TUX-INTERO: A Portal for secure interoperation of Grids

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343

TUX-INTERO: A Portal for secure interoperation of Grids Shashi Bhanwar (Corresponding Author) Center of Excellence in Grid Computing Computer Science and Engineering Department Thapar University, Patiala, India. [email protected]

Seema Bawa Center of Excellence in Grid Computing Computer Science and Engineering Department Thapar University, Patiala, India. [email protected] Abstract: In this paper, we propose TUX-INTERO - a portlet-based Grid portal for integrating existing grid technologies under a common interface and providing reliable services to the users. We have developed a prototype of TUX-INTERO - a grid portal using portlet technology. The paper presents design and development of TUXINTERO. The requirements for the portal, its design and technology choices lead to the utilization of Globus Toolkit as middleware for connecting global resources, SUN N1 GE6 and Condor as Local Resource Management Systems for connecting local resources and GridSphere as the portal framework. The results demonstrate secure interoperation of grids as TUX-INTERO and TUX-TMS (Thapar University Extensible-Trust Management System) integrates to provide reliable services to the user. Keywords: Interoperability, Portal, Grid Computing, Security 1. Introduction The original vision of Grid computing aimed at providing to an end user, a single global infrastructure with resources available on demand. An effort by two diverse entities, to work together, in order to bring higher levels of efficiency and a less threatening climate for side-by-side existence in a common world is termed as interoperability [1]. This paper is an effort in this direction to provide secure interoperability among different Grids and Grid middleware by also making use of trust management systems. In this paper, the term grid is applied both to local and global grids. Local grids are typically built from local clusters connected by LAN and applying some form of local resource management systems like PBS (Portable Batch System)[2], LSF (Load-Sharing Facility)[3], Condor[4], SGE (Sun Grid Engine)[5] or MOAB[6] . Global grids connect clusters via the Internet by applying grid middleware’s like Globus [7], gLite [8] or NorduGrid/ARC [9]. Grid is a combination of network infrastructure and software framework delivering computing services based on distributed hardware and software resources. Grid enables communities (virtual organizations) to share geographically distributed resources in the absence of central control and trust relationships [1]. A key challenge then, is the design and development of robust and scalable middleware that addresses interoperability, and provides essential enabling services such as security and access control, discovery and interaction and collaboration management. Resource Management in a middleware’s can be used to address grid interoperability challenge by:  Enabling Resource Brokers to access resources of different Grids  Interfacing different brokers from Portals  Enabling communication among Resource Brokers, or coordinate them by a higher-level tool In this paper, different brokers have been interfaced using a grid portal-TUX INTERO. One of the primary aims of TUX-INTERO is to discover and provide heterogeneous resources at one interface. The rest of the paper is organized as follows. Section 2 discusses related work. In following sections, we describe our technology choices

ISSN: 0975-5462

3335

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343 (Section 3), proposed interoperability solution’s architecture, design & implementation (Section 4) to meet these requirements and providing conclusion in Section 5 with future directions discussed in (Section 6).

2. Related Work Currently, there are a number of solutions that aim to provide interoperability in grids. Designing a portal and providing basic grid services is gaining lot of attention from scientific research groups. A portal server provides the user with a set of tabbed frames which each contain one or more portlets. A portlet is a portal server component that provides a basic service rendered in a user-configurable window in a portal pane (Figure 1). Some of these are successful in their ability to provide interoperability at workflow level while the strengths of others aim at discovering resources and making them available at a common platform. Here, we discuss a few representative implementations of portals which aim to interoperate grid resources at various levels. Various grid portals have been developed till date, for specific applications. The NEESgrid Portal [10], the Alliance Portal [11], the GENIUS Portal for the European Data Grid [12], and the IeSE (Integrated e-Science Environment) [13] are some of application based grid portals. There have been some efforts to build Grid middlewares also, such as GridPort [14] which is a middleware toolkit to facilitate the development of Grid computing portals. NSF NMI’s OGCE project [15] is considered as a more flexible portal. The Open Grid Computing environments (OGCE) Release 2 consists of a core set of Grid portlets. Java Specification Request 168 Portlet Specification (JSR-168) [16] is a portlet specification which enables interoperability between portlets and portals, and defines a set of APIs for portal computing addressing the areas of aggregation, personalization, presentation and security. JSR-168 has been supported many research groups and projects. Some portal frameworks have already supported JSR- 168 such as GridSphere 2.0 [17] and Jetspeed 2 [18]. Jetspeed 2 is an open source implementation of an enterprise information portal framework, using Java and XML. Jetspeed 2 employs the Pluto portlet container to interact with JSR-168 portlets. Some other portal frameworks are evolving to support JSR-168, such as uPortal [19]. uPortal is a free, sharable portal under development by institutions of highereducation. uPortal 3.0 will evolve to support JSR-168. The GridSphere portal framework provides an open source portlet based Web portal. GridSphere 3.0[17] enables developers to quickly develop and package third-party portlet web applications that can be run and administered within the GridSphere portlet container. There are other application based portals such as The Astrophysics Simulation Collaboratory Portal (ASC) [20], an application portal developed to provide astrophysics researcher’s web based access to the Cactus computational toolkit [21]. Cactus is a framework for solving various wave equations with an emphasis on astrophysical simulations of colliding neutron stars and black holes. The ASC portal allows users to submit various Cactus simulations to a distributed set of HPC resources as well as remotely checkout and compile Cactus with specialized options on HPC resources. The NCSA portal development effort is focused on the development of several application portals for computational chemistry and particle physics simulations. Gaussian [22], a computational chemistry portal allows users to provide input files to the popular Gaussian chemistry package and easily submit simulations via the web. Similarly, the MIMD Lattice Computation (MILC) Collaboration [23] portal is aimed at providing particle physicists access to a popular community code used to understand elementary particle interactions. Both portals rely on GPDK for job submission and file staging capabilities. P-GRADE [24] is a web based, service rich environment for the development, execution and monitoring of workflows and workflow based parameter studies on various grid platforms. It hides low-level grid access mechanisms by high-level graphical interfaces, making even non grid expert users capable of defining and executing distributed applications on multi-institutional computing infrastructures. Workflows and workflow based parameter studies defined in the P-Grade are portable between grid platforms without learning new systems or re-engineering program code. Technology neutral interfaces and concepts of the P-GRADE Portal help users cope with the large variety of grid solution It has been a step further in allowing various scientists to submit workflows to grid and achieve interoperability. 3. Technology Selection In a grid, managing resources, services, and computations is challenging due to the heterogeneous nature, large number, dynamic behavior and geographical distribution of resources. This presents the need of secure discovery of

