Xtremweb-HEP : A best effort virtualization middleware

Documents pareils

XtremWeb-HEP Interconnecting jobs over DG. Virtualization over DG. Oleg Lodygensky Laboratoire de l Accélérateur Linéaire

Quick Start Guide This guide is intended to get you started with Rational ClearCase or Rational ClearCase MultiSite.

Vanilla : Virtual Box

Paxton. ins Net2 desktop reader USB

DOCUMENTATION - FRANCAIS... 2

Supervision et infrastructure - Accès aux applications JAVA. Document FAQ. Page: 1 / 9 Dernière mise à jour: 15/04/12 16:14

TABLE DES MATIERES A OBJET PROCEDURE DE CONNEXION

Installation de VirtualPOPC-1 sur Ubuntu Server LTS 64bits

Un exemple de cloud au LUPM : Stratuslab

SERVEUR DÉDIÉ DOCUMENTATION

Contents Windows

DOCUMENTATION - FRANCAIS... 2

StratusLab : Le projet et sa distribution cloud

LES APPROCHES CONCRÈTES POUR LE DÉPLOIEMENT D INFRASTRUCTURES CLOUD AVEC HDS & VMWARE

WEB page builder and server for SCADA applications usable from a WEB navigator

Editing and managing Systems engineering processes at Snecma

Le Cloud: Mythe ou Réalité?

WiFi Security Camera Quick Start Guide. Guide de départ rapide Caméra de surveillance Wi-Fi (P5)

Architecture de la grille

L accès aux Clouds (Académiques)

VTP. LAN Switching and Wireless Chapitre 4

Instructions Mozilla Thunderbird Page 1

Cloud Computing. Introduction. ! Explosion du nombre et du volume de données

Comprendre l impact de l utilisation des réseaux sociaux en entreprise SYNTHESE DES RESULTATS : EUROPE ET FRANCE

APPENDIX 2. Provisions to be included in the contract between the Provider and the. Holder

Mon Service Public - Case study and Mapping to SAML/Liberty specifications. Gaël Gourmelen - France Telecom 23/04/2007

Fiche Produit TSSO Extension Mobility Single Sign-On

HSCS 6.4 : mieux appréhender la gestion du stockage en environnement VMware et service de fichiers HNAS Laurent Bartoletti Product Marketing Manager

Développement logiciel pour le Cloud (TLC)

Application Form/ Formulaire de demande

Plan. Department of Informatics

HAUTE DISPONIBILITÉ DE MACHINE VIRTUELLE AVEC HYPER-V 2012 R2 PARTIE CONFIGURATION OPENVPN SUR PFSENSE

DOCUMENTATION MODULE BLOCKCATEGORIESCUSTOM Module crée par Prestacrea - Version : 2.0

Bitdefender GravityZone

VMware : De la Virtualisation. au Cloud Computing

EXALOGIC ELASTIC CLOUD MANAGEMENT

ETABLISSEMENT D ENSEIGNEMENT OU ORGANISME DE FORMATION / UNIVERSITY OR COLLEGE:

Practice Direction. Class Proceedings

SHAREPOINT PORTAL SERVER 2013

GESTION DU CYCLE DE VIE. Albert Amar Avant-vente Middleware

Forthcoming Database

PLM 2.0 : Mise à niveau et introduction à l'offre version 6 de Dassault systèmes

Sécurité des systèmes d exploitation

THE EVOLUTION OF CONTENT CONSUMPTION ON MOBILE AND TABLETS

English version Legal notice

Acronymes et abréviations. Acronymes / Abbréviations. Signification

English Q&A #1 Braille Services Requirement PPTC Q1. Would you like our proposal to be shipped or do you prefer an electronic submission?

1. Formation F5 - Local Traffic Manager Configuring (LTM)

Tier 1 / Tier 2 relations: Are the roles changing?

vcloud Director Comment créer et gérer son «Cloud» Jean-Claude DAUNOIS Senior Systems Engineer VMware

Infrastructure technique de géodonnées. Technische Geodateninfrastruktur. Cédric Moullet Forum e-geo.ch, 15. November 2013

AVOB sélectionné par Ovum

Les techniques de la télémaintenance

Language requirement: Bilingual non-mandatory - Level 222/222. Chosen candidate will be required to undertake second language training.

