igrid: a Relational Information Service A novel resource & service discovery approach

Similar documents
Grid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007

Layered Architecture

Grid Architectural Models

MONITORING OF GRID RESOURCES

Grid Computing. MCSN - N. Tonellotto - Distributed Enabling Platforms

Globus Toolkit Firewall Requirements. Abstract

GLOBUS TOOLKIT SECURITY

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

Grid Computing Fall 2005 Lecture 5: Grid Architecture and Globus. Gabrielle Allen

A Distributed Media Service System Based on Globus Data-Management Technologies1

Zumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents

Architecture Proposal

Grid Computing Systems: A Survey and Taxonomy

SOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW. Decentralized platform for coordination and administration of healthcare and benefits

Database Assessment for PDMS

High Performance Computing Course Notes Grid Computing I

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

Kerberos & HPC Batch systems. Matthieu Hautreux (CEA/DAM/DIF)

Link Security Considerations in the. Enterprise

Grid Computing Fall 2005 Lecture 16: Grid Security. Gabrielle Allen

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

The SweGrid Accounting System

Grid Computing Middleware. Definitions & functions Middleware components Globus glite

CAN protocol enhancement

The GridWay. approach for job Submission and Management on Grids. Outline. Motivation. The GridWay Framework. Resource Selection

DreamFactory Security Guide

A Survey Paper on Grid Information Systems

Managing External Identity Sources

JXTA TM Technology for XML Messaging

UNICORE Globus: Interoperability of Grid Infrastructures

Exposing vulnerabilities in electric power grids: An experimental approach

Day 1 : August (Thursday) An overview of Globus Toolkit 2.4

LGS INNOVATIONS IP ADDRESS MANAGEMENT

Some Lessons Learned from Designing the Resource PKI

Cisco VCS Authenticating Devices

Ebook : Overview of application development. All code from the application series books listed at:

Functional Requirements for Grid Oriented Optical Networks

Configuring the Oracle Network Environment. Copyright 2009, Oracle. All rights reserved.

Technical Overview. Version March 2018 Author: Vittorio Bertola

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Semantic SOA - Realization of the Adaptive Services Grid

A User-level Secure Grid File System

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

IBM SmartCloud Notes Security

The GAT Adapter to use GT4 RFT

Documented first release of the security infrastructure and APIs

Grid Computing Security

Design The way components fit together

Cisco Next Generation Firewall Services

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.

Security in inter-domain routing

Design The way components fit together

ESET Remote Administrator 6. Version 6.0 Product Details

OPENSTACK: THE OPEN CLOUD

Analysis of Peer-to-Peer Protocols Performance for Establishing a Decentralized Desktop Grid Middleware

Design and development of a distributed, secure and resilient vault management system

ARM TrustZone for ARMv8-M for software engineers

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

A SEMANTIC MATCHMAKER SERVICE ON THE GRID

What is orbac? ability to group several authorizations in to profiles to easily add/remove a set of authorizations to an employee

Knowledge Discovery Services and Tools on Grids

An Adaptive Online System for Efficient Processing of Hierarchical Data

Running the Setup Web UI

HPE Intelligent Management Center

VMware Mirage Getting Started Guide

Trusted Intermediaries

AIT 682: Network and Systems Security

A RESOURCE MANAGEMENT FRAMEWORK FOR INTERACTIVE GRIDS

Cisco Plug and Play Feature Guide Cisco Services. Cisco Plug and Play Feature Guide Cisco and/or its affiliates.

Efficient Event-based Resource Discovery

Datacenter replication solution with quasardb

Next Generation Firewall

Network System Services

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN. Chapter 3 Processes

Outline. INF3190:Distributed Systems - Examples. Last week: Definitions Transparencies Challenges&pitfalls Architecturalstyles

Design of a Simple, Distributed Network Access Control System

Role-Based Access Control for the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

Distributed Systems. Characteristics of Distributed Systems. Lecture Notes 1 Basic Concepts. Operating Systems. Anand Tripathi

Distributed Systems. Characteristics of Distributed Systems. Characteristics of Distributed Systems. Goals in Distributed System Designs

