Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Applications on Demand Service - architecture"

From EGIWiki
Jump to navigation Jump to search
Line 1: Line 1:
{{Template:Op menubar}} {{Template:LTOS_menubar}} {{TOC_right}}  
{{Template:Op menubar}} {{Template:LTOS_menubar}} {{TOC_right}}  
= Technical and architecture details  =


== User Registration Portal  ==
== User Registration Portal  ==

Revision as of 22:39, 7 April 2017

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Applications on Demand Service menu: Home Documentation for providers Documentation for developers Architecture




User Registration Portal

The User Registration Portal (URP) of the platform is hosted by CYFRONET in Poland and serves as the entry point for users. The portal offers login with social or EGI SSO accounts, and allow users to manage their profiles, resource requests and a central hub to access the connected science gateways. The portal is used by the user support team to review user profiles and to evaluate the users' resource requests. The portal is accessible at http://access.egi.eu.

Available resources

Current available resources grouped by categories:

  • Cloud Resources:
    • 167 vCPU cores
    • 244 GB of RAM
    • 6TB of object storage


  • High-Throughtput Resources:
    • ~13Million HEPSPEC
    • 1.4 TB of disk storage


Type Name Description
Cloud and storage

INFN Catania (upgrading to OpenStack Mitaka in progress)

INFN-CATANIA-STACK site capacity:


  • Number of Virtual CPU cores: 20 
  • Memory: 50GB
  • Scratch/ephemeral storage: 1 TB
  • Public IP addresses: 10
  • Middleware: Openstack
  • Access mode: Opportunistic
INFN Bari

RECAS-BARI site capacity:

  • Number of Virtual CPU cores: 15 
  • Memory: 30GB
  • Scratch/ephemeral storage: 1 TB
  • Middleware: Openstack
  • Access mode: Opportunistic
BIFI

BIFI site capacity:

  • Number of Virtual CPU cores: 100 
  • Memory: 100GB
  • Scratch/ephemeral storage: 2 TB
  • Middleware: Openstack
  • Access mode: Opportunistic
CESGA

CESGA site capacity:

  • Number of Virtual CPU cores: 32
  • Memory: 64GB
  • Scratch/ephemeral storage: 2TB
  • Middleware: OpenNebula
  • Access mode: Pledged
High-Throughput Compute and Storage

INFN Catania 

GILDA-INFN-CATANIA site capacity: High-Throughput Compute

  • Opportunistic computing time [HEPSPEC-hours]: 1M
  • Max job duration [hours]: 72
  • Min local storage [GB] (scratch space for each core used by the job): 10
  • Min physical memory per core [GB]: 10 GB
  • Other technical requirements: 
  • Middleware: gLite CREAM-CE

File Storage    

  • Opportunistic storage capacity [GB]: 100
INFN Bari

INFN-Bari site capacity:

High-Throughput Compute

  • Opportunistic computing time [HEPSPEC-hours]: 0.5M
  • Max job duration [hours]: 48
  • Min physical memory per core [GB]: 2 GB
  • Middleware: gLite CREAM-CE

File Storage    

  • Opportunistic storage capacity [GB]: 100
CYFRONET-LCG2

CYFRONET-LCG2 site capacity:

High-Throughput Compute

  • Opportunistic computing time [HEPSPEC-hours]: 5M
  • Max job duration [hours]: 72
  • Min physical memory per core [GB]: 3GB
  • Middleware: gLite CREAM-CE and QCG

File Storage    

  • Opportunistic storage capacity [GB]: 500
BEgrid-ULB-VUB

BEgrid-ULB-VUB site capacity:

High-Throughput Compute

  • Opportunistic computing time [HEPSPEC-hours]: 5M
  • Max job duration [hours]: 72
  • Min physical memory per core [GB]: 10GB
  • Middleware: gLite CREAM-CE

File Storage    

  • Opportunistic storage capacity [GB]: 500GB
CESGA

CESGA site capacity:

High-Throughput Compute

  • Opportunistic computing time [HEPSPEC-hours]: 1M
  • Max job duration [hours]: 100
  • Min physical memory per core [GB]: 1GB
  • Middleware: gLite CREAM-CE

File Storage    

  • Opportunistic storage capacity [GB]: 2TB


The HTC, cloud and storage resources of the platform are federated through the 'vo.access.egi.eu' Virtual Organisation of EGI (VO).

