Status of VNU-HCM Grid Portal Project

1
Status of VNU-HCM Grid Portal Project

• PRAGMA Workshop
• (Fukuoka, 23-24/01/2003)

Hoang Le Minh, PhDVNU-HCM Software Technology
Center http//igrid.vnuhcm.edu.vn
2
Outline

• VNU-HCM Networking Services
• Grid Computing in VNU-HCM
• uPortal FrameworkArchitecture Extensions
• Integrating Grid Services
• Current Future Work
• Conclusions

3
Where we are ?
4
Hochiminh City
Population 6 millions Area 2,093 sq km19 of
total GDP 30 of state budget30 Univ.
Inst. 300.000 students
5
VNU-HCM Network

• Current Campus Network Backbone (since 1998)
  2/100Mbps, gt 2500 hosts, 7 Universities and
  Institutions in HCMC
• All on private IP (172.x.x.x)
• Internet connection 1.2 Mbps (Jan 03)
• NAT mapping with 32 IPs (203.162.x.x)
• A lots of proxies, firewalls, NAS,
• Planed upgrades 1Gbps backbone, 2-4 Mbps
  Internet connection, IP-based services VC, VoIP,
  Grid, (2003-2005)

6
VNU-HCM Intranet (1998)
7
VNU-HCM Intranet (2003-2005)
8
VNU-HCM Networking Services

• Provided E-mail, website, Internet access
  network-related services management for gt
  25,000 full-time students, 2500 staff members
• User management to access central services
  e-mail, e-learning, databases, applications,
  computing resources
• VNU-HCM Information Portal is being developed
  based on the Open Source uPortal Framework
  (www.ja-sig.org)
• A lots of work has been done single-sign on,
  news, e-mail, address book, LDAP user profile,
  user group management, applications

9
Why Portal ? Why Grid Portal ?

• Private Network Addresses (Proxy)
• Different Access from inside/outside (NAT)
• Dial-up access, Low bandwidth backbone, Internet
  connectivity
• Information and Computing Resource Sharing,
  Security, Management, etc

The ChallengeDevelop/Integrate Portal-to-Grid
Computing
Domain 1
Domain 2
10
Grid Computing in VNU-HCM

• 1998-2001 Cluster parallel computing
• 2002 uPortal Framework (iPortal)
• 2002 Grid Computing Experiences with GLOBUS
  2.x Installed on 10 Linux PC servers
  Self-certified (DNS, simpleCA) LDAP/MDS
  GRAM GridFTP (Globus 2.2)Command line
  interface very difficult to use. Cannot access
  from out side
• 2003 Grid integration with Portal

11
What users prefer to ?

• Single sign-on
• Selection of channels and layouts
• Common look fell for all contents
• Information exchange
• Jobs control
• Personal datamanagement

12
Required capabilities of Portal
Grid Computing
Authentication
Internet Search
Mngt Accnt
Authorization
E-mail Addr
Web Services
User Profile
Group/Role

• Type of portal
• Enterprise portal v v v v v v v
  ? ?
• Content
• Management ? v v ? ? ? v ?
  ?
• Web front-end ? v ? ? ? ? ?
  ? v
• uPortal (Java/XML) v v v v v v v
  v v

www.ja-sig.org
13
Our solution uPortal

• Enterprise portal capacities
• Common Framework for presenting aggregated
  contents (channels)
• Single sign-on Personalization
• Group-based access control
• Open source, collaborative effort
• Java/XML/Web service technology
• User Interface to Grid Computing(our current
  project)

14
Vietnam National University -Hochiminh
Cityhttp//iportal.vnuhcm.edu.vn
15
LDAP User Profile / Group Management
16
User Interface Design

• Authentication (whats your identity)
• Authorization (what you can access)
• Directory services (LDAP user profile)
• User Preferences (database back-end)
• Channels for displaying content (XML feeding, XSL
  formatting)

17
A piped view
Rendering/Integrating process
18
Grid interface

• Globus command-line interfaces may be good for
  programmers, but not for usersglobusrun s r
  igrid.vnuhcm.edu.vn (executable/home/users/hdu
  ng/submit)(arguments/home/users/hdung/script.j
  ob)
• Computational science environment is complex
• Users should access to a variety of distributed
  resources
• Interfaces, OSs, Grid tools vary and change
  often
• Environment changes Relocation/upgrade/Policies
• Using multiple resources can be cumbersome
• Grid adds complexity for programmers

19
Software Technologies in use

• Portal framework for GSI authentication,
  authorization, secure data transfer, computing
  resource sharing management Authentication
  LDAP/Proxy/Certificate Security PKI-based
  system Information management LDAP/MDS
  Resource management GRAM, Job broker Data
  management GSI-SSH, Grid-FTP
• Grid Portal to Globus infrastructure services
  (upgrade to Globus 3.0 needed)
• Open Source Technologies Commodity Grid (Java
  CoG), GPDK -gt uPortal framework (Java/XML), Web
  services
• www.globus.org, dast.nlanr.net , www.ja-sig.org