Configuring IPv6 First-Hop Security

Network Device Provisioning

ExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you

On the Creation & Discovery of Topics in Distributed Publish/Subscribe systems

IEEE Sec Dev Conference

Juliusz Pukacki OGF25 - Grid technologies in e-health Catania, 2-6 March 2009

CS6703 GRID AND CLOUD COMPUTING. Question Bank Unit-I. Introduction

The BITX M2M ecosystem. Detailed product sheet

Selecting Software Packages for Secure Database Installations

RSA Authentication Manager 7.1 Migration Guide

Geographical failover for the EGEE-WLCG Grid collaboration tools. CHEP 2007 Victoria, Canada, 2-7 September. Enabling Grids for E-sciencE

Distributed Meta-data Servers: Architecture and Design. Sarah Sharafkandi David H.C. Du DISC

Grid Middleware and Globus Toolkit Architecture

Why is Mariposa Important? Mariposa: A wide-area distributed database. Outline. Motivation: Assumptions. Motivation

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

Certified Secure Web Application Engineer

Unified Security Platform. Security Center 5.4 Hardening Guide Version: 1.0. Innovative Solutions

Advanced School in High Performance and GRID Computing November Introduction to Grid computing.

IPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping

Solutions Business Manager Web Application Security Assessment

Transcription:

igrid: a Relational Information Service A novel resource & service discovery approach Italo Epicoco, Ph.D. University of Lecce, Italy Italo.epicoco@unile.it

Outline of the talk Requirements & features Technologies Architecture Security Decentralized control & fault tolerance Information providers Relational schema Web service methods Performances igrid Public Release igrid

GridLab Project The GridLab Project was born on the basis of two important Co-development of grid infrastructure and grid-aware applications Dynamic grid computing The main goal of the GridLab project is to develop innovative grid computing technologies, which can be immediately and easily adopted and exploited by applications from many different research and engineering fields.

Requirements & features

igrid Requirements Performance Scalability Security Uniformity Expressiveness Extensibility Dynamic data Flexible access Deployability Decentralized control

igrid Features Web Service interface built using the gsoap Toolkit Support for Globus Toolkit GSI security mechanism Through our GSI plug-in for gsoap Toolkit Distributed architecture Fault tolerance Based on the PostgreSQL relational DBMS Support for TLS binding to DBMS Support for heterogeneous DBMS Through our GRelC library Easy to extend with new information providers Support for GAS authorization service (WP6) Support for MERCURY logging service (WP11) Platforms: linux, Mac OS X, tru64, irix Extreme Performance

Technologies

igrid Technologies gsoap Toolkit Globus Toolkit GSI GSI plug-in for gsoap PostgreSQL GRelC TLS libxml2

Architecture

igrid Architecture Hierarchical, distributed architecture based on a server that can act as iserve: collects information related to a specific computing resource istore: gathers the information related to registered iserves igrid implements a push policy for data exchange Information is extracted from resources synchronously and stored in a relational DBMS Each user and /or service supplied information (asynchronously) is immediately stored on local DBMS and sent to istores Information is always available and updated On client request information is immediately retrieved from DBMS No need for istore to pull information from iserves

igrid Architecture

iserve It extracts system information from local resource It stores user and/or service supplied information in the local DBMS Periodically, it collects and sends new information to remote istores In case of istores failure, iserve temporarily removes them from its istore list Periodically, the istore list is updated by adding previously removed istore servers. The local database is dumped and sent to newly added istores

istore Acts as an iserve for its local resource It gathers information coming from registered and authorized iserves An istore can be registered to other istores, thus creating hierarchies

igrid DBMS Maintenance Each kind of information is tagged with creation date: it represents the UTC (GMT) time when the information has been acquired time to live: it indicates how long information can be considered reliable igrid removes expired information from DBMS on each lookup, a data cleanup is performed. Stale information is never returned to clients at startup the entire DBMS is cleaned up, removing stale information

Information dissemination The frequency of system information forwarding is based on the information itself, but we also allow defining a per information specific policy Currently, system information forwarding is based on the rate of change of the information itself. As an example, information that does not change frequently or change slowly (e.g. the amount of RAM installed) does not require a narrow update interval. Interestingly, this is true even for the opposite extreme, i.e., for information changing rapidly (e.g., CPU load), since it is extremely unlikely that continuous forwarding of this kind of information can be valuable for users, due to information becoming quickly inaccurate Finally, information whose rate of change is moderate is forwarded using narrow update intervals

