1 / 45

Service-Oriented Science Scaling eScience Application & Impact

Service-Oriented Science Scaling eScience Application & Impact. Ian Foster Argonne National Laboratory University of Chicago Univa Corporation. Acknowledgements. Carl Kesselman, with whom I developed many ideas & slides

Download Presentation

Service-Oriented Science Scaling eScience Application & Impact

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Service-Oriented ScienceScaling eScience Application & Impact Ian Foster Argonne National Laboratory University of Chicago Univa Corporation

  2. Acknowledgements • Carl Kesselman, with whom I developed many ideas & slides • Bill Allcock, Charlie Catlett, Kate Keahey, Jennifer Schopf, Frank Siebenlist, Mike Wilde @ ANL/UC • Ann Chervenak, Ewa Deelman, Laura Pearlman @ USC/ISI • Karl Czajkowski, Steve Tuecke @ Univa • Numerous other fine colleagues • NSF, DOE, IBM for research support

  3. Context:System-Level Science Problems too large &/or complex to tackle alone …

  4. Seismic Hazard Analysis (Southern Calif. Earthquake Center) Seismicity Paleoseismology Geologic structure Local site effects Faults Seismic Hazard Model Stress transfer Rupture dynamics Crustal motion Seismic velocity structure Crustal deformation

  5. SCEC Community Model 1 Standardized Seismic Hazard Analysis Ground motion simulation Physics-based earthquake forecasting Ground-motion inverse problem Structural Simulation 2 3 Other Data Geology Geodesy 4 5 Unified Structural Representation Invert 4 5 Faults Motions Stresses Anelastic model Ground Motions AWM SRM FSM RDM 3 2 Earthquake Forecast Model Attenuation Relationship Intensity Measures 1 FSM = Fault System Model RDM = Rupture Dynamics Model AWP = Anelastic WavePropagation SRM = SiteResponseModel

  6. Science Takes a Village … • Teams organized around common goals • People, resource, software, data, instruments… • With diverse membership & capabilities • Expertise in multiple areas required • And geographic and political distribution • No location/organization possesses all required skills and resources • Must adapt as a function of the situation • Adjust membership, reallocate responsibilities, renegotiate resources

  7. Virtual Organizations • From organizational behavior/management: • "a group of people who interact through interdependent tasks guided by common purpose [that] works across space, time, and organizational boundaries with links strengthened by webs of communication technologies" (Lipnack & Stamps, 1997) • The impact of cyberinfrastructure • People  computational agents & services • Communication technologies  IT infrastructure, i.e. Grid “The Anatomy of the Grid”, Foster, Kesselman, Tuecke, 2001

  8. Users Discovery tools Analysis tools Data Archives Fig: S. G. Djorgovski Beyond Science Silos:Service-Oriented Architecture • Decompose across network • Clients integrate dynamically • Select & compose services • Select “best of breed” providers • Publish result as a new service • Decouple resource & service providers Function Resource

  9. Provisioning Service-Oriented Systems:The Role of Grid Infrastructure Users • Service-oriented Gridinfrastructure • Provision physicalresources to support application workloads • Service-oriented applications • Wrap applications as services • Compose applicationsinto workflows Composition Workflows Invocation ApplnService ApplnService “The Many Faces of IT as Service”, Foster, Tuecke, 2005

  10. Forming & Operating (Scientific) Communities • Define VO membership and roles, & enforce laws and community standards • I.e., policy for service-oriented architecture • Build, buy, operate, & share community infrastructure • Data, programs, services, computing, storage, instruments • Service-oriented infrastructure • Define and perform collaborative work • Use shared infrastructure, roles, & policy • Manage community workflow

  11. Forming & Operating (Scientific) Communities • Define VO membership and roles, & enforce laws and community standards • I.e., policy for service-oriented architecture • Build, buy, operate, & share community infrastructure • Data, programs, services, computing, storage, instruments • Service-oriented infrastructure • Define and perform collaborative work • Use shared infrastructure, roles, & policy • Manage community workflow

  12. A B 1 1 10 10 1 A B 1 2 1 2 16 Defining Community: Membership and Laws • Identify VO participants and roles • For people and services • Specify and control actions of members • Empower members  delegation • Enforce restrictions  federate policy Effective Access Policy of site to community Access granted by community to user Site admission-control policies

  13. Policy Challenges in VOs • Restrict VO operations based on requestor characteristics • VO dynamics create challenges • Intra-VO • VO-specific roles • Mechanisms to specify/enforce policy at VO level • Inter-VO • Entities/roles in one VO not necessarily defined in another VO

