DSIT WP1 WP2. Federated AAI and Federated Storage Report for the Autumn 2014 All Hands Meeting

Similar documents
2. HDF AAI Meeting -- Demo Slides

dcache integration into HDF

Challenges in Storage

dcache, activities Patrick Fuhrmann 14 April 2010 Wuppertal, DE 4. dcache Workshop dcache.org

A scalable storage element and its usage in HEP

dcache Ceph Integration

bwsync&share: A cloud solution for academia in the state of Baden-Württemberg

The AAF - Supporting Greener Collaboration

INDIGO AAI An overview and status update!

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

SAML-Based SSO Solution

Storage Management in INDIGO

dcache: challenges and opportunities when growing into new communities Paul Millar on behalf of the dcache team

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes

INDIGO-DataCloud Architectural Overview

Computing for LHC in Germany

ArcGIS Enterprise Administration

SAML-Based SSO Solution

Cloud Secure Integration with ADFS. Deployment Guide

ArcGIS Server and Portal for ArcGIS An Introduction to Security

All about SAML End-to-end Tableau and OKTA integration

FeduShare Update. AuthNZ the SAML way for VOs

dcache Introduction Course

PRESENTATION TITLE GOES HERE. Understanding Architectural Trade-offs in Object Storage Technologies

First European Globus Community Forum Meeting

Office 365 and Azure Active Directory Identities In-depth

New trends in Identity Management

Guidelines on non-browser access

Patrick Fuhrmann (DESY)

Now SAML takes it all:

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Federated AAI and the World of Tomorrow. Rion Dooley

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

CILogon. Federating Non-Web Applications: An Update. Terry Fleury

Data Replication: Automated move and copy of data. PRACE Advanced Training Course on Data Staging and Data Movement Helsinki, September 10 th 2013

Mozy. Administrator Guide

Identity Provider for SAP Single Sign-On and SAP Identity Management

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

THEBES: THE GRID MIDDLEWARE PROJECT Project Overview, Status Report and Roadmap

globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Migrating vrealize Automation 6.2 to 7.2

Integration Guide. SafeNet Authentication Service. Protecting SugarCRM with SAS

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Oman Research & Education Network (OMREN)

RCauth.eu / MasterPortal update

WP JRA1: Architectures for an integrated and interoperable AAI

Globus Online: File Transfer Made Easy!

Leveraging the InCommon Federation to access the NSF TeraGrid

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Limitations and Restrictions

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft. Presented by Manfred Alef Contributions of Jos van Wezel, Andreas Heiss

Unity Connection Version 10.5 SAML SSO Configuration Example

Orange Liberty-enabled solution for 71 million subscribers. Aude Pichelin Orange Group Standardisation Manager

Introduction to SciTokens

EUDAT - Open Data Services for Research

Token-based Payment in Dynamic SAML-based Federations

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

EMI Data, the unified European Data Management Middleware

Cloud Secure. Microsoft Office 365. Configuration Guide. Product Release Document Revisions Published Date

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Integrated Security Context Management of Web Components and Services in Federated Identity Environments

Identity Services Overview from 3 rd Party UK federation commercial identity Providers

Deliverable DSA1.4: Pilots to improve access to R&E-relevant resources

CAS, Shibboleth, And an evolving SSO approach

Authentication. Katarina

irods Security Aspects Willem Elbers CLARIN-ERIC, Netherlands

Oracle Utilities Opower Solution Extension Partner SSO

The EGI AAI CheckIn Service

Connect Authenticate

SCA19 APRP. Update Andrew Howard - Co-Chair APAN APRP Working Group. nci.org.au

LCG data management at IN2P3 CC FTS SRM dcache HPSS

O365 Solutions. Three Phase Approach. Page 1 34

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

SLCS and VASH Service Interoperability of Shibboleth and glite

DARIAH Update. 9th FIM4R Workshop. Vienna, Novemer 30, Peter Gietz, DAASI International GmbH.

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

National R&E Networks: Engines for innovation in research

TECHNICAL GUIDE SSO SAML. At 360Learning, we don t make promises about technical solutions, we make commitments.

