SlideShare a Scribd company logo

Session10part1 Server Intro

ā€¢
ā€¢
ISSGC Summer School
ISSGC Summer School
EducationTechnologyEntertainment & Humor
1 of 45
Download to read offline
Mitglied der Helmholtz-Gemeinschaft Introduction to UNICORE 07.07.2009 Rebecca Breu
Outline Security issues UNICORE server components and how they interact Bastian Demuth: server internals Sessions 11 and 12: UNICORE clients, workļ¬‚ow basics 07.07.2009 Slide 2
Security Issues Grid resources communicate via internet ā†’ no ļ¬rewalls to protect from outside world Intruders may . . . read messages between resources alter messages between resources connect to two resources and relay messages between them: man-in-the-middle attack ļ¬‚ood resources with messages: denial-of-service attack 07.07.2009 Slide 3
Encryption Symmetric encryption: Same key used to encrypt and decrypt a message Disadvantage: Every pair of users must exchange keys Asymmetric encryption: Each user owns a pair of private and public key Public keys can be exchanged openly Sender encrypts message with the receiverā€™s public key Receiver decrypts message with his own private key 07.07.2009 Slide 4
Digital Signing Encryption: Messages canā€™t be read or altered by intruders How do we now where a message really comes from? Digital signing: Sender encrypts a message with his private key Receiver decrypts the message with the senderā€™s public key Main issue: Get senderā€™s public key from a trusted source 07.07.2009 Slide 5
Certiļ¬cation Authorities How do we know who is the real person behind a key? ā†’ Certiļ¬cation Authority (CA), e.g. GILDA, CA-Cert, . . . User creates private key and a matching certiļ¬cate request User sends certiļ¬cate request to a CA CA checks userā€™s identity and signs the certiļ¬cate request CA sends user their signed public key (certiļ¬cate) Each key contains info about user (real name, email) and signer (CA). 07.07.2009 Slide 6
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hereā€™s my public key Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Encrypt with Encrypt with server key Please decrypt: k3oAS2 client key 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decrypt and Decrypt and check Please decrypt: k3oAS2 check 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decript with Decrypt with private key Please decrypt: k3oAS2 private key 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Decrypted: i7Uay4 Client Server Decrypt and Decrypt and check Decrypted: PgD9mt check 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Does it Does it match? Please decrypt: k3oAS2 match? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) Client connects to server Server sends client its public key Client checks if it trusts the signer of the serverā€™s key Server requests clientā€™s public key Server checks if it trusts the signer of the clientā€™s key Server and client check if the counterpart owns the private key belonging to the public key Exchange of random messages encrypted with the counterpartā€™s public key Counterpart mut decrypt message with its private key Decrypted message must equal the original message 07.07.2009 Slide 8
Security in UNICORE UNICORE has a strong security concept: Each user has their own private key Each server component has its own private key Connections between userā€™s clients and UNICORE servers use SSL UNICORE server components use the userā€™s keys for authentication and authorisation UNICORE server components use SSL to connect to each other 07.07.2009 Slide 9
UNICORE Architecture Global registry: Central point of a UNICORE grid Keeps track of all available services Gateway: ā€Door to outside worldā€ in ļ¬rewall may serve several resources behind one ļ¬rewall unicorex: Central point for job processing and managing Checks user certiļ¬cate with XUUDB XUUDB (UNICORE user database): Mapping between user certiļ¬cates, user logins, roles TSI (Target System Interface): Submits jobs to batch system Components use SSL connections 07.07.2009 Slide 11
The Registry The Registry: Provide clients with information about services Two kinds: global / local Global or central registry: Serves as a ā€˜Gridā€™ Knows all target systems and workļ¬‚ow services Services dynamically register with (one or more) registries Local registry per service container (e.g. unicorex) For registering service instances Full WS-RF Service UNICORE Registry in Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Registry? 07.07.2009 Slide 12
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
Registry Entries Registry entries as seen with the Eclipe Client (expert view): 07.07.2009 Slide 14
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution unicorex gets login from XUUDB XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script unicorex sends machine dependent script to TSI TSI 07.07.2009 Slide 15
Jobs Abstract job deļ¬nitions: Given in JSDL (Job Submission Description Language) XML speciļ¬cation from the Global Grid Forum Contain for example: Job name, description Resource requirements (RAM, numer of CPUs needed, . . . ) Information about transferring of ļ¬les before or after execution An application name and version Each job has a life time ā€“ after that itā€™s data is deleted from the server 07.07.2009 Slide 16
The Gateway The Gateway: Gateway talks to clients and servers located on other sites All communication from server components of this sites goes via Gateway Gateway must trust the CAs of users Users must trust the CA of the Gateway UNICORE Gateway of Gilda: https://gilda-lb-01.ct.infn.it:8080 The UNICORE Registry of Gilda https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Regist A unicorex of Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/GILDA-CATANIA 07.07.2009 Slide 17
The unicorex unicorex: Authorises requests using the authorisation service XUUDB Translates abstract job into concrete job for target system via the IDB Provides storage resources Provides ļ¬le transfer services Provides job management services 07.07.2009 Slide 18
The XUUDB XUUDB: Maps user certiļ¬cates to logins on that machine Assigns roles (user, admin, . . . ) Nr | GcID | Xlogin | Role | Projects | DN ---------------------------------------------------------------- 1 | OMII_EI | rbreu | user | | CN = Rebecca Breu , OU = JSC , OU = 2 | OMII_EI | sandra | user | | EMAILADDRESS = s . bergmann@fz - j 07.07.2009 Slide 19
The TSI The TSI . . . forks a process which runs with the userā€™s ID creates a temporary directory on the target system (uspace) changes current working directory to uspace submits job to local batch system Input and ouput: all input needed for job has to be copied into the uspace all output that is to survive the end of job execution has to be copied elsewhere Terms used: File import: File tranfer from somewhere into uspace File export: File tranfer from uspace to somewhere 07.07.2009 Slide 20
The Uspace 07.07.2009 Slide 21
IDB: Incarnation Database The IDB is a ļ¬le with rules for translating abstract jobs into executable scripts. < idb:IDBApplication > < i d b : A p p l i c a t i o n N a m e > Bash shell </ i d b : A p p l i c a t i o n N a m e > < i d b : A p p l i c a t i o n V e r s i o n > 3.1.16 </ i d b : A p p l i c a t i o n V e r s i o n > < j s d l : P O S I X A p p l i c a t i o n xmlns:jsdl = " http: // schemas . ggf . org / jsdl < j sd l: Ex e cu ta bl e >/ bin / bash </ js dl : Ex ec ut a bl e > < jsdl:Argument > -- debugger $ DEBUG ? </ jsdl:Argument > < jsdl:Argument > -v $ VERBOSE ? </ jsdl:Argument > < jsdl:Argument >$ ARGUMENTS ? </ jsdl:Argument > < jsdl:Argument >$ SOURCE ? </ jsdl:Argument > </ j s d l : P O S I X A p p l i c a t i o n > </ i d b: I D B A p p l i c a t i o n > 07.07.2009 Slide 23
UNICORE Quickstart Easy installation and usage of UNICORE server components with the Quickstart bundle containing: all needed server components demo certiļ¬cates easy to use graphical installer 07.07.2009 Slide 24
UNICORE LiveCD The UNICORE LiveCD contains complete Linux system automatically starting server components pre-conļ¬gured clients 07.07.2009 Slide 25
Visit UNICORE on the internet Downloads, information, documentation, . . . : http://www.unicore.eu 07.07.2009 Slide 26

