Interoperability Task in EUChinaGrid
Project
Giuseppe Andronico
INFN Sez. Di Catania
OGF 20 - GIN
Manchester, 08.05.2007
FP6−2004−Infrastructures−6-SSA-026634
Agenda
 Overview of our work in interoperability
 Gateway-based interoperability used in the project




Role of Gateway
Gateway design principles
Core components of gateway
Batch job level interoperability process
 submit batch job from GOS to GLite
 submit batch job from GLite to GOS
 How to deal with Data transfer
 Manner to implement data transfer in EUChinaGRID project
 Security issues
 What to do next

2/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Overview of our work in interoperability
 Up to now our work mainly covers the following three aspects:
 Design flexible gateway and want to propose generic design for
similar scenarios
 Use SEDA model as task process tool
 Use IoC model as configuration and assembly tool
 Extend CNGrid GOS JobManager Framework
 Extend GLite LCG-CE JobManager Framework
 What we have achieved?
 Finished and deployed our first implementation in testbeds we set up
in IHEP (CAS) and in Catania (INFN)
 Up to now these two testbeds have ran stably for nearly three months
 Process more than 1,500 batch jobs in total [ including both GOS to GLite and
GLite to GOS]
 Passed the first EU project review which was held in February 27th in
Madrid

3/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Agenda
 Overview of our work
 Gateway-based interoperability used in the project





Role of Gateway
Gateway design principles
Core components of gateway
Testbed
Batch job level interoperability process
 submit batch job from GOS to GLite
 submit batch job from GLite to GOS
 How to deal with Data transfer
 Manner to implement data transfer in EUChinaGrid project
 Security issues
 What to do next in EUChinaGrid project

4/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Role of Gateway
 Gateway is just a logical component, it can be
handled as a “facade” of underlying grid
infrastructure:
 Interface conversion
 Function mapping etc
 Gateway should support the following features:





5/20
Transparent to end users of different grid infrastructures
Easy to extend
Support massive concurrency and high throughput
Support standalone deployment or integrated underlying
grid middleware etc
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Gateway design principle
 Gateway design depends heavily on SEDA model and IoC model
 The reasons to choose SEDA model and IoC model:
 SEDA model
 SEDA is short for Staged Event Driven Architecture
 Firstly proposed by Matt Welsh, David Culler, and Eric Brewer, from
University of California, Berkeley in their paper SEDA: An Architecture for
Well-Conditioned, Scalable Internet Services


Support massive concurrency, high throughput
Simplify the construction of well-conditioned Internet services
 In our design, we firstly divide the whole process into several independent
basic stages and then compose basic stages into different pipelines for
different purpose such as gLite-to-GOS batch job forwarding and so on
 IoC model
 IoC is short for Inversion of Control


Provide loose couple among different modules and easy to reuse basic
modules
Assemble new module easily and quickly
 In our design, HiveMind 1.1 is used as IoC container which is released
under LGPL license [It means we can use it freely in our project]

6/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Core components of Gateway
 Core components of gateway including:
 Pipelines constructed for different purposes
 Consists of different basic processing stages
 Used for different purposes such as forwarding batch job from GOS to
gLite and vice versa
 Scheduler
 Executes processing stages at fixed rate
 One to one mapping between Pipeline and scheduler
 Thread pool
 Improves performance
 One to one mapping between Thread pool and scheduler
 Different processing stages in same pipeline usually in charge of
different concrete functions such as StageIn, StageOut and so on
 Detailed description of gateway can be found in the next slide

7/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Detailed description of gateway components
Extended GOS
forward batch
job to gateway
Thread Pool
scheduler
batch job
batch job
WMProxy
GOS
batch job
Pipeline for GOS to GLite
Pipeline for GLite to GOS
Thread Pool
Scheduler execute stage
in pipeline using idle
thread from thread pool
8/20
batch job
Extended LCG-CE
Extended forward batch job
LCG-CE to gateway
GOS

idle threads pool
used in schedule
scheduler
1 Different colors in pipeline are for
different stages which are in charge of
concrete functions such as data stageIn,
data stageOut and so on
2 Different pipelines have different thread
pool and scheduler
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Batch job level interoperability process
 To implement batch job level interoperability, we did
the following work:
 Extended JobManager in both gLite and GOS
 Extended gLite LCG-CE JobManager Framework


LCG-CE JobManager Framework has couple relationship
with resource schedule mechanism of gLite
Relatively difficult, cost a lot of time
 Provided Broker plugin for GOS JobManager framework
 Sandbox mode data transfer
 A fast approach for cross-domain security scenario
 A detailed introduction will be found in the next two
slides