WORKSHOP OBIEE 11g (version ) PRE-REQUIS:

RULE 5 - SERVICE OF DOCUMENTS RÈGLE 5 SIGNIFICATION DE DOCUMENTS. Rule 5 / Règle 5

calls.paris-neuroscience.fr Tutoriel pour Candidatures en ligne *** Online Applications Tutorial

Cedric Dumoulin (C) The Java EE 7 Tutorial

How to Login to Career Page

Instructions pour mettre à jour un HFFv2 v1.x.yy v2.0.00

Once the installation is complete, you can delete the temporary Zip files..

affichage en français Nom de l'employeur *: Lions Village of Greater Edmonton Society

3615 SELFIE. HOW-TO / GUIDE D'UTILISATION

VMware ESX : Installation. Hervé Chaudret RSI - Délégation Centre Poitou-Charentes

Notice Technique / Technical Manual

Surveillance de Scripts LUA et de réception d EVENT. avec LoriotPro Extended & Broadcast Edition

Prérequis réseau constructeurs

Containers : Outils magiques pour les Devops? OpenNebula et son écosystème pour une infrastructure cloud agile

CONVENTION DE STAGE TYPE STANDART TRAINING CONTRACT

F1 Security Requirement Check List (SRCL)

Middleware et services de la grille

BONJOURGRID : VERSION ORIENTÉE DONNÉE & MAPREDUCE SÉCURISÉ

Vers une meilleure gouvernance des plateformes d ingénierie

Une solution de stockage VDI unifiée, flexible et disponible pour vos utilisateurs

AIDE FINANCIÈRE POUR ATHLÈTES FINANCIAL ASSISTANCE FOR ATHLETES

SCHOLARSHIP ANSTO FRENCH EMBASSY (SAFE) PROGRAM APPLICATION FORM

Services à la recherche: Data Management et HPC *

Séminaire Partenaires Esri France 7-8 juin Paris Cloud Computing Stratégie Esri

Installation de Vmware serveur Windows

Table des matières. 1. Installation de VMware ESXI Pré-requis Installation... 3

DOCUMENTATION - FRANCAIS... 2

Improving the breakdown of the Central Credit Register data by category of enterprises

FOURNIR UN SERVICE DE BASE DE DONNÉES FLEXIBLE. Database as a Service (DBaaS)

Systèmes Répartis. Pr. Slimane Bah, ing. PhD. Ecole Mohammadia d Ingénieurs. G. Informatique. Semaine Slimane.bah@emi.ac.ma

PIB : Définition : mesure de l activité économique réalisée à l échelle d une nation sur une période donnée.

Acce s aux applications informatiques Supply Chain Fournisseurs

Serveur d impression CUPS

lundi 3 août 2009 Choose your language What is Document Connection for Mac? Communautés Numériques L informatique à la portée du Grand Public

LE FORMAT DES RAPPORTS DU PERSONNEL DES COMMISSIONS DE DISTRICT D AMENAGEMENT FORMAT OF DISTRICT PLANNING COMMISSION STAFF REPORTS

Group Projects B3 Architecture

Package Contents. System Requirements. Before You Begin

USB 598. Quick Start Guide (Windows) Guide de démarrage rapide (Windows) USB Modem. Modem USB.

CommandCenter Secure Gateway

NORME INTERNATIONALE INTERNATIONAL STANDARD. Dispositifs à semiconducteurs Dispositifs discrets. Semiconductor devices Discrete devices

Présentation par François Keller Fondateur et président de l Institut suisse de brainworking et M. Enga Luye, CEO Belair Biotech

DELL E6500 : Remplacement du disque dur d origine par un disque dur chiffrant

Contrôle d'accès Access control. Notice technique / Technical Manual

Archived Content. Contenu archivé

Transcription:

Xtremweb-HEP : A best effort virtualization middleware Oleg Lodygensky Laboratoire de l Accélérateur Linéaire

CERN Geneva High Energy Physic 9 km O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014

XtremWeb-HEP Introduction Security Virtualization Internode connection Applications Platform access Discussion O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 3

The XtremWeb-HEP Project Goals secured ressource broker grid interconnection virtualization p2p communications C/S M/W MapReduce Main features : certified server TSL communications authentication X509 cert OpenId authorisations access rights confinement virtualization p2p communications A secured best effort platform. Informations since 2006 600K E.U. funded 300K ANR funded Contacts xtremweb@lal.in2p3.fr http://www.xtremweb-hep.org O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 4

XtremWeb-HEP : a secured 3 tiers architecture Server certificate Services Administrator Sever public key Credentials scheduler data repository P2P comm Task mgt CLIENT WORKER Data mgt Local I/O User applications & data User task Sandbox Dynamically downloaded user applications and data User PC Scientist Other data servers Volunteer PC Citizen

XtremWeb-HEP Introduction Security authentication autorization access rights confinement Virtualization Internode connection Applications Platform access Discussion O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 6

Authentication: certificates Distributed parts connect using services public key and must present valid credentials Services Server certificate Serveur public key Credentials scheduler data repository Job Mgt Data Mgt client/worker client/worker client/worker O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 7

Athentication : OpenID Credentials may be certified by a third party https://developers.google.com/accounts/docs/openid O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 8

