Catania Science Gateway
Framework
Motivations, architecture, features
Catania, 10/03/2014Riccardo Rotondo
riccardo.rotondo...
Catania Science Gateway Framerwork
2
 Authentication & Authorisation
 Job Management
 e-Infrastructure Service & Data S...
3
AuthN/AuthZ Schema
4
e-Infrastructures
Federation
2. Forwarded
to the IdP
Retrieve e-Infrastructure
credentialsScience Gat...
Federated User
5
Science
Gateway
Social User
6
Science
Gateway
Roles & Privileges
 Surfing a Science Gateway changes according different
roles
 Mapping between Liferay roles and LDAP ...
Liferay user database
 Liferay supports several system to store users data, both
local and remote
 Supporting the larges...
Authentication
 Authentication is demanded on external IDP
 Communication between Liferay and the IDP happens
thanks to ...
Authorisation
 Authorisation is demanded to the LDAP server
 Liferay, through a plugin implemented, request to
Shibbolet...
Registration
 In the act of registration user data must be written on
the LDAP connected to Liferay
 A portlet has been ...
12
Integrated Services
GRIDCLOUD
JSR 168/268
JSR 168/268
JSR 168/268
JSR 168/268
Catania Science Gateway Framework
Local Clus...
Job Engine at
work
October 8th, 2013Riccardo Rotondo14
1. Sign in
eTokenServer
User
Track-
ing DB
5. e-Infra
Interactions
...
Job Engine - Architecture
WT
Worker Threads for Job Submission
WT
Worker Threads for
Job Check Status
USERS
TRACKING
DB
MO...
Glassfish Integration
 Access to database is not direct but make use of Glassfish
connection pools and hibernate
 JNDI r...
17
Science Gateway paradigm
 Efforts to grant easy yet secure access to remote
services and related resources brought to the...
Motivations
Um… isn’t your
computer on fire
?
It’s ok, my files
are stored in a
safer place.
Image source: 1919
Grid Data Management Challenges
 Make interfaces simple for non expert users
 CLI-based Grid storage interface is not st...
Requirements
 Storage complexity hidden to end users
 Users move files from/to a portal and see it as simple
external st...
Implementations
 Virtual File System requires a database to map users,
virtual resource and real resource
 Object-relati...
References
 Catania Science Gateways url: http://www.catania-
science-gateways.it
 Catania Science Gateway Sourceforge P...
24
My Cloud (cloud interoperability based on OCCI
Standard
25
Questions ?
26
Upcoming SlideShare
Loading in …5
×

Catania Science Gateway Framework

195 views
151 views

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
195
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Catania Science Gateway Framework

  1. 1. Catania Science Gateway Framework Motivations, architecture, features Catania, 10/03/2014Riccardo Rotondo riccardo.rotondo@ct.infn.it
  2. 2. Catania Science Gateway Framerwork 2  Authentication & Authorisation  Job Management  e-Infrastructure Service & Data Service  Cloud
  3. 3. 3
  4. 4. AuthN/AuthZ Schema 4 e-Infrastructures Federation 2. Forwarded to the IdP Retrieve e-Infrastructure credentialsScience Gateway VAMP Workshop 2013 – Helsinki, 30/9-1/10/2013
  5. 5. Federated User 5 Science Gateway
  6. 6. Social User 6 Science Gateway
  7. 7. Roles & Privileges  Surfing a Science Gateway changes according different roles  Mapping between Liferay roles and LDAP group  Similar mapping available on grid (i.e. voms roles)  Liferay allows administrator to fully customize users experience assigning different roles to each components (pages, wikis, plugins, data) 7
  8. 8. Liferay user database  Liferay supports several system to store users data, both local and remote  Supporting the largest number of users in the easiest way  A modular way to distinguish between different services and privileges is need  Science Gateways stores users on an LDAP server 8
  9. 9. Authentication  Authentication is demanded on external IDP  Communication between Liferay and the IDP happens thanks to Shibboleth  Shibboleth plugin, installed on Liferay, is responsible to read the token coming from the IDP and to pass it to Liferay 9
  10. 10. Authorisation  Authorisation is demanded to the LDAP server  Liferay, through a plugin implemented, request to Shibboleth the mail address(es) an try a match with the ones stored (local, remote) 10
  11. 11. Registration  In the act of registration user data must be written on the LDAP connected to Liferay  A portlet has been developed to perform this actions 11
  12. 12. 12
  13. 13. Integrated Services GRIDCLOUD JSR 168/268 JSR 168/268 JSR 168/268 JSR 168/268 Catania Science Gateway Framework Local Cluster 13
  14. 14. Job Engine at work October 8th, 2013Riccardo Rotondo14 1. Sign in eTokenServer User Track- ing DB 5. e-Infra Interactions 5. Tracking 2. Grid Request 6. Getting Results * or equivalent e-Infra auth
  15. 15. Job Engine - Architecture WT Worker Threads for Job Submission WT Worker Threads for Job Check Status USERS TRACKING DB MONITORING MODULE Resources Jobs Queue WT WT WT WT WT WT WT WT Jobs Submission Jobs Check status/ Get output 15
  16. 16. Glassfish Integration  Access to database is not direct but make use of Glassfish connection pools and hibernate  JNDI resource are used as well in order to offer some functionalities working behind the scene of job submission:  Thread pool responsible for job submission  Thread pool responsible for job status updates  Thread pool responsible for retrieving job output 16
  17. 17. 17
  18. 18. Science Gateway paradigm  Efforts to grant easy yet secure access to remote services and related resources brought to the birth of Science Gateways  Virtual Research Communities access remote resources in a collaboration environment that hides the underlying complexity  SGs help many users to better use the enormous grid computational power  Is large grid&cloud data storage accessible as well in such an easy way? 18
  19. 19. Motivations Um… isn’t your computer on fire ? It’s ok, my files are stored in a safer place. Image source: 1919
  20. 20. Grid Data Management Challenges  Make interfaces simple for non expert users  CLI-based Grid storage interface is not straightforward  Transactions to different e-Infrastructures require different authentication method  Should this transaction involve the Science Gateway directly?  Complexity of current protocols to manage different storage elements  Offer an easy intuitive interface to the end users 20
  21. 21. Requirements  Storage complexity hidden to end users  Users move files from/to a portal and see it as simple external storage accessible from a web interface and do not care about grid (or any other) technologies behind  File management smoothly integrated with all the services provided in the SG  Underlining architecture exposes a file-system-like view (i.e., aVirtual File System orVFS) through which users can perform the following actions:  Create, move, delete files/directories with the desired structure  Share files with other users  Set the number of backup copies desired 21
  22. 22. Implementations  Virtual File System requires a database to map users, virtual resource and real resource  Object-relation mapping approach  Liferay Service Builder  Database tables are not used only to keep trace of resource (file) but to define referring e-Infrastructures too  Planning to support up to 4 different e-Infrastructures: local, remote, grid, cloud 22
  23. 23. References  Catania Science Gateways url: http://www.catania- science-gateways.it  Catania Science Gateway Sourceforge Project: http://sourceforge.net/projects/ctsciencegtwys/  Gilda Portal (for developers): http://gilda.ct.infn.it/ 23
  24. 24. 24
  25. 25. My Cloud (cloud interoperability based on OCCI Standard 25
  26. 26. Questions ? 26

×