service oriented grid architecture hui li
TRANSCRIPT
Service Oriented Grid Architecture
Hui LiICT in Business Colloquium, LIACS
Mar 1st, 2006
Note: Part of this presentation is based on Dr. Ian Foster’s talks
(http://www-fp.mcs.anl.gov/~foster/talks.htm)
Outline
• Service Oriented Architecture (SOA)• Stateful Grid Services - WSRF• Grid Dynamics
– Security– Resource Management
• System Level ScienceScience• BusinessBusiness on Demand, Adaptive Enterprises• Discussions, Assignments
Service Oriented Architecture
• A service-oriented architecture is essentially a collection of services. These services communicate with each other. The communication can involve either simple data passing or it could involve two or more services coordinating some activity. Some means of connecting services to each other is needed.
• Distributed Computing Technology: DCOM, CORBA • Web Services (SOAP, UDDI, WSDL, XML, XACML, etc)
An Enterprise View
Grid and SOA – A Brief History
• `95-`02: I-Way, Globus, NASA IPG
• `02- : Globus 2 Toolkit, EDG (EGEE, LCG), Grid3/OSG, Scientific Communities
• `03- : Globus 3, OGSA, Web Services, Industry Sponsors, GGF
• `04- : Globus 4, WSRF, Grid Services, Virtual Organizations, Communities, Social Dynamics, GGF
Reality -> Vision
• Heterogeneity -> Virtualization
• Diversity -> Standards
• Isolated -> Interoperable
• Tightly-coupled -> Loosely-coupled
• Manual -> Automated
• … …
Toolkit based? Service Oriented!
Why Grid?
• Leveraging existing web services standards and fabric
• WSRF – building stateful Grid services• Other standards contributions• Grid services for distributed resource
sharing– Resource Management, Security,
Information Services, Data Management, Programming Environments, etc
WSRF – Stateful Services
• Standard Web Services are stateless
• Without state, how does client:– Determine what happened (success/failure)?– Find out how many files completed?– Receive updates when interesting events arise?– Terminate a request?
Client
FileTransferService
move (A to B)move
WSRF in a Nutshell• Service• State representation
– Resource– Resource Property
• State identification– Endpoint Reference
• State Interfaces– GetRP, QueryRPs,
GetMultipleRPs, SetRP• Lifetime Interfaces
– SetTerminationTime– ImmediateDestruction
• Notification Interfaces– Subscribe– Notify
• ServiceGroups
RPs
Resource
ServiceGetRP
GetMultRPs
SetRP
QueryRPs
Subscribe
SetTermTime
Destroy
EPREPR
EPR
Retro…
• Service Oriented Architecture
• Grid adopts SOA
• Grid uses Web Services as a platform
• Stateful Grid Services– http://gdp.globus.org/gt4-tutorial/
What the Grid looks like in 5 years?• Panel discussion in Grid’05, Seattle, WA
• Fran Berman (SDSC): Data -> Social DynamicsFran Berman (SDSC): Data -> Social Dynamics
Grid Dynamics
• Grid = dynamic behaviors & environments– Dynamic communities (VOs) & activities– Decoupling of service consumption from service
production– Dynamic provisioning of services
• Tools to realize dynamic scenarios– Uniform state representation & access– Flexible security & policy framework– Virtual machines, dynamic services, & other
building blocks
A Two-Dimensional Problem
• Decompose across network• Clients integrate dynamically
– Select & compose services– Select “best of breed” providers– Publish result as new services
• Decouple resource & service providers
Function
Resource
Data Archives
Analysis tools
Discovery toolsUsers
Fig: S. G. Djorgovski
Provisioning
Service-Oriented Systems:The Role of Grid Infrastructure
• Service-oriented Gridinfrastructure– Provision physical
resources to support application workloads
ApplnService
ApplnService
Users
Workflows
Composition
Invocation
• Service-oriented applications– Wrap applications as
services– Compose applications
into workflows
“The Many Faces of IT as Service”, ACM Queue, Foster, Tuecke, 2005
Forming & Operating Communities• Define membership & roles; enforce
laws & community standards– I.e., policy for service-oriented architecture– Addressing dynamic membership & policy
• Build, buy, operate, & share infrastructure– Decouple consumer & provider– For data, programs, services, computing,
storage, instruments– Address dynamics of community demand
Defining Community: Membership and Laws
• Identify VO participants and roles– For people and services
• Specify and control actions of members– Empower members delegation– Enforce restrictions federate policy
A
1 2
B
1 2
A B
1
10
1
10
1
16
Access granted by community
to user
Site admission-
control policies
EffectiveAccess
Policy of site to
community
Evolution of Grid Security & Policy
• 1) Grid security infrastructure– Public key authentication & delegation– Access control lists (“gridmap” files)– Limited set of policies can be expressed
• 2) Utilities to simplify operational use, e.g.– MyProxy: online credential repository– VOMS, ACL/gridmap management– Broader set of policies, but still ad-hoc
• 3) General, standards-based framework for authorization & attribute management
Security Services for VO Policy
• Attribute Authority (ATA)– Issue signed attribute assertions
(incl. identity, delegation & mapping)• Authorization Authority (AZA)
– Decisions based on assertions & policy
VO AService
VOATA
VOAZA
MappingATA
VO BService
VOUser A
Delegation AssertionUser B can use Service A
VO-A Attr VO-B Attr
VOUser B
Resource AdminAttribute
VO MemberAttribute
VO Member Attribute
Trust in VOs• Do I “believe” an attribute assertion?
– Used to evaluate cost vs. benefit of performing an operation
– E.g., perform untrusted operation with extra auditing
• Look at attributes of assertion signer• Rooting trust
– Externally recognized source, e.g., CA– Dynamically via VO structure delegation– Dynamically via alternative sources, e.g., reputation
Retro…
• Dynamic communities
• Users and Virtual Organizations
• Security (Authentication, Authorization)
• Trust, CA, Federation
• http://www.globus.org/toolkit/security/
Build, buy, operate, & share infrastructure
Community
Services Provider
Content
Services
Capacity
• 1) Integrate services from other sources– Virtualize external services as VO services
• 2) Coordinate & compose– Create new services from existing ones
Capacity Provider
“Service-Oriented Science”, Foster, 2005
VOUser
Embedded Resource Management:E.g., EGEE & OSG
ClusterResourceManager
GRAM
ClusterResourceManager
GRAM
• VO admin delegates credentials to be used by downstream VO services.• VO admin starts the required services.• VO jobs comes in directly from the upstream VO Users• VO job gets forwarded to the appropriate resource using the VO credentials• Computational job started for VO
Client-side
VO Scheduler Other Services
VO Admin
. . .
Monitoring and control
HeadnodeResourceManager
GRAM
Deleg Deleg
Deleg
VOUser
VO Job
VO Job
System-Level Science
Problems too large &/or complex to tackle alone …
Business on Demand
• The Big Blue’s Vision for next generation computing– Power architecture, Cell processor– Carbon Nanotubes– Services, Utilities, and Grids
Case Study: IBM WS On-Demand
Oceano (1)
Oceano (2)
Retro…
• Virtualization
• Decomposition
• Integration
• SLA
Assignments
• Programming Java Web Services
• Writing a Report in the following topics:– Resource Management– Security– Information Services– Data Management– OGSA and Web Services
Discussions
• Questions?
• More info @– http://www.liacs.nl/~hli/courses/grid2005/lucgrid-resources.htm