11-14 April 2011
Radisson Blu Hotel Lietuva, Vilnius
Europe/Vilnius timezone


11 Apr 2011, 09:00
Radisson Blu Hotel Lietuva, Vilnius

Radisson Blu Hotel Lietuva, Vilnius

Konstitucijos pr. 20 LT - 09308 Vilnius, Lithuania
Poster Poster Posters


Dr DANIELE LICARI (Scuola Normale Superiore) Dr FEDERICO CALZOLARI (Scuola Normale Superiore - INFN)

Description of the work

With the launch of L-GRID gateway, we introduced a new way to deal with Grid portals. L-GRID is an extremely light portal developed in order to access the EGI Grid infrastructure via Web, allowing users to submit their jobs from whatever Web browser in a few minutes, without any knowledge about the underlying Grid infrastructure.
The L-GRID gateway provides a full control over the complete lifecycle of a Grid Job: certificate conversion, job submission, status monitoring, output retrieval. It provides also a very simple and customizable JDL editor.
The system is user-friendly, secure - it uses SSL protocol, mechanism for dynamic delegation and identity creation in public key infrastructures - highly customizable, open source, and easy to install; the package setup requires few MB.
The whole architecture, implemented as client-server architecture, is based on the Globus gLite Grid middleware and Java Commodity Grid Kits (CoG) library. The client side application is based on a java applet, running both on Windows, Linux and Mac operating systems; it only needs a Web browser connected to the Internet. The server relies on a Globus - gLite User Interface with a Web portal provided by an Apache/Tomcat server.
Through the implementation of a mechanism for dynamic delegation on the server side of the portal, we extend the concept of Grid to the connected clients too. The user client becomes itself part of the Grid infrastructure.


The novel idea introduced by L-GRID has been the split into client and server of the main gLite User Interface commands. This entails an increased security level in Proxy Certificates management: it is no more necessary to send username and password to the MyProxy server for delegating a proxy certificate or have a copy of the X.509 personal certificate on the User Interface. At the same time a smallest amount of data (applications and certificates) needs to be transmitted over the network: the job input and output files are automatically compressed. In L-GRID user ID is derived from the Distinguished Name (DN) of the X.509 personal certificate.
The main differences with respect to a native User Interface are the extreme ease of use and the no-need of users registration. This way the end user needs only her/his personal X.509 certificate, issued from a Certification Authority, and an access to the Internet. The X.509 personal certificate does not get out from the local machine, strictly compliant to the EGI policies, and the gLite User Interface commands are split into client and server, increasing the security level.
An extra security improvement has been achieved by implementing a mechanism for dynamic delegation - responsible for the dynamic delegation in proxy certificates - between client and server. In our case, the MyProxy server is contacted only to renew the proxy in long term jobs. It allows to reduce the time spent for the job submission, granting at the same time a higher efficiency and a better security level in proxy delegation and management.


While most of the research, both in science and humanities, requires a growing computational power and data storage, the access to the Grid computing resources is nowadays too complex for a non-practiced researcher.
Grid is today a very powerful tool for a few people, usually involved in big projects in physics, computational chemistry, biomedicine.
Use simplification has today become a common practice in the access and utilization of Cloud, Grid, and Datacenter resources.
Our idea is to give users a very simple tool to access the EGI Grid resources, without requiring users to be expert in computer science or distributed computing architecture.




The L-GRID gateway, developed at the Scuola Normale Superiore in collaboration with the University of Pisa (Italy) and the Italian National Institute for Nuclear Research INFN, is intended to be a helpful tool to access Grid resources shared all around the world via a simple Web interface, using whatever operating system and browser, with no registration required at all. The portal has been chosen by the Theophys Virtual Organization as login and job submission facility for its users.
By the use of distributed Web portals, viewed as a part of the computing facilities, integrated in a Grid computing infrastructure, many user communities could be able to expand their computational power, in order to speed up the results of their research.
The results obtained encourage future developments. Further steps are represented by the integration with a MyProxy server locally hosted for long term job management.

Primary authors

Dr DANIELE LICARI (Scuola Normale Superiore) Dr FEDERICO CALZOLARI (Scuola Normale Superiore - INFN)

Presentation Materials