Académique Documents
Professionnel Documents
Culture Documents
Outline
Some Definitions
Grid Architecture The Programming Problem
Flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions, and resource
From The Anatomy of the Grid: Enabling Scalable Virtual Organizations
Enable communities (virtual organizations) to share geographically distributed resources as they pursue common goals -- assuming the absence of
central location, central control, omniscience, existing trust relationships.
Intro to Grid Computing and Globus Toolkit 3
Resource sharing
Computers, storage, sensors, networks,
Sharing always conditional: issues of trust, policy, negotiation, payment,
Why Grids?
A biochemist exploits 10,000 computers to screen 100,000 compounds in an hour 1,000 physicists worldwide pool resources for petaop analyses of petabytes of data
Civil engineers collaborate to design, execute, & analyze shake table experiments
Climate scientists visualize, annotate, & analyze terabyte simulation datasets An emergency response team couples real time data, weather model, population data
Intro to Grid Computing and Globus Toolkit 5
A multidisciplinary analysis in aerospace couples code and data in four companies A home user invokes architectural design functions at an application service provider
wide-area dissemination
real-time collection
archival storage
tomographic reconstruction DOE X-ray grand challenge: ANL, USC/ISI, NIST, U.Chicago
October 12, 2001 Intro to Grid Computing and Globus Toolkit 7
~100 MBytes/sec
Tier 0
Italy Regional Centre
Tier 1
FermiLab ~4 TIPS
~622 Mbits/sec
Tier 2
~622 Mbits/sec Institute Institute Institute ~0.25TIPS Physics data cache ~1 MBytes/sec
Caltech ~1 TIPS
Tier2 Centre Centre Tier2 Tier2 Centre Tier2 Centre ~1 TIPS ~1 TIPS ~1 TIPS ~1 TIPS
Institute
Physicists work on analysis channels. Each institute will have ~10 physicists working on one or more channels; data for these channels should be cached by the institute server
Tier 4
Physicist workstations
Looking for the solution to the NUG30 quadratic assignment problem An informal collaboration of mathematicians and computer scientists Condor-G delivered 3.46E8 CPU seconds in 7 days (peak 1009 processors) in U.S. and Italy (8 sites)
NEESgrid: national infrastructure to couple earthquake engineers with experimental facilities, databases, computers, & each other On-demand access to experiments, data streams, computing, archives, collaboration
NEESgrid: Argonne, Michigan, NCSA, UIUC, USC
10
Community =
1000s of home computer users Philanthropic computing vendor (Entropia) Research group (Scripps)
11
Broader Context
12
Why Now?
Moores law improvements in computing produce highly functional endsystems The Internet and burgeoning wired and wireless provide universal connectivity
13
Network Exponentials
1986 to 2000
Computers: x 500 Networks: x 340,000
2001 to 2010
Computers: x 60 Networks: x 4000
Moores Law vs. storage improvements vs. optical improvements. Graph from Scientific American (Jan2001) by Cleo Vilett, source Vined Khoslan, Kleiner, Caufield and Perkins.
October 12, 2001 Intro to Grid Computing and Globus Toolkit 14
Close collaboration with real Grid projects in science and industry Development and promotion of standard Grid protocols to enable interoperability and shared infrastructure Development and promotion of standard Grid software APIs and SDKs to enable portability and code sharing The Globus Toolkit: Open source, reference software base for building grid infrastructure and applications Global Grid Forum: Development of standard protocols and APIs for Grid computing
Intro to Grid Computing and Globus Toolkit 15
Focus
Create & deploy group collaboration systems using commodity technologies Grid testbed linking IBM laboratories Create operational Grid providing access to resources at three U.S. DOE weapons laboratories Create operational Grid providing access to resources & applications at U.S. DOE science laboratories & partner universities Delivery and analysis of large climate model datasets for the climate research community Create & apply an operational grid for applications in high energy physics, environmental science, bioinformatics
16
New
g g
European Union
Fusion Collaboratory
Globus Project
g g
fusiongrid.org
globus.org DARPA, DOE, NSF, NASA, Msoft
GridLab GridPP
g g
gridlab.org gridpp.ac.uk
g grids-center.org Grid Research Integration Dev. & NSF Support Center New
October 12, 2001
Integration, deployment, support of the NSF Middleware Infrastructure for research & education
17
URL/Sponsor
g
hipersoft.rice.edu/ grads; NSF griphyn.org NSF
Focus
