SlideShare a Scribd company logo

Session10part1 Server Intro

ISSGC Summer School
ISSGC Summer School
EducationTechnologyEntertainment & Humor
1 of 45
Download to read offline
Mitglied der Helmholtz-Gemeinschaft Introduction to UNICORE 07.07.2009 Rebecca Breu
Outline Security issues UNICORE server components and how they interact Bastian Demuth: server internals Sessions 11 and 12: UNICORE clients, workflow basics 07.07.2009 Slide 2
Security Issues Grid resources communicate via internet → no firewalls to protect from outside world Intruders may . . . read messages between resources alter messages between resources connect to two resources and relay messages between them: man-in-the-middle attack flood resources with messages: denial-of-service attack 07.07.2009 Slide 3
Encryption Symmetric encryption: Same key used to encrypt and decrypt a message Disadvantage: Every pair of users must exchange keys Asymmetric encryption: Each user owns a pair of private and public key Public keys can be exchanged openly Sender encrypts message with the receiver’s public key Receiver decrypts message with his own private key 07.07.2009 Slide 4
Digital Signing Encryption: Messages can’t be read or altered by intruders How do we now where a message really comes from? Digital signing: Sender encrypts a message with his private key Receiver decrypts the message with the sender’s public key Main issue: Get sender’s public key from a trusted source 07.07.2009 Slide 5
Certification Authorities How do we know who is the real person behind a key? → Certification Authority (CA), e.g. GILDA, CA-Cert, . . . User creates private key and a matching certificate request User sends certificate request to a CA CA checks user’s identity and signs the certificate request CA sends user their signed public key (certificate) Each key contains info about user (real name, email) and signer (CA). 07.07.2009 Slide 6
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Here’s my public key Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Encrypt with Encrypt with server key Please decrypt: k3oAS2 client key 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decrypt and Decrypt and check Please decrypt: k3oAS2 check 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decript with Decrypt with private key Please decrypt: k3oAS2 private key 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Decrypted: i7Uay4 Client Server Decrypt and Decrypt and check Decrypted: PgD9mt check 07.07.2009 Slide 7
SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Does it Does it match? Please decrypt: k3oAS2 match? 07.07.2009 Slide 7
SSL (Secure Sockets Layer) Client connects to server Server sends client its public key Client checks if it trusts the signer of the server’s key Server requests client’s public key Server checks if it trusts the signer of the client’s key Server and client check if the counterpart owns the private key belonging to the public key Exchange of random messages encrypted with the counterpart’s public key Counterpart mut decrypt message with its private key Decrypted message must equal the original message 07.07.2009 Slide 8
Security in UNICORE UNICORE has a strong security concept: Each user has their own private key Each server component has its own private key Connections between user’s clients and UNICORE servers use SSL UNICORE server components use the user’s keys for authentication and authorisation UNICORE server components use SSL to connect to each other 07.07.2009 Slide 9
UNICORE Architecture Global registry: Central point of a UNICORE grid Keeps track of all available services Gateway: ”Door to outside world” in firewall may serve several resources behind one firewall unicorex: Central point for job processing and managing Checks user certificate with XUUDB XUUDB (UNICORE user database): Mapping between user certificates, user logins, roles TSI (Target System Interface): Submits jobs to batch system Components use SSL connections 07.07.2009 Slide 11
The Registry The Registry: Provide clients with information about services Two kinds: global / local Global or central registry: Serves as a ‘Grid’ Knows all target systems and workflow services Services dynamically register with (one or more) registries Local registry per service container (e.g. unicorex) For registering service instances Full WS-RF Service UNICORE Registry in Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Registry? 07.07.2009 Slide 12
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
Registry Entries Registry entries as seen with the Eclipe Client (expert view): 07.07.2009 Slide 14
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution unicorex gets login from XUUDB XUUDB TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script TSI 07.07.2009 Slide 15
When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script unicorex sends machine dependent script to TSI TSI 07.07.2009 Slide 15
Jobs Abstract job definitions: Given in JSDL (Job Submission Description Language) XML specification from the Global Grid Forum Contain for example: Job name, description Resource requirements (RAM, numer of CPUs needed, . . . ) Information about transferring of files before or after execution An application name and version Each job has a life time – after that it’s data is deleted from the server 07.07.2009 Slide 16
The Gateway The Gateway: Gateway talks to clients and servers located on other sites All communication from server components of this sites goes via Gateway Gateway must trust the CAs of users Users must trust the CA of the Gateway UNICORE Gateway of Gilda: https://gilda-lb-01.ct.infn.it:8080 The UNICORE Registry of Gilda https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Regist A unicorex of Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/GILDA-CATANIA 07.07.2009 Slide 17
The unicorex unicorex: Authorises requests using the authorisation service XUUDB Translates abstract job into concrete job for target system via the IDB Provides storage resources Provides file transfer services Provides job management services 07.07.2009 Slide 18
The XUUDB XUUDB: Maps user certificates to logins on that machine Assigns roles (user, admin, . . . ) Nr | GcID | Xlogin | Role | Projects | DN ---------------------------------------------------------------- 1 | OMII_EI | rbreu | user | | CN = Rebecca Breu , OU = JSC , OU = 2 | OMII_EI | sandra | user | | EMAILADDRESS = s . bergmann@fz - j 07.07.2009 Slide 19
The TSI The TSI . . . forks a process which runs with the user’s ID creates a temporary directory on the target system (uspace) changes current working directory to uspace submits job to local batch system Input and ouput: all input needed for job has to be copied into the uspace all output that is to survive the end of job execution has to be copied elsewhere Terms used: File import: File tranfer from somewhere into uspace File export: File tranfer from uspace to somewhere 07.07.2009 Slide 20
The Uspace 07.07.2009 Slide 21
IDB: Incarnation Database The IDB is a file with rules for translating abstract jobs into executable scripts. < idb:IDBApplication > < i d b : A p p l i c a t i o n N a m e > Bash shell </ i d b : A p p l i c a t i o n N a m e > < i d b : A p p l i c a t i o n V e r s i o n > 3.1.16 </ i d b : A p p l i c a t i o n V e r s i o n > < j s d l : P O S I X A p p l i c a t i o n xmlns:jsdl = " http: // schemas . ggf . org / jsdl < j sd l: Ex e cu ta bl e >/ bin / bash </ js dl : Ex ec ut a bl e > < jsdl:Argument > -- debugger $ DEBUG ? </ jsdl:Argument > < jsdl:Argument > -v $ VERBOSE ? </ jsdl:Argument > < jsdl:Argument >$ ARGUMENTS ? </ jsdl:Argument > < jsdl:Argument >$ SOURCE ? </ jsdl:Argument > </ j s d l : P O S I X A p p l i c a t i o n > </ i d b: I D B A p p l i c a t i o n > 07.07.2009 Slide 23
UNICORE Quickstart Easy installation and usage of UNICORE server components with the Quickstart bundle containing: all needed server components demo certificates easy to use graphical installer 07.07.2009 Slide 24
UNICORE LiveCD The UNICORE LiveCD contains complete Linux system automatically starting server components pre-configured clients 07.07.2009 Slide 25
Visit UNICORE on the internet Downloads, information, documentation, . . . : http://www.unicore.eu 07.07.2009 Slide 26

Recommended

PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)Siddick Elaheebocus
 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocolsLê Liêu
 
Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Michele Orru'
 
Session 33 - Production Grids
Session 33 - Production GridsSession 33 - Production Grids
Session 33 - Production GridsISSGC Summer School
 
Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction ISSGC Summer School
 
Session5 T Infr Access Emidio
Session5 T Infr Access EmidioSession5 T Infr Access Emidio
Session5 T Infr Access EmidioISSGC Summer School
 
Application Form
Application FormApplication Form
Application FormHovhannes Minasyan
 
Issgc Welcome
Issgc WelcomeIssgc Welcome
Issgc WelcomeISSGC Summer School
 

Recommended

PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)Siddick Elaheebocus
 
Part04 key exchange protocols
Part04 key exchange protocolsPart04 key exchange protocols
Part04 key exchange protocolsLê Liêu
 
Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Current standard implementations for security/authorization in distributed c...
Current standard implementations for security/authorization in distributed c...Michele Orru'
 
Session 33 - Production Grids
Session 33 - Production GridsSession 33 - Production Grids
Session 33 - Production GridsISSGC Summer School
 
Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction Session 40 : SAGA Overview and Introduction
Session 40 : SAGA Overview and Introduction ISSGC Summer School
 
Session5 T Infr Access Emidio
Session5 T Infr Access EmidioSession5 T Infr Access Emidio
Session5 T Infr Access EmidioISSGC Summer School
 
Application Form
Application FormApplication Form
Application FormHovhannes Minasyan
 
Issgc Welcome
Issgc WelcomeIssgc Welcome
Issgc WelcomeISSGC Summer School
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
as2 concepts
as2 conceptsas2 concepts
as2 conceptslittlefoxcommunications
 
Jsse
JsseJsse
Jssevantinhkhuc
 
Ch14
Ch14Ch14
Ch14Francis Alamina
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger serviceAditya Gupta
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 
ssl
sslssl
sslsjyuva
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptxJenish Prajapati
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.pptssuserec53e73
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 
Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future ISSGC Summer School
 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundISSGC Summer School
 

More Related Content

Similar to Session10part1 Server Intro

Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger serviceAditya Gupta
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2Olle E Johansson
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20eyad alaa
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail securityrajakhurram
 

Similar to Session10part1 Server Intro (20)

Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of Trust
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
as2 concepts
as2 conceptsas2 concepts
as2 concepts
 
Jsse
JsseJsse
Jsse
 
Ch14
Ch14Ch14
Ch14
 
SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)SSL/TLS for Mortals (Voxxed Days Luxembourg)
SSL/TLS for Mortals (Voxxed Days Luxembourg)
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger service
 
#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2#Morecrypto (with tis) - version 2.2
#Morecrypto (with tis) - version 2.2
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
cisco-nti-Day20
cisco-nti-Day20cisco-nti-Day20
cisco-nti-Day20
 
ssl
sslssl
ssl
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
fengmei.ppt
fengmei.pptfengmei.ppt
fengmei.ppt
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 

More from ISSGC Summer School

Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future ISSGC Summer School
 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundISSGC Summer School
 
Session 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in EuropeSession 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in EuropeISSGC Summer School
 
Session 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky NoteSession 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky NoteISSGC Summer School
 
Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management ISSGC Summer School
 
Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical ISSGC Summer School
 
Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution ISSGC Summer School
 
Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics ISSGC Summer School
 
Session 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an exampleSession 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an exampleISSGC Summer School
 
Session 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLiteSession 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLiteISSGC Summer School
 
General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school ISSGC Summer School
 
Session 3-Distributed System Principals
Session 3-Distributed System PrincipalsSession 3-Distributed System Principals
Session 3-Distributed System PrincipalsISSGC Summer School
 

More from ISSGC Summer School (20)

Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future Session 58 - Cloud computing, virtualisation and the future
Session 58 - Cloud computing, virtualisation and the future
 
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake EdlundSession 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
Session 58 :: Cloud computing, virtualisation and the future Speaker: Ake Edlund
 
Session 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in EuropeSession 50 - High Performance Computing Ecosystem in Europe
Session 50 - High Performance Computing Ecosystem in Europe
 
Integrating Practical2009
Integrating Practical2009Integrating Practical2009
Integrating Practical2009
 
Session 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky NoteSession 49 Practical Semantic Sticky Note
Session 49 Practical Semantic Sticky Note
 
Departure
DepartureDeparture
Departure
 
Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management Session 48 - Principles of Semantic metadata management
Session 48 - Principles of Semantic metadata management
 
Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical Session 49 - Semantic metadata management practical
Session 49 - Semantic metadata management practical
 
Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution Session 46 - Principles of workflow management and execution
Session 46 - Principles of workflow management and execution
 
Session 42 - GridSAM
Session 42 - GridSAMSession 42 - GridSAM
Session 42 - GridSAM
 
Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics Session 37 - Intro to Workflows, API's and semantics
Session 37 - Intro to Workflows, API's and semantics
 
Session 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an exampleSession 43 :: Accessing data using a common interface: OGSA-DAI as an example
Session 43 :: Accessing data using a common interface: OGSA-DAI as an example
 
Session 36 - Engage Results
Session 36 - Engage ResultsSession 36 - Engage Results
Session 36 - Engage Results
 
Session 23 - Intro to EGEE-III
Session 23 - Intro to EGEE-IIISession 23 - Intro to EGEE-III
Session 23 - Intro to EGEE-III
 
Social Program
Social ProgramSocial Program
Social Program
 
Session29 Arc
Session29 ArcSession29 Arc
Session29 Arc
 
Session 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLiteSession 24 - Distribute Data and Metadata Management with gLite
Session 24 - Distribute Data and Metadata Management with gLite
 
Session 23 - gLite Overview
Session 23 - gLite OverviewSession 23 - gLite Overview
Session 23 - gLite Overview
 
General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school General Introduction to technologies that will be seen in the school
General Introduction to technologies that will be seen in the school
 
Session 3-Distributed System Principals
Session 3-Distributed System PrincipalsSession 3-Distributed System Principals
Session 3-Distributed System Principals
 

