Introduction to Globus Toolkit 4 at LA GridCIS 6612 Autonomic Grid ComputingSummer 2006

PresentersFernando FarfnMayelin FelipeAgnosticsDiego LpezRamakrishna Varadarajan

OUTLINEWEB SERVICES FUNDAMENTALSGRID FUNDAMENTALSOGSA, WSRF & GT4LAGRID @ CIS.FIU.EDUDEVELOPING WS IN LAGRIDUnsecured ExamplesSecure Examples

GETTING READY FOR LAGRIDGet a Globus Identity certificate signed by the Certificate Authority. http://www.cs.fiu.edu/~esj/globus.htmlEnroll as a Secure Globus User with Eric Johnson.Set these environment variables:Set $GLOBUS_LOCATION to /depot/globus-4 Set $ANT_HOME to /depot/ant-1.x

SETTING UP LAGRID ENVIRONMENTDownload the examples go to http://www.gt4book.com/go to Downloadsselect to download the source code for the MathService examples and the FileBuy application

Untar/unzip the filetar -xvzf gt4book-examples.tar.gz

GT4 JAVA WS COREBuilding web services using GT4.Stateful web services!Following WSRF specifications.

WRITE A STATEFUL WEB SERVICE IN 5 SIMPLE STEPS!!Define the WS interface with WSDL.Implement the service with Java.Define the deployment parameters with WSDD.Compile everything and generate a GAR file with Ant.Deploy the service with GT4 tool.

OUR FIRST EXAMPLE: MathServiceA simple Math web service.Operations: AdditionSubtractionGet Value.Resources: Value (integer)Last operation performed (String).

MathService: THE 5 STEPS. Step 1: The WSDLThe Definition

MathService: THE 5 STEPS. Step 1: The WSDLSteps to write a WSDL document:

Write the root element Write the Write an input and output for each operation in the PortTypeWrite the , which includes declaring the request and response elements, along with the resource properties.

MathService:THE 5 STEPS Step 2: Implementation in JavaThe Bare Bones

package org.globus.examples.services.core.first.impl;

import java.rmi.RemoteException;import org.globus.examples.stubs.MathService_instance.*;import org.globus.wsrf.*;import org.globus.wsrf.impl.*;

public class MathService implements Resource, ResourceProperties { }The Resource Properties

/* Resource properties */private int value;private String lastOp;

/* Get/Setters for the RPs */public int getValue() { return value;}

public synchronized void setValue(int value) { this.value = value;}

MathService: THE 5 STEPSStep 2: Implementation in JavaThe Web Service Java class includes:

Declaration for the ResourcePropertySetDeclaration for the Resource PropertiesConstructor resource properties are initializedGet/Setters for the Resource PropertiesMethods for the remotely accessible operations

MathService: THE 5 STEPS.Step 3: Configuring the Deployment - WSDD

share/schema/examples/MathService_instance/Math_service.wsdl

WEB SERVICES IN GT4Agnostic QuestionWhat purpose does JNDI play within the GT4 environment?

The Java Naming and Directory Interface allow us to build directory-enabled applications. This will make our Web service available to client connections through a Web services container.A service (identified by its path) will want to locate its resource home. It can also interact with a variety of directories such as LDAP.

MathService: THE 5 STEPS.Step 4: Create a GAR file with AntProcess the WSDL to add missing pieces.Create stub classes from the WSDL.Compile stub classes.Compile service implementation.Organize all files into its specific directory structure../globus-build-service.sh d -s $ ./globus-build-service.sh \ -d org/globus/examples/services/core/first \ -s schema/examples/MathService_instance/Math.wsdl

MathService:THE 5 STEPS. Step 5: Deploy the Service into a Web Service ContainerUses Ant.Unpacks the GAR.Copies the WSDL, compiled stubs, compiled implementation & WSDD into the GT4 directory tree.$ sudo u globus globus-deploy-gar \ org_globus_examples_services_core_first.gar

$ sudo u globus globus-undeploy-gar \ org_globus_examples_services_core_first

MathService:THE CLIENTTests the service invoking both the add and subtract operations.$ java -cp ./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService

AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: java.io.IOException: No socket factory for 'https' protocol faultActor: faultNode: faultDetail: ...

HOW TO MAKE THE SERVICE SECURE??Create the security-config.xml file. Modify the deploy-server.wsdd file. Add the following to the client. static { Util.registerTransport(); } ((Stub)mathFactory)._setProperty( Constants.GSI_SEC_CONV, Constants.ENCRYPTION); ((Stub)mathFactory)._setProperty( Constants.AUTHORIZATION, NoAuthorization.getInstance());Our acknowledge to Ramakrishna!