ISSN: 0975-5462

3336

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343 resources and interoperability between them. In this section, technologies chosen to achieve this goal have been outlined. 3.1 Grid Middleware The Globus Toolkit (GT) [7] provides functionality to glue together distributed resources to form computational grids and to create Grid-based applications. It provides a secure, uniform interface for resource access and provides file transfer, remote job submission and meta-data query services and is one of the most widely-used middleware packages for the Grid. GT is increasingly being developed in Java, which is also well suited for building complex web applications. We prefer Java-based frameworks for structured development and ease of use of the Globus Toolkit. 3.2 Local Resource Management Systems (LRMS) We have chosen SUN NI GE 6 [5] and Condor [4] as LRMS to be connected to our portal for providing resources to the end users. 3.3 Web Technologies Servlets are a viable choice for reusable web applications, and a number of different frameworks built on top of servlets were explored during the course of development. Portlets provide a standard technique for creating web applications for deployment in a container portal. Each application is self-contained and is displayed in a subwindow of the portal. The portlet framework allows for communication between portlets without the need for tight inter-portlet coupling. Java Specification Request (JSR) 168 defines the standard for portlets, and several systems implement it, including Apache Jetspeed2 and Grid-Sphere. GridSphere was chosen as a preferred portlet container. It is based on the popular Apache Tomcat5 web-application container. The ApacheAnt4 build system, which is used by GridSphere, allowed us to semi-automate this process. 4. TUX-INTERO: The Proposed Portal TUX-INTERO is grid-enabled portal that has several basic requirements. Primarily its function is to allow users access to heterogeneous resources located in various administrative domains. Secondly, the goal of this work is not only to create a functional portal for enabling interoperation among resources but to provide resources to an end user on the basis of trustworthiness and reputation values of past transactions. To elucidate these points, a typical usecase in the form of steps that a user would take when connected to the portal, its associated requirements, and their generalization has been discussed here:  Authentication: A user logs in to the portal with a username and password, using a standard web-browser. New Users can request an account by registering with valid authentication credential(s). Then, the users will log onto a portal using a web browser and they will authenticate by means of a user-id and password. Once the user is authenticated to the portal server, it is the job of the portal server to act as the user’s proxy in most grid interactions. Consequently, the portal server must obtain a proxy certificate that it can use on behalf of the user. The standard approach is to have the user submit a proxy to a MyProxy [25] server. The portal server then retrieves the proxy from the MyProxy server and holds it for the duration of the user’s session. This process of making the user manage a key pair and submit proxy certificates to a MyProxy server is extremely unpopular with users. Once the user's authenticity is established, access to Grid resources is delegated on their behalf, by uploading a Grid credential, or by configuring the portal to access a credential repository.  Resources Selection and Job Execution: Ideally, the user should submit a requirement of resources to the grid. The users should be allowed to access only the resources that have been selected form the registry by applying a set threshold limit. The threshold limit is further calculated on the basis of the trustworthiness and reputation values of the service providers and requesters. The portal backend then creates the individual jobs from the user description and maps them to resources in such a way that the user's QoS requirements are met as per SLA signed. Thus, from the above requirements it can be seen that special attention should be paid to the following aspects of portal development:  Security: Since the user delegates’ authority to the portal and the portal potentially has many users, security is an important concern. Ideally users authentication credentials will not be stored on disk of the web server but, rather on a different machine with extra security. All connections to the web server should be made via Secure Sockets Layer (SSL) to protect usernames and passwords. The portal itself should run

ISSN: 0975-5462

3337

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343



with special permissions to reduce damage if it is compromised. Portal user accounts need only relate to the portal and not to system accounts. The usual drawback of enhanced security is in reduced ease-of-usage. Resource Discovery: With the plug-in architecture, the Resource Manager (RM) can query various types of information sources, including indexes in Grid middleware such as Globus 4 Toolkit [17] and classads in Condor [22] etc. wherein the repositories may be in the form of SQL database, XML files and web services. Therefore, it is able to support different protocols simultaneously, in order for it to gather information from these diverse information sources.

4.2 Architecture of TUX-INTERO The high level architecture of TUX-INTERO is shown in Figure 2. The Figure 2 identifies the components that make up TUX-INTERO and their interactions with each other. The main components are user interface, Credential Exchange, resource brokering and job monitoring. These high-level interactions are described below: i. The Service Requesters begins interaction by accessing the TUX-INTERO portal web interface and initiating a request. ii. Resource information is queried by the TUX-INTERO Portal via the Information services of Service Provider interface and formatted as a response to the client’s browser. The role of Information Services Interface is to provide access to the services located at various disparate grids following SOA architecture. All resources are defined as services that are accessed by the service consumer’s layers of the application. iii. In parallel, and independently of the rest of the system, the Information services take care of collecting updated resource information from the Grid and publishing that through the Service Provider Interface. This updated information then becomes immediately available for display to users. iv. The resources requested are mapped for job execution. v. After, a job has been completed the service requester and provider is requested to submit a feedback which further calculates trustworthiness and reputation of domains interacting. The key functions of the TUX-INTERO are (a) querying for information from various information services, (b) storing and retrieving resource information, and (c) presentation of resource information.  Querying Information: Information collection is the responsibility of the Resource Manager (RM). Its role is to gather information from each of the various information services in the system and to publish that information for use by other components. A plug-in architecture has been adopted so that custom adapters can be created and plugged into the system to enable the gathering of information from any type of information provider by making use of Hawkeye and Ganglia for discovery and monitoring. The information is used by querying indexes at the top which are in the form of trees. Though, a limitation encountered is that latest information may not be available. The GLUE schema is modified to accommodate resource information on the basis of trustworthiness and reputation values. 

