200 likes | 344 Views
SWiM-Globus : S ecure Wi reless M obile (SWiM) Grid Computing Using Globus Toolkit 3.0. Xueying Chen and George Massoud ( alvy@cs.ucla.edu and gmassoud@cs.ucla.edu) CS218 Fall 2003 Project Tutor: JieJun Kong (jkong@cs.ucla.edu) Professor Mario Gerla (gerla@cs.ucla.edu). Outline.
E N D
SWiM-Globus:Secure Wireless Mobile (SWiM) Grid ComputingUsing Globus Toolkit 3.0 Xueying Chen and George Massoud(alvy@cs.ucla.edu and gmassoud@cs.ucla.edu)CS218 Fall 2003 Project Tutor: JieJun Kong (jkong@cs.ucla.edu) Professor Mario Gerla (gerla@cs.ucla.edu)
Outline • Background and Problem • Grid computing & Mobile wireless computing • SWiM • Marriage of grid computing & wireless computing • Design • Implementation • Globus Toolkit • Registration and Connect Components • Conclusions
Grid Computing:Large-scale resource sharing • Example • Web Service vs. Grid Service (e.g., Globus’ Open Grid Services Architecture, OGSA) • Web service • Interface to persistent state of a single domain • Subject to centralized control • Pure application layer business • Grid service • Interfaces to transient states of distributed activities • Subject to de-centralized coordination • But not subject to centralized control • A middleware between applications and the network
Problem Statement applications IP • IP protocol stack: an “hourglass” • Simple network IP layer scalable Internet “end-to-end argument”: new functions not easy to add inside network, but on end terminals • Cross-domain/subnet mobility • Mobile-IP [Perkins], complexity totally in IP layer • End-to-end mobility [Snoren], changes TCP protocol • Our design choice: grid middleware, no change to standard IP protocol stack • Node can roam across SWiM grids while keep application/computing alive media
Marrying Mobile Wireless Computing with Grid Computing • Both applicable to large scale networks • In particular, around the Internet • Resource sharing in different local domains not subject to centralized control • But should be coordinable in service provisioning • Such coordination rely on standard, open, general-purpose protocols/interfaces • IPv4 (de facto network layer) • Globus (de facto grid computing standard)
Modeling Wireless LANs as SWiM Grids • An autonomous WLAN becomes a grid by running Globus • This grid becomes a SWiM-Grid by running SWiM-Globus • SWiM-Grid can expand to global scale when more and more WLANs join • Any IPv4-conforming wireless node can roam across any SWiM-Grids
Design: Zero IP stack change • Basic SWiM-Grid • Standard IPv4 stack, no extra supports(i.e., IPv4+TCP/UDP only, no Mobile IP/IPv6 or DHCP/RADIUS/Kerberos etc.) • Satiated SWiM-Grid • Has extra supports • SWiM must be consistent with both scenarios • IPNL (IP Next Layer, P.Francis SIGCOMM 2001) • Use Network Address Translation (NAT) • Tolerate any foreign address • Scalable, efficient, expand local IP space
Registration coordinates with NAT-box Use your current SWiM-Grid to register Establish connection High Level Design Flow
Becomes a Grid: Globus • Open source downloadable from www.globus.org • Currently version 3.0.2, installed in our home computers, Netlab3.cs.ucla.edu, and a laptop functioning as escort • Secure resource allocation, management, directory service, communication, fault detection, and portability • Done!
Application Internet Protocol Architecture “Coordinating multiple resources”: ubiquitous infrastructure services, app-specific distributed services Collective “Sharing single resources”: negotiating access, controlling use Resource “Talking to things”: secured communication (Internet protocols) Connectivity Transport Internet “Controlling things locally”: Interface access to, & control of, resources Fabric Link Globus’ Grid Architecture Application
Application Internet Protocol Architecture SWiM-grid Registration Service to coordinate NAT-boxes Collective Resource Single NAT-boxes realized A NAT-box with secure communication capability Connectivity Transport Internet Interface to realize a rawNAT in operating system kernel and network interfaces Fabric Link Becomes SWiM-Grid: SWiM-Globus Application
SWiM Implementation Using Globus Components: • Registration Page: provide client web-based GUI to request token • Registration Service: implemented using Globus OGSA Service. • Authentication • Issue Token to client. • Coordination for NAT-Box Factory Service. • Client Connect GUI: Java application. Connect user to NAT-box • NAT-Box Service: • Verify Client IP/Token • Network Address Translation • Coordination between client and secured LAN
Globus Factory Service • Globus Grid uses factory approach (e.g. OGSA web service) • Encapsulated • Individuals do not interfere with each other • Transient • Has States and history • Secure and robust Registration Service Instance Client A Registration Service Instance Client B Registration Service Factory Registration Service Instance Client C Create New Instance Client D
Request Anonymous Token (using web GUI) Authentication Failed Invalid IP/Token Authentication Success Notify Client IP Anonymous Token Modify NAT-Box IP Table Present Token (using Client Connect GUI) Client Invalid Credentials:Error Message to Client Valid Credentials:Issue Token to Client SWiM-Globus Grid Service Work Flow Registration Service Client NAT Box SWiM-Grid
Low-end Interface:SWiM-Globus Fabric Layer Input from the client: Generate Script to modify the IP table: /sbin/iptable -A OUTPUT -d Client-chosenIP -j ACCEPT /sbin/iptable -A FORWARD -d Client-chosenIP -j ACCEPT /sbin/iptable -A FORWARD -s Client-chosenIP -j ACCEPT /sbin/iptable -t nat -A POSTROUNTING -o eth0 -j MASQUERADE
Implementation: Inner 3 layers • Registration Service as NAT-box coordinator • Implemented on OGSA (Open Grid Service Architecture) • Globus’ Grid augmentation for Web services • Mobile nodes connect to Web frontend Globus OGSA service Coordinate NAT-boxes upon successful registration
Data Flow: Inner 3 Layers Input to Registration Service From the Client Output From Registration to the Client Notification From Registration Service to the NAT Server Service
High-end Interface:SWiM-Globus Application Layer Register Client implemented using Tomcat to allow user request token from any standard Web browser
Future Work • Create an open source archive for SWiM-Globus-1.0 (reference to Globus-Toolkit 3.0.2) • Persistent connection handoff • No change on IP and TCP • Transparent to end terminals (i.e., no change to both ends’ states) • Use coordinable NAT-boxes in-between the two ends to handle transitions