Research into program development technologies for Grid applications Technology R&D for data analysis in physics expts: ATLAS, CMS, LIGO, SDSS Create and apply a production Grid for aerosciences and other NASA missions Create international Data Grid to enable large-scale experimentation on Grid technologies & applications Create and apply a production Grid for earthquake engineering Create and apply production Grids for data analysis in high energy and nuclear physics experiments
18
Information Power ipg.nasa.gov g NASA Grid International g ivdgl.org Virtual Data Grid NSF Laboratory New Network for g neesgrid.org Earthquake Eng. NSF Simulation Grid New Particle Physics Data Grid
URL/Sponsor
g
teragrid.org
New NSF
Focus
U.S. science infrastructure linking four major resource sites at 40 Gb/s Support center for Grid projects within the U.K. Technologies for remote access to supercomputers
Also many technology R&D projects: e.g., Condor, NetSolve, Ninf, NWS See also www.gridforum.org
19
HPSS
External Networks
External Networks
Caltech
External Networks
Argonne
External Networks
Site Resources
HPSS
NCSA/PACI 8 TF 240 TB
Site Resources
UniTree
www.teragrid.org
20
Tier0/1 facility Tier2 facility Tier3 facility 10 Gbps link 2.5 Gbps link 622 Mbps link Other link
www.ivdgl.org
21
Globus Project
www.globus.org
Grid Forum
www.gridforum.org
22
Some Definitions
The Globus Project
Argonne National Laboratory USC Information Sciences Institute http://www.globus.org
Resource
Network protocol
Network enabled service Application Programmer Interface (API) Software Development Kit (SDK) Syntax Not discussed, but important: policies
24
Resource
Open/close/read/write define access to a distributed file system, e.g. NFS, AFS, DFS
25
Network Protocol
A formal description of message formats and a set of rules for message exchange
Rules may define sequence of message exchanges
Protocol may define state-change in endpoint, e.g., file system state change
Examples of protocols
IP, TCP, TLS (was SSL), HTTP, Kerberos
26
HTTP Protocol
TLS Protocol TCP Protocol IP Protocol
27
Examples
GSS API (security), MPI (message passing)
Intro to Grid Computing and Globus Toolkit 28
29
Syntax
30
TCP/IP APIs include BSD sockets, Winsock, System V streams, The protocol provides interoperability: programs using different APIs can exchange information I dont need to know remote users API
Application Berkeley Sockets API
MPI provides portability: any correct program compiles & runs on a platform Does not provide interoperability: all processes must link against same SDK
E.g., MPICH and LAM versions of MPI
Application MPI API LAM SDK LAM protocol TCP/IP Different message formats, exchange sequences, etc. Application MPI API MPICH-P4 SDK MPICH-P4 protocol TCP/IP
32
33
Grid Architecture
The Globus Project
Argonne National Laboratory USC Information Sciences Institute http://www.globus.org
Descriptive
Provide a common vocabulary for use when describing Grid systems
Guidance
Identify key areas in which services are required
Prescriptive
Define standard Intergrid protocols and APIs to facilitate creation of interoperable Grid systems and portable applications
35
Adaptation
Intrusion detection
Resource management Accounting & payment Fault management System evolution Etc. Etc.
36
Programming Problem
Systems Problem
institutions
Resource discovery, access, reservation, allocation; authentication, authorization, policy; communication; fault detection and notification;
Intro to Grid Computing and Globus Toolkit
37
Address security and policy concerns of resource owners and users Are flexible enough to deal with many resource types and sharing modalities
39
Collective
Application
Resource
Connectivity Fabric
Transport Internet
Link
42
Connectivity APIs
Connectivity Protocols Local Access APIs and Protocols
Fabric Layer
October 12, 2001 Intro to Grid Computing and Globus Toolkit 43
Important Points
Layering here is conceptual, does not imply constraints on who can call what
Protocols/services/APIs/SDKs will, ideally, be largely self-contained
Some things are fundamental: e.g., communication and security But, advantageous for higher-level functions to use common lower-level functions
44
Design principles
Keep participation cost low Enable local control Support for adaptation IP hourglass model
Core services
Local OS
45
But:
Globus Toolkit has emerged as the de facto standard for several important Connectivity, Resource, and Collective protocols GGF has an architecture working group Technical specifications are being developed for architecture elements: e.g., security, data, resource management, information Internet drafts submitted in security area
46
Just what you would expect: the diverse mix of resources that may be shared
Individual computers, Condor pools, file systems, archives, metadata catalogs, networks, sensors, etc., etc.
Few constraints on low-level technology: connectivity and resource level protocols form the neck in the hourglass Defined by interfaces not physical characteristics
47
Communication
Internet protocols: IP, DNS, routing, etc.
51
Collective Coherency control, replica selection, task management, (App) virtual data catalog, virtual data code catalog,
Collective Replica catalog, replica management, co-allocation, (Generic) certificate authorities, metadata catalogs,
Resource Access to data, access to computers, access to network performance data,
Communication, service discovery (DNS), Connect authentication, authorization, delegation Fabric Storage systems, clusters, networks, network caches,
October 12, 2001 Intro to Grid Computing and Globus Toolkit 52
But how do I develop robust, secure, longlived, well-performing applications for dynamic, heterogeneous Grids? I need, presumably:
Abstractions and models to add to speed/robustness/etc. of development
Tools to ease application development and diagnose common problems Code/tool sharing to allow reuse of code components developed by others
54
Most applications have been written from scratch, with or without Grid services Application-specific libraries have been shown to provide significant benefits No new language, programming model, etc., has yet emerged that transforms things
But certainly still quite possible
55
A complete implementation of the Message Passing Interface (MPI) for heterogeneous, wide area environments
Based on the Argonne MPICH implementation of MPI (Gropp and Lusk)
Requires services for authentication, resource allocation, executable staging, output, etc. Programs run in wide area without change See also: MetaMPI, PACX, STAMPI, MAGPIE
www.globus.org/mpi
57
Cactus
Modular, portable framework for parallel, multidimensional simulations Construct codes by linking
Small core (flesh): mgmt services
Thorns Cactus flesh
Selected modules (thorns): Numerical methods, grids & domain decomps, visualization and steering, etc.
www.cactuscode.org
58
High-throughput computing
CPU cycles/day (week, month, year?) under non-ideal circumstances
How many times can I run simulation X in a month using all available machines?
Condor converts collections of distributively owned workstations and dedicated clusters into a distributed highthroughput computing facility Emphasis on policy management and reliability
Intro to Grid Computing and Globus Toolkit
www.cs.wisc.org/condor
59
Object-Based Approaches
Grid-enabled CORBA
NASA Lewis, Rutgers, ANL, others
CORBA wrappers for Grid protocols Some initial successes
Legion
U.Virginia Object models for Grid components (e.g., vault=storage, host=computer)
60
Portals
N-tier architectures enabling thin clients, with middle tiers using Grid functions
Thin clients = web browsers Middle tier = e.g. Java Server Pages, with Java CoG Kit, GPDK, GridPort utilities Bottom tier = various Grid resources
61
Each of these programming environments should not have to implement the protocols and services from scratch! Rather, want to share common code that
Implements core functionality
> SDKs that can be used to construct a large variety of services and clients > Standard services that can be easily deployed
Introduction
Globus Toolkit
A software toolkit addressing key technical problems in the development of Grid enabled tools, services, and applications
Offer a modular bag of technologies
64
General Approach
Resource layer:
> Resource Management: Grid Resource Allocation Management (GRAM) > Information Services: Grid Resource Information Protocol (GRIP) > Data Transfer: Grid File Transfer Protocol (GridFTP)
66
2)
API/SDKs implementing the four key Connectivity and Resource layer protocols
Collective layer API/SDKs This tutorial focuses primarily on the functionality available in #2 and #3
3)
globus_common
Module activation/deactivation
Threads, mutual exclusion, conditions Callback/event driver
Libc wrappers
Convenience modules (list, hash, etc).
68
Connectivity APIs
globus_io
TCP, UDP, IP multicast, and file I/O Integrates GSI security Asynchronous and synchronous interfaces Attribute based control of behavior
Nexus (Deprecated)
Higher level, active message style comms Built on globus_io, but without security
MPICH-G2
High level, MPI (send/receive) interface Built on globus_io and native MPI
69
Security Services
The Globus Project
Argonne National Laboratory USC Information Sciences Institute http://www.globus.org
Security Terminology
GSI in Action
User
Single sign-on via grid-id & generation of proxy cred. Or: retrieval of proxy cred. from online repository
User Proxy
Proxy credential
Ditto
Site B (Unix)
Computer Process
Local id Restricted proxy
Resources being used may be valuable & the problems being solved sensitive Resources are often located in distinct administrative domains
Each resource has own policies & procedures
Set of resources used by a single computation may be large, dynamic, and unpredictable
Not just client/server, requires delegation
73
Candidate Standards
Kerberos 5
Fails to meet requirements:
> Integration with various local security solutions > User based trust model
75
Asymmetric keys
A private key is used to encrypt data. A public key can decrypt data encrypted with the private key.
77
User sends certificate over the wire. Other end sends user a challenge string. User encodes the challenge string with private key
Possession of private key means you can authenticate as subject in certificate
78
Defines how a short term, restricted credential can be created from a normal, long-term X.509 credential
A proxy certificate is a special type of X.509 certificate that is signed by the normal end entity cert, or by another proxy Supports single sign-on & delegation through impersonation Currently an IETF draft
79
User Proxies
80
Delegation
Results in a new private key and X.509 proxy certificate, signed by the original key
Allows remote process to act on behalf of the user Avoids sending passwords or private keys across the network
81
But GSS-API is somewhat complicated, so we also provide the easier-to-use globus_gss_assist API. GSI-enabled SASL is also provided
Intro to Grid Computing and Globus Toolkit 82
Results
GSI Applications
And since we use standard X.509 certificates, they can also be used for
Web access, LDAP server access, etc.
84
Authorization
Policy languages Community authorization
85
Restricted Proxies
Q: How to restrict rights of delegated proxy to a subset of those associated with the issuer? A: Embed restriction policy in proxy cert
Policy is evaluated by resource upon proxy use
Reduces rights available to the proxy to a subset of those held by the user
Delegation Tracing
Often want to know through what entities a proxy certificate has been delegated
Audit (retrace footsteps) Authorization (deny from bad entities)
Solved by adding information to the signed proxy certificate about each entity to which a proxy is delegated.
Does NOT guarantee proper use of proxy
Just tells you which entities were purposely involved in a delegation
87
Defines proxy certificate format, including restricted rights and delegation tracing
Demonstrated a prototype of restricted proxies at HPDC (August 2001) as part of CAS demo
Intro to Grid Computing and Globus Toolkit 88
Defines how to remotely delegate an X.509 Proxy Certificate using extensions to the TLS (SSL) protocol
89
4 years of GSS-API experience, while on the whole quite positive, has shed light on various deficiencies of GSS-API GSS-API Extensions
draft-ggf-gss-extensions-04.txt
> Draft being considered by GGF GSI working group. Not yet submitted to IETF.
90
GSS-API Extensions
Credential export/import
Allows delegated credentials to be externalized
Used for checkpointing a service
Question: How does a large community grant its users access to a large set of resources?
Should minimize burden on both the users and resource providers
User who wants access to resource asks CAS for a capability credential
> Restricted proxy of the CAS user cred., checked by resource
October 12, 2001 Intro to Grid Computing and Globus Toolkit 92
Does the collective policy authorize this request for this user?
Resource Is this request authorized by the capability? Is this request authorized for the CAS?
4. Resource reply
93
This allows new resources/users (and their CAs) to be made available to a community through the CAS without action on the other users/resources part
Intro to Grid Computing and Globus Toolkit 94
Authorization API
High level, very simple authorization API that can easily be embedded into services
Requiring users to manage their own certs and keys is annoying and error prone A solution: Leverage Passport global authentication to obtain a proxy credential
Passport provides
> Globally unique user name (email address) > Method of verifying ownership of the name (authentication) > Re-issuance (e.g. forgotten password)
Ease-of-use
Improved error message, online CA, etc.
Security Summary
GSI successfully addresses wide variety of Grid security issues Broad acceptance, deployment, integration with tools Standardization on-going in IETF & GGF Ongoing R&D to address next set of issues For more information:
www.globus.org/research/papers.html
> A Security Architecture for Computational Grids > Design and Deployment of a National-Scale Authentication Infrastructure
www.gridforum.org/security
October 12, 2001 Intro to Grid Computing and Globus Toolkit 98
The Challenge
Enabling secure, controlled remote access to heterogeneous computational resources and management of remote computation
Authentication and authorization Resource discovery & characterization Reservation and allocation Computation monitoring and control
100
Resource Management
The Grid Resource Allocation Management (GRAM) protocol and client API allows programs to be started on remote resources, despite local heterogeneity Resource Specification Language (RSL) is used to communicate requirements A layered architecture allows applicationspecific resource brokers and co-allocators to be defined in terms of GRAM services
Integrated with Condor, PBS, MPICH-G2,
101
RSL specialization
Queries & Info
Application
Ground RSL
Co-allocator
Information Service
GRAM NQE
102
RSL Syntax
Operators Supported:
<, <=, =, >=, > , !=
104
Constraints: &
For example:
Create 5-10 instances of myprog, each on a machine with at least 64 MB memory that is available to me for 4 hours
105
Disjunction: |
For example:
& (executable=myprog)
( | (&(count=5)(memory>=64)) (&(count=10)(memory>=32)))
Create 5 instances of myprog on a machine that has at least 64MB of memory, or 10 instances on a machine with at least 32MB of memory
106
GRAM Protocol
Job cancel, status, signal Event notification (callbacks) for state changes
> Pending, active, done, failed, suspended
Gatekeeper
Single point of entry Authenticates user, maps to local security environment, runs service In essence, a secure inetd
Job manager
A gatekeeper service Layers on top of local resource management system (e.g., PBS, LSF, etc.) Handles remote interaction with the job
108
GRAM Components
Client
MDS client API calls to locate resources MDS client API calls to get resource info GRAM client API calls to MDS: request resource allocation and process creation. GRAM client API state change callbacks Grid Security Infrastructure
Create
Job Manager
Gatekeeper
Parse
RSL Library
Co-allocation
110
Multirequest: +
A multirequest allows us to specify multiple resource needs, for example + (& (count=5)(memory>=64) (executable=p1)) (&(network=atm) (executable=p2))
Execute 5 instances of p1 on a machine with at least 64M of memory Execute p2 on a machine with an ATM connection
111
A Co-allocation Multirequest
+( & (resourceManagerContact= flash.isi.edu:754:/C=US//CN=flash.isi.edu-fork) (count=1) (label="subjob A") Different resource (executable= my_app1) managers ) Different ( & (resourceManagerContact= counts sp139.sdsc.edu:8711:/C=US//CN=sp097.sdsc.edu-lsf") (count=2) (label="subjob B") Different executables (executable=my_app2) )
112
Globus Toolkit includes several command line programs for job submission
globus-job-run: Interactive jobs globus-job-submit: Batch/offline jobs globusrun: Flexible scripting infrastructure
Application specific
> ECCE, Cactus, Web portals
113
globus-job-run
114
globus-job-submit
Submit job
Check job status Cancel job Get job stdout/err Cleanup after job
115
globusrun
Complex to use
Must write RSL by hand Must understand its esoteric features Generally you should use globus-job-* commands instead
116
The globus_gram_client API provides access to all of the core job submission and management capabilities, including callback capabilities for monitoring job status. The globus_rsl API provides convenience functions for manipulating and constructing RSL strings. The globus_gram_myjob allows multi-process jobs to self-organize and to communicate with each other. The globus_duroc_control and globus_duroc_runtime APIs provide access to multirequest (co-allocation) capabilities.
117
118
Gatekeeper
Gatekeeper
Gatekeeper
Gatekeeper
GRIO RM
Scheduler RM
Diffserv RM
DSRT RM
119
Advance reservations
As prototyped in GARA in previous 2 years
October 12, 2001 Intro to Grid Computing and Karl Czajkowski, Steve Tuecke, others Globus Toolkit
120
Information Services
The Globus Project
Argonne National Laboratory USC Information Sciences Institute http://www.globus.org
122
Characteristics of a network
Bandwidth and latency, protocols, logical topology
123
Component will fail Scalability and overhead Many different usage scenarios
Heterogeneous policy, different information organizations, etc.
124
Provide access to static and dynamic information regarding system components A basis for configuration and adaptation in heterogeneous, dynamic environments
R R
?
R
R R R
VO C R
VO A
?
R
R R R VO B
R R
126
127
128
Information Protocols
129
GIS Architecture
Users
Enquiry Protocol
132
LDAP Details
Defines:
Network protocol for accessing directory contents
MDS Components
Information providers
Delivers resource information to backend
134
Organization GIIS
The Globus Toolkit ships with one GIIS Caches GRIS info with long update frequency
> Useful for queries across an organization that rely on relatively static information (Ex1 above)
A GRIS or GIIS server can be configured to (de-) register itself during startup/shutdown
Targets specified in configuration file
137
GIIS
ISI
GRISes
October 12, 2001 Intro to Grid Computing and Globus Toolkit 138
MDS Commands
Java: JNDI
139
RFC 1823 defines an IETF draft standard client API for accessing LDAP databases
Connect to server Pose query which returns data structures contains sets of object classes and attributes Functions to walk these data structures
Globus does not provide an LDAP API. We recommend the use of OpenLDAP, an open source implementation of RFC 1823.
140
141
Example:
grid-info-host-search h pitcairn dn=* dn
142
Filtering
Filters allow selection of object based on relational operators (=, ~=,<=, >=)
grid-info-search cputype=*
Hints:
white space is significant use -L for LDIF format
required
143
Example: Filtering
% grid-info-host-search -L (objectclass=GlobusSoftware) dn: sw=Globus, hn=pitcairn.mcs.anl.gov, dc=mcs, dc=anl, dc=gov, o=Grid objectclass: GlobusSoftware releasedate: 2000/04/11 19:48:29 releasemajor: 1 releaseminor: 1 releasepatch: 3 releasebeta: 11 lastupdate: Sun Apr 30 19:28:19 GMT 2000 objectname: sw=Globus, hn=pitcairn.mcs.anl.gov, dc=mcs, dc=anl, dc=gov, o=Grid
144
Objects without hn fields are still listed DNs are always listed
October 12, 2001 Intro to Grid Computing and Globus Toolkit 145
% grid-info-search -L (objectclass=GlobusComputeResource) \
dn: hn=lemon.mcs.anl.gov, ou=MCS, o=Argonne National Laboratory, o=Globus, c=US cpuload1: 0.48 cpuload5: 0.20 cpuload15: 0.03 dn: hn=tuva.mcs.anl.gov, ou=MCS, o=Argonne National Laboratory, o=Globus, c=US cpuload1: 3.11 cpuload5: 2.64 cpuload15: 2.57
October 12, 2001 Intro to Grid Computing and Globus Toolkit 146
Enable a geographically distributed community [of thousands] to pool their resources in order to perform sophisticated, computationally intensive analyses on Petabytes of data Note that this problem:
Is common to many areas of science Overlaps strongly with other Grid problems
148
149
~100 MBytes/sec
Tier 0
Italy Regional Centre
Tier 1
FermiLab ~4 TIPS
~622 Mbits/sec
Tier 2
~622 Mbits/sec Institute Institute Institute ~0.25TIPS Physics data cache ~1 MBytes/sec
Caltech ~1 TIPS
Tier2 Centre Centre Tier2 Tier2 Centre Tier2 Centre ~1 TIPS ~1 TIPS ~1 TIPS ~1 TIPS
Institute
Physicists work on analysis channels. Each institute will have ~10 physicists working on one or more channels; data for these channels should be cached by the institute server
Tier 4
Physicist workstations
150
Harness [potentially large numbers of] data, storage, network resources located in distinct administrative domains Respect local and global policies governing what can be used for what Schedule resources efficiently, again subject to local and global constraints Achieve high performance, with respect to both speed and reliability Catalog software and virtual data
Intro to Grid Computing and Globus Toolkit 151
Important to exploit commonalities as very unlikely that multiple infrastructures can be maintained Fortunately this seems easy to do!
Intro to Grid Computing and Globus Toolkit 152
High-speed, reliable access to remote data Automated discovery of best copy of data Manage replication to improve performance Co-schedule compute, storage, network Transparency wrt delivered performance Enforce access control on data Allow representation of global resource allocation policies
153
Application
Selected Replica
Replica Catalog
Multiple Locations
Replica Selection
Performance Information & Predictions
MDS NWS
Disk Cache
Tape Library Disk Cache
Replica Location 2 Replica Location 3
154
Disk Array
Replica Location 1
October 12, 2001
155
Problems
Incompatible (and proprietary) protocols
> Each require custom client > Partitions available data sets and storage devices
Decouple low-level data transfer mechanisms from the storage service Advantages:
New, specialized storage systems are automatically compatible with existing systems Existing systems have richer data transfer functionality
157
Parameter set/negotiate Parallel transfers Striping (cf DPSS) Partial file access
Reliability/restart Policy-based access control
Server-side computation
Proxies (firewall, load bal)
Why FTP?
Ubiquity enables interoperation with many commodity tools Already supports many desired features, easily extended to support others Well understood and supported
Note GridFTP > FTP Note that despite name, GridFTP is not restricted to file transfer!Globus Toolkit October 12, 2001 Intro to Grid Computing and
159
FTP protocol is defined by several IETF RFCs Start with most commonly used subset
Standard FTP: get/put etc., 3rd-party transfer
160
Existing standards
RFC 949: File Transfer Protocol RFC 2228: FTP Security Extensions RFC 2389: Feature Negotiation for the File Transfer Protocol Draft: FTP Extensions
New drafts
GridFTP: Protocol Extensions to FTP for the Grid
> Grid Forum Data Working Group
161
Custom-developed libraries
Implement full GridFTP protocol, targeting custom use, high-performance
Custom-developed tools
Servers and clients with specialized functionality and performance
163
Provides high-quality, production ready, FTP clients and servers Integration with common mass storage systems Some do not support the full GridFTP protocol
Intro to Grid Computing and Globus Toolkit 164
globus_gass_copy: Simple URL-to-URL copy library, supporting (gsi-)ftp, http(s), file URLs
Implement full GridFTP protocol Various levels of libraries, allowing implementation of custom clients and servers Tuned for high performance on WAN
Intro to Grid Computing and Globus Toolkit 165
166
globus_ftp_client Plug-ins
Plug-in interface
> Interface to one or more plug-ins:
Callouts for all interesting protocol events Callins to restart a transfer Monitor performance Monitor for failure Automatic retry: Customized for various approaches
Intro to Grid Computing and Globus Toolkit 167
mpirun
Control socket
Control Plug-in
Control Plug-in
Control Plug-in
MPI (Comm_World)
MPI (Sub-Comm)
Control Plug-in
170
Replica Management
Maintain a mapping between logical names for files and collections and one or more physical locations Important for many applications
Example: CERN HLT data
> Multiple petabytes of data per year > Copy of everything at CERN (Tier 0) > Subsets at national centers (Tier 1)
172
Advantage
These services can be used in a wide variety of situations
173
174
Logical Collection
C02 measurements 1998
Logical Collection
C02 measurements 1999
Location
jupiter.isi.edu Filename: Mar 1998 Filename: Jun 1998 Filename: Oct 1998 Protocol: gsiftp UrlConstructor: gsiftp://jupiter.isi.edu/ nfs/v6/climate
October 12, 2001
Location
sprite.llnl.gov Filename: Jan 1998 Filename: Dec 1998 Protocol: ftp UrlConstructor: ftp://sprite.llnl.gov/ pub/pcmdi
Logical File
Feb 1998
175
176
177
178
The globus_ftp_control API provides access to low-level GridFTP control and data channel operations. The globus_ftp_client API provides typical GridFTP client operations. The globus_gass_copy API provides the ability to start and manage multiple data transfers using GridFTP, HTTP, local file, and memory operations.
The globus-url-copy program is a thin wrapper around this API
179
The globus_replica_catalog API provides basic Replica Catalog operations. The globus_replica_management API (under development) combines GridFTP and the Replica Catalog to manage replicated datasets.
180
A Word on GASS
The Globus Toolkit provides services for file and executable staging and I/O redirection that work well with GRAM. This is known as Globus Access to Secondary Storage (GASS).
GASS uses GSI-enabled HTTP as the protocol for data transfer, and a caching algorithm for copying data when necessary. The globus_gass, globus_gass_transfer, and globus_gass_cache APIs provide programmer access to these capabilities, which are already integrated with the GRAM job submission tools.
Intro to Grid Computing and Globus Toolkit 181
Future Directions
Request Planning and Scheduling Tools Security and Security and Policy Policy Services Services
Request Execution Management Tools Other Grid Other Grid Services Services
Transforms Raw data source Distributed resources (code, storage, computers, and network)
183
184
Local sites
?
October 12, 2001 Intro to Grid Computing and Globus Toolkit 185
Related Work:
Condor-G
What Is Condor-G?
