Hardware Reference
In-Depth Information
for replicating data, managing the admission of new members and resources to the
grid, accounting, and maintaining the policy databases of who can use what.
Still further up is the application layer , where the user applications reside. It
uses the lower layers to acquire credentials proving its right to use certain re-
sources, submit usage requests, monitor the progress of these requests, deal with
failures, and notify the user of the results.
Security is the key to a successful grid. Resource owners nearly always insist
on maintaining tight control of their resources and want to determine who gets to
use them, for how long, and how much. Without good security, no organization
would make its resources available to the grid. On the other hand, if a user had to
have a login account and password on every computer he wanted to use, using the
grid would be unbearably cumbersome. Consequently, the grid has had to develop
a security model to handle these concerns.
A key characteristic of the security model is the single sign-on. The first step
in using the grid is to be authenticated and acquire a credential, a digitally signed
document specifying on whose behalf the work is to be done. Credentials can be
delegated, so that when a computation needs to create subcomputations, the child
processes can also be identified. When a credential is presented at a remote ma-
chine, it has to be mapped onto the local security mechanism. On UNIX systems,
for example, users are identified by 16-bit user IDs, but other systems have other
schemes. Finally, the grid needs mechanisms to allow access policies to be stated,
maintained, and updated.
In order to provide interoperability between different organizations and ma-
chines, standards are needed, in terms both of the services offered and of the proto-
cols used to access them. The grid community has created an organization, the
Global Grid Forum, to manage the standardization process. It has come up with a
framework called OGSA ( Open Grid Services Architecture ) for positioning the
various standards it is developing. Wherever possible, the standards utilize exist-
ing standards, for example, using WSDL (Web Services Definition Language) for
describing OGSA services. The services being standardized currently fall into
eight broad categories as follows, but no doubt new ones will be created later.
1. Infrastructure services (enable communication between resources).
2. Resource management services (reserve and deploy resources).
3. Data services (move and replicate data to where it is needed).
4. Context services (describe required resources and usage policies).
5. Information services (get information about resource availability).
6. Self-management services (support a stated quality of service).
7. Security services (enforce security policies).
8. Execution management services (manage workflow).
 
Search WWH ::




Custom Search