Authorization Credential is associated to a usage level. Administrator manage public applications manage jobs, datas etc. manage users and usergroups manage workers Group Administrator manage its group applications users jobs datas Standard user manage private applications manage its own jobs and datas Worker user This is used to deploy workers no action allowed user rights delegation can compute user job can update user job can upload user job results O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 9

Access rights Request completions depend on access rights. All objects (applications, datas, users, jobs, usergroups etc) are associated to access rights (AR) that allow/deny accesses (read, write, execute). Access rights define access types Access Types Default Access Rights Min Authz Private 700 Std user Group 750 Group admin Public 755 Admin O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 10

XtremWeb-HEP Introduction Security Virtualization contextualization security use cases Internode connection Applications Platform access Discussion O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 11

Virtualization Real Réel O. Lodygensky - Laboratoire de l Accélérateur Linéaire Virtuel XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 12

StratusLab proposes distributions with the IaaS paradigms. VM over Centralized and securized services store applications and data scheduler repository etc. Remote Execution Distributed ressource may declare the virtualbox application. Distributed User submit a virtualbox job with a virtual disk Distributed ressource (volunteer PC) download the virtual disk create and run a new VM inside its local VirtualBox O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 13

VM : Contextualization Following HEPiX Virtualization Working Group recommendation Contextualization is defined as the process by which a Virtual Machine instance is configured based on a master Virtual Machine Image. In general, contextualization consists in passing arbitrary data to the Virtual Machine at boot time worker contextualization VD if exists, mounted on /context if exists, /context/context.sh executed at the end of boot process /dev/hdd /dev/hda /dev/hdb bootable VD typically a live CD (350Mb) created on the fly by the worker (=> not downloaded) mounted on /scratch typically 8Gb this is a variable size file => upload size then depends on result size (max: 8Gb - hopefully less) User may require some ports (ssh, http...) O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 14

VM : Security All security paradigms apply authentication authorization access rights Virtual machines : recent OS including last known bugs and security corrections root access denied sudo usage disabled no access to LAN connection only using electronic keys O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 15

VM : Use Case HEP applications are linked to ROOT (http://root.cern.ch) DG resources don t have ROOT submitted jobs will not run Deploy a VM with ROOT and worker Submit such VM on the fly the native worker shares VirtualBox the native worker launches the VM the virtualized worker shares ROOT the virtualized worker run HEP jobs 9 O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 16

XtremWeb-HEP Introduction Security Virtualization Internode connection Applications Platform access Discussion O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 17

Internode Communications Interconnect jobs and applications over DG Server certificate Sever public key Credentials Connection Tunneled connection Centralized and securized services SSH public server Submit/ monitor Download job/ upload results client SSH tunnel SSH@localhost SSH reverse tunnel worker A communicating application untouched code reconfigured only User PC A communicating application untouched code/reconfigured only Volunteer PC Bypassing FireWalls and NAT O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 18

Internode Communications Interconnect jobs running on volunteer resources Centralized and securized services SmartSockets Hub Submit/ monitor Download job/ upload results client User PC worker launches (1) Register (2) Retrieve smartsockets proxy (1) Register (2) Retrieve (3) connect smartsockets proxy worker launches Volunteer PC Volunteer PC O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 19

XtremWeb-HEP Introduction Security Virtualization Internode connection Applications Platform access Discussion O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 20

Applications Porting Multiparametric MATLAB Application for Image and Video Processing to Desktop Grid for High-Performance Distributed Computing Yuri Gordienko, Institut de Physique du Metal - Kiev - Ukraine DART: A Framework for Distributed Audio Analysis and Music Information Retrieval Eddie Al-Shakarchi, Cardiff University - UK DNA Correlation Applications A. Abuseiris, Erasmus - NL High Energy Cosmic Rays O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 A. Cordier Crowd LAL Computing - France - Sept 2014 21

XtremWeb-HEP Introduction Security Virtualization Internode connection Applications Platform access Portal API Discussion O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 22

best effort deployment https://xwservpub.lal.in2p3.fr:4326 scheduler data repository WORKER WORKER User task Dynamically downloaded user applications and data User task Dynamically downloaded user applications and data Sandbox Sandbox Grid5000 Qarnot 23 O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014

Portal O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 24

API O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 25

Last month Site #hosts #CPU Grid5000 170 1148 Qarnot 73 584 O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 26

XtremWeb-HEP Introduction Security Virtualization Internode connection Applications Platform access Discussion O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 27

Discussion Under work OpenSAML / Shibboleth Map reduce http://www.xtremweb-hep.org O. Lodygensky - Laboratoire de l Accélérateur Linéaire XtremWeb-HEP 9.0.5 Crowd Computing - Sept 2014 28