On Feb 9, 2009, at Feb 9, 7:11 AM, Thomas Leitner wrote:
Hi!
As I am new to the community and also to Globus I have some question
(maybe basic ones):
1) If writing a Grid Service, is it possible to determine the user
and/or the virtual organization of the user?
Yes - The user or VO is identified by the DN in their credential.
Here are some links for reading about that.
http://www-unix.globus.org/toolkit/docs/4.0/security/key-index.html
http://www-unix.globus.org/toolkit/docs/4.0/security/key-index.html#s-security-key-certificates
There is info on the authorization framework which is used to get the
user's identity and authorize them.
http://www-unix.globus.org/toolkit/docs/4.0/security/authzframe/developer-index.html
2) I am trying to understand how the communication between the
client and GRAM and furthermore between GRAM and the resource which
the job will be run. If I understand correctly, the GRAM looks at
the RSL-Job description, determines the resources that are able to
run the job (how?) and sends the job to the correct resource (the
scheduler of the resource does the further work, I assume). Is there
any authentication/authorization model between the GRAM and the
resource the job will be run on? (Because the GSI is only applicable
between the user and the grid or am I wrong)
Key concepts doc on GRAM is here:
http://www-unix.globus.org/toolkit/docs/4.0/execution/key/index.html
GRAM is not a metascheduler. At the GRAM layer, there is no decision
making. The GRAM service is configured to interface with a local
resource manager. For a user's job request (that includes the job
description), GRAM will submit and monitor an LRM job and send
notifications about the job status.
There are other clients (metaschedulers) that interface with gram to
process a users workload (jobs).
Swift, GridWay, Condor-G, MyCluster, GEMLCA, UK AHE, Falkon, ...
Then there are others that are creating Science Gateways (portals) and
use GRAM under the covers:
http://www.teragrid.org/gateways/
SCEC, LEAD, OLSGW, Astroseismology gateway.
A few are written up here: http://www.globus.org/solutions/
OLSGW and einst...@home (a BOINC applications),
3) Maybe this is a very basic question as I started to read about
Globus a short time ago, I wanted to know if it is possible for a
grid job to connect to a resource that is outside the grid? If it is
possible it would be nice if you can give me a hint how the
authorization/authentication between the grid job at a resource and
the resource outside the grid works.
You are asking about delegation. Yes, it is possible and some do it.
In GRAM, you can delegate a credential that can then be used by the
application specified in the gram job. The application can use this
delegated credential to further contact a grid service outside of the
cluster that your application is running on. Provided that the
cluster allows connections to be made outside of the cluster.
Thanks in advance for responding and helping me to get into Globus.
Kind regards,
Thomas Leitner
