cnuce, loc=pisa, o=cnr cn = barolo.cnuce.cnr.it cn = 131.114.56.6 sn = barolo loc = stanza 68 uid = barolo 32

MDS-2 Functional Model 33

MDS-2 Data Representation (I) Resource Entry < hn = backus.di.unipi.it ou = Dip. Informatica o = Università di Pisa c = Italia > 34

MDS-2 Data Representation (II) CPU CPU hn= hostname RAM DISK VM NET OS dev group= CPU CPU CPU software= OS OS dev= cpu0 CPU dev= cpu1 CPU dev group= memory RAM VM dev group= disk DISK dev group= net NET dev= RAM RAM dev= VM VM dev= /scratch1 DISK dev= eth0 NET 35

GLUE Schema: Computing Element 36

GLUE Schema: Storage Element 37

Grid Resource Management 38

Resource Management on HPC Resources HPC resources are usually parallel computers or large scale clusters The local resource management systems (RMS) for such resources includes: configuration management monitoring of machine state job management There is no standard for this resource management Several different proprietary solutions are in use Examples for job management systems: PBS, LSF, NQS, LoadLeveler, Condor 39

HPC Management Architecture in General Control Service Job Master Master Server Resource and Job Monitoring and Management Services Resource/ Job Monitor Resource/ Job Monitor Resource/ Job Monitor Compute Resources/ Processing Nodes Compute Node Compute Node Compute Node 40

Computational Job A job is a computational task that requires processing capabilities (e.g. 64 nodes) and is subject to constraints (e.g. a specific other job must finish before the start of this job) The job information is provided by the user resource requirements CPU architecture, number of nodes, speed memory size per CPU software libraries, licenses I/O capabilities job description additional constraints and preferences The format of job description is not standardized, but usually very similar 41

Transition to the Grid More resource types come into play: Resources are any kind of entity, service or capability to perform a specific task processing nodes, memory, storage, networks, experimental devices, instruments data, software, licenses people The task/job/activity can also be of a broader meaning a job may involve different resources and consists of several activities in a workflow with according dependencies The resources are distributed and may belong to different administrative domains HPC is still the key application for Grids. Consequently, the main resources in a Grid are the previously considered HPC machines with their local RMS 42

Scope of Grids Source: Ian Foster Cluster Grid Enterprise Grid Global Grid 43

Implications to Grid Resource Management Several security-related issues have to be considered: authentication, authorization, accounting who has access to a certain resource? what information can be exposed to whom? There is lack of global information: what resources are when available for an activity? The resources are quite heterogeneous: different RMS in use individual access and usage paradigms administrative policies have to be considered 44

Resource Management Layer Grid Resource Management System consists of : Local resource management system (Resource Layer) Basic resource management unit Provide a standard interface for using remote resources Grid Resource Allocation Manager (GRAM) Global resource management system (Collective Layer) Coordinate all Local resource management system within multiple or distributed Virtual Organizations (VOs) Provide high-level functionalities to efficiently use all of resources Job Submission Resource Discovery and Selection Scheduling Co-allocation Job Monitoring, etc. e.g. Meta-scheduler, Resource Broker, etc. 45

Grid Resource Management Grid Middleware User/ Application Resource Broker Higher-Level Services Core Grid Infrastructure Services Information Services Monitoring Services Security Services Grid Resource Manager Grid Resource Manager Grid Resource Manager Local Resource Management PBS LSF Resource Resource Resource 46

Definitions Resource: entity able to execute one or more jobs on the behalf of the user Client: process using GRAM protocol to submit a job request Job: one or more processes being part of a job request Job request: a message containing the request and the specification for a job execution on a remote resource. A typical job request specifies: When and where processes should be created How and what processes to create How to execute and terminate processes Gatekeeper: remote resources service managing incoming job requests (GT2) Job Manager: service instantiated by the gatekeeper to manage the execution and monitor the job s processes (GT2) 47

Gatekeeping (GT2) The gatekeeper is a daemon process running with root privileges on each computational resource on the Grid. When it receives a job request from a client it executes the following operations: Performs mutual authentication Maps the client in a local user Instantiates a job manager process with local user rights Sends required arguments to allocate job s processes to the job manager 48

GRAM components 49

Job Status job status!= process status 50

RSL Examples &(executable=/bin/ls) (directory=/tmp) (arguments=-l) (environment=(columns 40)) &(executable=/bin/ls) (count=3)(project=globusteach) (maxcputime=10)(max_memory=30) &(executable=https://barolo.cnuce.cnr.it::65092/bin/ls) &(executable=/bin/ls) (stdout=$(home)/ls.out) (stderr=$(home)/ls.err) 51

Problem: Job Submission Descriptions differ The deliverables of the OGF Working Group JSDL: A specification for an abstract standard Job Submission Description Language (JSDL) that is independent of language bindings, including; the JSDL feature set and attribute semantics, the definition of the relationship between attributes, and the range of attribute values. A normative XML Schema corresponding to the JSDL specification. A document of translation tables to and from the scheduling languages of a set of popular batch systems for both the job requirements and resource description attributes of those languages, which are relevant to the JSDL. 52