Technical details of this VO are the following:

Per-user sub-proxies

The purpose of a per-user sub-proxy (PUSP) is to allow identification of the individual users that operate using a common robot certificate. A common example is where a web portal (e.g., a scientific gateway) somehow identifies its user and wishes to authenticate as that user when interacting with EGI resources. This is achieved by creating a proxy credential from the robot credential with the proxy certificate containing user-identifying information in its additional proxy CN field. The user-identifying information may be pseudo-anonymised where only the portal knows the actual mapping.

Example of a Per-User Sub-Proxy (PUSP): 

subject   : /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX/CN=user:test1/CN=1286259828
issuer    : /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX/CN=user:test1
identity  : /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX
type      : RFC3820 compliant impersonation proxy
strength  : 1024
path      : /home/XXXXX/proxy.txt
timeleft  : 23:59:15
key usage : Digital Signature, Key Encipherment, Data Encipherment
=== VO training.egi.eu extension information ===
VO        : training.egi.eu
subject   : /C=IT/O=INFN/OU=Robot/L=Catania/CN=Robot: EGI Training Service - XXXXX
issuer    : /DC=org/DC=terena/DC=tcs/OU=Domain Control Validated/CN=voms1.grid.cesnet.cz
attribute : /training.egi.eu/Role=NULL/Capability=NULL
timeleft  : 23:59:17
uri       : voms1.grid.cesnet.cz:15014

E-Token Server

The platform adopted the e-Token server [1] as a central service to generate PUSPs for science gateways. In a nutshell the e-Token server is a standard-based solution developed by and hosted in INFN Catania for central management of robot certificates and provisioning of digital, short-term proxies from these, allowing seamless and secure access to e-Infrastructures with X.509-based Authorisation layer.

The e-Token server uses the standard JAX-RS framework [2] to implement RESTful Web services in Java technologies and provides, to the end-users, portals and new generation of Science Gateways, a set of REST APIs to generate PUSPs given a unique identifier. PUPS are usually generated starting from standard X.509 certificates. These digital certificates have to be uploaded into one of the secure USB smart cards (e.g. SafeNet Aladdin eToken PRO 32/64 KB) and plugged in the server.

The e-Token server was conceived for providing a credential translator system to Science Gateways and Web Portals that need to interact with the EGI platform for the long-tail (and in general with any e-Infrastructure).

[1] Valeria Ardizzone, Roberto Barbera, Antonio Calanducci, Marco Fargetta, E. Ingrà, Ivan Porro, Giuseppe La Rocca, Salvatore Monforte, R. Ricceri, Riccardo Rotondo, Diego Scardaci, Andrea Schenone: The DECIDE Science Gateway. Journal of Grid Computing 10(4): 689-707 (2012)

[2] Java API for RESTful Web Services (JAX-RS): https://en.wikipedia.org/wiki/Java_API_for_RESTful_Web_Services

Policies

Acceptable Use Policy (AUP) and Conditions of Use of the 'EGI Applications Platform'

EGI Applications Platform Security Policy

Links for administrators

User approval:

  1. Approve affiliation: https://access.egi.eu:8888/modules#/list/Affiliations
  2. Approve resource request: https://e-grant.egi.eu/ltos/auth/login

Gateway and support approval:

Monitoring:

Accounting:

  • Accounting data of platform users: From the EGI Accounting Portal it is possible to check the accounting metrics generated for both grid- and cloud-based resources supporting the vo.access.egi.eu VO. From the top-menu click on 'Restrict View' and 'VO Admin' to check the accounting data of platform users.


Retrieved from "https://wiki.egi.eu/w/index.php?title=Applications_on_Demand_Service_-_architecture&oldid=94033"