http://www.ngs.ac.ukhttp://www.nesc.ac.uk/training

The National Grid Serviceand OGSA-DAI

Mike Minetermjm@nesc.ac.uk

3

March 2008: The NGS Core, Partners & Affiliates,

4

OGSA-DAI on the NGS

• Objective– Encourage lots of data services to be provided for NGS VOs

to use!

– Stimulate new research!• How?

– On a grid its easier to orchestrate distributed resources

• NGS spans the country – natural infrastructure for collaborative research, service-oriented research for many communities– Light the touch-paper - establish the data services!

5

6

NGS software

• Computation services based on Globus Toolkit– Sequential or parallel jobs, from batch queues– Can run multiple jobs concurrently

• Data services:– Storage Resource Broker:

• Primarily for file storage and access• Virtual filesystem with replicated files

– NGS Oracle service– “OGSA-DAI”: Data Access and Integration

• Primarily for grid-enabling data not on the SRB or Oracle (files, relational, XML)

• Authorisation, Authentication– Built on GSI, VOMS

7

NGS Software - 2

• Middleware recently deployed– Resource Broker

– Applications Repository (“NGS Portal”)

– GridSAM – alternative for job submission and monitoring

– GRIMOIRES – registry of services (e,g,GridSAM instances)

– VOMS - Virtual Organisation Membership Service

• Developed by partners:– Application Hosting Environment: AHE

– P-GRADE portal and GEMLCA

• Being deployed – WS-GRAM: GT4 job submission

• Under development– Shibboleth integration

8

Resource Broker

NGS nodes

Local

Workstation

UIUI (user interface) has preinstalled client software

Resource Broker

User describes job in text file using Job Description Language

Submits job to Resource Broker

(pre-production use at present)

9

GridSAM

NGS nodes

Local

Workstation

UI (user interface) has preinstalled client software

GridSAM GridSAM GridSAM GridSAM

User describes job in XML using Job Submission Description Language

Web services interfaces to chosen GridSAM instance (SAM: Submission and Monitoriing)

10

OGSA-DAI on NGSWith release 3 is available, timely for:

• OGSA-DAI Servers to be deployed by– Data services (EDINA, MIMAS, bio…, …..) for diverse communities– VOs for its members– Also one or more NGS core nodes – with Oracle access

• OGSA-DAI client software could then be run in – Desktop machines (with proxy certificate etc)– “user interface” machines – for resource broker– on NGS nodes (“stage” client to NGS worker)– in higher level services (like workflow)

11

One example

12

The Role of the Virtual Organisation

(VO)

ComputeCenter

ComputeCenter

VO

Service

slide based on presentation given by Carl Kesselman at GGF Summer School 2004

13

VOMS - Virtual Organisation Membership Service

• VO can have groups– Different rights for each– Nested groups

• VO has roles– Assume role for specific purposes - when user

chooses• E,g. system admin, updating files read by the VO

• voms-proxy-init– Proxy certificate carries the additional attributes

14

Options for OGSA-DAI service on NGS

• Authentication – X.509 based– Proxy certificates – delegation, …

– Around end 2008, bridging of Shibboleth to NGS’s proxy world

• Authorisation options– Service takes Distinguished Name from proxy associated with a request,

uses a look-up • to map DN to e.g. local account / username / password for access to resource

• Call to external database of rights

– Use VOMS extension in proxy • Use VO / VO group or role to assign rights

• (OMII-Europe releasing OGSA-DAI extension for this)

15

Web Sites

• NGS– http://www.ngs.ac.uk

– Wiki service: http://wiki.ngs.ac.uk

– Training events: http://www.nesc.ac.uk/training

• Additional information

http://indico.cern.ch/conferenceDisplay.py?confId=24377includes:– about Oracle on NGS: See tutorial by Keir Hawker and Simon Collins, Thursday

17 January 2008

– About VOMS – talk by Mike Jones on 18 January 2008