Web-Based Service for Remote Execution: NGI Network Design ...

Web-Based Service for Remote Execution: NGI Network Design Application Alberto E. García, Klaus D. Hackbarth, Roberto Ortiz Telematic Engineering Group - GIT/DICOM University of Cantabria Santander (Cantabria) - SPAIN [agarcia, klaus, rortiz]@tlmat.unican.es Abstract— A specific objective of the EURO-NGI Network is the development of a Macro – Tool which provides a homogeneous environment for hosting and interrelation of the software tools developed by the research labs of the network. The development of such a software environment raises several coordination and integration issues. This paper proposes tool integration under a common user access interface as an optimal solution and proposes the Web interface as the most natural option. The paper explains several innovative aspects in the field of remote software tool execution, secure access, customized interfaces and sharing environments for simultaneous execution and exposure of the main aspects of a sharing environment for network planning tools, named WeBaSeRex and its application for tasks in the EURO-NGI Network of Excellence.

II.

Sharing of software applications is a widely-used method for the introduction and presentation of applications and computer solutions. The programmer shows the characteristics and power of his/her programs distributing a limited part of the code. The user cannot access the complete program until acquiring the license for the final version. There are two forms of sharing applications: the first one uses a closed or limited code which the proprietor delivers to the interested users, while the second one provides access to a remote and/or distributed execution of the full or only slightly limited code. A freely distributed software application is named "freeware", in the case where an executable is delivered, and "open source" for the case where the source code and the corresponding algorithm is included. On the other hand, when the distributed applications are limited to a demonstration version, they are called "shareware", where these demonstration versions generally include limitations in their use. These limitations can be either a limitation in the number or times of execution and/or limitation in the capacity of calculation of the algorithms included, see [1].

Software sharing environment, remote execution, network planning tools

I.

APPLICATION SHARING

INTRODUCTION

The concept of European convergence includes the definition of collaborative environments for technology development within the high-priority actions included in the Sixth Frame Program. Excellence networks and integrated projects have to interconnect laboratories with very different characteristics, with completely independent developments and investigations. The exchange of knowledge may be difficult when the interests of each partner can be in opposition. Intellectual property, commercial commitments and other factors might block the free flow of information, limiting the collaborations to isolated and specific developments. When the exchanges of code or algorithms are impossible, only the result might be interchanged. The different forms of sharing applications facilitate the interactive exchange of results without transgressing the intellectual property rights for algorithms, simulation-programs, or source codes.

For a collaborative environment among research laboratories the "shareware" concept is sufficient for tools and knowledge exchange. During the period of active collaboration the associated limitations should be minimum or null. However, in some cases, previous developments present copyright or exclusivities associated with companies or collaborating organizations or financial institutions. In these cases the exchange is strongly limited or even impossible. Anyway, faced with the impossibility of physically sharing the application, in some cases, a time limited remote use of the application might be allowed. Under this circumstance the code or application resides in the place of the owner and its use is under the control of the programmer or proprietor of the license or copyright. The user provides all values for the input parameters which are transferred to the execution location where the software application runs the calculation with the parameters supplied. After finishing the calculation the user receives only the corresponding results. The corresponding method is generally named Remote Procedure Call (RPC), see [2].

This paper is organised as follows. Section II provides a definition of the application sharing concept and section III a state of the art description of remote execution. A complete description of the WeBaSeRex proposal appears in Section IV. Finally Section V and VI introduce some concepts about adaptation of tools and their integration within the shared applications environment.

This work is supported by the Network of Excellence EURO-NGI and by the Spanish National Research project TIC-2003-0506

NGI 2005

326

0-7803-8900-X/05/$20.00 © 2005 IEEE

III.

TECHNOLOGIES OF REMOTE EXECUTION

IV.

In recent years the techniques and protocols based on RPC have become more important due to the increased development of services based on distributed applications, such as for example e-commerce. Often the most important applications use distributed processing mainly for problems requiring large amounts of processing time. The techniques of distributed processing consist in the fragmentation of calculation intensive problems and processing them separately in different locations. The systems used are usually multiprocessor-based systems or multiple computers. This last case presents an additional problem: it requires establishing a specific communication system which carries out the delivery of input parameters among the different systems. Moreover, the collection of the corresponding results is carried out in the same way. In both systems, the main problem is to calculate a specific application in a completely remote way without any physical intervention by the user. Initially the problem of RPC applied specific protocols for these tasks [3]. These protocols allowed carrying out calls to processes previously registered in the operating system of each machine. Hence the calls to these processes require that the process is already activated. Currently distributed systems provide a previous communication process to send a specialised program to the client. When the user installs the program, it establishes a connection to obtain blocks of tasks from the main server. The technique is called “Grid Computing” [4] and it is implemented in researching studies such as for example the SETI project [5] or the Distributed.Net Project [6].

