NOS Report

Jeff KoernerFeb 10 TG Roundtable

Security-wg

•In Q4 2010 a total of 11 user accounts and one login node were compromised.

•The Security team spent a significant amount of time responding to Linux vulnerabilities.– The height of which one vulnerability a week was

announced with some vendors not having patches ready.

•The annual TeraGrid assessment project was completed in Q4 2010.– This year’s effort focused on an assessment of the

TeraGrid User portal (TGUP) operations and technologies.

cont. Security-wg

– The TeraGrid user portal has become and increasingly important piece of the TeraGrid infrastructure•Username and password logins into the TGUP can be used to generate short term proxied credentials that can be used for access to TeraGrid resources at the RPs.

•The assessment found that TGUP staff were well aware of and taking measures to prevent common web-based application vulnerabilities. –The team has defined and documented issues of properly handling and proxying user credentials while accessing the portal.

•However the Security-wg felt additional requirements were warranted for third party (i.e. no TeraGrid RP) hosted systems.

OAuth update

•OAuth (Open Authorization protocol)– This improvement will enable external non-TG

web browser based services (third party), such as Globus Online (GO) and other Gateways, to authenticate TG users without having physical access to their TG username and password.

•Project Plan is currently being defined.– Once the plane is finalized developer resources

will be allocated.– Optimistic estimate at this point we hope to have

something to deliver to the TGUP team in June.– The Portal team then would incorporate the

solution into the portal.

CUE-wg Update

•The CUE working group continues to work toward releasing the CUE to the Teragrid User Community. – The CUE group wrapped up the beta testing

period– They are currently working with TG Public

Relations team to announce the development. – The CUE implements and procedures have been

finalized on all current TG architectures, and documentation has been created explaining its use. The group also continues to work on how to improve the commonality of queuing and testing throughout the TG.

INCA

– The Inca team continued to support and maintain the Inca deployment on TeraGrid •Four existing TeraGrid reporters were modified and one new reporter was created and deployed in Q4 2010

•At the end of Q4 2010 2,976 pieces of test data are being collected across TeraGrid platforms.  

•NCSA’s Ember was added to the Inca testing.•NCSA’s Cobalt was removed from Inca testing. •TACC's Lonestar was removed from testing in Q4 but was re-added Feb 1st after it’s upgrade.

•The team updated Inca deployment to the 2.6 release.–The two most relevant features of this release are:

»Data mirroring capabilities»Historical graphing abilities for performance data. This will

facilitate the IS team to see response times of their monitored services.

System Performance Metrics

•Slight dip in delivered NUs for Q4 over Q3– However, up over same period in 2010 by 1.7x

Cont. System Performance Metrics

•873 different projects charged usage on TeraGrid– Down just slightly from 882 in Q3 2010– The top 20 PIs consumed 51% of the NUs used and

the remaining 853 projects consumed the other 49%.

•Top 9 Disciplines with more than 2% of NUs:•Physics•Molecular Bioscience•Astronomical Sciences•Atmospheric Sciences•Chemical, Thermal Systems•Material Research•Chemistry•Advanced Scientific Computing•Biological and Critical Systems