The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no. 211338

Workflow repository, user specific monitor, and

vulnerability analyzer in SEE-GRID

5th EGEE User Forum, Uppsala, 12 April 2010

Robert Lovas, Sandor Acs, Akos Balasko,Zoltan Balaton, Miklos Kozlovszky

MTA SZTAKIrlovas@sztaki.hu

Overview

New tools and services in order to ease several tasks of end-users, application developers, and grid operators:

• Grid Site Software Vulnerability Analyzer (GSSVA)

• Common Workflow Repository Extension (CWRE), and

• User/application Specific Grid Infrastructure Monitoring Extension (USGIME) of P-GRADE portal.

SEE-GRID-SCI

Contract n°: RI-211338Project type: I3Start date: 01/05/2008Duration: 24 monthsTotal budget: 3 214 690 €Funding from the EC: 2 500 000 €Total funded effort, PMs: 676.5Web site: www.see-grid-sci.eu

Operational & Monitoring Tools

Availability

System Load

Functionality

Security

Security Issues

Grid user can be local user at sites

Software vulnerabilities (exploits, local root exploits)

Attacker can take control over site’s computers

Software Vulnerability Testers

Investigated vulnerability checking programs (NESSUS, OpenVAS, PAKITI)

GSSVA is based on PAKITI It is simple and open source Lightweight client

Problems with PAKITI Firewall issues (HTTP) Client software should be installed Not sufficient user management (just one admin role is

available) No history

Security Monitoring System should...

have a central registry,

use the grid infrastructure (grid’s protocol),

be scalable and flexible,

log the change of the status of the nodes,

have well defined user roles and user friendly GUI.

GSSVA: System architecture

Running in SEE-GRID-SCI Production Grid

Running in SEE-GRID-SCI Production Grid (2)

P-GRADE portal in a nutshell

Certificate and proxy management

Grid and Grid resource

management

Graphical editor to define workflows and

parametric studies

Accessing resources in multiple VOs

Built-in workflow manager and

execution visualization

GUI is customizable to certain

applications

Integrating P-GRADE portal with DSpace repository

Goal: to make available workflow applications for the whole P-GRADE portal user community

Solution: Integrating P-GRADE portal with DSpace repository

Functions:App developers can

publish their ready-to-use and half-made applications in the repository

End-users can download, parameterize and execute the applications stored in the repository

Portal

DSpace repository

Portal

End-users

App developers

Portal

• Advantage: • Appl. developers can collaborate with appl. developers and with end-users• Members of a portal user community can share their WFs• Different portal user communities can share their WFs

DSpace Fedora myExperiment

Archimède

ACS

Functionality 4 5 3 2 1API/Documentation 5 4 2 3 1GUI 3 2 5 4 1Version/Development

4 5 3 2 1

Installation 5 4 2 3 1References/Community

5 4 3 2 1

Totals: 24 18 16 626

Ranking of repositories

New portlets

• DSpace View• DSpace Download• DSpace Upload

Implementation

Lightweight Network Interface (LNI)

dspace/48

Download

Upload

Stand-alone view

USGIME: Motivation

Available infrastructure monitoring tools..

Developed for CE/Site/VO administrators Are too complex for the users Provide irrelevant information in the users’ point of

view Cannot be used to check the validity of the

Certificate

Goal

Allow users of P-GRADE Portal to test The validity of their own CertificateAccessibity of the connection between

Computing Elements and Storage Elements (using Remote Files and Logical File Catalog)

Portal Server and the Storage Elements (because of the possibility to create Parameter Study workflow using Autogenerator mechanism of P-GRADE Portal)

Idea

P-GRADE Portal 2.7

+ List of Computing Elements,and Storage Elements

Pre-developed workflow Job generation is done accordingly the CE-list

List of SEs

Implemented interface 1/3

Implemented interface 2/3

Implemented interface 3/3

Summary

(1) GSSVA addresses vulnerability issues of Grids, which can efficiently help administrators increase the security level of the site and leaving less chance for various attacks. (2) CWRE repository can be exploited as a bridge between more than 15 different P-GRADE portal installations worldwide, fostering the creation of new application developer communities from the individual developers, and provides more

visibility of research achievements. (3) USGIME can assist the users to understand better the reasons for common critical failures and enable the execution of application specific tests systemically

• The tools are in production and also available under GPL licence.

• The future plans includes (among others) – the development of enhanced interfaces for visualization of historical information

(GSSVA), – improvements towards more WEB2 functionalities (CWRE), and – enhancements based on the new users feedbacks (USGIME).

• More SEE-GRID tools presented on 14 April 2010 (12:00) in the Auditorium: ANASTAS, Misev - Improvements of the grid infrastructure and services within SEE-GRID