  14. Core Security Mechanisms • Attribute Assertions • C asserts that S has attribute A with value V • Authentication and digital signature • Allows signer to assert attributes • Delegation • C asserts that S can perform O on behalf of C • Attribute mapping • {A1, A2… An}vo1  {A’1, A’2… A’m}vo2 • Policy • Entity with attributes A asserted by C may perform operation O on resource R

  15. Trust in VOs • Do I “believe” an attribute assertion? • Used to evaluate cost vs. benefit of performing an operation • E.g., perform untrusted operation with extra auditing • Look at attributes of assertion signer • Rooting trust • Externally recognized source, e.g., CA • Dynamically via VO structure  delegation • Dynamically via alternative sources, e.g., reputation

  16. Security Services for VO Policy • Attribute Authority (ATA) • Issue signed attribute assertions (incl. identity, delegation & mapping) • Authorization Authority (AZA) • Decisions based on assertions & policy • Use with message- or transport-level security VOUser A Delegation Assertion User B can use Service A Resource Admin Attribute VO AZA VO ATA VO-A Attr  VO-B Attr Mapping ATA VO Member Attribute VOUser B VO Member Attribute VO A Service VO B Service

  17. SSL/WS-Security with Proxy Certificates Authz Callout: SAML, XACML Services (running on user’s behalf) Access ComputeCenter Rights CAS or VOMS issuing SAML or X.509 ACs Rights VO MyProxy Local policy on VO identity or attribute authority Rights’ KCA Closing the Loop Users

  18. Forming & Operating Scientific Communities • Define VO membership and roles, & enforce laws and community standards • I.e., policy for service-oriented architecture • Build, buy, operate, & share community infrastructure • Data, programs, services, computing, storage, instruments • Service-oriented infrastructure • Define and perform collaborative work • Use shared infrastructure, roles, & policy • Manage community workflow

  19. Bootstrapping a VOby Assembling Services 1) Integrate services from other sources • Virtualize external services as VO services 2) Coordinate & compose • Create new services from existing ones Community Content Services Provider Services Capacity Provider Capacity “Service-Oriented Science”, Foster, 2005

  20. Community A Community Z … Providing VO Services:(1) Integration from Other Sources • Negotiate servicelevel agreements • Delegate and deploy capabilities/services • Provision to deliver defined capability • Configure environment • Host layered functions

  21. Virtualizing Existing Services into a VO • Establish service agreement with service • E.g., WS-Agreement • Delegate use to VO user User B User A VO User VO Admin Existing Services

  22. Deploying New Services Policy Allocate/provision Configure Initiate activity Monitor activity Control activity Activity Client Environment Resource provider Interface WS-Resource Framework, Globus GRAM, Virtual Workspaces

  23. Activities Can Be Nested Client Policy Client Client Environment Resource provider Interface

  24. Open Science Grid • 50 sites (15,000 CPUs) & growing • 400 to >1000 concurrent jobs • Many applications + CS experiments; includes long-running production operations • Up since October 2003; few FTEs central ops Jobs (2004) www.opensciencegrid.org

  25. EmbeddedResource Management Client-side VO Admin Deleg Deleg GRAM GRAM Cluster Resource Manager Headnode Resource Manager VOUser VOUser Monitoring and control VO Job Deleg GRAM Cluster Resource Manager Other Services VO Scheduler . . . • VO admin delegates credentials to be used by downstream VO services. • VO admin starts the required services. • VO jobs comes in directly from the upstream VO Users • VO job gets forwarded to the appropriate resource using the VO credentials • Computational job started for VO VO Job

  26. Providing VO Services:(2) Coordination & Composition • Take a set of provisioned services … … & compose to synthesize new behaviors • This is traditional service composition • But must also be concerned with emergent behaviors, autonomous interactions • See the work of the agent & PlanetLab communities “Brain vs. Brawn: Why Grids and Agents Need Each Other," Foster, Kesselman, Jennings, 2004.