Storing and Retrieving Information: The idea is to maintain a cache of the resources which are available instead of storing all the available resources. We are making use of SQL database to store the information.



Presenting Information: The TUX-INTERO Resource Manager component provides the user interface for all the resources to be plugged in grid. Using portlet technology, Grid resource information is presented to the user via their web browser.

4.3 Design and Development The overall design of TUX-INTERO is aimed towards enabling a representation of dynamic and heterogeneous resources by providing enough support to different information providers and allowing easy integration of new source types. The web interface of TUX-INTERO is implemented using a set of portlets. We are using Grid sphere version 2.0.10 as the portlet container for implementing the portlets. Thus, Figure 4 depicts how the TUX-INTERO portlets have been nested: Apache Tomcat is used as the servlet container, provides the necessary HTTP, HTTPS of AJP interface for communicating with the portal using a web browser.

ISSN: 0975-5462

3338

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343 GridSphere is used as the portal framework, by which developers can easily create portlets conforming to the JSR168 standard. GridSphere provides some generic portlets and portal layout management. JSR-168 [23] compliant portlets are used to implement the TUX-INTERO portal as a portable and pluggable component which can be integrated into other portals. The components are kept as modular and general purpose as possible to make the system easy to extend and adapt to, various scenarios. The TUX-INTERO portal is developed based on JSR-168 compliant portlets. TUX-INTERO Portal Portlets offer functionalities such as user authentication, job submission, resource discovery and feedback submission. 4.2 Deployment TUX-INTERO is easily deployable and installable. A simple script is provided to deploy the portlets into a portlet container running in a web server. Each information service is queried at a specified poll interval, so communication overhead is controlled by varying the length of the interval. In the remainder of this section, we look at managing and browsing the TUX-INTERO Portal. 

Customizing the Portal: The TUX-INTERO edit portlet allows administration of Grid resources and general presentation details for your portal. Here, resources can be added and removed and existing resources’ details can be modified. The advanced options allow for customization of the interactive map including its size, the part of the world to focus on and whether users should be allowed to zoom and pan.



Adding a new resource: Adding a new resource requires simply entering the hostname and then submitting the form. This will add the new resource to the list of existing resources and select it for editing so that its details can be entered.



Editing resource details: To change the properties of a resource, select the desired resource. This will present the properties of that resource in a form allowing them to be modified. The hostname and type must be set correctly for the resources information to be successfully queried by the resource manager.



Deleting a resource: Resources that are no longer part of your Grid can be deleted from the system while selected for editing. This will permanently remove the resource and all other information that was gathered.



Browsing the Portal: Once customization is complete the portal can be made available to users. The TUXINTERO Resource Manager should also be allowed to run so that the resource information can be gathered and updated for display in the portal.



Creating Resource list: The resource list is displayed to the user which he is authorized to access as per the threshold limit allowed.



Submitting Feedback: The service requester and the service provider can submit feedback information for the service accessed or volunteered.

4.4 Integration of TUX-TMS and TUX-INTERO TUX-TMS (Thapar University Extensible-Trust Management System)[26] [27] is a trust management system which calculates trustworthiness and reputation of the domain on the basis of feedback score of past transactions. TUXINTERO (Thapar University Extensible-Interoperability System)(Figure 4) is a portal which solves the challenge of interoperability on the level of resource discovery. The information services of various grid middleware provide information of dynamically available resources. These resources can be represented together in a repository. This repository can be queried by the user for a set of available resources. These resources can be discovered and mapped further, for executing jobs. The integration of TUX-TMS and TUX-INTERO has been depicted in Figure 5, wherein, a user can submit the feedback for a service used with TUX-TMS. We have detailed the architecture of TUX-INTERO in figure 5 also which has been discussed in Section 4. In summary, secure discovery of heterogeneous resources by TUX-INTERO enables users to select resources as per their choice and allows grid to be maintained securely.

