Teaching Grid Computing Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University of Glasgow ros@dcs.gla.ac.uk

1
Teaching Grid ComputingDr Richard
SinnottTechnical Director National e-Science
Centre Deputy Director Technical
Bioinformatics Research Centre University of
Glasgowros_at_dcs.gla.ac.uk
2
Overview

• Grid Computing module
• Student backgrounds
• Syllabus
• Review of DyVOSE project
• Brief summary of technical approach
• Plans for the future

3
Grid Computing module

• Part of advanced MSc at Glasgow
• Started teaching on 30th September
• Due to complete on 2nd December
• Involves
• 20 lectures,
• 10 tutorials,
• 3 problem sets,
• 1 large programming assignment
• Taught by
• Richard Sinnott (NeSC, Course Director),
• Colin Perkins (DCS),
• John Watt (NeSC, DyVOSE researcher)
• 1 lecture by Seamus Ross (DCC)
• 1 lecture by David Fergusson (EGEE training team)

4
Student Backgrounds

• Students
• UG4
• MSci (UG5)
• Advanced MSc
• First lecture had 50 students, now have 16 signed
  up for module
• Various pre-requisites in taking module
• Based on Glasgow course structures
• DAS, DBIT, AC4,
• Additional materials developed for students
  without necessary background
• XML, XML Schema, WSDL,
• Not planned for originally

5
Module Outline
Week 1 Lecture 1 Introduction to Grid Computing Colin Perkins
Lecture 2 Scalability and Heterogeneity Colin Perkins
Week 2 Tutorial 1 Discussion of Seminal Grid Papers Colin Perkins
Lecture 3 Open Standards and Architectures Richard Sinnott
Lecture 4 Implementations of the Grid Architecture John Watt
Week 3 Lecture 5 Resource Discovery/Information Services John Watt
Lecture 6 Web Services Richard Sinnott
Lecture 7 Technologies for Building Grids David Fergusson
Week 4 Tutorial 2 Exploring Web Services Technologies with GT3 John Watt
Lecture 8 Grid Security Concepts Richard Sinnott
Lecture 9 Virtual Organizations Richard Sinnott
Week 5 Tutorial 3 Exploring Web Services Technologies with GT3 John Watt
Lecture 10 Security in Practice John Watt
Tutorial 4 Lab work and Discussion of Grid Security Richard Sinnott
Week 6 Lecture 11 Job Scheduling and Management - Practice Colin Perkins
Tutorial 5 Discussion of Job Scheduling Papers Colin Perkins
Lecture 12 Workflow Management John Watt
6
Module Outline
Week 7 Lecture 13 Data Access, Integration and Management John Watt
Lecture 14 Data Provenance and Curation Seamus Ross
Tutorial 6 Discussion of Data Management/Provenance Richard Sinnott
Week 8 Lecture 15 Data Transfer Colin Perkins
Lecture 16 Peer-to-Peer Communication Colin Perkins
Tutorial 7 Discussion of Networking Papers Colin Perkins
Week 9 Lecture 17 Tools for Collaboration Colin Perkins
Tutorial 8 Discussion on the Future of Grid Computing Richard Sinnott
Lecture 18 The Future of Grid Computing Richard Sinnott
Week 10 Lecture 19 Sample Applications Richard Sinnott
Lecture 20 Review of Major Concepts All
Tutorial 9 Q A All
National Digital Curation Centre
7
Timetable
Week beginning Monday 1200-1300 Thursday 1400-1500 Friday 0900-1000
27 September Lecture 1 Lecture 2
4 October Tutorial 1 Lecture 3 Lecture 4
11 October Lecture 5 Lecture 6 Lecture 7
18 October Tutorial 2 Lecture 8 Lecture 9
25 October Tutorial 3 Lecture 10 Tutorial 4
1 November Lecture 11 Tutorial 5 Lecture 12
8 November Lecture 13 Lecture 14 Tutorial 6
15 November Lecture 15 Lecture 16 Tutorial 7
22 November Lecture 17 Tutorial 8 Lecture 18
29 November Lecture 19 Lecture 20 Tutorial 9
8
DyVOSE Project Participants

• Dynamic Virtual Organisations in e-Science
  Education (DyVOSE) team
• Principal Investigators
• Dr Richard Sinnott (NeSC Glasgow)
• Prof David Chadwick (Salford)
• Developers
• Dr John Watt (NeSC Glasgow)
• Dr Sassa Otenko (Salford)
• Mr Tuan Anh Nguyen (Salford)
• Other Key People Involved
• Dr David Berry (NeSC Edinburgh)
• Dr Sandy Shaw (EDINA)

9
DyVOSE Overview

• Dynamic Virtual Organisations for e-Science
  Education (DyVOSE) project
• Two year project started 1st May 2004 funded by
  JISC
• Exploring advanced authorisation infrastructures
  for security in context of education
• University of Salford provide authorisation
  software (PERMIS) and security expertise
• Applied in Grid Computing module part of advanced
  MSc at the University of Glasgow
• Will provide insight into rolling out
  authorisation infrastructures/Grid to the masses
• Exploration of current state of the art in
  authorisation infrastructures
• Second phase of work will involve NeSC
  Edinburgh/EDINA
• Extensions to the existing PERMIS infrastructure
  to provide dynamic delegation of authority and
  recognition of authority

10
DyVOSE Workplan

• Phase 1
• Looking at applying existing PERMIS technology to
  establish static Privilege Management
  Infrastructure at GU

ScotGrid

GU Condor pool

Other (known!)

