Sep 2 – 9, 2007
Victoria, Canada
Europe/Zurich timezone
Please book accomodation as soon as possible.

glExec - gluing grid computing jobs to the Unix world

Sep 6, 2007, 2:20 PM
20m
Carson Hall C (Victoria, Canada)

Carson Hall C

Victoria, Canada

oral presentation Grid middleware and tools Grid middleware and tools

Speaker

Dr David Groep (NIKHEF)

Description

The majority of compute resources in today’s scientific grids are based on Unix and Unix-like operating systems. In this world, user and user-group management is based around the well-known and trusted concepts of ‘user IDs’ and ‘group IDs’ that are local to the resource; in contrast, the grid concepts of user and group management are centered around globally assigned user identities and VO membership and structures that are entirely independently of the resource where the actual work is done. To this end gatekeepers have been deployed traditionally at the fabric boundary to translate grid identities to Unix user IDs – usually in the form of ‘map files’ that translate (many) grid identity names to (many or a few) Unix user IDs. New job submission frameworks, such as the (java-based) execution web services and the introduction of late binding of the user jobs in a grid-wide overlay network of ‘pilot’ jobs, push the fabric boundary ever further into the resource. This necessitates the introduction glExec, a secure and light-weight (and thereby auditable) credential mapping system, that can be run both on fabric boundary, as part of an execution web service, and on the worker node in a late-binding scenario. In this contribution we describe the rationale for glExec, how it interacts with the site authorization and credential mapping frameworks such as LCAS, LCMAPS and GUMS, and how it can be used to improve site control and traceability in a pilot-job system.

Primary author

Dr David Groep (NIKHEF)

Co-authors

Mr Gerben Venekamp (NIKHEF) Mr Oscar Koeroo (NIKHEF)

Presentation materials