Assessing traceability of user jobs in absence of end user certificates in glide in WMS framework

Anand Padmanabhan, Mine Altunay, Kevin Hill

Research output: Contribution to journalConference article

Abstract

A systematic traceability study was conducted on two frontend/VOs to allow certificate free access to a significant resource provider (Fermilab (FNAL)), which previously required certificates. The specific frontends evaluated are OSG-XSEDE frontend (OSG VO) (June 2013) and CHTC frontends (GLOW VO) (March 2014). Based on the careful study we reached the following conclusions. The Glide in WMS has shown to possess significant tracing capabilities. We are satisfied that the system is capable of finding a finite set of users who run jobs at a given worker node at a given timeframe. Furthermore, the system can identify a unique owner for a Grid job at a worker node for a given timeframe. There are a few corner cases discussed in Section 4 that make tracing an individual user for a given job challenging. However, the likelihood of these cases being materialized is quite low; therefore, we are confident in Glide in WMS system's ability in providing traceability information without using end user certificates. Furthermore, when we compare running jobs in Glide in WMS without certificates against running jobs with certificates, we find that both operational modes have equivalent ability in providing traceability information. Having said that some improvements to the Glide in WMS system as discussed in Section 4 can enhance the system in a positive direction. However, the absence of these improvements should not hold back sites and VOs from adopting GlideinWMS system without the end user certificates. The conclusions and recommendations were presented to FNAL security team, for evaluation, since they were the resource provider that was making a transition to accepting pilot jobs without end user certificates. The recommendations were accepted and implemented, which successfully opened up the use of opportunistic resources from FNAL to a large number of users. A simple metric we can use to evaluate the effectiveness is increased opportunistic usage of FNAL resources by the VOs that took part in the study. Figure 3 shows a sharp increase in computing usage of FNAL resources by OSG-XSEDE frontend after October 2013 when the recommendations were accepted. Figure 4 shows the spikes in the number of jobs running in the same timeframe clearly showing opportunistic usage. In summary, through this study we conclude that GlideinWMS system provides equivalent ability in providing traceability with or without certificates. Furthermore, this study shows an approach to lower the barrier to access computing resources on the Grid without much impact on traceability. In our case studies this has resulted in a spike in the number of computing hours used by this VO and a high level of user satisfaction with the Grid usage.

Original languageEnglish (US)
Article number006
JournalProceedings of Science
Volume23-28-March-2014
StatePublished - Jan 1 2014
EventInternational Symposium on Grids and Clouds, ISGC 2014 - Taipei, Taiwan, Province of China
Duration: Mar 23 2014Mar 28 2014

ASJC Scopus subject areas

  • General

Cite this

Assessing traceability of user jobs in absence of end user certificates in glide in WMS framework. / Padmanabhan, Anand; Altunay, Mine; Hill, Kevin.

In: Proceedings of Science, Vol. 23-28-March-2014, 006, 01.01.2014.

Research output: Contribution to journalConference article

@article{8ec1696289a34622ad46d6b5da7235f8,
title = "Assessing traceability of user jobs in absence of end user certificates in glide in WMS framework",
abstract = "A systematic traceability study was conducted on two frontend/VOs to allow certificate free access to a significant resource provider (Fermilab (FNAL)), which previously required certificates. The specific frontends evaluated are OSG-XSEDE frontend (OSG VO) (June 2013) and CHTC frontends (GLOW VO) (March 2014). Based on the careful study we reached the following conclusions. The Glide in WMS has shown to possess significant tracing capabilities. We are satisfied that the system is capable of finding a finite set of users who run jobs at a given worker node at a given timeframe. Furthermore, the system can identify a unique owner for a Grid job at a worker node for a given timeframe. There are a few corner cases discussed in Section 4 that make tracing an individual user for a given job challenging. However, the likelihood of these cases being materialized is quite low; therefore, we are confident in Glide in WMS system's ability in providing traceability information without using end user certificates. Furthermore, when we compare running jobs in Glide in WMS without certificates against running jobs with certificates, we find that both operational modes have equivalent ability in providing traceability information. Having said that some improvements to the Glide in WMS system as discussed in Section 4 can enhance the system in a positive direction. However, the absence of these improvements should not hold back sites and VOs from adopting GlideinWMS system without the end user certificates. The conclusions and recommendations were presented to FNAL security team, for evaluation, since they were the resource provider that was making a transition to accepting pilot jobs without end user certificates. The recommendations were accepted and implemented, which successfully opened up the use of opportunistic resources from FNAL to a large number of users. A simple metric we can use to evaluate the effectiveness is increased opportunistic usage of FNAL resources by the VOs that took part in the study. Figure 3 shows a sharp increase in computing usage of FNAL resources by OSG-XSEDE frontend after October 2013 when the recommendations were accepted. Figure 4 shows the spikes in the number of jobs running in the same timeframe clearly showing opportunistic usage. In summary, through this study we conclude that GlideinWMS system provides equivalent ability in providing traceability with or without certificates. Furthermore, this study shows an approach to lower the barrier to access computing resources on the Grid without much impact on traceability. In our case studies this has resulted in a spike in the number of computing hours used by this VO and a high level of user satisfaction with the Grid usage.",
author = "Anand Padmanabhan and Mine Altunay and Kevin Hill",
year = "2014",
month = "1",
day = "1",
language = "English (US)",
volume = "23-28-March-2014",
journal = "Proceedings of Science",
issn = "1824-8039",
publisher = "Sissa Medialab Srl",