Security

igrid Security (I) Access to igrid through a GSI enabled web service using our GSI plug-in for gsoap which provides: code based on GSS APIs mutual authentication authorization delegation of credentials connection caching support for both IPv4 and IPv6 support for development of both clients & servers debugging framework extensive error reporting

igrid Security (II) GSI protects connections from users/services to iserves from iserves to istores from istores to hierarchical istores TLS protects connections from an iserve or istore to its PostgreSQL back-end This provides mutual authentication, confidentiality and anti-tampering And prevents snooping, spoofing, tampering, hijacking and capture replay network attacks

igrid Security (III) Authorization can take advantage of support for administrator defined ACL support for GridLab GAS fully customizable authorization mechanism through a GSI callback The igrid daemon does not need to run as a privileged user We sanitize the environment on igrid startup All user input is validated Special attention is devoted to the prevention of SQL injection attacks an SQL SELECT query statement is escaped as needed the query string is validated by an SQL parser which accepts only valid SELECT statements and rejects everything else

Decentralized control & fault tolerance

igrid Decentralized Control Decentralized control in igrid is achieved by means of distributed iserve and istore services Both creation and maintenance of system/user/service information are delegated to the sites where resources are actually located, and administrators fully control how their site local policies are enforced For instance, they decide about users/services that must be trusted for both data lookup and registration if an iserve must register to one or more istores if an istore must accept incoming data from remote iserves the frequency of system information dissemination from iserves to istores on a per information provider basis etc

igrid Fault Tolerance In case of failure of an istore, iserves temporarily remove the faulty istore from their registration list. Periodically, the istore list is updated by adding previously removed istores when istores are available again. In this case, the local database is dumped and immediately sent to newly added istores Moreover, because of igrid distributed and hierarchical architecture it is possible to implement a primary/backup approach by mirroring an istore configuring all of the iserves to publish their information simultaneously on two or more different istores

Information providers

igrid Information Providers (I) System information Cpu Memory Network Filesystems Users Certification Authorities Resource Managers

igrid Information Providers (II) User/Service supplied information Services Web services Software Firewalls Virtual Organizations

Relational schema

igrid Relational schema (I)

igrid Relational schema (II)

igrid Relational schema (III)

igrid Relational schema (IV)

Web service methods

igrid Web Service Methods SQL SELECT query exact range approximate etc Lookup predefined set of search queries Register Unregister Update

Performances

igrid Performances The performances of igrid are extremely good. In what follows, we report the performance obtained for information retrieval on two testbeds There were no high speed, dedicated networks connecting the machines belonging to the testbeds, and Globus MDS2 servers were accessed without GSI authentication, while igrid servers were accessed using GSI, and the PostgreSQL back-end using TLS The results were averaged over 50 runs

First Testbed Results, in seconds, are related to a testbed which comprises an iserve and a GRIS server hosted on one machine in Lecce, Italy, and an istore and GIIS server hosted on another machine in Brno, Czech Republic. A query to both istore and MDS2 GIIS was issued requesting all of the available information using clients in Lecce, Italy Search for information related to all of the resources Cache expired Cache not expired Globus MDS2 GIIS 77 7 istore 0.6

Second Testbed Results, in seconds, are related to istore/giis servers running on a testbed which comprises four machines in Italy (three in Lecce and one in Bari, a city 200 Km far from Lecce) and one located in Poznan (Poland). The clients were in Poland, and the servers in Lecce. A total of four queries were issued The first query in this set requested all of the information of each registered resource The second one requested all of the information related to the machine in Poland The third one requested only the CPU information related to each registered resource The last query was a complex query involving many filtering operations to retrieve information about attributes related to CPU, memory, network and filesystems.

Second Testbed istore / GIIS information related to all resources information related to resource in Poland information related to CPU of all resources complex query GIIS cache expired 25,88 23,52 22,42 18,59 GISS cache not expired 2,53 1,64 0,46 0,67 istore 3,06 1,01 0,92 0,67

Second testbed iserve / GRIS All of the available information CPU information GRIS cache expired 23,88 3,36 GRIS cache not expired 1,05 0,39 iserve 0,95 0,81

igrid Public Release

Work in progress We are now finalizing version 2.0 Public Release We are investigating a peer-to-peer approach Additional information dissemination protocols New information providers Additional improvements

Q & A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback