150 likes | 295 Views
A Member of the ExperTeam Group. UNICORE – The Seamless GRID Solution. Hans–Christian Hoppe. Pallas GmbH Hermülheimer Straße 10 D–50321 Brühl, Germany info@pallas.com http://www.pallas.com. TERENA Networking Conference 2002, Limerick. Outline. UNICORE approach
E N D
A Member of the ExperTeam Group UNICORE – The Seamless GRID Solution Hans–Christian Hoppe Pallas GmbHHermülheimer Straße 10D–50321 Brühl, Germanyinfo@pallas.comhttp://www.pallas.com TERENA Networking Conference 2002, Limerick
Outline • UNICORE approach • UNICORE architecture and implementation • UNICORE projects • Availability and outlook
Approach • Provide a uniform work environment for end–users • access and authentication mechanisms (client, certificates, …) • platform details (commands, data archives, batch systems, …) • user–level resource and job model (task graph, …) • job monitoring and controlling • Intended UNICORE users • end–users in a specific domain • general HPC end–users • NOT application developers • Intended usage modes • batch execution • interactive steering • NOT general purpose interactive
Approach • Degree of “seamlessness” • access and authentication • job model • resource model • job control and monitoring • Security mechanisms • user authentication by X.509 certificates • authorization handled by the sites • data integrity and confidentiality by reliance on SSL/https • Implementation technique • emphasize portability, rely on standards • use Java for client and server components • build protocols on top of SSL/https • use of XML for storing jobs
Approach • System integration and deployment • fit into common firewall configurations • integrate into existing system administration procedures • preserve site autonomy (authorization, quotas, billing, …) • Extensibility • provide GUIs for particular applications (plugin mechanism) • extend set of supported resources, incarnation rules • configure third–party file transfers
T3E–1200 Zampano T3E–600 T90 SR8000 VPP 700 Resource Model UNICORE Client • UNICORE site(s) • Virtual site(s) • User submits jobs to a Vsite • soon: automatic resource identification • Resources • capacity • capability • Resources are advertised to the client • pseudo–dynamic mode FZ Jülich LRZ Munich
Job Model • Directed acyclic graph of • tasks (computational or data transfer) • sub–jobs (to be executed at another Vsite) • temporal dependencies • Attach resourcerequests to tasks • capacity (CPU time, disk, …) • capability (MPI–2, profiling, …) • can do static tests of jobs • can do resource brokering … LM–JobT3E–1200 Import Model Data Execute LM Model If Success Transfer Data Notify user Process–LMZampano Postprocess Export Data
Client(s) Cray NQE PBSPro Architecture • Client can run anywhere • Gateway as single point of entry • NJS incarnates and schedules jobs • UDB (User Database) contains user login information • IDB (Incarnation Database) contains resource information and job incarnation rules • TSI (Target System Interface) interfaces to local batch system Insecure Internet Gateway FZ Jülich UDB Network Job Supervisor UNICORE Network Job Supervisor IDB IDB TSI TSI
Security Model • Authentication • Gateway requires user certificate to initiate SSL communication • pass (permanent) user certificate along with job description • Authorization • Vsite maps certificate to local userid • authorization based on local userid • accommodate site–specific procedures • Job and request integrity • each DAG is signed with the user’s private key • the Vsite executing a sub–job can verify authenticity • Required trust • the user protects his/her private key • the CA is not compromised • NO transitive trust between Usites
Technology • Client and server components implemented in Java–2 • Authentication using X.509 certificates • UNICORE Plus project uses own public key infrastructure (PKI) • software can work with any other PKI • Coexistence with firewalls • gateway as single point of entry • can run outside firewall, in DMZ or inside firewall • user authentication at that point: rogue users can’t go further • Secure data transmission using SSL • additional data encryption considered in EUROGRID • Modeling of computational jobs and resources as Java objects (AJO)
Look&Feel • See the demonstration at the UNICORE booth(exhibition area)
Application Front–end • Create GUIs that support important applications • UNICORE client has a plugin interface • GUI simplifies data entry for application • GUI can support application–specific resources • GUI constructs (complicated) job chains automatically • GUI will use UNICORE client to • submit the application job • monitor and control the application job • Helpful features • end–users concentrate on applications • extended consistency checks • Existing front–ends • CPMD molecular dynamics code • Fluent, Gaussian, …
UNICORE Projects UNICORE = GRID system for seamless access to(High Performance) computing systems • Application and deployment of UNICORE in new FP 5 projects • Interest in participating in FP 6 IP and NoE • applications and deployment • extensions • integration into OGSA framework
Availability and Outlook • Current version: UNICORE 3.6 • available for project partners and on request • starting June 2002: access to full sources via UNICORE Forum web pages • Upcoming production version: UNICORE 4.0 • supports control tasks (If, Repeat, …) • many improvements to the user interface • release in July/August timeframe • partners and source repository will be updated • Results from EUROGRID and GRIP to be made available in a similar manner …
Further Information • Leaflets (see exhibition booth) • WWW pages http://www.fz–juelich.de/unicore UNICORE Plus project http://www.unicore.org UNICORE Forum http://www.eurogrid.org EUROGRID project http://www.grid–interoperability.org GRIP project • UNICORE test GRID http://www.fz-juelich.de/unicore-test