9/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Testbed in Catania, INFN
RSL
Portal or WS-Client
WN
CE
CE
RSL
JSDL
Gateway component
WMS/RB
JSDL
portal.ct.infn.it
PipeLine4GLite
JDL
PipeLine4GOS
RSL
glite-rb2.ct.infn.it
WMProxy
JSDL
JSDL
RSL
RSL
gos.ct.infn.it
Extended LCG-CE
glite-gos.ct.infn.it
GLite-UI
JDL
OpenPBS
Command Line

10/20
CE
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Batch job level interoperability process
Submit JDL
JSDL
Forwarding
JSDL
GOS Node
portal.ct.infn.it
GOS Node
PipeLineForGLite
WMProxy
PipeLineForGLite:
1 Convert JSDL to JDL
glite-rb2.ct.infn.it
2 Data Transfer
3 Submit job to WMProxy
PipeLineForGOS
Submit JSDL
PipeLineForGOS:
1 Data Transfer
Submit
2 Submit jobExtended
to GOS
JSDL
LCG-CE Extended LCG-CE:
1 Extend
Globusbatch
JobManager
Dispatch
job
used in LCG-CE
2 Convert RSL to JSDL
3 Submit batch job to
Gateway Component
PipeLineForGOS
glite-gos.ct.infn.it
gos.ct.infn.it

11/20
WMS
Submit JDL
GLite-UI
Submit JDL
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Data Transfer
 Data transfer operations between CNGrid and EGEE
uses sandbox mode
 All the data transfer will pass the gateway
 Suitable for small scale data transfer scenario
 Gateway act as data transfer center and have two
different roles at the same time:
 GridFTP client

Gateway upload/download necessary data to/from gLite WMS
 FTP server


12/20
GOS upload/download data to/from gateway component
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Role of gateway component in Data
Transfer
GridFTP Server
FTP Client
FTP Protocol
GridFTP Protocol
Gateway Component
GridFTP Client
FTP protocol is widely used
in CNGrid environment, so
we used ftp protocol to
transfer data between GOS
node and gateway

13/20
FTP Server
GridFTP protocol is widely
used in glida environment,
so we used ftp protocol to
transfer data between
GLite RB and gateway
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Security issues
 Security module used now is just a fast approach for
cross-domain security scenario
 Predefine some users in GOS and gLite for interoperability
purpose, just a static approach
 Request from GOS are submitted to gLite using predefined voms
proxy
 Requests from gLite are submitted to GOS using predefined
name
 User Management module is designed to keep mapping
relationships
 Security token service
 Used to keep, distribute, exchange and verify security token
between GOS and gLite and provide dynamical approach
 At present MyProxy Server is setup to store temporary
security token, but we plan to replace it with newly developed
security token service

14/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Role of security token service
Security token Service
WS-Trust Client
still obey the way that
GOS uses for service
invocation
GOS
security token
Gateway
still obey the way that
GLite uses for service
invocation
GLite
Role of security token service in cross-domain security scenario

15/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Agenda
 Overview of our work
 Gateway-based interoperability used in the Project





Role of Gateway
Gateway design principles
Core components of gateway
Testbed
Batch job level interoperability process
 submit batch job from GOS to GLite
 submit batch job from GLite to GOS
 How to deal with Data transfer
 Manner to implement data transfer in EUChinaGrid project
 Security issues
 What to do next in EUChinaGrid Project

16/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
What to do next in EUChinaGrid Project
 Before the end of the EUChinaGrid project, we plan to
work on the following fields:
 Cross-domain Security
 Security token service based token distribution in crossdomain scenario:


More generic solution for cross-domain security token
distribution
Comply with WS-Trust specification
 Large scale data share and transfer between different grid
infrastructures
 At present we make full use of sandbox mode to support
data transfer between GOS and gLite and all the data
transfered between GOS and gLite pass the gateway. The
problems lie in:



17/20
Do unnecessary data transfer between the two middlewares
Cause problems in the case of large scale data transfer
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
What to do next in EUChinaGrid Project
 Comply with some work of OGF GIN Group
 OGSA-BES
 SRM
 Support real grid application interoperability
between CNGrid and EGEE
 POSIX application is supported now
 Choose from applications supported by EUChinaGrid
project

18/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Reference materials
 During preparing for this presentation, I use materials
from following paper or presentations and thanks a lot
the authors
 SEDA: An Architecture for Well-Conditioned, Scalable
Internet Services, Matt Welsh, David Culler, and Eric
Brewer, University of California, Berkeley
 Distributed Computation, technical report of London eScience Centre (Le-Sc), Imperial College, London
 State-of-the-art of Interoperability in EUChinaGrid
Project, EUChinaGrid Project Annual Work Report
 HiveMind, www.apache.org

19/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007
Thanks for your attentions
Any Questions?

20/20
Giuseppe Andronico  INFN Sez. CT  OGF 20 GIN  Beijing, 24.04.2007