Recommended

PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)Siddick Elaheebocus
Ā 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocolsLĆŖ LiĆŖu
Ā 
Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Michele Orru'
Ā 
Session 33 - Production Grids
Session 33 - Production GridsSession 33 - Production Grids
Session 33 - Production GridsISSGC Summer School
Ā 
Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction ISSGC Summer School
Ā 
Session5 T Infr Access Emidio
Session5 T Infr Access EmidioSession5 T Infr Access Emidio
Session5 T Infr Access EmidioISSGC Summer School
Ā 
Application Form
Application FormApplication Form
Application FormHovhannes Minasyan
Ā 
Issgc Welcome
Issgc WelcomeIssgc Welcome
Issgc WelcomeISSGC Summer School
Ā 

Recommended

PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)Siddick Elaheebocus
Ā 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocolsLĆŖ LiĆŖu
Ā 
Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Michele Orru'
Ā 
Session 33 - Production Grids
Session 33 - Production GridsSession 33 - Production Grids
Session 33 - Production GridsISSGC Summer School
Ā 
Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction ISSGC Summer School
Ā 
Session5 T Infr Access Emidio
Session5 T Infr Access EmidioSession5 T Infr Access Emidio
Session5 T Infr Access EmidioISSGC Summer School
Ā 
Application Form
Application FormApplication Form
Application FormHovhannes Minasyan
Ā 
Issgc Welcome
Issgc WelcomeIssgc Welcome
Issgc WelcomeISSGC Summer School
Ā 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
Ā 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
Ā 
as2 concepts
as2 conceptsas2 concepts
as2 conceptslittlefoxcommunications
Ā 
Jsse
JsseJsse
Jssevantinhkhuc
Ā 
Ch14
Ch14Ch14
Ch14Francis Alamina
Ā 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders
Ā 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger serviceAditya Gupta
Ā 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
Ā 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
Ā 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
Ā 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
Ā 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
Ā 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
Ā 
ssl
sslssl
sslsjyuva
Ā 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptxJenish Prajapati
Ā 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
Ā 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
Ā 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
Ā 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
Ā 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
Ā 
Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future ISSGC Summer School
Ā 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundISSGC Summer School
Ā 