HOW TO MAKE THE SERVICE SECURE??Is it secure now? Not really We just fooled it to make it secure.$ java -cp ./build/stubs/classes/:$CLASSPATH \ org.globus.examples.clients.MathService_instance.Client \ https://la-blade-01.cs.fiu.edu:8443/wsrf/services/core/first/MathService

Current value: 15Current value: 10

Lets run it again

WEB SERVICES IN GT4Agnostic QuestionHow do I create a Grid infrastructure? Can we use any machine which has the Globus Toolkit's Grid Services installed on it?

To build a Grid, we recommend that you download the Globus Toolkit and follow the instructions in the Globus Toolkit System Administrator's Guide. Both of these are available at the Globus website, http://www.globus.org/toolkit/. The documentation will take you through the process of building the Globus Toolkit software, setting up a Grid information service, setting up a certificate authority or using someone else's, installing the Globus resource management tools on your servers, and installing Globus client tools and libraries for your users.

GRID SECURITY INFRASTRUCTUREBasis for GT4 Security layer.Covers the three pillars of secure communication:Privacy.Integrity.Authentication.Family of components (low/high level) to offer security features to programmers.

GRID SECURITY INFRASTRUCTURELevel security:Transport-levelMessage-levelAuthenticationX.509 Digital certificates.Username/PasswordAuthorization schemes:Server-SideClient-SideCustomCredential delegation and single sign-onProxy CertificatesDifferent levels of security:ContainerService Resource.

SECURE EXAMPLES: WRITING A SECURE MathServerAdd security to the MathService example.Now, four operations:addsubtractmultiplydivideWe will be able to configure each operation with a different security configuration.

DEMO:SECURE MathServer1Modify the security-config-auth.xmlNo server-side authorization must be performed.2The add method can only be invoked using GSI Secure Conversation.3The subtract method can only be invoked using GSI Secure Message.4The multiply method can be invoked using GSI Secure Conversation or GSI Secure Message.5The divide method can only be invoked using GSI Transport (transport-level security).6The rest of the methods can be invoked with any of the authentication methods.

The service

DEMO:SECURE MathServerThe ClientProgramatically: ((Stub)math)._setProperty(Constants. GSI_SEC_CONV,Constants.ENCRYPTION);Security descriptor: String secDecFile = path/to/security-descriptor.xml; ((Stub)math)._setProperty(Constants. CLIENT_DESCRIPTOR_FILE, secDescFile);

DEMO:SECURE MathServerClient call 1: GSI Transport ClientClient call 2: GSI Secure Conversation Client[add] ERROR: GSI Secure Conversation authentication required for "{MathService_instance_4op}add" operation.[subtract] ERROR: GSI Secure Message authentication required for "{MathService_instance_4op}subtract" operation.[multiply] ERROR: GSI Secure Conversation or GSI Secure Message authentication required for "{MathService_instance_4op}multiply" operation.Division was successfulCurrent value: 30Addition was successful[subtract] ERROR: GSI Secure Message authentication required for "{http://www.globus.org/namespaces/examples/ MathService_instance_4op}subtract" operation.Multiplication was successfulDivision was successfulCurrent value: 180

GLOBUS TOOLKIT 4Agnostic QuestionOnce I've installed the Globus Toolkit, how do others find out that my machine is available on the Grid, and how can I find out what other machines are on the Grid? Grid exists as a number of groups who are building experimental and production grid infrastructures for their own purposes.Virtual organizations using the same Grid technology to build their infrastructures.

GLOBUS TOOLKIT 4Agnostic QuestionIf I submit a job using Globus Toolkit 4, is the execution management module capable of executing the job parallel on different machines on the grid? No, this is one of the current limitations of GT4.

GLOBUS TOOLKIT 4Agnostic QuestionWhat are the research challenges that the Globus Alliance is currently addressing? What do you think are the limitations of the current Globus toolkit implementations?

End-to-end resource management and adaptation techniques.Automated techniques for negotiation of resource usage, policy, and accounting in large-scale grid environments.High-performance communication methods and protocols.

GLOBUS TOOLKIT 4Agnostic QuestionOne of the main challenges with today's Internet, is the amount of useless information out there, how does GT4 currently ensure that the services being offered or registered provide both quality and are in demand?

Globus Toolkit provides mechanisms to address resource discovery and security issues.GARA: General-purpose Architecture for Reservation and Allocation

GLOBUS TOOLKIT 4Agnostic QuestionHow effective is the GT4 book in expanding the practical uses of Grid Computing? Does the author focus on both scientific and non-scientific applications running on the Grid? Part IV: The FileBuy Application:Multiple services deployed across several machines.Highlights some design patterns commonly found in GT4-based systems.

GLOBUS TOOLKIT 4Agnostic QuestionAre there any current GT4 IDE software tools?

Globus Service Build Tools http://gsbt.sourceforge.net/GT4IDE: Eclipse 3 plug-in that will allow GT4 programmers to develop WSRF Java Web Services easily.globus-build-service: The same Ant buildfile + script included in the tutorial.