The Long, Long Road to True Single Sign On at Fermilab. Al Lilianstrom and Dr. Olga Terlyga NLIT 2018 May 22 nd, 2018

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

BrainDumps q. Cisco Cisco WebEx Solutions Design and Implementation

D9.2.2 AD FS via SAML2

VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

dcache Introduction Course

Federated XDMoD Requirements

Okta Integration Guide for Web Access Management with F5 BIG-IP

Data Storage. Paul Millar dcache

EUDAT & AAI. Daan Broeder MPI for Psycholinguistics

F5 BIG-IP Access Policy Manager: SAML IDP

Single Sign-On Showdown

B2DROP The EUDAT Personal Cloud Storage

Developing Microsoft Azure Solutions (70-532) Syllabus

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Storage Made Easy. Mirantis

An integrated IaaS and PaaS architecture for scientific computing

Transcription:

DSIT WP1 WP2 Federated AAI and Federated Storage Report for the Autumn 2014 All Hands Meeting

Content WP1 GSI: GSI Web Services accessible via IdP credentials GSI: Plan to integrate with UNITY (setting up a unity server at GSI) DESY: dcache, Globus Transfer (online). SAML Translation KIT: LDAP Facade KIT: Non Web Login using federated identity systems. Jülich: UNITY DESY and KIT part of INDIGO-DataCloud project management with AAI and Storage (WP4) WP2 Jülich: "Database access in UNICORE (Master Thesis completed) GSI: Lustre evaluation KIT: Something with data transfers by Jos (request pending) DESY: CDMI in dcache (Master Thesis Completed, Jana) DESY: Small Files for tape access (In production for friendly users ) DESY: OwnCloud integration with dcache (In production for IT people) DESY: Fast ingest for dcache (good progress) DESY: Dynamic Federation: Production system (adopted by LHCb and Intesity Frontier) Bits and Pieces 2 FedFS: no further interest We would be able to offer FTS3 (but no interest yet). Globus Transfer is easier.

Publications Combining the X.509 and the SAML Federated Identity Management Systems, 2014 Recent Trends in Computer Networks and Distributed Systems Security M Hardt, A Hayrapetyan, A Memon, P Millar, Evaluating the Performance and Scalability of the Ceph Distributed Storage System IEEE Big Data 2014 D Gudu, M Hardt, A Streit Master Thesis Work Implementierung eines Cloud Interfaces in dcache HTW Berlin (Jana Weschenfelder) Database Access in UNICORE Forschungszentrum Jülich 3

Presentations 5.5.2014 Patrick: Berlin Cloud Event on dcache/owncloud 16.6.2014 LSDMA Demo in Berlin (all of us) Please check indico for details 4 2.9.2014 Paul: GridKA School presentation on AAI 22.9.2014 Paul: Terena Storage Task Force, Uppsala 24.9.2014 Patrick: EGI Storage Session 13.10.2014 Paul: Atlas Workshop 14.10.2014 Patrick: KM3Net @ Paris

WP1 Federated Identity (Management) GSI Setting up an IdP at GSI which will be connected to the DFN AAI federation Getting the LSDMA Wiki at GSI to work with the German IdPs Support GSI customers in working towards accepting SAML for their services DESY Getting the DESY IdP to work with the DFN Federation Using Globus Transfer against storage services with DFN SLCS service KIT Credential translation for Web SSO and ECP. Getting login service (non web services) to work Jülich UNITY support 5

GSI 6 Dennis is preparing GSI enabling Web Based usage of SAML. The plan is to establish a test-bed to allow the distributed communities that GSI supports to understand Fed Identity and to see if integrating it makes sense for them. A testbed IdP and to support GSI communities in adding SAML support to their services. Technically things are prepared Still waiting for the documents to be signed. Plans: Setting up a UNITY server at GSI for Group Management Running UNITY as IdP including for homeless users Once GSI joins DFN production AAI, Dennis will install the AAI plug-in on the main wiki. With this, anyone from DFN-AAI can use the Wiki by authenticating with their local IdP.

BTW: In case you plan to do the same.. What you need : DFN Documentation Shibboleth documentation (wiki.shibboleth.net) DFN Test SP 7 https://www.aai.dfn.de/dokumentation/identity-provider/konfiguration/ https://testsp2.aai.dfn.de/ Provides log files for debugging Ask DSIT for help

The DFN Test SP in action Test Service https://testsp2.aai.dfn.de/ IdP @ DESY 8

Bureaucratic part Sign an agreement with the DFN AAI federation. You agree to fulfill a certain number of requirements concerning your IdP policies. (Basic and enhanced) Identify of an entity (user) within the IdP has to be verified by a well specified procedure. Guarantee decommissioning etc 9

KIT: High Level Objective: Ssh login with SAML credentials 10

KIT and DESY: High Level Objective: Using DFN credential translation service to allow users to utilize X509 based resources through your local IdP. Two use cases Arsen: X509 credential is used directly (user to service) Paul: X509 credential is given to a portal. The portal acts on behave of the user. Requires: Arsen tries to get the DFN Short Lived Credential Service (SLCS) to work for him. Turned out the DFN doesn t support ECP (Extended Client or Proxy) Arsen in heavy contact with DFN to get this fixed. Seems he has to build a system first before the upgrade their Shibboleth instance. (mimicking their setup to provide ECP) Please check our Arsens and Pauls Demos from the meeting in Berlin. https://indico.desy.de/conferencedisplay.py?confid=10101 11