Recently uploaded

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 

Recently uploaded (20)

Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 

Session10part1 Server Intro

  • 1. Mitglied der Helmholtz-Gemeinschaft Introduction to UNICORE 07.07.2009 Rebecca Breu
  • 2. Outline Security issues UNICORE server components and how they interact Bastian Demuth: server internals Sessions 11 and 12: UNICORE clients, workflow basics 07.07.2009 Slide 2
  • 3. Security Issues Grid resources communicate via internet → no firewalls to protect from outside world Intruders may . . . read messages between resources alter messages between resources connect to two resources and relay messages between them: man-in-the-middle attack flood resources with messages: denial-of-service attack 07.07.2009 Slide 3
  • 4. Encryption Symmetric encryption: Same key used to encrypt and decrypt a message Disadvantage: Every pair of users must exchange keys Asymmetric encryption: Each user owns a pair of private and public key Public keys can be exchanged openly Sender encrypts message with the receiver’s public key Receiver decrypts message with his own private key 07.07.2009 Slide 4
  • 5. Digital Signing Encryption: Messages can’t be read or altered by intruders How do we now where a message really comes from? Digital signing: Sender encrypts a message with his private key Receiver decrypts the message with the sender’s public key Main issue: Get sender’s public key from a trusted source 07.07.2009 Slide 5
  • 6. Certification Authorities How do we know who is the real person behind a key? → Certification Authority (CA), e.g. GILDA, CA-Cert, . . . User creates private key and a matching certificate request User sends certificate request to a CA CA checks user’s identity and signs the certificate request CA sends user their signed public key (certificate) Each key contains info about user (real name, email) and signer (CA). 07.07.2009 Slide 6
  • 7. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
  • 8. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
  • 9. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
  • 10. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Here’s my public key Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
  • 11. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Hello Client Server Do I trust Do I trust the signer? Here’s my public key the signer? 07.07.2009 Slide 7
  • 12. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Encrypt with Encrypt with server key Please decrypt: k3oAS2 client key 07.07.2009 Slide 7
  • 13. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decrypt and Decrypt and check Please decrypt: k3oAS2 check 07.07.2009 Slide 7
  • 14. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Decript with Decrypt with private key Please decrypt: k3oAS2 private key 07.07.2009 Slide 7
  • 15. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Decrypted: i7Uay4 Client Server Decrypt and Decrypt and check Decrypted: PgD9mt check 07.07.2009 Slide 7
  • 16. SSL (Secure Sockets Layer) SSL Secure network communication via private/public keys. Please decrypt: Dx8Gwo Client Server Does it Does it match? Please decrypt: k3oAS2 match? 07.07.2009 Slide 7
  • 17. SSL (Secure Sockets Layer) Client connects to server Server sends client its public key Client checks if it trusts the signer of the server’s key Server requests client’s public key Server checks if it trusts the signer of the client’s key Server and client check if the counterpart owns the private key belonging to the public key Exchange of random messages encrypted with the counterpart’s public key Counterpart mut decrypt message with its private key Decrypted message must equal the original message 07.07.2009 Slide 8
  • 18. Security in UNICORE UNICORE has a strong security concept: Each user has their own private key Each server component has its own private key Connections between user’s clients and UNICORE servers use SSL UNICORE server components use the user’s keys for authentication and authorisation UNICORE server components use SSL to connect to each other 07.07.2009 Slide 9
  • 19.
  • 20. UNICORE Architecture Global registry: Central point of a UNICORE grid Keeps track of all available services Gateway: ”Door to outside world” in firewall may serve several resources behind one firewall unicorex: Central point for job processing and managing Checks user certificate with XUUDB XUUDB (UNICORE user database): Mapping between user certificates, user logins, roles TSI (Target System Interface): Submits jobs to batch system Components use SSL connections 07.07.2009 Slide 11
  • 21. The Registry The Registry: Provide clients with information about services Two kinds: global / local Global or central registry: Serves as a ‘Grid’ Knows all target systems and workflow services Services dynamically register with (one or more) registries Local registry per service container (e.g. unicorex) For registering service instances Full WS-RF Service UNICORE Registry in Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Registry? 07.07.2009 Slide 12
  • 22. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 23. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 24. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 25. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 26. The Global Registry What resources dopublish contact of resources know? list you 07.07.2009 Slide 13
  • 27. Registry Entries Registry entries as seen with the Eclipe Client (expert view): 07.07.2009 Slide 14
  • 28. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
  • 29. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway unicorex XUUDB TSI 07.07.2009 Slide 15
  • 30. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex XUUDB TSI 07.07.2009 Slide 15
  • 31. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution XUUDB TSI 07.07.2009 Slide 15
  • 32. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution unicorex gets login from XUUDB XUUDB TSI 07.07.2009 Slide 15
  • 33. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script TSI 07.07.2009 Slide 15
  • 34. When a job is being submitted . . . Client Client establishes SSL-Connection to Gateway Gateway Client contacs unicorex via Gateway Client sends signed abstract job to unicorex unicorex asks XUUDB if the user belonging to unicorex the certificate is allowed job execution unicorex gets login from XUUDB XUUDB unicorex translates abstract job into machine-dependent script unicorex sends machine dependent script to TSI TSI 07.07.2009 Slide 15
  • 35. Jobs Abstract job definitions: Given in JSDL (Job Submission Description Language) XML specification from the Global Grid Forum Contain for example: Job name, description Resource requirements (RAM, numer of CPUs needed, . . . ) Information about transferring of files before or after execution An application name and version Each job has a life time – after that it’s data is deleted from the server 07.07.2009 Slide 16
  • 36. The Gateway The Gateway: Gateway talks to clients and servers located on other sites All communication from server components of this sites goes via Gateway Gateway must trust the CAs of users Users must trust the CA of the Gateway UNICORE Gateway of Gilda: https://gilda-lb-01.ct.infn.it:8080 The UNICORE Registry of Gilda https://gilda-lb-01.ct.infn.it:8080/REGISTRY/services/Regist A unicorex of Gilda: https://gilda-lb-01.ct.infn.it:8080/REGISTRY/GILDA-CATANIA 07.07.2009 Slide 17
  • 37. The unicorex unicorex: Authorises requests using the authorisation service XUUDB Translates abstract job into concrete job for target system via the IDB Provides storage resources Provides file transfer services Provides job management services 07.07.2009 Slide 18
  • 38. The XUUDB XUUDB: Maps user certificates to logins on that machine Assigns roles (user, admin, . . . ) Nr | GcID | Xlogin | Role | Projects | DN ---------------------------------------------------------------- 1 | OMII_EI | rbreu | user | | CN = Rebecca Breu , OU = JSC , OU = 2 | OMII_EI | sandra | user | | EMAILADDRESS = s . bergmann@fz - j 07.07.2009 Slide 19
  • 39. The TSI The TSI . . . forks a process which runs with the user’s ID creates a temporary directory on the target system (uspace) changes current working directory to uspace submits job to local batch system Input and ouput: all input needed for job has to be copied into the uspace all output that is to survive the end of job execution has to be copied elsewhere Terms used: File import: File tranfer from somewhere into uspace File export: File tranfer from uspace to somewhere 07.07.2009 Slide 20
  • 41.
  • 42. IDB: Incarnation Database The IDB is a file with rules for translating abstract jobs into executable scripts. < idb:IDBApplication > < i d b : A p p l i c a t i o n N a m e > Bash shell </ i d b : A p p l i c a t i o n N a m e > < i d b : A p p l i c a t i o n V e r s i o n > 3.1.16 </ i d b : A p p l i c a t i o n V e r s i o n > < j s d l : P O S I X A p p l i c a t i o n xmlns:jsdl = " http: // schemas . ggf . org / jsdl < j sd l: Ex e cu ta bl e >/ bin / bash </ js dl : Ex ec ut a bl e > < jsdl:Argument > -- debugger $ DEBUG ? </ jsdl:Argument > < jsdl:Argument > -v $ VERBOSE ? </ jsdl:Argument > < jsdl:Argument >$ ARGUMENTS ? </ jsdl:Argument > < jsdl:Argument >$ SOURCE ? </ jsdl:Argument > </ j s d l : P O S I X A p p l i c a t i o n > </ i d b: I D B A p p l i c a t i o n > 07.07.2009 Slide 23
  • 43. UNICORE Quickstart Easy installation and usage of UNICORE server components with the Quickstart bundle containing: all needed server components demo certificates easy to use graphical installer 07.07.2009 Slide 24
  • 44. UNICORE LiveCD The UNICORE LiveCD contains complete Linux system automatically starting server components pre-configured clients 07.07.2009 Slide 25
  • 45. Visit UNICORE on the internet Downloads, information, documentation, . . . : http://www.unicore.eu 07.07.2009 Slide 26