20
uPortal and Globus

• Multi-tier web application with scalability
• HTML/WML browser communicate with Portal server
  by http/https
• Portal services can integrate / communicate with
  Java Commodity Grid services of Globus
• Globus provides access to Gatekeeper, MDS, PKI.
• Web Services/XML as main data/service exchange
  format between tiers

21
Security Terminology

• Certificates file(s) that identify a person
  digitally
• Keyfile the key to unlock the certificate,
  contains encrypted passphrase
• Certificate Authority an entity which creates
  certificates
• Proxy certificate a short-lived unencrypted
  certificate/key pair (one file)
• DN distinguished name. A unique identifier for a
  person (/CVN/OVNUHCM/OUPhysics
  Department/CNHoang Dung /USERIDhdung)

22
Grid Service Terminology

• GSI Uniform authentication, authorization,
  secure protection, single sign-on, delegation,
  identity mapping
• Public key technology, SSL, X.509, GSS-API
• Certificate Authorities certificate key
  management
• GRAM Job instantiation, management
• MDS Information discovery
• GridFTP Data management, File transfer

23
Authentication challenge

• To run on behalf of the user
• User needs to have access to the end resource
• User needs to delegate permission to the portal
• User gives proxy certificate to the portal
• Portal uses proxy certificate to access resources
• X.509 Certificates Digital identification
• Usercert.pem
• Userkey.pem
• Allows for delegation of authority
• Create proxy certificate
• Short lived unencrypted certificate/key

24
X.509 Certificates Proxy Generation
Usercert.pem
Userkey.pem
passphrase
Proxy File
25
Portal Functions

• Secure authentication / authorization to remote
  resources.
• View/store resource/user info on remote LDAP
  databases (MDS)
• Proxy retrieve/delegation
• Schedule jobs on remote hosts
• Move large data between machines

Proxy
Job
26
Delegation of Authority

• User generates proxy and delegates authority to
  portal
• Portal uses the proxy credential as the basis for
  acting on behalf of the user
• The proxy credential is passed to the
  computational resource by the portal through a
  grid service to prove authority to act for the
  user

27
The challenge

• Proxy/MyProxy Enabling secure, controlled remote
  access to heterogeneous computational resources
  and management of remote computation
• Authentication and authorization
• Resource discovery characterization
• Reservation and allocation
• Computation monitoring and control
• Gatekeeper
• Single point of entry
• Authenticates user, maps to local security
  environment, runs service
• In essence, a secure inetd
• Job manager
• A gatekeeper service
• Layers on top of local resource management system
  (e.g., PBS, LSF, etc.)
• Handles remote interaction with the job

28
Grid Interface

• Globus Toolkit includes several command line
  interfaces for job submission
• globus-job-run Interactive jobs
• globus-job-submit Batch/offline jobs
• globusrun Flexible scripting infrastructure
• GRIS Server which runs on each resource
• Given the resource DNS name, you can find the
  GRIS server (well known port 2135)
• GRIS Provides resource specific dynamic, on
  demand information
• Load, process information, storage information,
  etc.
• White pages lookup of resource information
• How much memory does machine have?
• Yellow pages lookup of resource options
• Which queues on machine allows large jobs?

29
Portal components in use

• My Proxy (dast.nlanr.net/Projects/MyProxy)
  Provides secure access via limited GSI proxy
  Runs myproxy-server on a trusted host Users'
  Globus credentials are delegated to server from
  home" machine MyProxy credentials can be
  retrieved via Portal server Reduces security
  risks
• Java COG / Grid Portal Development Kit
• But no JSP/AWT/Swing/Applet
• Modified to support XML/XSL/Web Services

30
Grid Portal Project Goals

• iGrid channel
• Provides many Portal-based services
• Ready to integrate with Grid Services
• User can select a submission method
• User can edit job title and other data
• Portal selects host and target machines
• Portal transfers the job and required datato
  target hosts
• Portal starts and monitors the job
• On completion, Portal writes output result to a
  LDAP server and send an e-mail notice to user

31
Grid Portal Project Goals

• Globus 3 integration
• Must be migrated to Globus 3
• Scheduling Algorithm target machines should be
  selected automatically based on MDS info (load,
  CPU, memory, etc.)
• Web/Grid services integration
• hen job status have been checked, transfer the
  results to user repositories and LDAP directory
  automatically

32
Grid Portal Project Goals

• Visualization to Grid Portal
• View simulation (code, resources, etc.)
• View Located/Acquired resources
• View Initiated/Steered computation
• View Collaborated jobs
• View Usage accounting
• View Results/Charts/Graphics
• AccessGrid Portal ? Why not

33
Tentative Project Plan 2003
Demo
PRAGMA 4
Globus 3.0 migration
Intranet Testing
Visualization Internet deployment
iGrid channel development
34
Conclusions

• Grid Portal - a user and programmer-friendly
  interface to Grid Computing
• Grid Computing and Existing Portal Technologies
  Integration
• Grid Portal provides single sign-on
• Grid Portal Home Pages for Universities, user
  groups and individual users
• Gateway to International Grid Computing Community
  Collaboration

35
Thank you for attention