GLOBUS TOOLKIT 4Agnostic QuestionHow do you envision the Grid in the future? In your opinion, how much will GT4 make Grid adoption easier in the future?

The needs for Grids have been identified.How many grid-enabled applications well see?To grid-enable an application is a challenge.New challenges in security.

USEFUL LINKSOur site! [COMING SOON] http://www.cis.fiu.edu/~mfelip01/CIS-6612/GT4_project.htmlGlobus toolkit 4 Programmers Tutorial http://gdp.globus.org/gt4-tutorial/Globus toolkit 4: Programming Java Services http://www.gt4book.com/OASIS. http://www.oasis-open.org/The Globus Alliance; http://www.globus.org/

[MF]Refer globus handout (http://www.cs.fiu.edu/~esj/globus.html)[MF]

[MF]CHAPTER 6Intro[MF]CHAPTER 6Steps Doesnt work because its not secure [MF][MF]CHAPTER 6Specify what our service is going to provide to the outer world.Not concerned with the inner workings of the service. Just need to know what operations will be available to the users.[FF][MF]CHAPTER 6Very mechanical.The only non-trivial piece of code is the method that will be in charge of initializing our services single resource.[MF][FF]CHAPTER 6

[MF]A directory-enabled application will have a lot of named objects which will be easily accessible through a directory (as long as we know the name of the object were interested in).

GT4 uses a basic in-memory directory, meaning that all the objects in the directory are stored in the containers memory space.[MF]CHAPTER 6

$EXAMPLES_DIR/build.mappings[MF]CHAPTER 6

Subtle detail between deploy & undeploy file extension[MF][MF]Ramas steps

[MF][MF]Globus handout[FF]CHAPTER 16

Grid implies crossing organizational boundaries, resources are going to be accessed by a lot of different organizations

[FF]CHAPTER 16

[FF]CHAPTER 17 22

Example steps [FF][FF][FF][MF]This question indicates that you are under the impression that there is a single well-connected Grid, in the same sense that there is a single well-connected Internet.

Today, the Grid exists as a number of groups who are building experimental and production grid infrastructures for their own purposes. These groups are called "virtual organizations" because they are groups of organizations that are using the Grid to share resources for specific purposes. Examples of these virtual organizations (or "VOs") are the EU DataGrid, the NASA Information Power Grid, the NSF Alliance and NPACI Technology Grids, the International Virtual Data Grid (iVDGL), the NSF TeraGrid, and the Asia-Pacific Grid (apGrid). These virtual organizations are all using the same Grid technology to build their infrastructures, so they could--in theory--all interoperate as "the Grid" the same way that all of the web and email servers interoperate as "the Internet".

Each VO has its own directory service which participating systems register with so that others may discover them. This is supported by the Globus Toolkit's MDS (Monitoring and Discovery Service). Specifically, a Grid Index Information Service (GIIS)may be installed and run on one or more systems. Once a GIIS is running, the Grid Resource Information Services (GRISes) running on each system in the VO can be configured to register with the GIIS so that people (or applications) can search the GIIS for participating systems and query their configuration data.

So far, the existing VOs are largely independent and aren't "linked together" for shared use yet. Specifically, there is no universal GIIS (or "root" GIIS) that one can search to find all of the VOs and their resources. You can start your own GIIS for registering your own resources and then tell others where your GIIS is so they can query it, or you can contact any of the existing VOs to ask where their GIIS is and whether you may register your machines in their GIIS or not. You'll have to find out about the existence of these VOs through some other mechanism, though.

[MF]

Answer is NO, I guess.. [FF]End-to-end resource management and adaptation techniques able to provide application-level performance guarantees despite dynamic resource properties. Automated techniques for negotiation of resource usage, policy, and accounting in large-scale grid environments.High-performance communication methods and protocols. Infrastructure and tool support for data-intensive applications, advance teleimmersion concepts, and new problem solving environment techniques

[FF]

Providing a flexible architecture that can provide quality of service for different types of resources, including netwroks, CPUs, batch job schedulers, disks, and graphic pipelines. Providing mechanisms to allow both advance reservations and immediate ("right now") reservations for quality of service. Enabling high-performance computing users to conveniently make and use QoS reservations for complex sets of resources. For example, a scientific application may want to request nodes on a supercomputer, guaranteed access to disks on that supercomputer, real-time scheduling on a remote visualization computer, and guaranteed network bandwidth between the two.

[FF]

Big emphasis in security

[FF]

GT4IDE: by providing an environment that seamlessly integrates all the steps from coding to deployment. GT4IDE is currently in alpha phase, and thus lacks a lot of features and is not fit for use in production environments.

globus-build-service: The reason for taking this tool out of the tutorial is to encourage developers to add their own improvements to get a more general-purpose tool that can be used in different projects.

[FF]

Large, underutilized, complex environments that are costly to maintain.

APPS: How easy to develop? Learning curve, cost/benefit, parallelism, deployment