Information Technology Reference
In-Depth Information
software. The OSG provides a software distribu-
tion called the Virtual Data Toolkit (VDT) (“Virtual
Data Toolkit,”). This includes a packaged, tested
and supported collection of middleware for par-
ticipating compute and storage nodes, as well as
a client package for end-user researchers.
The OSG also provides support and infra-
structure services to collect and publish infor-
mation from participating sites, and to monitor
their resources. These services are provided by
the OSG Grid Operations Center (GOC) (“OSG
Grid Operations Center,”). The GOC provides a
single point of operational support for the OSG.
The GOC performs real time grid monitoring and
problem tracking, offers support to users, devel-
opers and systems administrators, maintains grid
services, and provides security incident responses.
It manages information repositories for Virtual
Organizations (VOs) and grid resources.
and encrypted (using GSI). This information is then
made public in two ways (Padmanabhan, 2007):
1. Class-ads are published to a Condor match-
maker service called the Resource Selection
Service (ReSS), which allows Condor cli-
ents to select appropriate resources for job
submission.
2. The Berkeley Database Information Index
(BDII) collects this information for resource
brokering. It tracks status of each participat-
ing cluster in terms of available CPUs, free
CPUs, supported VOs, etc.
The Glue Schema provides a more detailed
list of attributes supported in this scheme. For the
purposes of this study, we concentrate on those
attributes published by GIP that may be deemed
sensitive by certain sites. This includes:
•
Operating
System
version/patch
INFORMATION COLLECTION IN OSG
information
•
Authentication method (grid-mapfile,
GUMS)
There are currently five major information collec-
tion systems in the OSG, which rely on informa-
tion feeds from sites to centralized servers. The
following is a description of each of these services,
and an analysis of the information being published
by them from a site security perspective.
•
Underlying job-manager and batch system
information
•
Internal system paths
In some sense, publication of this information
is essential to a site's successful participation in
the grid. However, a site must understand the
implications of making this information public.
Prior to joining the grid, much of this information
was inherently under the control of the site, and
limited to people under its own administrative
domain. As such, administrators must be aware of
any conflicts with the current site security policy
and requirements that may have been drafted prior
to participation in the grid.
Additionally, a site may only want to provide
this information up to a desired level of detail.
Since the GIP software will publish all available
information in its default mode, a site may want
Resource Selection Information
In the OSG framework, the Generic Information
Provider (GIP) (Field, 2008) gathers site resource
information. GIP aggregates static and dynamic
resource information for use with LDAP-based
information systems. Information published is
based on the Glue Schema (Glue Working Group,
2007). The CEMon (Compute Element Moni-
tor) (Sgaravatto, 2005) service is responsible for
publishing this information to a central OSG
information collector service called the CEMon
Consumer. CEMon connections are authenticated
Search WWH ::
Custom Search