290 likes | 309 Views
Thailand National Grid Project. Putchong Uthayopas 1 and Vara Varavithya 2 1 Director High Performance Computing and Networking Center Kasetsart University, Bangkok, Thailand pu@ku.ac.th 2 Department of Electrical Engineering Faculty of Engineering
E N D
Thailand National Grid Project Putchong Uthayopas1 and Vara Varavithya2 1 DirectorHigh Performance Computing and Networking CenterKasetsart University, Bangkok, Thailandpu@ku.ac.th 2 Department of Electrical Engineering Faculty of Engineering King Mongkut’s Institute of Technology North Bangkok vara@kmitnb.ac.th
Thai Grid Current Status • Currently in Operation • Delivered Grid Monitoring and Management Tools to Communities • Government Approve approx. 6M US$ funding the project for 3 years • Supports • Certification • Technical • Grid Technology Promotions TNGP, APAN2005@BKK
Agenda • Thailand National Grid Project • ThaiGrid Status Update • Current Development in ThaiGrid TNGP, APAN2005@BKK
TNGP Objectives • Promote the use of Grid Technologies • Excellence in Grid Technology • Human Resource Development • Provide Grid Infrastructure • Computing Infrastructure • Communication Structure • Help Establishing Standard and Practices • House the ThaiGrid Office TNGP, APAN2005@BKK
Ministry of ICT National Grid Committee Grid Technology Excellence Center Gov. Agencies Business Research Institutions Academic Institutions Structure SIPA TNGP, APAN2005@BKK Researchers Com Sci. Eng. People Grid Users
Satellite Clusters Satellite Clusters Satellite Clusters Satellite Clusters 32-proc. Machine 32-proc. Machine 32-proc. Machine 32-proc. Machine Computing Infrastructure Tera Flops Machine High Speed Network 16 Satellite Sites TNGP, APAN2005@BKK
Participated Organizations • KU, CU, KMITNB, KMUTT, KMITL, Mahidol, KKU, SUT, WU, AIT • Weather Forecast Services • NECTEC TNGP, APAN2005@BKK
Human Resource • Housing Dozen of Grid Engineers and Scientists at the excellence center • Systematically trains Grid Admins • via series of tutorials and workshops • Target 2,000 in three years TNGP, APAN2005@BKK
Applications • Health Care Data Grid • High Performance Computing Applications • Drug Design • CFD • FEM • Evolutionary Computing • Financial Application Based on Participated Inst. Expertise TNGP, APAN2005@BKK
Targeted Outcomes • Robust Grid Enable High Performance Computing Infrastructure • A set, 3-4, of Grid Applications Show Cases • Social impact to Thai’s well being • Supports sciences and technology • 2,000 HR Development • Grid Technology Promotion TNGP, APAN2005@BKK
ThaiGrid Project • Found Jan 2002 • Build up a long term research partnership to explore • The construction of Grid testbed and production environment • The building of Grid tools and middleware. • The deployment of grid technology to support the mission of scientific discovery • The development of Grid application TNGP, APAN2005@BKK
10 Clusters total AMATA – KU GASS – KU MAEKA – KU WARINE – KU CAMETA – SUT OPTIMA - AIT ENQUEUE – KMITNB PALM – KMITNB SPIRIT – CU INCA - KMUTT 110 Hosts (From SCMS) 158 CPUs (From SCMS) ThaiGrid Overall Status TNGP, APAN2005@BKK
ThaiGrid Status Map TNGP, APAN2005@BKK
Software • ROCKS-3.2.0 (Shasta) with • HPC Roll • Grid Roll • SCE Roll • Scheduler Roll • Globus Toolkits 2.4 • SCMSWeb Monitoring Tool • Shared Certificate Authority TNGP, APAN2005@BKK
ThaiGrid Tools • TGCheckPort – Checking the firewall between sites • TGregister – Grid user management and automatically updated grid-mapfile system TNGP, APAN2005@BKK
TGregister TNGP, APAN2005@BKK
Application • Drug Design • ThaiGrid Drug Design Portal • HIV Drug Design • Avian Flu Drug Design TNGP, APAN2005@BKK
Drug Design TNGP, APAN2005@BKK
Proxy Certificate X.509SSL Delegation ThaiGrid User Services Multi-Level User Implementation on X.509 Two core concepts: • X.509 digital certificates used as identity credentials • Proxy Certificate used to delegate identity temporarily to other credentials
Grid Security : Security VO manage • Management of VO - Discover VO by Grid participants - Authentication and authorization of participants to join VO - Access control: Participants access shared resources in VO • The problem of VO security - Large number of distributed resources - Dynamic and complex relationships among organizations across trust domains - Resource utilization scenarios are complex and changing dynamically
Grid Security: VO’s Role Groups Users • Large and dynamic population • Different accounts at different sites • Personal and confidential data • Heterogeneous privileges (roles) • Desire Single Sign-On • Group data • Access Patterns • Membership • Heterogeneous Resources • Access Patterns • Local policies • Membership Sites Grid
CA user Grid Security : Authorization management • Community Authorization Service CAS Server CAS concept: Request proxyto CAS server • Reduce trust relationship by- Group user to community - Resourceauthorized community - Community authorized user- Constrain in proxy certificate Reply restriced proxy to user • But CAS cannot support authorization in small communities in VO and support only GridFTP Mutual authentication and access resource Delegation restriced proxy from CAS
Grid Security: Small Communities in VO • Component of small communities in VO • Static users for assign authoritative • Temporarily users accept authoritative from static users • Users operation same jobs in small communities in VO • Multi-level authoritative from user to user • Requirement of small communities in VO • Mechanism for direct assign authoritative multi-level user management
Request proxy with privilege authoritative GRID RESOURCE Proxy generatorwith privilege authoritative Gatekeeper Low-leveluser Authentication & authorization with proxy privilege authoritative Grid mapfile Authoritative privilege generator Check permitfor authorization Generate assign authoritative allow deny High-leveluser Run jobs Cannot run jobs Authoritativecredentials Multi-Level assign authoritative architecture
Multi-Level assign authoritative Concept Public Key Concept : Subject:O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriyaIssuer: C=TH, O=Grid, O=ThaiGrid, CN=ThaiGrid CAExpiration date: Aug 22 08:08:14 2005 GMTSerial number: 625 (0x271) • Use Attribute Certificate concept for assign privilege authoritative • Embed Attribute Certificate into X.509 Certificate Attribute Certificate:Issuer : O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=suriyaHolder : O=Grid, O=ThaiGrid, OU=ee.kmitnb.ac.th, CN=gridstaffValidity date : Jan 22 08:08:14 2005 GMTSerialextension : sun.ee.kmitnb.ac.th/allowIssuer Signature : MD5RSAEncryption CA Digital signature
CA User A is authoritative privilege Attribute Certificate:Issuer : user AHolder : user B,C,..XPrivilege :host/allow/denyValidity : 20050128:18:45Signature: user A Proxy Certificate with ACIdentity : user BPublic Key : user BValidity : 20050128:18:45Signature: CA User A Step access same user B User B proxy-init with AC User B User X Resource Assign authoritative from user A User B can access Transfer multi-level assign authoritative Assign authoritative to user B to user X
Current Development • Build tool support multi-level assign authoritative user management for small communities in VO • Modify Proxy Certificate by embedded Attribute Certificate for access rights
Conclusion • The Start of Thailand National Grid Project • ThaiGrid Operation has been in operation and strong. • Several applications, middleware development • Lots more to come in human resource development to foster grid efforts TNGP, APAN2005@BKK