More Related Content

Similar to Session10part1 Server Intro

Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
Ā 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
Ā 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders
Ā 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger serviceAditya Gupta
Ā 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
Ā 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
Ā 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
Ā 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
Ā 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
Ā 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
Ā 
ssl
sslssl
sslsjyuva
Ā 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptxJenish Prajapati
Ā 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
Ā 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
Ā 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
Ā 

Similar to Session10part1 Server Intro (20)

Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of Trust
Ā 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
Ā 
as2 concepts
as2 conceptsas2 concepts
as2 concepts
Ā 
Jsse
JsseJsse
Jsse
Ā 
Ch14
Ch14Ch14
Ch14
Ā 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
Ā 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger service
Ā 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
Ā 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
Ā 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
Ā 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Ā 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
Ā 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
Ā 
ssl
sslssl
ssl
Ā 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
Ā 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
Ā 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
Ā 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Ā 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
Ā 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
Ā 

More from ISSGC Summer School

Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future ISSGC Summer School
Ā 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundISSGC Summer School
Ā 
Session 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in EuropeSession 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in EuropeISSGC Summer School
Ā 
Session 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky NoteSession 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky NoteISSGC Summer School
Ā 
Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management ISSGC Summer School
Ā 
Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical ISSGC Summer School
Ā 
Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution ISSGC Summer School
Ā 
Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics ISSGC Summer School
Ā 
Session 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an exampleSession 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an exampleISSGC Summer School
Ā 
Session 36 - Engage Results
Session 36 - Engage ResultsSession 36 - Engage Results
Session 36 - Engage ResultsISSGC Summer School
Ā 
Session 23 - Intro to EGEE-III
Session 23 - Intro to EGEE-IIISession 23 - Intro to EGEE-III
Session 23 - Intro to EGEE-IIIISSGC Summer School
Ā 
Session 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLiteSession 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLiteISSGC Summer School
Ā 
Session 23 - gLite Overview
Session 23 - gLite OverviewSession 23 - gLite Overview
Session 23 - gLite OverviewISSGC Summer School
Ā 
General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school ISSGC Summer School
Ā 
Session 3-Distributed System Principals
Session 3-Distributed System PrincipalsSession 3-Distributed System Principals
Session 3-Distributed System PrincipalsISSGC Summer School
Ā 

More from ISSGC Summer School (20)

Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future
Ā 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Ā 
Session 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in EuropeSession 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in Europe
Ā 
Integrating Practical2009
Integrating Practical2009Integrating Practical2009
Integrating Practical2009
Ā 
Session 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky NoteSession 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky Note
Ā 
Departure
DepartureDeparture
Departure
Ā 
Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management
Ā 
Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical
Ā 
Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution
Ā 
Session 42 - GridSAM
Session 42 - GridSAMSession 42 - GridSAM
Session 42 - GridSAM
Ā 
Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics
Ā 
Session 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an exampleSession 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an example
Ā 
Session 36 - Engage Results
Session 36 - Engage ResultsSession 36 - Engage Results
Session 36 - Engage Results
Ā 
Session 23 - Intro to EGEE-III
Session 23 - Intro to EGEE-IIISession 23 - Intro to EGEE-III
Session 23 - Intro to EGEE-III
Ā 
Social Program
Social ProgramSocial Program
Social Program
Ā 
Session29 Arc
Session29 ArcSession29 Arc
Session29 Arc
Ā 
Session 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLiteSession 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLite
Ā 
Session 23 - gLite Overview
Session 23 - gLite OverviewSession 23 - gLite Overview
Session 23 - gLite Overview
Ā 
General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school
Ā 
Session 3-Distributed System Principals
Session 3-Distributed System PrincipalsSession 3-Distributed System Principals
Session 3-Distributed System Principals
Ā 

Recently uploaded

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
Ā 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
Ā 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
Ā 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
Ā 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
Ā 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
Ā 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
Ā 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
Ā 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A BeƱa
Ā 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
Ā 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
Ā 
Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)
Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)
Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)lakshayb543
Ā 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
Ā 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
Ā 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
Ā 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
Ā 