  27. Cardiff AEI/Golm The Globus-BasedLIGO Data Grid LIGO Gravitational Wave Observatory Birmingham• Replicating >1 Terabyte/day to 8 sites >40 million replicas so far MTBF = 1 month www.globus.org/solutions

  28. Data Replication Service • Pull “missing” files to a storage system Data Location Data Movement GridFTP Local ReplicaCatalog Replica LocationIndex Reliable File Transfer Service GridFTP Local Replica Catalog Replica LocationIndex Data Replication List of required Files Data Replication Service “Design and Implementation of a Data Replication Service Based on the Lightweight Data Replicator System,” Chervenak et al., 2005

  29. Deploy hypervisor/OS Hypervisor/OS Composing Resources …Composing Services LRC GridFTP GridFTP Deploy service DRS Deploy container VO Services JVM Deploy virtual machine VM VM Procure hardware Physical machine Provisioning, management, and monitoring at all levels

  30. “Provide access to data D at S1, S2, S3 with performance P” S1 S2 D ServiceProvider S3 Replica catalog, User-level multicast, … “Provide storage with performance P1, network with P2, …” S1 D S2 ResourceProvider S3 Decomposition EnablesSeparation of Concerns & Roles S1 User S2 D S3

  31. Community Commons • What capabilities are available to VO? • Membership changes, state changes • Require mechanisms to aggregate and update VO information MORE The age of information A A A VO-specific indexes S Information FRESH S S S

  32. adapter Custom protocols for non-WSRF entities Automated registration in container GridFTP GRAM User Monitoring and Discovery Services Clients (e.g., WebMDS) GT4 Container WS-ServiceGroup MDS-Index Registration & WSRF/WSN Access GT4 Cont. GT4 Container MDS-Index MDS-Index RFT

  33. Forming & Operating Scientific Communities • Define VO membership and roles, & enforce laws and community standards • I.e., policy for service-oriented architecture • Build, buy, operate, & share community infrastructure • Data, programs, services, computing, storage, instruments • Service-oriented infrastructure • Define and perform collaborative work • Use shared infrastructure, roles, & policy • Manage community workflow

  34. Collaborative Work Executed Executing Query Executable Not yet executable What I Did What I Am Doing Edit … What I Want to Do Execution environment Schedule Time

  35. Managing Collaborative Work • Process as “workflow,” at different scales, e.g.: • Run 3-stage pipeline • Process data flowing from expt over a year • Engage in interactive analysis • Need to keep track of: • What I want to do (will evolve with new knowledge) • What I am doing now (evolve with system config.) • What I did (persistent; a source of information)

  36. The GriPhyNVirtual Data System Workflow spec Create Execution Plan Grid Workflow Execution VDL Program Statically Partitioned DAG DAGman DAG Virtual Data catalog DAGman & Condor-G Dynamically Planned DAG Job Planner Job Cleanup Virtual Data Workflow Generator Local planner Abstract workflow

  37. Functional MRI Analysis Workflow courtesy James Dobson, Dartmouth Brain Imaging Center

  38. Functional MRI – Mapping Brain Function using Grid Workflows             <>

  39. Functional MRI Virtual Data Queries Which transformations can process a “subject image”? • Q: xsearchvdc -q tr_meta dataType subject_image input • A: fMRIDC.AIR::align_warp List anonymized subject-images for young subjects: • Q: xsearchvdc -q lfn_meta dataType subject_image privacy anonymized subjectType young • A: 3472-4_anonymized.img Show files that were derived from patient image 3472-3: • Q: xsearchvdc -q lfn_tree 3472-3_anonymized.img • A: 3472-3_anonymized.img 3472-3_anonymized.sliced.hdr atlas.hdr atlas.img … atlas_z.jpg 3472-3_anonymized.sliced.img

  40. QuarkNet: Leveraging Trident for Science Education

  41. PUMA:Analysis of Metabolism PUMA Knowledge Base Information about proteins analyzed against ~2 million gene sequences Analysis on Grid Involves millions of BLAST, BLOCKS, and other processes Natalia Maltsev et al. http://compbio.mcs.anl.gov/puma2

  42. Astronomy:A Small Montage Workflow ~1200 node workflow, 7 levels Mosaic of M42 created on TeraGrid

  43. Summary (1):Community Services • Community roll, city hall, permits, licensing & police force • Assertions, policy, attribute & authorization services • Directories, maps • Information services • City services: power, water, sewer • Deployed services • Shops, businesses • Composed services • Day-to-day activities • Workflows, visualization • Tax board, fees, economic considerations • Barter, planned economy, eventually markets

  44. Summary (2) • Community based science will be the norm • Requires collaborations across sciences— including computer science • Many different types of communities • Differ in coupling, membership, lifetime, size • Must think beyondscience stovepipes • Community infrastructure will increasingly become the scientific observatory • Scaling requires a separation of concerns • Providers of resources, services, content • Small set of fundamental mechanisms required to build communities

  45. For More Information • Globus Alliance • www.globus.org • NMI and GRIDS Center • www.nsf-middleware.org • www.grids-center.org • Infrastructure • www.opensciencegrid.org • www.teragrid.org • Background • www.mcs.anl.gov/~foster 2nd Edition www.mkp.com/grid2

More Related