Speakers
Overview
While most of the research, both in science and humanities, requires a growing computational power and data storage, the access to the Grid computing resources is nowadays too complex for a non-practiced researcher.
Grid is today a very powerful tool for a few people, usually involved in big projects in physics, computational chemistry, biomedicine.
Use simplification has today become a common practice in the access and utilization of Cloud, Grid, and Datacenter resources.
Our idea is to give users a very simple tool to access the EGI Grid resources, without requiring users to be expert in computer science or distributed computing architecture.
Description of the work
With the launch of L-GRID gateway, we introduced a new way to deal with Grid portals. L-GRID is an extremely light portal developed in order to access the EGI Grid infrastructure via Web, allowing users to submit their jobs from whatever Web browser in a few minutes, without any knowledge about the underlying Grid infrastructure.
The L-GRID gateway provides a full control over the complete lifecycle of a Grid Job: certificate conversion, job submission, status monitoring, output retrieval. It provides also a very simple and customizable JDL editor.
The system is user-friendly, secure - it uses SSL protocol, mechanism for dynamic delegation and identity creation in public key infrastructures - highly customizable, open source, and easy to install; the package setup requires few MB.
The whole architecture, implemented as client-server architecture, is based on the Globus gLite Grid middleware and Java Commodity Grid Kits (CoG) library. The client side application is based on a java applet, running both on Windows, Linux and Mac operating systems; it only needs a Web browser connected to the Internet. The server relies on a Globus - gLite User Interface with a Web portal provided by an Apache/Tomcat server.
Through the implementation of a mechanism for dynamic delegation on the server side of the portal, we extend the concept of Grid to the connected clients too. The user client becomes itself part of the Grid infrastructure.
Conclusions
The L-GRID gateway, developed at the Scuola Normale Superiore in collaboration with the University of Pisa (Italy) and the Italian National Institute for Nuclear Research INFN, is intended to be a helpful tool to access Grid resources shared all around the world via a simple Web interface, using whatever operating system and browser, with no registration required at all. The portal has been chosen by the Theophys Virtual Organization as login and job submission facility for its users.
By the use of distributed Web portals, viewed as a part of the computing facilities, integrated in a Grid computing infrastructure, many user communities could be able to expand their computational power, in order to speed up the results of their research.
The results obtained encourage future developments. Further steps are represented by the integration with a MyProxy server locally hosted for long term job management.
Impact
The novel idea introduced by L-GRID has been the split into client and server of the main gLite User Interface commands. This entails an increased security level in Proxy Certificates management: it is no more necessary to send username and password to the MyProxy server for delegating a proxy certificate or have a copy of the X.509 personal certificate on the User Interface. At the same time a smallest amount of data (applications and certificates) needs to be transmitted over the network: the job input and output files are automatically compressed. In L-GRID user ID is derived from the Distinguished Name (DN) of the X.509 personal certificate.
The main differences with respect to a native User Interface are the extreme ease of use and the no-need of users registration. This way the end user needs only her/his personal X.509 certificate, issued from a Certification Authority, and an access to the Internet. The X.509 personal certificate does not get out from the local machine, strictly compliant to the EGI policies, and the gLite User Interface commands are split into client and server, increasing the security level.
An extra security improvement has been achieved by implementing a mechanism for dynamic delegation - responsible for the dynamic delegation in proxy certificates - between client and server. In our case, the MyProxy server is contacted only to renew the proxy in long term jobs. It allows to reduce the time spent for the job submission, granting at the same time a higher efficiency and a better security level in proxy delegation and management.
URL
http://wiki.sns.it/wiki/L-GRID
http://sourceforge.net/projects/l-grid/