}

TY - JOUR

T1 - Assessing traceability of user jobs in absence of end user certificates in glide in WMS framework

AU - Padmanabhan, Anand

AU - Altunay, Mine

AU - Hill, Kevin

PY - 2014/1/1

Y1 - 2014/1/1

N2 - A systematic traceability study was conducted on two frontend/VOs to allow certificate free access to a significant resource provider (Fermilab (FNAL)), which previously required certificates. The specific frontends evaluated are OSG-XSEDE frontend (OSG VO) (June 2013) and CHTC frontends (GLOW VO) (March 2014). Based on the careful study we reached the following conclusions. The Glide in WMS has shown to possess significant tracing capabilities. We are satisfied that the system is capable of finding a finite set of users who run jobs at a given worker node at a given timeframe. Furthermore, the system can identify a unique owner for a Grid job at a worker node for a given timeframe. There are a few corner cases discussed in Section 4 that make tracing an individual user for a given job challenging. However, the likelihood of these cases being materialized is quite low; therefore, we are confident in Glide in WMS system's ability in providing traceability information without using end user certificates. Furthermore, when we compare running jobs in Glide in WMS without certificates against running jobs with certificates, we find that both operational modes have equivalent ability in providing traceability information. Having said that some improvements to the Glide in WMS system as discussed in Section 4 can enhance the system in a positive direction. However, the absence of these improvements should not hold back sites and VOs from adopting GlideinWMS system without the end user certificates. The conclusions and recommendations were presented to FNAL security team, for evaluation, since they were the resource provider that was making a transition to accepting pilot jobs without end user certificates. The recommendations were accepted and implemented, which successfully opened up the use of opportunistic resources from FNAL to a large number of users. A simple metric we can use to evaluate the effectiveness is increased opportunistic usage of FNAL resources by the VOs that took part in the study. Figure 3 shows a sharp increase in computing usage of FNAL resources by OSG-XSEDE frontend after October 2013 when the recommendations were accepted. Figure 4 shows the spikes in the number of jobs running in the same timeframe clearly showing opportunistic usage. In summary, through this study we conclude that GlideinWMS system provides equivalent ability in providing traceability with or without certificates. Furthermore, this study shows an approach to lower the barrier to access computing resources on the Grid without much impact on traceability. In our case studies this has resulted in a spike in the number of computing hours used by this VO and a high level of user satisfaction with the Grid usage.

AB - A systematic traceability study was conducted on two frontend/VOs to allow certificate free access to a significant resource provider (Fermilab (FNAL)), which previously required certificates. The specific frontends evaluated are OSG-XSEDE frontend (OSG VO) (June 2013) and CHTC frontends (GLOW VO) (March 2014). Based on the careful study we reached the following conclusions. The Glide in WMS has shown to possess significant tracing capabilities. We are satisfied that the system is capable of finding a finite set of users who run jobs at a given worker node at a given timeframe. Furthermore, the system can identify a unique owner for a Grid job at a worker node for a given timeframe. There are a few corner cases discussed in Section 4 that make tracing an individual user for a given job challenging. However, the likelihood of these cases being materialized is quite low; therefore, we are confident in Glide in WMS system's ability in providing traceability information without using end user certificates. Furthermore, when we compare running jobs in Glide in WMS without certificates against running jobs with certificates, we find that both operational modes have equivalent ability in providing traceability information. Having said that some improvements to the Glide in WMS system as discussed in Section 4 can enhance the system in a positive direction. However, the absence of these improvements should not hold back sites and VOs from adopting GlideinWMS system without the end user certificates. The conclusions and recommendations were presented to FNAL security team, for evaluation, since they were the resource provider that was making a transition to accepting pilot jobs without end user certificates. The recommendations were accepted and implemented, which successfully opened up the use of opportunistic resources from FNAL to a large number of users. A simple metric we can use to evaluate the effectiveness is increased opportunistic usage of FNAL resources by the VOs that took part in the study. Figure 3 shows a sharp increase in computing usage of FNAL resources by OSG-XSEDE frontend after October 2013 when the recommendations were accepted. Figure 4 shows the spikes in the number of jobs running in the same timeframe clearly showing opportunistic usage. In summary, through this study we conclude that GlideinWMS system provides equivalent ability in providing traceability with or without certificates. Furthermore, this study shows an approach to lower the barrier to access computing resources on the Grid without much impact on traceability. In our case studies this has resulted in a spike in the number of computing hours used by this VO and a high level of user satisfaction with the Grid usage.

UR - http://www.scopus.com/inward/record.url?scp=84976321221&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84976321221&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:84976321221

VL - 23-28-March-2014

JO - Proceedings of Science

JF - Proceedings of Science

SN - 1824-8039

M1 - 006

ER -