VOMRS%20Overview

1
VOMRS Overview

• T. Levshina
• J. Weigand

2
VOMRS Scope

• VOMRS offers a comprehensive set of services that
  facilitates secure
• and authenticated management of VO membership,
  grid resource
• authorization and privileges
• implements a registration workflow providing
  means for collaborators to register with a
  Virtual Organization (VO)
• supports management of multiple grid certificates
  per member
• permits VO-level control of member's privileges
• provides email notifications of selected events
• supports VO-level control over its trusted set of
  Certificate Authorities (CA)
• permits delegation of responsibilities within the
  various VO administrators
• manages groups and group roles
• is capable of interfacing to third-party systems
  and pulling or pushing relevant member
  information from/to them

3
Project Timeline

• Initiated on 1/24/03
• Identifying stakeholders
• Gathering requirements
• High level design
• Database and low level design
• First production release of VOX (v1.0.0) -
  3/1/2004
• VOMRS
• LRAS (now obsolete, replaced by GUMS)
• SAZ (now maintained by other group at Fermilab)
• Features added to VOMRS since the first release
• Implemented interface to third-party
  registration dbms (e.g. interface to CERN HR DB,
  SAMDB )
• Implemented Oracle support
• Implemented two phases of registration that
  include email verification
• Introduced VO and institutional membership
  expiration 
• Introduced VO-level management of CAs
• Implemented selection of groups and group roles
  by member and admin
• Added multipart messaging, improved message
  format
• Implemented customizable on-line help

4
Efforts

• March, 2003- June, 2005
• 1 1.5 FTE (T.Levshina, J. Weigand, Y. Wu, A.
  Heavey)
• June, 2005 September, 2005
• 0.80 FTE (T. Levshina, S.White)
• October, 2005
• 0.5 FTE (T. Levshina)

5
VOMRS Place in the GRID World
Grid Facility
VOMRS
register
CE
Globus Gatekeeper
SE
SRM
JobManager
membership/ privileges
get proxy
callouts
callouts
get uid, gid, rootpath
gPlazma
PRIMA
VOMS
Is authorized?
membership/ privileges
Facility Authorization Management
get uid
GUMS
submit job
6
VOMRS Architecture
gLite VOMS DB
VOMRS Host
Client Host
SAM DB Host
VOMS Admin API
SAM ADMIN API
SOAPSSL Authentication
CLI
gLite Trust Manager
ORGDB Host
HTTPSSL Authentication
Service Broker
LCG ORGDB API
VOMRS Admin
Service
WEB CLIENT
VOMRS DB
7
(No Transcript)
8
Technology

• Java
• JavaScript
• Python
• XML
• HTML
• CSS
• Servlet
• WebSerivces
• Axis
• Tomcat
• RDBMS Oracle or MySQL
• Ant
• Packaging rpm and pacman

9
Some stats

• 290 Java classes 49,000 lines of Java code
• 15 JavaScripts 3,700 lines of code (not all
  ours)
• Python scripts for configuration 1,900 lines of
  code
• Building and packaging Ant build.xml 1,100 lines
  of code
• Database 28 tables
• Customizable on-line help file (1,000 lines)
• User Guide (2.8 MB) and Troubleshooting Guide
• Web site

10
Current Deployment

• Fermilab
• 14 instances that are synchronized with
  corresponding installation of VOMS (VDT 1.3.10).
  VOMRS and VOMS are running on the same node
• Total number of registered users gt 5,000
• CERN
• 4 instances are using LCG Registration Type and
  connect to CERN HR DB
• 5 instances are using General Registration Type
  
• All instances are synchronized with corresponding
  installation of VOMS (gLite 1.4). VOMRS and VOMS
  are running on the same node.
• Total number of registered users gt 2,000
• BNL
• 2 instances (all are synchronized with
  corresponding installation of VOMS).
• Test installations
• 2 instances in Texas Tech University are
  synchronized  with corresponding installation of
  VOMS (VDT 1.3.7)
• 2 instances in University of Melbourne