JSDL Attribute Categories The job attribute categories will include: Job Identity Attributes ID, owner, group, project, type, etc. Job Resource Attributes hardware, software, including applications, Web and Grid Services, etc. Job Environment Attributes environment variables, argument lists, etc. Job Data Attributes databases, files, data formats, and staging, replication, caching, and disk requirements, etc. Job Scheduling Attributes start and end times, duration, immediate dependencies etc. Job Security Attributes authentication, authorization, data encryption, etc. 53

And the collective layer? The GRAM protocol provides a standard interfaces to access local resources At collective layer: Resource brokers Metaschedules We will speak about scheduling in desktop computers, clusters and Grids in subsequent lectures 54

Metascheduler Example Directed Acyclic Graph Manager Source: Miron Livny DAGMan allows you to specify the dependencies between your Condor-G jobs, so it can manage them automatically for you. (e.g., Don t run job B until job A has completed successfully. ) A DAG is defined by a.dag file, listing each of its nodes and their dependencies: Job A # diamond.dag Job A a.sub Job B b.sub Job C c.sub Job D d.sub Parent A Child B C Parent B C Child D Job B Job C Job D each node will run the Condor-G job specified by its accompanying Condor submit file 55

Grid Data Management 56

Data Management Services Data access and transfer GASS: Simple multi-protocol tool to transfer normal files; integrated in GRAM GridFTP: Reliable and high-performance file transfer protocol for big files in computer networks Replica Management Replica Catalog: Service to keep updated information on sets of replicated data Replica Management: Service to create and manage sets of replicated data 57

GASS: Global Access to Secondary Storage Access to files from remote locations Used by GRAM to: Download executables from remote sites (batch) Move stdin/stdout/stderr to/from remote sites (stream) Components: GASS file access API: OS-spec open/close changed with globus_gass_open/close; Read/write calls automatically managed Job specification language extensions Specific URIS used to declate remote executables and stdin/ stdout/stderr Utilities to manage caches for remote data 58

GASS Architecture main( ) { fd = globus_gass_open( ) read(fd, ) globus_gass_close(fd) } (a) GASS file access API GRAM &(executable=https:// ) (b) RSL extensions GASS Server HTTP Server FTP Server Cache (d) Low-level APIs for customizing cache & GASS server (c) Remote cache management % globus-gass-cache 59

GASS GRAM Integration Resource names coding convention https://barolo.cnuce.cnr.it:9991/~khast/myjob protocol server address file name Supported protocol: http, https, ftp, gsiftp Job specification language extensions: executable, stdin, stdout, stderr can be local files or URI Executable and stdin loaded from local cache before job run stdout, stderr managed by GASS in append mode Cache flushed at job end 60

Globus components in action Local Machine globus-job-run RSL multi-request Machines RSL string User Proxy Cert grid-proxy-init X509 User Cert globusrun RSL parser Broker RSL single request GRAM Client GSI GASS Server GRAM Client GSI GRAM Gatekeeper GSI GRAM Job Manager GASS Client PBS GRAM Gatekeeper GSI GRAM Job Manager GASS Client Unix Fork App Nexus App Nexus Remote Machine AIX MPI Remote Machine Solaris MPI 61

FTP protocol in a nutshell Control and data channel Transfers: client- server and e third party 62

GridFTP Add-ons Parallel Transfer: multiple data pathway Striped Transfer: distributed and parallel data transfer 63

Why? Network throughput maximization (TCP window) Network losses minimization (glitch) 64

Data management Data can be present in different sites Data can be replicated in different locations How to manage the copies of data on the Grid? How to leverage the copies of data? Low level: Replica Catalog A catalog represents files, collections and locations A collection is represented by a logical file A replica (partial or complete) of a collection is represented by a physical file Given a logical filename, how to obtain the relevant physical filename? Physical File Name (PFN): host + full path & file name Logical File Name (LFN): logical name unique in the Grid LFN : PFN = 1 : n 65

Replica Catalog Replica Catalog Logical Collection C02 measurements 1998 Logical Collection C02 measurements 1999 Filename: Jan 1998 Filename: Feb 1998 Location jupiter.isi.edu Location sprite.llnl.gov Logical File Parent Filename: Mar 1998 Filename: Jun 1998 Filename: Oct 1998 Protocol: gsiftp UrlConstructor: gsiftp://jupiter.isi.edu/ nfs/v6/climate Filename: Jan 1998 Filename: Dec 1998 Protocol: ftp UrlConstructor: ftp://sprite.llnl.gov/ pub/pcmdi Logical File Jan 1998 Size: 1468762 Logical File Feb 1998 66

Replica Management Services 67

DataGrid: complete architecture Metadata Catalog Logical Collection and Logical File Name Attribute Specification GridFTP Control Channel Application Selected Replica Replica Catalog Multiple Locations Replica Selection Performance Information & Predictions MDS NWS Disk Array GridFTP Data Channel Disk Cache Tape Library Disk Cache Replica Location 1 Replica Location 2 Replica Location 3 68

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback