1 / 15

G-PBox

G-PBox. A Policy Framework for Grid Environments. Speaker Gian Luca Rubini (gianluca.rubini@cnaf.infn.it). CHEP 2004 Interlaken (Switzerland). Summary. Problem statement Requirements Architecture of G-PBox Policies distribution flow Internal components Policy evaluation and language

kimn
Download Presentation

G-PBox

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. G-PBox A Policy Framework for Grid Environments Speaker Gian Luca Rubini (gianluca.rubini@cnaf.infn.it) CHEP 2004 Interlaken(Switzerland)

  2. Summary • Problem statement • Requirements • Architecture of G-PBox • Policies distribution flow • Internal components • Policy evaluation and language • Open issues • Conclusions CHEP 2004 Interlaken(Switzerland)

  3. Problem statement (1/2) • Available policy systems are working under a single administrative domain. • A Grid is composed by many administrative domains. • Policies need to affect mutiple administrative domains: • Three kinds of policies. • internal and private policies (local policies) • policies coordinating multiple domains (VO policies) • internal policies indirectly affecting other domains (mixed policies) CHEP 2004 Interlaken(Switzerland)

  4. Problem statement (2/2) • Three type of policies: • VO Policies • “Users of VO cms/muon get their job on the highest priority queue” • Local policies • “Local users always get top priority” • Mixed policies • “User John.Simms, member of VO cms/muon, cannot access the CNAF farm” CHEP 2004 Interlaken(Switzerland)

  5. Requirements (1/2) • Sites need to: • Have absolute control on resources owned by them • Have a unique interface to manage site policies • VOs and Grids need to: • Distribute policies to otherdomains in order for them to be accepted • Set policies affecting user, resources, etc… CHEP 2004 Interlaken(Switzerland)

  6. Requirements (2/2) • Granularity • Recognize the internal group organization of a VO (defined by an attribute authority like VOMS) • Force a bias among users and VOs • Adapt to new technologies • Capable of managing the new software that will be integrated into a Grid (Maui over PBS, etc.) CHEP 2004 Interlaken(Switzerland)

  7. VO PBox VO Admins GRID PBox Admins PBox GRID GRID PBox PBox PBox PBox SITE SITE SITE SITE SITE Admins PBox PBox PBox SubSITE SubSITE SubSITE Architecture of G-PBox

  8. Architecture of G-PBox (cont.) • PBoxes are the basic elements. They: • Receive and evaluate requests • Originate and distribute policies • (At least) One PBox for each administrative domain • All PBoxes are structurally identical • A PBox permits connections only from specific clients CHEP 2004 Interlaken(Switzerland)

  9. X X PBox X Y PBox X Y P1 A A P1 P1 P1 A P P2 A R P2 P2 P2 A P P3 A A P3 P3 P3 A P Y PBox Y PBox Y Y PA PA A PA PA A PB PB A PB PB A P1 A P1 P1 P P1 P2 R P2 P2 P P2 P3 P3 A P3 P3 P Policy distribution flow between two PBoxes of different layers

  10. PDP 1 internal component • PR 3 boundary components • PCI • PAT • PDP PR PAT Module that receive policy evaluation requests by PEP and determine the results Repository of the PBox policies PCI PR PR PCI PAT PAT PDP PCI PCI Communication interface with other PBoxes (via GSI) PAT Action of user on resource PEP PDP Entry point of PBox to manage PR and PCI functionalities PDP Internal components

  11. Policy Evaluation A client (for example a CE, SE, ecc.) must implement a PEP (Policy Enforcement Point) • The client sends a request to its PEP, which rewrites it into the correct syntax and sends it to the PDP of its PBox (1) • The PDP of the PBox sends back its answer (2) • The PEP translates the answer in a format recognized by the client. 1 client PEP PDP 2

  12. Policy Language • Policies are expressed in XACML 1.0 • XACML may be extended to also support management and accounting policies • Thanks to the Obligation concept, extension is painless • New types of actions may be required, e.g. uri:pbox:1.0:submit (submit a job) CHEP 2004 Interlaken(Switzerland)

  13. Open issues • Policies that require to have a global view of a Grid (e.g. “Deny a user with more than 50 jobs in the entire grid”) • Workaround:setting up an accounting system CHEP 2004 Interlaken(Switzerland)

  14. Conclusions (1/2) • Our system can manage VO, local and mixed policies in a multi-domain Grid • Thanks to its modular architecture it is highly configurable to specific needs • Development and testing is ongoing • For adetailed G-PBox overview: http://infnforge.cnaf.infn.it/projects/pbox CHEP 2004 Interlaken(Switzerland)

  15. Conclusions (2/2) • G-PBox team is: • Andrea Caltroni • Vincenzo Ciaschini • Andrea Ferraro • Gian Luca Rubini • Riccardo Zappi • G-PBox was conceived and developed inside INFN • Thanks to EGEE and Grid.IT for their support and funding of this work CHEP 2004 Interlaken(Switzerland)

More Related