150 likes | 292 Views
GSI: Security On Teragrid. A Introduction To Security In Cyberinfrastructure By Dru Sepulveda. Overview. What is Cyberinfrastructure and Grid Computing? What is Teragrid? Authenticating users and securing credentials GSI-SSH Grid Proxies Shibboleth Clemson’s Use of Grid Security.
E N D
GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda
Overview • What is Cyberinfrastructure and Grid Computing? • What is Teragrid? • Authenticating users and securing credentials • GSI-SSH • Grid Proxies • Shibboleth • Clemson’s Use of Grid Security
What is Cyberinfrastructure and Grid Computing? • Cyberinfrastructure is a buzz word for grid computing. • Cyberinfrastructure is the coordinated aggregate of software, hardware and other technologies, as well as human expertise, required to support current and future discoveries in science and engineering.
What is Teragrid? • TeraGrid is an open scientific discovery infrastructure combining leadership class resources at nine partner sites to create an integrated, persistent computational resource.
What is Teragrid… Really? Accessibility
Why Do We Use Security On Teragrid? • While Teragrid was designed to be openly used by the scientific community to share information and solve computationally intensive problems using distrubuted resources it must be protected from ignorant or malicious users who might accidentally or intentionally damage or misuse those resources.
Authenticating Users and Securing Credentials • Users must submit their personal information by US Mail. • To speed up the process it helps to have someone on the inside vouch for you. • All returned credentials are sent via US Mail after they call you to confirm your identity.
Grid Proxies • A short term grid proxy is a certificate made in the X.509 standard from a long term client certificate that was stored on a remote machine called MyProxy when a user account is added to Teragrid. • This short term credential is stored on the local machine and can been used to access remote machines without a login name and password via GSI-SSH.
GSI-SSH GSI-SSH is a modded version of OpenSSH that uses a grid credential to authenticate users instead of a user name and password. GSI-SSH stands for Grid Security - Secure Shell and was developed by Globus.
Shibboleth • Shibboleth allows users to make grid credentials from existing credentials such as a user name and password. • This credential is a EEC or End Entity Certificate which is the certificate at the end of the authentication chain.
How Clemson is Using Grid Security • CPSC881 has set up a small cluster that is running ROCKS a prepackaged Cyberinfrastructure set up on the CentOS platform. • Tomcat with Globus has been set up so that users with a valid credential can use web services over https as long as the name in their grid credential is the same as the one in their .gridmap file that is mapped to a local account.
Clemons’s Future With Grid Security Clemson’s future with grid computing is to get a campus wide allocation on Teragrid so that all users can simply use their student login in Grid Shib to get a grid credential for use on the Grid.
References • http://www.teragrid.org/ • http://grid.ncsa.uiuc.edu/myproxy/tgsso.html • http://grid.ncsa.uiuc.edu/myproxy/tgsso.html • http://en.wikipedia.org/wiki/Cyberinfrastructure