ISSN: 0975-5462

3339

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343

4. Conclusions There are various portals in the market for grid access. Various features embedded in them aim at discovering resources, job submission and monitoring, credential management and running Grid resource information being made available from various sources. TUX-INTERO, provide a simple mechanism to view relevant resource information and access heterogeneous resources located in various domains connected via local resource management systems and middleware’s. There are currently a number of portals designed to discover and access resources, however, it is difficult to integrate diverse information into a single interface or customize and apply them in other scenarios or Grids. TUX-INTERO provides a highly flexible solution that allows integration with current and future information sources, as well as providing an easy mechanism for customizing which information is to be displayed and how it should be presented. Essentially, TUX-INTERO can be applied in many situations and need not be restricted to any specific middleware or Grid project or even to Grids in general. 5. Future Work and Applications In this section, we outline some potential extensions for TUX-INTERO: Integration with other middleware’s: As identified earlier, TUX-INTERO can be extended to support other middleware’s such as gLite or NorduGrid/ARC. Integration with Grid Resource Brokers: Grid resource brokers (GRBs) undertake the tasks for resource discovery, job scheduling, execution and monitoring and job output retrieval among others. Linking the portal with a GRB backend has the advantage of keeping the portal development free to focus on presentation of content to the users and leaving the complexity of resource allocation and scheduling to the broker. Grid middleware and standards are still in the process of evolution and by keeping the portal free from the vagaries of the underlying infrastructure; the cost of code maintenance is reduced. Also, portal users are able to take advantage of any new scheduling algorithms that may have been introduced by the GRB developers. Support for additional resource types: To support a larger number of existing resource types, such as Unicore [28], XGrid [29] and other arbitrary nodes via Secure Shell(SSH)[30]. Support for other types of Grid resources such as Virtual Organization systems and data nodes may also be provided in a future release. Automating resource positioning: We intend to geolocate resources based on their IP or hostname or by using their supplied global positioning coordinates. It is possible for resources to transmit their global positioning coordinates to TUX-INTERO while they are queried. Using this, the global positioning of resources could be more accurately plotted and monitored. References [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]

Menon S. (2007), Interoperability: A new Paradigm, Novell Corporate Presentation, Putrayjaya. Bode B., Halstead D., Kendall R., and Jackson D. (2000) PBS: The portable batch scheduler and the maui scheduler on linux clusters (Berkley, CA) in Proceedings of the 4th Linux Showcase and Conference; Atlanta: USENIX Press. Ahmar Abbas (2004). Grid Computing. Charles River Media, New York, USA. J. Litzkow, M. Livny, and M. W. Mukta. (1998): Condor- a hunter of idle workstations. in ICDCS ’98: Proceedings of the Eighth IEEE International Conference on Distributed Computing Systems (Washington) IEEE Computer Society, USA, pp. 104–111. Gentzsch W., (2001) Sun Grid Engine: Towards creating a compute power grid in CCGRID’01: Proceedings of the Ist IEEE Conference on Cluster Computing and the Grid (Los Alamitos, CA) IEEE Computer Society: pp. 35. MOAB Workload Scheduler: http://www.clusterresources.com/pages/products/moab-cluster-suite /workload-manager.php (accessed on June 12, 2010). Globus Toolkit: http://www.globus.org (accessed on June 10, 2010). gLite: http://glite.web.cern.ch/glite(accessed on June 12, 2010). NorduGrid: http://www.nordugrid.org (accessed on June 1, 2010). Network for Earthquake Engineering Simulation Grid: https://www.nees.org/it/(accessed on June 12, 2010). NCSA Alliance Scientific Portal Project. http://www.extreme.indiana.edu/alliance/(accessed on June 12, 2010). Barbera, R., The GENIUS Grid Portal, Computing in High Energy and Nuclear Physics, 24-28 March 2003. Allan, R., Integrated e-Science Environment for CLRC. http://www.e-science.clrc.ac.uk/ (accessed on June 12, 2010). Dahan M., Thomas M., Roberts E., Seth A., Tomislav U., (2004) GridPort: Using Globus for Grid- Enabled Web Portals in Proceedings of the 13th IEEE International Symposium on High Performance Distributed Computing (HPDC’04). 272-273. Thomas M., Dahan M., Mueller K., Mock S., Mills C.(2002) Application Portals: Practice and Experience. Grid Computing environments: Special Issue of Concurrency and Computation: Practice and Experience, 14: pp. 1427-1444. D. Gannon, G. Fox, M. Pierce, B. Plale, Grid Portals: A Scientist’s Access Point for Grid Services (DRAFT 1). Available at http://www.extreme.indiana.edu/groc/ggf-portals-draft.pdf(accessed on June 12, 2010). Novotny J., Russell M., Wehrens O.. GridSphere: A Portal Framework. GlobusWorld, 2004.

