Catania Science Gateway Framework
- 1. Catania Science Gateway Framework Motivations, architecture, features Catania, 10/03/2014Riccardo Rotondo riccardo.rotondo@ct.infn.it
- 2. Catania Science Gateway Framerwork 2 Authentication & Authorisation Job Management e-Infrastructure Service & Data Service Cloud
- 3. 3
- 4. AuthN/AuthZ Schema 4 e-Infrastructures Federation 2. Forwarded to the IdP Retrieve e-Infrastructure credentialsScience Gateway VAMP Workshop 2013 – Helsinki, 30/9-1/10/2013
- 7. Roles & Privileges Surfing a Science Gateway changes according different roles Mapping between Liferay roles and LDAP group Similar mapping available on grid (i.e. voms roles) Liferay allows administrator to fully customize users experience assigning different roles to each components (pages, wikis, plugins, data) 7
- 8. Liferay user database Liferay supports several system to store users data, both local and remote Supporting the largest number of users in the easiest way A modular way to distinguish between different services and privileges is need Science Gateways stores users on an LDAP server 8
- 9. Authentication Authentication is demanded on external IDP Communication between Liferay and the IDP happens thanks to Shibboleth Shibboleth plugin, installed on Liferay, is responsible to read the token coming from the IDP and to pass it to Liferay 9
- 10. Authorisation Authorisation is demanded to the LDAP server Liferay, through a plugin implemented, request to Shibboleth the mail address(es) an try a match with the ones stored (local, remote) 10
- 11. Registration In the act of registration user data must be written on the LDAP connected to Liferay A portlet has been developed to perform this actions 11
- 12. 12
- 13. Integrated Services GRIDCLOUD JSR 168/268 JSR 168/268 JSR 168/268 JSR 168/268 Catania Science Gateway Framework Local Cluster 13
- 14. Job Engine at work October 8th, 2013Riccardo Rotondo14 1. Sign in eTokenServer User Track- ing DB 5. e-Infra Interactions 5. Tracking 2. Grid Request 6. Getting Results * or equivalent e-Infra auth
- 15. Job Engine - Architecture WT Worker Threads for Job Submission WT Worker Threads for Job Check Status USERS TRACKING DB MONITORING MODULE Resources Jobs Queue WT WT WT WT WT WT WT WT Jobs Submission Jobs Check status/ Get output 15
- 16. Glassfish Integration Access to database is not direct but make use of Glassfish connection pools and hibernate JNDI resource are used as well in order to offer some functionalities working behind the scene of job submission: Thread pool responsible for job submission Thread pool responsible for job status updates Thread pool responsible for retrieving job output 16
- 17. 17
- 18. Science Gateway paradigm Efforts to grant easy yet secure access to remote services and related resources brought to the birth of Science Gateways Virtual Research Communities access remote resources in a collaboration environment that hides the underlying complexity SGs help many users to better use the enormous grid computational power Is large grid&cloud data storage accessible as well in such an easy way? 18
- 19. Motivations Um… isn’t your computer on fire ? It’s ok, my files are stored in a safer place. Image source: 1919
- 20. Grid Data Management Challenges Make interfaces simple for non expert users CLI-based Grid storage interface is not straightforward Transactions to different e-Infrastructures require different authentication method Should this transaction involve the Science Gateway directly? Complexity of current protocols to manage different storage elements Offer an easy intuitive interface to the end users 20
- 21. Requirements Storage complexity hidden to end users Users move files from/to a portal and see it as simple external storage accessible from a web interface and do not care about grid (or any other) technologies behind File management smoothly integrated with all the services provided in the SG Underlining architecture exposes a file-system-like view (i.e., aVirtual File System orVFS) through which users can perform the following actions: Create, move, delete files/directories with the desired structure Share files with other users Set the number of backup copies desired 21
- 22. Implementations Virtual File System requires a database to map users, virtual resource and real resource Object-relation mapping approach Liferay Service Builder Database tables are not used only to keep trace of resource (file) but to define referring e-Infrastructures too Planning to support up to 4 different e-Infrastructures: local, remote, grid, cloud 22
- 23. References Catania Science Gateways url: http://www.catania- science-gateways.it Catania Science Gateway Sourceforge Project: http://sourceforge.net/projects/ctsciencegtwys/ Gilda Portal (for developers): http://gilda.ct.infn.it/ 23
- 24. 24
- 25. My Cloud (cloud interoperability based on OCCI Standard 25
- 26. Questions ? 26