science gateways objectives aka nancy’s brave new gateway world quarterly meeting, december 6-7,...
TRANSCRIPT
Science Gateways Objectives aka Nancy’s Brave New Gateway World
Quarterly Meeting, December 6-7, 2007
Gateway Objectives for PY4 and 5
•TeraGrid integration will be straightforward for new and existing gateway developers
•There will be a set of easy to discover general services provided by and for Gateways
•The targeted support program will be well-organized
•We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users
•There will be a funded cross-directorate gateway program at the NSF
Quarterly Meeting, December 6-7, 2007
TeraGrid integration will be straightforward for new and existing gateway developers
•Clear documentation, including step by step integration instructions for gateways– These instructions will include all gateway
requirements.
•Deployment of build your own gateway capability
•Tools necessary for tasks like accounting and authentication
Quarterly Meeting, December 6-7, 2007
There will be a set of easy to discover general services provided by and for Gateways
•There will be a published list of general web services for Gateways
•Gateways will be able to easily make their own services available to others
Quarterly Meeting, December 6-7, 2007
The targeted support program will be well-organized
•The request process will be clear– PIs will understand the status of their requests,
•It will be clear to staff members what they are working on and when– We’ll be able to more easily transition amongst
projects
•Lessons learned will be included in general gateway documentation/case studies
•We will work with at least 10 new projects in PYs 4 and 5
•We will seek out projects benefiting underrepresented groups
Quarterly Meeting, December 6-7, 2007
We will be able to routinely count end gateway users, who will total 25% of total
TeraGrid users•A unique identifier for each end gateway user per community account must exist in TGCDB
•Gateways will need to transmit and TGCDB will need to receive this additional identifier through any job submission mechanism
•Attribute-based authentication in production and easy to use
Quarterly Meeting, December 6-7, 2007
There will be a funded cross-directorate gateway program at the NSF
•Recognizes the importance of gateways as infrastructure necessary to tackle the most compelling science problems
•Funds them in a sustainable, metrics-driven way
Quarterly Meeting, December 6-7, 2007
Gateway Security Summit MeetingProposed in San Diego for Jan/Feb
•The goal is to define once and for all– How gateways will use community accounts
•Shell access for developers?
– How sites will secure these accounts•Will developers need to make help desk requests for any writes to community account directory?
•The goal is not to have all sites to agree on how accounts will be secured– But we do need to define how all sites will secure
these accounts and advertise this to users– Many examples of the process breaking today
Quarterly Meeting, December 6-7, 2007
Recent Example of Problem to SolveNational Biomedical Computation Resource
Sent: Wednesday, October 31, 2007 5:57 PM
I did some login and GSI authentication test for the "nbcruser" on Teragrid. Some sites don't work, can you help me to figure this out?
First, I can get the proxy from myproxy.teragrid.org.
SDSC: Everything works.
NCSA: At the early of this month, I could login NCSA clusters from laptop and NBCR machines, and GSI authentication was also successfully. For now, I can not login NCSA with the passwd, authentication also failed, but I still can login NCSA from SDSC teragrid machine, and the authentication from SDSC to NCSA is successful. PSC: Login and authentication never work.
Purdur Univ: The passwd of "nbcruser" isn't provided on the paper, and GSI authentication failed.
TACC: I can login to the cluster, but the provided username is "tg459196", not the uniform "nbcruser"
Quarterly Meeting, December 6-7, 2007
Why a Face to Face Meeting?
•Considerable shuttle diplomacy between security-wg and gateways via Jim Marsteller and I
•The time has come for a face to face meeting to move this forward
•Critical Issues– Carefully define usage models– Carefully assess risk– Thoughtfully restrict accounts on par with risks
•Do not want a major gateway security incident•Severe restrictions may have a significant impact on the gateway program
•Gateways reduce the impact of thousands of end user laptops, but may increase other risks
Quarterly Meeting, December 6-7, 2007
TeraGrid is a service organizationMust keep in mind what we ask of users
•Write allocation proposal– Follow our instructions, meet our timelines– Justification, paper listings, renewals each year
•Once successful PIs must– List gateway on public page
•URL and description
– Request a community account•Script locations, anticipated run sizes, anticipated data needs
– Request developer accounts– Possibly request community software area (CSA)– Need to make sure community account group
membership does not intersect with CSA group membership
Quarterly Meeting, December 6-7, 2007
Now PI and developers are set up, what next?
•Integration into their own fully developed gateway– GRAM job submissions– Gridftp
•Identify striped and non-striped servers
– Accounting•GRAM audit•Report to us quarterly on number of end users using gateways•Future attributed-based authentication requirements
– Credential management– May not be able to directly access files in community
account
•We need to make sure the TeraGrid experience is worth this level of effort!
Quarterly Meeting, December 6-7, 2007