A strong application sharing implementation needs a complex communications architecture. Additionally a simple procedure call without any more control could violate the integrity of the applications. The resulting environment needs to establish a proprietary architecture that allows carrying out the application sharing in an agile and safe way. Two examples of this type of services are Rebels and Meta-Psi: Rebels (Remote Execution Based Load Balancing System) is an implementation of the approach to the load balancing for remote execution using Java modules [11]; Meta-Psi was developed at CNUCE-CNR to build Problem-Solving Environments (PSE) for the execution of complex applications on a Web-based metacomputer using LDAP (Light Directory Access Protocol) services [12]. The Network of Excellence EURO-NGI requires the implementation of various types of common collaboration spaces among all the partners, facilitating the exchange of ideas and knowledge at all levels. The members of the work package for the NGI network design tool development (WP.JRA3.4) have developed an application sharing system based on Web services, named WeBaSeRex (Web Based Service for Remote Execution), see [13]. This system allows the remote sharing of applications, without any necessity of code or executable exchanges, intermediate services as LDAP, or load balancing. WeBaSeRex implements a frame to access applications developed for the design of new generation IP networks using Web forms. The applications to be integrated are classified according to their degree of readiness. A preliminary classification distinguishes among Freeware, Shareware and Commercial, more details appear in [14].

The importance of remote processing becomes clearer observing the different solutions adopted by most commercial programming platforms. There are specific solutions that include RPC methods and extensions such as for JAVA, #NET or CORBA, and even specific platforms, such as for example GLOBUS or CONDOR, see [7], [8], [9].

Additionally, the readiness of the applications depends on the type of user that accesses the service, distinguishing between guests and full right users. Full right users have exclusive access to a fourth type of applications called Webware. This type of applications are, in most cases, commercial applications with strict limitations in the moment of acquiring licenses. The laboratories of the EuroNGI have carried out these applications with different intentions. The partners cannot usually give licenses of their programs (to respect commercial agreements with other institutions, to safeguard the corresponding know-how, to avoid the indiscriminate use or illegal copies or license cracking, etc). However, they want to show the functionalities of these applications without the limitations that a shareware version presents. The only way of maintaining intact a license is not to let that license leave its proprietor's environment. The service WeBaSeRex allows carrying out remote executions of limited program versions in a specific and fully controlled location. The input parameter files and files of results make up the information exchanged between the users of the tools and the web service. Hence neither the code nor the executable has to be exchanged in any moment. The users even ignore the physical characteristics of the executed program, and the location of the server that carries out the execution.

Most of these systems create remote objects that implement methods for their execution from other objects located in different machines. The communication among objects uses ad-hoc interfaces. The whole system includes complex administration methods for the objects and procedures and integrates the communication system using specific methods associated with each object. In these cases, the process of developing remote/distributed applications must be carried out according to the environment of the specific systems and their programming philosophy. For this reason the application of these specific RPC environments can require the partial or total re-encoding of the selected software application. On the other hand, we find simplified methods for remote execution of applications or specific commands of some programming languages. The former occurs for example in the use of RPC protocol [10]. The latter occurs when “spawn” or “rexec” commands are used under JAVA encoding schemes, see [7]. These methods are very simple to implement but they do not incorporate control over the execution memory space or the state of the processor. Also, the interruption management and the communication support are treated as independent functionalities outside the scope of the RPC solutions.

NGI 2005

WEB SERVICES FOR REMOTE EXECUTION

A. Architecture of WeBaSeRex The proposed Web service uses a specific architecture that allows maintaining at all times the integrity of all the stored

327

0-7803-8900-X/05/$20.00 © 2005 IEEE

programs. Basically the complete system consists of three Subsystems, Application Web server, Communication server and Remote server, see fig. 1. •

Application Web Server: integrated in a typical Web Server. This subsystem implements the service access module and the communication interface between the user and the shared applications. It includes a security system for user identification and for maintaining the integrity of data exchange (encryption).