Enhanced version of Condor that uses Globus Toolkit to manage Grid jobs Two Parts
Globus Universe
GlideIn
Excellent example of applying the general purpose Globus Toolkit to solve a particular problem (I.e. high-throughput computing) on the Grid
Intro to Grid Computing and Globus Toolkit 187
Condor
High-throughput scheduler
Non-dedicated resources
Job checkpoint and migration Remote system calls
188
Globus Toolkit
189
Condor
Designed to run jobs within a single administrative domain
Globus Toolkit
Designed to run jobs across many administrative domains
Condor-G
Combine the strengths of both
190
Globus Universe
Fault-tolerance
191
Full-Featured Queue
Persistent queue
192
Credential Management
Authentication in Globus Toolkit is done with limited-lifetime X509 proxies Proxy may expire before jobs finish executing Condor-G can put jobs on hold and e-mail user to refresh proxy Condor-G can forward new proxy to execution sites
193
Fault Tolerance
Local Crash
Queue state stored on disk
Reconnect to execute machines
Network Failure
Wait until connectivity returns
Reconnect to execute machines
194
Fault Tolerance
195
GRAM-1.5 Changes
Added Features
Jobmanager checkpoint & restart
Two-Phase commit during job submission
GRAM-1.5 protocol (Globus Toolkit v2.0) is backward compatible with GRAM-1 (Globus Toolkit v1.x)
Intro to Grid Computing and Globus Toolkit 196
How It Works
Condor-G Schedd LSF Grid Resource
197
How It Works
Grid Resource
Condor-G Schedd
LSF
198
How It Works
Grid Resource
Condor-G Schedd
LSF
GridManager
199
How It Works
Grid Resource
Condor-G Schedd
JobManager
LSF
GridManager
200
How It Works
Grid Resource
Condor-G Schedd
JobManager
LSF
GridManager
User Job
201
Globus Universe
Disadvantages
No matchmaking or dynamic scheduling of jobs
No job checkpoint or migration
202
Solution: GlideIn
Use the Globus Universe to run the Condor daemons on Grid resources When the resources run these GlideIn jobs, they will join your personal Condor pool Submit your jobs as Condor jobs and they will be matched and run on the Grid resources
203
How It Works
Grid Resource
Condor-G Schedd
LSF
Collector
204
How It Works
Grid Resource
Condor-G Schedd
LSF
Collector
glide-ins
205
How It Works
Grid Resource
Condor-G Schedd
LSF
GridManager
Collector
glide-ins
206
How It Works
Grid Resource
Condor-G Schedd
JobManager
LSF
GridManager
Collector
glide-ins
207
How It Works
Grid Resource
Condor-G Schedd
JobManager
LSF
GridManager
Startd Collector
glide-ins
208
How It Works
Grid Resource
Condor-G Schedd
JobManager
LSF
GridManager
Startd Collector
glide-ins
209
How It Works
Grid Resource
Condor-G Schedd
JobManager
LSF
GridManager
Startd Collector
glide-ins
User Job
210
GlideIn Concerns
211
GlideIn Concerns
212
MetaNEOS (NUG-30)
NCSA (GridGaussian)
INFN (DataGrid) CMS
213
Current Status
214
Future Work
GridManager
Stage user jobs data files
Automatic GlideIn
Condor creates GlideIn jobs when more resources are needed
215
Problem Evolution
Past-present: O(102) high-end systems; Mb/s networks; centralized (or entirely local) control
I-WAY (1995): 17 sites, week-long; 155 Mb/s GUSTO (1998): 80 sites, long-term experiment NASA IPG, NSF NTG: O(10) sites, production
Present: O(104-106) data systems, computers; Gb/s networks; scaling, decentralized control
Scalable resource discovery; restricted delegation; community policy; Data Grid: 100s of sites, O(104) computers; complex policies
Future: O(106-109) data, sensors, computers; Tb/s networks; highly flexible policy, control
Intro to Grid Computing and Globus Toolkit 217
A computer is a dynamically, often collaboratively constructed collection of processors, data sources, sensors, networks
Similar observations apply for software
218
And Thus
Reduced barriers to access mean that we do much more computing, and more interesting computing, than today => Many more components (& services); massive parallelism All resources are owned by others => Sharing (for fun or profit) is fundamental; trust, policy, negotiation, payment
All computing is performed on unfamiliar systems => Dynamic behaviors, discovery, adaptivity, failure
Intro to Grid Computing and Globus Toolkit 219
Summary
The Grid problem: Resource sharing & coordinated problem solving in dynamic, multi-institutional virtual organizations Grid architecture: Emphasize protocol and service definition to enable interoperability and resource sharing Globus Toolkit a source of protocol and API definitions, reference implementations See: www.globus.org, www.gridforum.org
220