Recently uploaded (20)

Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
Ā 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
Ā 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
Ā 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
Ā 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
Ā 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Ā 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
Ā 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
Ā 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
Ā 
Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”
Model Call Girl in Tilak Nagar Delhi reach out to us at šŸ”9953056974šŸ”
Ā 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
Ā 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
Ā 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
Ā 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
Ā 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Ā 
Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)
Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)
Visit to a blind student's schoolšŸ§‘ā€šŸ¦ÆšŸ§‘ā€šŸ¦Æ(community medicine)
Ā 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
Ā 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
Ā 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
Ā 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
Ā 

Session10part1 Server Intro

  • 1. Mitglied der Helmholtz-Gemeinschaft Introduction to UNICORE 07.07.2009 Rebecca Breu
  • 2. Outline Security issues UNICORE server components and how they interact Bastian Demuth: server internals Sessions 11 and 12: UNICORE clients, workļ¬‚ow basics 07.07.2009 Slide 2
  • 3. Security Issues Grid resources communicate via internet ā†’ no ļ¬rewalls to protect from outside world Intruders may . . . read messages between resources alter messages between resources connect to two resources and relay messages between them: man-in-the-middle attack ļ¬‚ood resources with messages: denial-of-service attack 07.07.2009 Slide 3
  • 4. Encryption Symmetric encryption: Same key used to encrypt and decrypt a message Disadvantage: Every pair of users must exchange keys Asymmetric encryption: Each user owns a pair of private and public key Public keys can be exchanged openly Sender encrypts message with the receiverā€™s public key Receiver decrypts message with his own private key 07.07.2009 Slide 4
  • 5. Digital Signing Encryption: Messages canā€™t be read or altered by intruders How do we now where a message really comes from? Digital signing: Sender encrypts a message with his private key Receiver decrypts the message with the senderā€™s public key Main issue: Get senderā€™s public key from a trusted source 07.07.2009 Slide 5
  • 6. Certiļ¬cation Authorities How do we know who is the real person behind a key? ā†’ Certiļ¬cation Authority (CA), e.g. GILDA, CA-Cert, . . . User creates private key and a matching certiļ¬cate request User sends certiļ¬cate request to a CA CA checks userā€™s identity and signs the certiļ¬cate request CA sends user their signed public key (certiļ¬cate) Each key contains info about user (real name, email) and signer (CA). 07.07.2009 Slide 6
  • 7. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
  • 8. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
  • 9. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
  • 10. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hereā€™s my public key Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
  • 11. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Hereā€™s my public key the signer? 07.07.2009 Slide 7
  • 12. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Encrypt with Encrypt with server key Please decrypt: k3oAS2 client key 07.07.2009 Slide 7
  • 13. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decrypt and Decrypt and check Please decrypt: k3oAS2 check 07.07.2009 Slide 7
  • 14. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decript with Decrypt with private key Please decrypt: k3oAS2 private key 07.07.2009 Slide 7
  • 15. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Decrypted: i7Uay4 Client Server Decrypt and Decrypt and check Decrypted: PgD9mt check 07.07.2009 Slide 7
  • 16. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Does it Does it match? Please decrypt: k3oAS2 match? 07.07.2009 Slide 7
  • 17. SSL (Secure Sockets Layer) Client connects to server Server sends client its public key Client checks if it trusts the signer of the serverā€™s key Server requests clientā€™s public key Server checks if it trusts the signer of the clientā€™s key Server and client check if the counterpart owns the private key belonging to the public key Exchange of random messages encrypted with the counterpartā€™s public key Counterpart mut decrypt message with its private key Decrypted message must equal the original message 07.07.2009 Slide 8
  • 18. Security in UNICORE UNICORE has a strong security concept: Each user has their own private key Each server component has its own private key Connections between userā€™s clients and UNICORE servers use SSL UNICORE server components use the userā€™s keys for authentication and authorisation UNICORE server components use SSL to connect to each other 07.07.2009 Slide 9
  • 19.
