Upload
dustin-doyle
View
218
Download
2
Embed Size (px)
DESCRIPTION
SEE-GRID-SCI Contract n°: RI Project type: I3 Start date: 01/05/2008 Duration: 24 months Total budget: € Funding from the EC: € Total funded effort, PMs: Web site:
Citation preview
The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no. 211338
Workflow repository, user specific monitor, and
vulnerability analyzer in SEE-GRID
5th EGEE User Forum, Uppsala, 12 April 2010
Robert Lovas, Sandor Acs, Akos Balasko,Zoltan Balaton, Miklos Kozlovszky
Overview
New tools and services in order to ease several tasks of end-users, application developers, and grid operators:
• Grid Site Software Vulnerability Analyzer (GSSVA)
• Common Workflow Repository Extension (CWRE), and
• User/application Specific Grid Infrastructure Monitoring Extension (USGIME) of P-GRADE portal.
SEE-GRID-SCI
Contract n°: RI-211338Project type: I3Start date: 01/05/2008Duration: 24 monthsTotal budget: 3 214 690 €Funding from the EC: 2 500 000 €Total funded effort, PMs: 676.5Web site: www.see-grid-sci.eu
Operational & Monitoring Tools
Availability
System Load
Functionality
Security
Security Issues
Grid user can be local user at sites
Software vulnerabilities (exploits, local root exploits)
Attacker can take control over site’s computers
Software Vulnerability Testers
Investigated vulnerability checking programs (NESSUS, OpenVAS, PAKITI)
GSSVA is based on PAKITI It is simple and open source Lightweight client
Problems with PAKITI Firewall issues (HTTP) Client software should be installed Not sufficient user management (just one admin role is
available) No history
Security Monitoring System should...
have a central registry,
use the grid infrastructure (grid’s protocol),
be scalable and flexible,
log the change of the status of the nodes,
have well defined user roles and user friendly GUI.
GSSVA: System architecture
Running in SEE-GRID-SCI Production Grid
Running in SEE-GRID-SCI Production Grid (2)
P-GRADE portal in a nutshell
Certificate and proxy management
Grid and Grid resource
management
Graphical editor to define workflows and
parametric studies
Accessing resources in multiple VOs
Built-in workflow manager and
execution visualization
GUI is customizable to certain
applications
Integrating P-GRADE portal with DSpace repository
Goal: to make available workflow applications for the whole P-GRADE portal user community
Solution: Integrating P-GRADE portal with DSpace repository
Functions:App developers can
publish their ready-to-use and half-made applications in the repository
End-users can download, parameterize and execute the applications stored in the repository
Portal
DSpace repository
Portal
End-users
App developers
Portal
• Advantage: • Appl. developers can collaborate with appl. developers and with end-users• Members of a portal user community can share their WFs• Different portal user communities can share their WFs
DSpace Fedora myExperiment
Archimède
ACS
Functionality 4 5 3 2 1API/Documentation 5 4 2 3 1GUI 3 2 5 4 1Version/Development
4 5 3 2 1
Installation 5 4 2 3 1References/Community
5 4 3 2 1
Totals: 24 18 16 626
Ranking of repositories
New portlets
• DSpace View• DSpace Download• DSpace Upload
Implementation
Lightweight Network Interface (LNI)
dspace/48
Download
Upload
Stand-alone view
USGIME: Motivation
Available infrastructure monitoring tools..
Developed for CE/Site/VO administrators Are too complex for the users Provide irrelevant information in the users’ point of
view Cannot be used to check the validity of the
Certificate
Goal
Allow users of P-GRADE Portal to test The validity of their own CertificateAccessibity of the connection between
Computing Elements and Storage Elements (using Remote Files and Logical File Catalog)
Portal Server and the Storage Elements (because of the possibility to create Parameter Study workflow using Autogenerator mechanism of P-GRADE Portal)
Idea
P-GRADE Portal 2.7
+ List of Computing Elements,and Storage Elements
Pre-developed workflow Job generation is done accordingly the CE-list
List of SEs
Implemented interface 1/3
Implemented interface 2/3
Implemented interface 3/3
Summary
(1) GSSVA addresses vulnerability issues of Grids, which can efficiently help administrators increase the security level of the site and leaving less chance for various attacks. (2) CWRE repository can be exploited as a bridge between more than 15 different P-GRADE portal installations worldwide, fostering the creation of new application developer communities from the individual developers, and provides more
visibility of research achievements. (3) USGIME can assist the users to understand better the reasons for common critical failures and enable the execution of application specific tests systemically
• The tools are in production and also available under GPL licence.
• The future plans includes (among others) – the development of enhanced interfaces for visualization of historical information
(GSSVA), – improvements towards more WEB2 functionalities (CWRE), and – enhancements based on the new users feedbacks (USGIME).
• More SEE-GRID tools presented on 14 April 2010 (12:00) in the Auditorium: ANASTAS, Misev - Improvements of the grid infrastructure and services within SEE-GRID