Credential translation for user and portals User starts with SAML federated Identity (IdP) Service needs an X.509 Certificate Service is either directly accessed by user or via a portal IdP Portal SAML X509 X509 X509 12 Credential Translation (DFN SLCS) Storage Service

WP2 Federated Storage and whatever has to do with storage and data access. Database access from UNICORE (Master Thesis) Cloud protocol evaluation and implementation (Master Thesis) Dynamic Federation Scientific Storage Cloud 13 Fast Ingest Sync-n-share interface Media Aware Storage (e.g. Tape access for small files) CDMI cloud protocol New Customer (Jade)

Jülich: Database access in UNICORE At Jülich, a master thesis on "Database Access in UNICORE" was completed. The service supports SQL databases (e.g. MySQL) and Cassandra as an example for a NoSQL database. The security details such as database usernames and passwords are configured by the administrator, so the user has a seamless experience. The code is currently under review and will be included in the next major UNICORE release (early 2015). The service will be available both via a SOAP/WSRF interface and a RESTful interface. 14

DESY/HTW Berlin: CDMI Server in dcache DESY/HTW Berlin: Jana finished her Master Thesis on Cloud Storage Protocols. Result: CDMI (w/o metadata) integrated into the dcache code repository. We became member of the Storage Network Industry Association (SNIA) to be able to feed back our code into the main stream SNIA repository. Code needs to be revised and will become available in one of the next feature releases. Next Step: Add meta data operations. Bernd is now considering to integrate the CDMI client into UNICORE so that we have a sparing partner. 15

The dynamic storage federations 16

Reminder: DynFed use case (Berlin DEMO) Data Source Layer Cache or Persistency Layer, Data Centers 17 Dynamic Federator

Dynamic Federation Technology Production ready Was presented at the Berlin LSDMA Demo Meeting 9. Sep : Quote by Fabrizio Furano : LHCb starts today setting up WebDAV everywhere This is a basis for using DyncFed for LHCb. Next Candidate : Intensity Frontier at FERMIlab No customers found in LSDMA yet 18

dcache : The Scientific Storage Cloud 19 Improving fast ingest of data into dcache Adding sync-n-share as regular door to dcache (Own Cloud) Improving media-awareness of dcache concerning tape (small files) New Customer for dcache

dcache: The Scientific Storage Cloud High Speed Data Ingest Fast Analysis NFS 4.1/pNFS Resilient Mgr Small Files Sync & Share by WebDAV 20 Wide Area Transfers (Globus Online, FTS) by GridFTP

Fast data ingest into dcache Name space operations for ingesting data into dcache could be significantly improved. We now seem to be limited by Postgres Performance Server 8 Cores File Creates [sec] (namespace operations only) Server 16 Cores Using Hyperthreading Number of clients (each on a different machine) Stolen from Tigran 21

OwnCloud dcache integration into infrastructure LDAP OwnCloud owner patrick dcache owner: patrick 22

dcache scientific cloud (dcache-own Cloud) Own Cloud software running on top of dcache All sync-n-share advantages of OwnCloud Syncing with all kind of mobile devices and OS Easy sharing of files and folders with identified users or public In use by a variety of sites. All dcache managed storage advantages of dcache. Different quality of services (scratch/regular/high resiliency/tape) Extends access to more protocols (nfs/webdav/gridftp) Moved into production for DESY IT people. Photons science (CFEL) customers following soon. 23

Small File support dcache media-awareness dcache bundles small files when data is scheduled to be migrated to tape system. Restore to disk happens transparently. Namespace only shows original files. User not bothered with file collections. Already second improved version available for photon science customers. In production for friendly customers. 24

New customer for the scientific storage cloud Jade project within Supercomputing and Modeling for Human Brain, SMHB, Jülich. Storage collaboration with Aachen Using dcache features for File hopping between Jülich and Aachen Using GridFTP for wide area pnfs (NFS4.1) for direct access WebDAV Tape access for achieving Multi Tier access (SSD) Wating for Own Cloud integration becoming part of dcache distribution Slides by Bastian Tweddell SAML or SLCS integration 25

The SMHB Jade Project Slides by Bastian Tweddell 26

Bits and Pieces The FedFS evaluation has been stopped due to a complete lack of interest. We can make the the FTS3 file transfer service available if needed. It is software which has to be run by the corresponding community or associated site or lab. It is not a services like Globus Transfer. dcache signed a MoU with an industry partner in Switzerland to handle License issues and compensation for dcache working DESY and KIT in H2020 Proposal INDIGO Data Cloud on AAI and storage. Planning various CHEP 15 abstracts. 27

END 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback