E-Science Education Workshop, 1-2 Nov 2004

Teaching Grid Computing

Dr Richard SinnottTechnical Director National e-Science Centre

||| Deputy Director Technical Bioinformatics

Research Centre University of Glasgow

ros@dcs.gla.ac.uk

E-Science Education Workshop, 1-2 Nov 2004

Overview

Grid Computing module Student backgroundsSyllabusReview of DyVOSE project

Brief summary of technical approach

Plans for the future

E-Science Education Workshop, 1-2 Nov 2004

Grid Computing modulePart of advanced MSc at Glasgow

Started teaching on 30th SeptemberDue to complete on 2nd December

Involves 20 lectures, 10 tutorials, 3 problem sets, 1 large programming assignment

Taught by Richard Sinnott (NeSC, Course Director), Colin Perkins (DCS), John Watt (NeSC, DyVOSE researcher)1 lecture by Seamus Ross (DCC)1 lecture by David Fergusson (EGEE training team)

E-Science Education Workshop, 1-2 Nov 2004

Student Backgrounds

StudentsUG4MSci (UG5)Advanced MSc

First lecture had 50 students, now have 16 signed up for module

Various pre-requisites in taking moduleBased on Glasgow course structures

DAS, DBIT, AC4, …

Additional materials developed for students without necessary background

XML, XML Schema, WSDL, … Not planned for originally…

E-Science Education Workshop, 1-2 Nov 2004

Module OutlineWeek 1 Lecture 1 Introduction to Grid Computing Colin Perkins

Lecture 2 Scalability and Heterogeneity Colin Perkins

Week 2 Tutorial 1 Discussion of Seminal Grid Papers Colin Perkins

Lecture 3 Open Standards and Architectures Richard Sinnott

Lecture 4 Implementations of the Grid Architecture John Watt

Week 3 Lecture 5 Resource Discovery/Information Services John Watt

Lecture 6 Web Services Richard Sinnott

Lecture 7 Technologies for Building Grids David Fergusson

Week 4 Tutorial 2 Exploring Web Services Technologies with GT3 John Watt

Lecture 8 Grid Security Concepts Richard Sinnott

Lecture 9 Virtual Organizations Richard Sinnott

Week 5 Tutorial 3 Exploring Web Services Technologies with GT3 John Watt

Lecture 10 Security in Practice John Watt

Tutorial 4 Lab work and Discussion of Grid Security Richard Sinnott

Week 6 Lecture 11 Job Scheduling and Management - Practice Colin Perkins

Tutorial 5 Discussion of Job Scheduling Papers Colin Perkins

Lecture 12 Workflow Management John Watt

Taught today

E-Science Education Workshop, 1-2 Nov 2004

*National Digital Curation Centre

Module OutlineWeek 7 Lecture 13 Data Access, Integration and Management John Watt

Lecture 14 Data Provenance and Curation Seamus Ross*

Tutorial 6 Discussion of Data Management/Provenance Richard Sinnott

Week 8 Lecture 15 Data Transfer Colin Perkins

Lecture 16 Peer-to-Peer Communication Colin Perkins

Tutorial 7 Discussion of Networking Papers Colin Perkins

Week 9 Lecture 17 Tools for Collaboration Colin Perkins

Tutorial 8 Discussion on the Future of Grid Computing Richard Sinnott

Lecture 18 The Future of Grid Computing Richard Sinnott

Week 10 Lecture 19 Sample Applications Richard Sinnott

Lecture 20 Review of Major Concepts All

Tutorial 9 Q & A All

E-Science Education Workshop, 1-2 Nov 2004

TimetableWeek beginning… Monday 12:00-13:00 Thursday 14:00-15:00 Friday 09:00-10:00

27 September Lecture 1 Lecture 2

4 October Tutorial 1 Lecture 3 Lecture 4

11 October Lecture 5 Lecture 6 Lecture 7

18 October Tutorial 2 Lecture 8 Lecture 9

25 October Tutorial 3 Lecture 10 Tutorial 4

1 November Lecture 11 Tutorial 5 Lecture 12

8 November Lecture 13 Lecture 14 Tutorial 6

15 November Lecture 15 Lecture 16 Tutorial 7

22 November Lecture 17 Tutorial 8 Lecture 18

29 November Lecture 19 Lecture 20 Tutorial 9

E-Science Education Workshop, 1-2 Nov 2004

DyVOSE Project Participants

Dynamic Virtual Organisations in e-Science Education (DyVOSE) team

Principal Investigators Dr Richard Sinnott (NeSC Glasgow) Prof David Chadwick (Salford)

Developers Dr John Watt (NeSC Glasgow) Dr Sassa Otenko (Salford) Mr Tuan Anh Nguyen (Salford)

Other Key People Involved Dr David Berry (NeSC Edinburgh) Dr Sandy Shaw (EDINA)

E-Science Education Workshop, 1-2 Nov 2004

Dynamic Virtual Organisations for e-Science Education (DyVOSE) project

Two year project started 1st May 2004 funded by JISCExploring advanced authorisation infrastructures for security in context of education

University of Salford provide authorisation software (PERMIS) and security expertise

Applied in Grid Computing module part of advanced MSc at the University of Glasgow

– Will provide insight into rolling out authorisation infrastructures/Grid to the masses

– Exploration of current state of the art in authorisation infrastructures

– Second phase of work will involve NeSC Edinburgh/EDINA– Extensions to the existing PERMIS infrastructure to provide

dynamic delegation of authority and recognition of authority

DyVOSE Overview

E-Science Education Workshop, 1-2 Nov 2004

Phase 1Looking at applying existing PERMIS technology to establish static Privilege Management Infrastructure at GU

DyVOSE Workplan

ScotGrid

Authorisation decisions

Authorisation checks

PERMIS based authorisation

Education

VO policies

GU Condor pool

Other (known!) Grid resources

E-Science Education Workshop, 1-2 Nov 2004

Phase 1 DeliverablesD1.1 Design of Educational Case StudiesD1.2 Installation of Software Infrastructure for Static Delegation Based PMID1.3 Detailed Design for Dynamic Delegation and Recognition of Authority

Development of course material Major effort for first time…

DyVOSE Phase 1

E-Science Education Workshop, 1-2 Nov 2004

Current PERMIS based PMI approach

PERMIS allows toDefine roles for who can do what on what

Policy = { Role x Target x Action }– Can user X invoke service Y and access or change data Z?

» Policies created with PERMIS PolicyEditor (output is XML file)

E-Science Education Workshop, 1-2 Nov 2004

PERMIS based Authorisation

E-Science Education Workshop, 1-2 Nov 2004

PERMIS based Authorisation ...ctd

PERMIS Privilege Allocator then used to associate roles with specific users

Signed policies are stored as attribute certificates in LDAP server

Exploiting the GGF AuthZ specification Generic way to authorise access to Grid services using SAML

callouts– Based on GT3.3 – PERMIS

» Grid service (WSDD) has policy information associated with it» DN of clients, target and actions checked when attempts made

to invoke services BRIDGES and DyVOSE only projects exploiting this API right now

(Von Welch at AHM 2004)

E-Science Education Workshop, 1-2 Nov 2004

Explorations in Course

Students applying Policy Editor to develop security policy for use in their assignment

Sorting/searching “works of Shakespeare” … run on single PC, … using training lab Condor pool, … * as GT3.3/Condor service, … as GT3.3 service using GSI,

To see how authorisation at service level achieved – Service should be accessible by themselves and lecturing staff only

… using * for GT3.3-PERMIS authorised service To see how authorisation at method level achieved

– Students split into groups (Gp1, Gp2)» Sort method available to their group and lecturers only» Search method available to all

Performance aspects investigated throughout…

E-Science Education Workshop, 1-2 Nov 2004

Phase 2 D2.1 Report on Practical Experiences and Best Practices in Static

Delegation Based PMI D2.2 Software implementing Dynamic Delegation and Authority

Recognition in PERMIS

Phase 3 D3.1 User Manuals and Administrator Guides on Using and Setting

up and Managing Dynamic Delegation Infrastructures D3.2 Report on Practical Experiences in Using Dynamic Delegation

Infrastructures as Part of e-Science Education D 3.3 NMI release of PERMIS that supports dynamic Delegation and

Recognition of Authority

DyVOSE Phase 2 and 3

E-Science Education Workshop, 1-2 Nov 2004

DyVOSE Phase 2/3

ScotGrid

PERMIS based Authorisation

checks/decisions

Glasgow Education

VO policies

Condor pool

Edinburgh Education VO policies

Shibboleth

Blue Dwarf

Glasgow Edinburgh

Dynamically established VO resources/users

Delegated VO policies

E-Science Education Workshop, 1-2 Nov 2004

Majority of lecture materials completed

Infrastructure established in NeSC Glasgow training laboratory

Initial design of dynamic PMI complete

Input to wider UK security requirements document(Being drafted by Howard Chivers)

Work Progress

E-Science Education Workshop, 1-2 Nov 2004

Long time wrestling with GT3.3-PERMIS integrationSome delays due to version issues with GT3.3

Also required some debugging of GT3.3 (commenting out code)

Continued feedback on PERMIS tools Policy editor refinements

– Numerous discussions/meetings with Salford team on sorting out PERMIS-GT3.3 issues

Certificate dependencies in using PERMIS Expects certificates created using openSSL

Work Progress …ctd

E-Science Education Workshop, 1-2 Nov 2004

Work Progress …ctd

Web site establishedhttp://www.nesc.ac.uk/hub/projects/dyvose

DisseminationPoster at JISC meeting in BrightonPoster at AHM 2004 in NottinghamPaper in preparation to European Grid Conference, Amsterdam

Course materials to be made available to those interested

Some already provided to EGEE training team

E-Science Education Workshop, 1-2 Nov 2004

Future plans

Feed experiences into wider Grid community (ETF AAA work)Continued input to wider security requirements/scenario documents (and to STF?)

Applying experiences in other projects (VOTES, BRIDGES)

Conduit for information from JISC Core Middleware projects and wider UK e-Science activities

It would be nice to think that the majority of the lecture materials had a life of over 1 year

Tried to achieve in course design not focused on Grid technologies explicitly, more on underlying

principles/challenges

Inevitable that refinements needed though… Community needs to address this

E-Science Education Workshop, 1-2 Nov 2004

Questions?