•

Communications Server: It can be integrated with the Web Server in the same hardware equipment. It carries out all OAM function of the database for the shared applications. This server controls two types of communications: the administration of the application servers and the exchange of information among the Web Server and the applications. Its implementation requires robust service architecture situated in the socalled demilitarized zone (DMZ), see [15].

•

A user, accessing the WeBaSeRex service, has to carry out registration as an identified user. Depending on the registered user type, he accesses the information of shared applications for corresponding selections from a subset. Then the user completes the files for the input parameters (Web forms) and sends them to the Web Server, which generates a remote execution petition of the selected application. This petition is sent to the communication server which selects an available remote server from all those containing the shared application that are not overloaded. After having selected a remote server, the communication server generates a call to the application and the remote server executes the selected application with the received set of parameters. After finishing the calculation of the application, the remote server hands over the results to the communication server and the Web Server generates the data forms with the results that the user will receive. Fig. 2 shows the complete process. B. Access to the service: Web Server The Web server implements the first barrier of WeBaSeRex security: access control. Access to the applications depends on the user's type. Three types of users exist: anonymous, partners and full-partners.

Remote Servers: These subsystems store the shared applications. Webware applications are executed in these elements. Several localizations can exist and they can carry out executions of individual application copies. These subsystems can be allocated to the hardware equipment of the Communication Server (farm of dedicated servers).

•

Anyway, a more potent application is composed by servers located in different laboratories of the EuroNGI. These servers provide the processor time for the executions requested from different users.

Anonymous: These are visitors to the EuroNGI Web, not belonging to the consortium. This access type only allows receiving general information about the service and the applications developed by the different partners.

Remote Server Farm

Comm. Server

User

Web Server

INTERNET

Farm

Remote Server Partner#A

Remote Server #N

Remote Server Partner#B

Figure. 1. System architecture for the Web-Based Service of Remote Execution architecture

NGI 2005

328

0-7803-8900-X/05/$20.00 © 2005 IEEE

Fingerprint

Registration

Web Server

I/O Forms

MainPage

Anonymous

Fingerprint

User

Request/ Response Forms

Registration Comm. Server

Sharing Application Directory

Results Fingerprint

Remote Server

EuroNGI User

Web Server

Fingerprint

Input Param.

Fingerprint

Figure. 2. Information flow diagram of remote execution process

Request/Response Forms

Figure. 3. Web-Based Access process

•

Partners: All the partners of the EuroNGI are automatically included in this access type. Besides the general information, they get access to the tools and Freeware and Shareware applications.

•

Full-partners: This type of users has access to all the applications, included the Webware applications. The proprietors of the shared tools are automatically included in this access type.

The objective is to find an unloaded remote server among all those containing the shared application. Using the network parameters of its registration, the communication server monitors the loading state of each remote server. After finding an available and unloaded remote server, the communication server delivers the input parameters set and awaits the results. When the shared application concludes, the remote server sends the corresponding results to the Communication server for its delivery to the Web server.

The main page of the Web of the EuroNGI gives access to the service. After the general validation, WeBaSeRex generates a personalized access key. This key is used during the access session to the service. The key allows controlling the accesses, as well as maintaining the integrity of the communications using “fingerprints”, see [16].

The whole process of exchange of information among the communication server and the remote servers is completely transparent but inaccessible from the user. Moreover, while the communication lasts among the different servers, the certificate, based on the user's fingerprint, is the key of encryption of all the exchanged data.

The user's interaction with the shared application is controlled by the Web server exchanging forms, as shown in figure 3. The Web server formats and encrypts the input parameters set using the fingerprint certification. The communication server only accepts petitions with valid certificates. The generated results arrive at the Web server signed with the fingerprint, identifying the petition. The signature of the data might allow a delayed delivery of the results, for example using electronic mail.

In an environment of extreme security, the system can be configured to encrypt all the communications, including those of control, registration and monitoring of remote servers. The encryption keys are obtained starting from the fingerprint associated with each system (Web server, communication server, remote servers). D. Access to shared applications: Remote server The license owner of applications, who allows a sharing among the EURO-NGI partners, can select between two forms of installation: First to install the applications in special equipment dedicated to application sharing. This is typically a server farm located in the same or different sub-networks of the communication server. The second form is to register a proprietary machine that shares the applications when unoccupied. As we have seen this aspect is assured because the Communication server only selects remote servers with minimum values of processing time load. The hardware of the corresponding remote server is limited to a normal computer with a small resident program that activates the application sharing service. This program registers the system within the

C. Access to remote servers: Communication server When the user obtains access to the input parameter forms, the Web server generates the corresponding request that will be sent to the communication server. Really this system is a type of agent having registered all locations with equipment that contains the requested shared applications where the registered servers allow receiving execution requests. The agent writes down the parameters of the server network, which are used when the communication server receives requests from the Web server. Hence a request for a shared application execution generates a searching process in the registration register of the communication server.