  • 20. UNICORE Architecture Global registry: Central point of a UNICORE grid Keeps track of all available services Gateway: ā€Door to outside worldā€ in ļ¬rewall may serve several resources behind one ļ¬rewall unicorex: Central point for job processing and managing Checks user certiļ¬cate with XUUDB XUUDB (UNICORE user database): Mapping between user certiļ¬cates, user logins, roles TSI (Target System Interface): Submits jobs to batch system Components use SSL connections 07.07.2009 Slide 11
  • 21. The Registry The Registry: Provide clients with information about services Two kinds: global / local Global or central registry: Serves as a ā€˜Gridā€™ Knows all target systems and workļ¬‚ow services Services dynamically register with (one or more) registries Local registry per service container (e.g. unicorex) For registering service instances Full WS-RF Service UNICORE Registry in Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Registry? 07.07.2009 Slide 12
  • 22. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 23. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 24. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 25. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 26. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 27. Registry Entries Registry entries as seen with the Eclipe Client (expert view): 07.07.2009 Slide 14
  • 28. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
  • 29. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
  • 30. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex XUUDB TSI 07.07.2009 Slide 15
  • 31. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution XUUDB TSI 07.07.2009 Slide 15
  • 32. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution unicorex gets login from XUUDB XUUDB TSI 07.07.2009 Slide 15
  • 33. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script TSI 07.07.2009 Slide 15
  • 34. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certiļ¬cate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script unicorex sends machine dependent script to TSI TSI 07.07.2009 Slide 15
  • 35. Jobs Abstract job deļ¬nitions: Given in JSDL (Job Submission Description Language) XML speciļ¬cation from the Global Grid Forum Contain for example: Job name, description Resource requirements (RAM, numer of CPUs needed, . . . ) Information about transferring of ļ¬les before or after execution An application name and version Each job has a life time ā€“ after that itā€™s data is deleted from the server 07.07.2009 Slide 16
  • 36. The Gateway The Gateway: Gateway talks to clients and servers located on other sites All communication from server components of this sites goes via Gateway Gateway must trust the CAs of users Users must trust the CA of the Gateway UNICORE Gateway of Gilda: https://gilda-lb-01.ct.infn.it:8080 The UNICORE Registry of Gilda https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Regist A unicorex of Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/GILDA-CATANIA 07.07.2009 Slide 17
  • 37. The unicorex unicorex: Authorises requests using the authorisation service XUUDB Translates abstract job into concrete job for target system via the IDB Provides storage resources Provides ļ¬le transfer services Provides job management services 07.07.2009 Slide 18
  • 38. The XUUDB XUUDB: Maps user certiļ¬cates to logins on that machine Assigns roles (user, admin, . . . ) Nr | GcID | Xlogin | Role | Projects | DN ---------------------------------------------------------------- 1 | OMII_EI | rbreu | user | | CN = Rebecca Breu , OU = JSC , OU = 2 | OMII_EI | sandra | user | | EMAILADDRESS = s . bergmann@fz - j 07.07.2009 Slide 19
  • 39. The TSI The TSI . . . forks a process which runs with the userā€™s ID creates a temporary directory on the target system (uspace) changes current working directory to uspace submits job to local batch system Input and ouput: all input needed for job has to be copied into the uspace all output that is to survive the end of job execution has to be copied elsewhere Terms used: File import: File tranfer from somewhere into uspace File export: File tranfer from uspace to somewhere 07.07.2009 Slide 20
  • 41.
  • 42. IDB: Incarnation Database The IDB is a ļ¬le with rules for translating abstract jobs into executable scripts. < idb:IDBApplication > < i d b : A p p l i c a t i o n N a m e > Bash shell </ i d b : A p p l i c a t i o n N a m e > < i d b : A p p l i c a t i o n V e r s i o n > 3.1.16 </ i d b : A p p l i c a t i o n V e r s i o n > < j s d l : P O S I X A p p l i c a t i o n xmlns:jsdl = " http: // schemas . ggf . org / jsdl < j sd l: Ex e cu ta bl e >/ bin / bash </ js dl : Ex ec ut a bl e > < jsdl:Argument > -- debugger $ DEBUG ? </ jsdl:Argument > < jsdl:Argument > -v $ VERBOSE ? </ jsdl:Argument > < jsdl:Argument >$ ARGUMENTS ? </ jsdl:Argument > < jsdl:Argument >$ SOURCE ? </ jsdl:Argument > </ j s d l : P O S I X A p p l i c a t i o n > </ i d b: I D B A p p l i c a t i o n > 07.07.2009 Slide 23
  • 43. UNICORE Quickstart Easy installation and usage of UNICORE server components with the Quickstart bundle containing: all needed server components demo certiļ¬cates easy to use graphical installer 07.07.2009 Slide 24
  • 44. UNICORE LiveCD The UNICORE LiveCD contains complete Linux system automatically starting server components pre-conļ¬gured clients 07.07.2009 Slide 25
  • 45. Visit UNICORE on the internet Downloads, information, documentation, . . . : http://www.unicore.eu 07.07.2009 Slide 26