Grid resources

PERMIS based
Education
authorisation
VO
policies

Authorisation checks


Authorisation decisions

11
DyVOSE Phase 1

• Phase 1 Deliverables
• D1.1 Design of Educational Case Studies
• D1.2 Installation of Software Infrastructure for
  Static Delegation Based PMI
• D1.3 Detailed Design for Dynamic Delegation and
  Recognition of Authority
• Development of course material
• Major effort for first time

12
Current PERMIS based PMI approach

• PERMIS allows to
• Define roles for who can do what on what
• Policy Role x Target x Action
• Can user X invoke service Y and access or change
  data Z?
• Policies created with PERMIS PolicyEditor (output
  is XML file)

13
PERMIS based Authorisation
14
PERMIS based Authorisation ...ctd

• PERMIS Privilege Allocator then used to associate
  roles with specific users
• Signed policies are stored as attribute
  certificates in LDAP server
• Exploiting the GGF AuthZ specification
• Generic way to authorise access to Grid services
  using SAML callouts
• Based on GT3.3 PERMIS
• Grid service (WSDD) has policy information
  associated with it
• DN of clients, target and actions checked when
  attempts made to invoke services
• BRIDGES and DyVOSE only projects exploiting this
  API right now (Von Welch at AHM 2004)

15
Explorations in Course

• Students applying Policy Editor to develop
  security policy for use in their assignment
• Sorting/searching works of Shakespeare
• run on single PC,
• using training lab Condor pool,
• as GT3.3/Condor service,
• as GT3.3 service using GSI,
• To see how authorisation at service level
  achieved
• Service should be accessible by themselves and
  lecturing staff only
• using for GT3.3-PERMIS authorised service
• To see how authorisation at method level achieved
• Students split into groups (Gp1, Gp2)
• Sort method available to their group and
  lecturers only
• Search method available to all
• Performance aspects investigated throughout

16
DyVOSE Phase 2 and 3

• Phase 2
• D2.1 Report on Practical Experiences and Best
  Practices in Static Delegation Based PMI
• D2.2 Software implementing Dynamic Delegation and
  Authority Recognition in PERMIS
• Phase 3
• D3.1 User Manuals and Administrator Guides on
  Using and Setting up and Managing Dynamic
  Delegation Infrastructures
• D3.2 Report on Practical Experiences in Using
  Dynamic Delegation Infrastructures as Part of
  e-Science Education
• D 3.3 NMI release of PERMIS that supports dynamic
  Delegation and Recognition of Authority

17
DyVOSE Phase 2/3
Glasgow
Edinburgh
ScotGrid
Condor pool
Blue Dwarf
Dynamically established VO resources/users
Delegated VO policies
Edinburgh Education VO policies
Glasgow Education VO policies
Shibboleth
PERMIS based Authorisation checks/decisions
18
Work Progress

• Majority of lecture materials completed
• Infrastructure established in NeSC Glasgow
  training laboratory
• Initial design of dynamic PMI complete
• Input to wider UK security requirements document
• (Being drafted by Howard Chivers)

19
Work Progress ctd

• Long time wrestling with GT3.3-PERMIS integration
• Some delays due to version issues with GT3.3
• Also required some debugging of GT3.3 (commenting
  out code)
• Continued feedback on PERMIS tools
• Policy editor refinements
• Numerous discussions/meetings with Salford team
  on sorting out PERMIS-GT3.3 issues
• Certificate dependencies in using PERMIS
• Expects certificates created using openSSL

20
Work Progress ctd

• Web site established
• http//www.nesc.ac.uk/hub/projects/dyvose
• Dissemination
• Poster at JISC meeting in Brighton
• Poster at AHM 2004 in Nottingham
• Paper in preparation to European Grid Conference,
  Amsterdam
• Course materials to be made available to those
  interested
• Some already provided to EGEE training team

21
Future plans

• Feed experiences into wider Grid community (ETF
  AAA work)
• Continued input to wider security
  requirements/scenario documents (and to STF?)
• Applying experiences in other projects (VOTES,
  BRIDGES)
• Conduit for information from JISC Core Middleware
  projects and wider UK e-Science activities
• It would be nice to think that the majority of
  the lecture materials had a life of over 1 year
• Tried to achieve in course design
• not focused on Grid technologies explicitly, more
  on underlying principles/challenges
• Inevitable that refinements needed though
• Community needs to address this

22

• Questions?