NGI 2005

329

0-7803-8900-X/05/$20.00 © 2005 IEEE

communication server and it generates all the administration and security information for the communications processes.

V.

ADAPTATION OF APPLICATIONS TO THE WEBASEREX ENVIRONMENT

The system supports applications that work in background mode directly. The use of input/output files reduces the communication interface to the exchange of forms. The complete applications are usually composed of three types of modules: modules for data input, calculation modules, and data output modules. The main functionality of WeBaSeRex is allowing access to the calculation modules.

E. Sharing of applications: Remote applications The main problem of remote execution of applications is the definition of communication interfaces that allow accessing all functions of the user program interface similar to the case of a terminal mode application. The current remote terminal applications, such as for example VNC [17], Remote Desk of Windows [18], etc., could be valid solutions in controlled environments (virtual or closed private networks). Fig. 4 shows a typical configuration of a remote server.

These calculation modules usually present their own input/output interfaces (files, memory maps, etc.). Applications only require providing a shortcut to that module. If the input/output interface can be implemented using Web forms, a user needs to know and to indicate the content of these forms. WeBaSeRex requires implementing the corresponding forms and carrying out the call to the procedure.

Anyway, the security requirements, and the need to control the subset of functionalities to which a user can access, makes it recommendable to impose limitations. The user/application interaction is limited in open environments such as EuroNGI taking into account that the communication network is a public Internet e.g. the high speed research network among the European universities Geant [19]. The current implementation of the WeBaSeRex system limits access to applications in command mode. The calls to the applications are carried out directly on the operating system. The input interface and output of the application are implemented in the Web server, using forms and files that will be passed through the line of commands (standard input and output devices). Calling interactive applications is possible using interfaces adapted to the WeBaSeRex service (using pre-defined forms to serialize the exchange of information).

Fig. 5 shows an example of an application adapted to the shared application environment. This program is a basic topology design tool called SWINET [20]. Initially SWINET was only executable in a closed environment. All the associated functionalities were integrated inside the program. Nowadays SWINET has been adapted to the shared application environment. The main program is a “freeware” shell from where the user accesses the I/O data and graphical interface. A WeBaSeRex remote server stores all the calculation modules, such as for example, ring topology calculation.

Register App. A App.B App.C App.D App.E

-Busy -Busy -Empty

App. D RS_1* RS_2 RS_2 RS_2 RS_1* None

dSA

App. A RS_1

Reg. RS_2 Fingerprint

User Fingerprint

Request App. A

Request App. A Comm. Server

App. A App. B Results + RS_2 Fingerprint

RS_2

App. C

Figure.4. Interrelation between Communication Server, Remote Servers and Shared Applications

NGI 2005

330

0-7803-8900-X/05/$20.00 © 2005 IEEE

The application is based on remote calculation modules, e.g. ring calculation algorithms. User makes the management of input files and parameters of execution and the program hand the control to the remote execution agent.

I/O interface: Coded from C, Java, CGI, html sources. Controls manage I/O appication parameters

Figure. 5 Application example

VI.

provides access to the corresponding tools developed or provided within the Euro-NGI project. Using WeBaSeRex the access to this specific Portal is always performed from the general Euro-NGI Web site in a transparent way. Moreover, the sharing environment maintains all the shared program integrities, according to the partners’ intellectual property rights. The spreading excellence is assured without risks for the partners’ knowledge integrity.

INTEGRATION OF APPLICATIONS USING WEBASEREX

The final objective of WeBaSeRex coincides with the WP JRA3.4 of the EuroNGI objectives: to develop a tool for the design of Next Generation Internet networks. The design of a common tool, based on multiple contributions from different partners, implies a lot of problems because the development process is completely different from the traditional software engineering process. As a first solution we propose an integration of the individual modules provided by each partner by means of an appropriate common collaboration environment. We strongly believe that the described WeBaSeRex system provides the adequate platform for this common network tool design. Algorithms, program modules or complete programs can be used in a completely remote way, without necessity of integrating all the codes in a specific program. The definition of interfaces adapted for each module, allows the communication among the different modules in a direct way or using ad-hoc forms.This combination allows an integration with a sufficient interactivity among the developers and, later on, the user. Although the users access through a Web-based scenario, they will have the sensation of accessing a complete tool. An additional result is that this shared environment allows modulating, updating and extending the tool at any time and the user always gets access to the last version without requiring a software up-date.

REFERENCES [1]

ASP: “What is Shareware”: from Web site of Association of Shareware Professionals), http://www.asp-shareware.org/users/faq.asp, last update Jan 2005 [2] Birrell, A.D. & Nelson, B.J. "Implementing Remote Procedure Calls." ACM Transactions on Computer Systems 2, 1, 39-59, Feb. 1984. [3] Barkley, J: “Comparing Remote Procedure Calls”, http://hissa.nist.gov/rbac/5277/, Oct 1993 [4] http://www.gridcomputing.com/, last update Oct 2004 [5] Seti@Home: Search for Extraterrestrial Intelligence http://setiathome.ssl.berkeley.edu/, last update Feb 2005 [6] Distributed.net Project: http://www.distributed.net/ , last update Jan 2005 [7] Sun MicroSystems: “Getting Started Using RMI”. http://java.sun.com/products/jdk/1.2/docs/guide/rmi/getstart.doc.html, 1999 [8] Liang-Jie Zhang,Yao Chung, Qun Zhou: “Developing Grid computing applications”, IBM T.J. Watson Research Center, http://www106.ibm.com/developerworks/library/gr-grid1/ , Nov 2002 [9] “The Condor® Project Homepage”, http://www.cs.wisc.edu/condor/ , last update Feb 2005 [10] RFC 1050: “RPC: Remote Procedure Call Protocol specification”, 1988 [11] G. Haring, G. Kotsis, A. Puliafito, O. Tomarchio:”REBELS: REmote Execution BasEd Load-balancing System”, 2nd European International Conference on Parallel and Distributed Systems (EURO-PDS’98), Vienna (Austria), July 1998. [12] Ranieri Baraglia and Domenico Laforenza: “Meta : A Web-based Metacomputing Problem-Solving Environment for building Complex Applications”, ERCIM News No.45 -

The access limitations to the block maintained by WeBaSeRex only depend on the readiness of applications shared by the partners. VII. CONCLUSION Considering all aspects discussed in this paper, we conclude that the WeBaSeRex service is a valid implementation frame for the web-based portal of NGI Planning and design tools.. This environment is mainly optimised for information exchanges and communication among partners in the field of planning tools. Furthermore, it

NGI 2005

331

0-7803-8900-X/05/$20.00 © 2005 IEEE

http://www.ercim.org/publication/Ercim_News/enw45/baraglia.html , April 2001 [13] “WP.JRA.3.4 Development of a European Network Design Tool for NGI”, WP Description from EuroNGI, http://eurongi.enst.fr/archive/61/JRA.3.4.pdf , Dec. 2004 [14] García A.E., Hackbarth K.D.,.Portilla J.A, Ortiz R.: “Collaborative Environment for Tool Sharing in the Framework of Euro-NGI Network of Excellence”, 2nd International Working Conference on Performance Modelling and Evaluation of Heterogeneous Networks HET-NETs'04, 2004 [15] Edward S.: “The Guarddog Handbook”, 2003 http://www.simonzone.com/software/guarddog/manual2/index.html , last update Dec 2004

NGI 2005

[16] McClure S., Scambray J., Kurtz G.: “Hacking Exposed: Network Security Secrets & Solutions”, McGraw-Hill Osborne Media, 1999 [17] SourceForge.Net: “Ultr@VNC - Remote Control for All”, http://ultravnc.sourceforge.net/index.htm , last update June 2004 [18] Microsoft: “Remote Desktop Connection Software”, http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx, Oct 2001 [19] Geant Project, http://www.dante.net/server/show/nav.007008, 1999 [20] García, A.E., Hackbarth K.D.: “SWINET: Switched Network Emulation: Logical Network Structure Design and Access/Backbone Topology Planning”, 2nd International Conference on Telecomm. and E-Commerce (ICTEC), Nashville - Tennessee (USA), 1999

332

0-7803-8900-X/05/$20.00 © 2005 IEEE