ISSN: 0975-5462

3340

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343 [18] [19] [20]

[21] [22] [23] [24] [25] [26] [27] [28] [29] [30]

Apache JetSpeed, http://portals.apache.org/JetSpeed-2/(accessed on June 10, 2010) uPortal by JA-SIG: http://www.uportal.org (accessed on June 12, 2010). Russell M., Allen G., Foster I., Seidel E., Novotny J., Shal J., Laszewski G., Daues G.,:(2002) The Astrophysics Simulation Collaboratory: A Science Portal Enabling Community Software Development ; Future Generation Computer Systems, Special issue: Advanced grid technologies, 21(2): pp. 259 – 270. Cactus Code: http://www.cactuscode.org/ (accessed on June 12, 2010). Gaussian: http://www.gaussian.com/ (accessed on June 12, 2010). MIMD Lattice Computation (MILC) Collaboration. http://www.physics.utah.edu/~detar/milc/. (accessed on June 12, 2010). P-Grade. http://portal.p-grade.hu/(accessed on June 17, 2010). MyProxy. Available at http://grid.ncsa.illinois.edu/myproxy(accessed on June 10, 2010). Shashi, Seema Bawa (2010), Reputation Enhancement in a Trust Management System, N. Meghanathan et al. (Eds.): CNSA 2010, CCIS 89, Springer-Verlag Berlin Heidelberg. pp. 440–451. Shashi, Bawa S. (2010), TUX-TMS: Thapar University Extensible-Trust Management System, International Journal of Security, CSC Journals, 4 (I): pp. 1-16. Unicore: Available at http://www.unicore.eu/ (accessed on June 10, 2010). XGrid: http://developer.apple.com/hardwaredrivers/hpc/xgrid_intro.html(accessed on June 12, 2010). Ylonen T., The Secure Shell (SSH) Authentication Protocol, RFC 4252. http://tools.ietf.org/html/rfc4252. (accessed on June 17, 2010).

Figures

Directory and Index My Proxy

Portal Server Portlet 1

Portlet 2

Portlet 3

Portlet 4

Portlet 5

Portlet 6

User

Figure1. User interaction with portal

ISSN: 0975-5462

Metadata Directory

Application Factory Event and Logging

3341

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343

Web Application Portlets

Service Consumers Interface

Information Services

Service Provider Interface

Service Providers

Service Requesters

Figure2. TUX-INTERO High level Architecture

Apache Tomcat Servlet Container

TUX-INTERO Portal Authentication

Resource Manager

Repository Repository Feedback Submission

Resource Job Management Manager

Repository

Information Services

Globus Grid

TUX-TMS

Condor Cluster

SUN N1 GE6 Cluster

Figure3. Internal architecture of TUX-INTERO

ISSN: 0975-5462

3342

Shashi Bhanwar et. al. / International Journal of Engineering Science and Technology Vol. 2(7), 2010, 3335-3343

Figure4. Login Screen

Figure5. Integration of TUX-TMS and TUX-INTERO

ISSN: 0975-5462

3343