UK Testbed Status - PowerPoint PPT Presentation

1 / 15

About This Presentation

Title:

UK Testbed Status

Description:

All HEP experiment sites are part of Gavin's 'green dot' map. ... In almost all cases this is actually an EDG gatekeeper - ie with extra functionality. ... – PowerPoint PPT presentation

Number of Views:30

Avg rating:3.0/5.0

Slides: 16

Provided by: steve240

Category:

more less

Transcript and Presenter's Notes

Title: UK Testbed Status

1
UK Testbed Status

Andrew McNab
High Energy Physics
University of Manchester

2
Overview

Testbed 0
GridPP Testbed
EU DataGrid Testbed
EDG Version
TB support for GridPP
Future TB support
TB Summary

3
Testbed 0

All HEP experiment sites are part of Gavins
green dot map.
At least a Globus gatekeeper was running at some
point.
In almost all cases this is actually an EDG
gatekeeper - ie with extra functionality.

4
GridPP Testbed

Uses Resource Broker at IC, MDS at RAL and VO at
Manchester. Yesterdays snapshot

Birmingham 2 cpus Bristol 3 Cambridge 16 IC
16 ( 80 BaBar) Liverpool 2 Manchester 8 ( 60
DZero/Atlas) Oxford 1 RAL 6 UCL 2
5
EDG Testbed

Yesterdays snapshot via CERN RB/II

CERN 59 20 nl Nikhef 140 fr CC
Lyon 22? 74? 409? fr Polytechnique/LLR 6 it
CNAF Bologna 48 it Padova 11 it Legnaro 48
uk IC 16 80 uk Liverpool 2 uk Manchester
8 60 uk Oxford 1 uk RAL 6
(so were doing ok internationally)
6
EDG Version

Current EDG production release is 1.4.3
Last time I gave this talk was at 1.2.2
This now finally includes fixes for the
showstopper problems, largely with Globus
spent most of September - December including new
patches from Globus to fix problems with
Information system, Job submission and File
transfer.
Current release works pretty-much as advertised,
although some aspects of the user-interface and
installation are obscure

7
Testbed Support for GridPP

Centered on http//www.gridpp.ac.uk/tb-support/
including our own LCFG installation recipes that
fill in the gaps
Peer-to-peer support for site admins on
tb-support_at_jiscmail.ac.uk
(Roughly) fortnightly phone meetings 30-60 mins
go through EDG, GridPP and site status
aim is to flag problems and questions to deal
with offline
sitting-in on this quickly gives a status
overview
Seems to work for the current Testbed size.

8
Future Testbed Support

Ticket-based helpdesk system
experimented with Bugzilla - but would be good to
use same system as Tier1A centre.
ideally put site admins into the system too,
since can refer problems up or down then.
Need to include site admins in all aspects of
support
keep them up to date provide help they need
help them help their users.
Can we use regional Tier2 structures as a
devolved support network, using local experts?

9
TB Summary

All experimental HEP sites are involved at some
level in Testbeds.
9 are genuinely part of a Grid and accessible
via the IC Resource Broker.
5 are part of the EDG Application Testbed
out of 12 across the EDG
Expect to be able to include the others rapidly
Additional GridPP support and documentation
provided beyond that from EDG.
Current mailing list/WWW/phone system ok
will need extending as more sites/users join

10
Grid HTTPS Extensions

HTTPS is an interesting and important protocol
for several reasons
it is by far the most widely deployed secure
protocolhas a large amount of high quality
software that we could leverage
has excellent interaction with Firewalls, Network
Address Translation and Application Proxies
has the potential to solve some of the problems
sites have with private IP farms
HTTPS security done using X509 certificates
(including GSI)
the piece of the Grid we already had
HTTP/1.1 (rfc2616) and extensions like WebDAV
(rfc2518) have a rich set of methods (GET, PUT,
DELETE, COPY etc) headers (Expires etc) and
Errors (413 Request Entity Too Large)
HTTP redirection allows you to change from HTTPS
negotiation to HTTP unencrypted data transfer
Can HTTP/HTTPS be fast compared to other
protocols though?

11
HTTP as a data protocol

Same advantages as HTTPS large amount of
existing high quality software, and good
operation with Firewalls, NAT etc.
Kernel-based zero-copy HTTP servers like tux
are very efficient
need to do something like that to fully use a
machines gigabit interface
Multistream HTTP and standard webservers as fast
as GridFTP for 300 MB transfers
At 1 MB, multistream HTTP is much faster

12
Delegation over HTTPS

HTTPS would be even more useful if could delegate
GSI credentials over HTTPS
for example, to do third party transfers between
two remote sites
Proposal exists to do this (G-HTTPS) by adding
extra methods to HTTPS
this is designed to leverage and interoperate
with existing browsers, servers, www libraries
stress backwards and pass-through compatibility
Basic implemention of this now added to file
version of GridSite.

13
Secure, Trusted Caches

Existing HTTPS isnt cache-able
end-to-end client-server needed for SSL to work
best you get is opaque proxying/tunneling of SSL
one of the long standing shortcomings of HTTPS
With delegation, can improve this
identify a local cache you trust (in your VO
maybe?)
delegate a credential to it
makes a proxy request via HTTPS GET
https//a.b.c/def
cache fetches this for you, using delegated
credential
if can get an ACL for this file, may also be able
to return file from cache in subsequent requests
by you or other users in ACL

14
Delegation and Portals

Some form of delegation also needed for Grid
portals
G-HTTPS would provide a standard way of inserting
GSI proxies into portals
However, a portal could also use G-HTTPS approach
to pull proxies from server like MyProxy
Possible to use MD5 digest passwords for this
stage
MD5 hash of password generated in the users
browser
passed to portal webserver without it seeing the
password
portal provides MD5 hash to proxy server and gets
proxy or other credential in return
So some very useful mechanisms possible with a
few extensions to existing HTTP software.