TY - JOUR
T1 - Assessing traceability of user jobs in absence of end user certificates in glide in WMS framework
AU - Padmanabhan, Anand
AU - Altunay, Mine
AU - Hill, Kevin
N1 - Publisher Copyright:
© Copyright owned by the author(s) under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike Licence.
PY - 2014
Y1 - 2014
N2 - A systematic traceability study was conducted on two frontend/VOs to allow certificate free access to a significant resource provider (Fermilab (FNAL)), which previously required certificates. The specific frontends evaluated are OSG-XSEDE frontend (OSG VO) (June 2013) and CHTC frontends (GLOW VO) (March 2014). Based on the careful study we reached the following conclusions. The Glide in WMS has shown to possess significant tracing capabilities. We are satisfied that the system is capable of finding a finite set of users who run jobs at a given worker node at a given timeframe. Furthermore, the system can identify a unique owner for a Grid job at a worker node for a given timeframe. There are a few corner cases discussed in Section 4 that make tracing an individual user for a given job challenging. However, the likelihood of these cases being materialized is quite low; therefore, we are confident in Glide in WMS system's ability in providing traceability information without using end user certificates. Furthermore, when we compare running jobs in Glide in WMS without certificates against running jobs with certificates, we find that both operational modes have equivalent ability in providing traceability information. Having said that some improvements to the Glide in WMS system as discussed in Section 4 can enhance the system in a positive direction. However, the absence of these improvements should not hold back sites and VOs from adopting GlideinWMS system without the end user certificates. The conclusions and recommendations were presented to FNAL security team, for evaluation, since they were the resource provider that was making a transition to accepting pilot jobs without end user certificates. The recommendations were accepted and implemented, which successfully opened up the use of opportunistic resources from FNAL to a large number of users. A simple metric we can use to evaluate the effectiveness is increased opportunistic usage of FNAL resources by the VOs that took part in the study. Figure 3 shows a sharp increase in computing usage of FNAL resources by OSG-XSEDE frontend after October 2013 when the recommendations were accepted. Figure 4 shows the spikes in the number of jobs running in the same timeframe clearly showing opportunistic usage. In summary, through this study we conclude that GlideinWMS system provides equivalent ability in providing traceability with or without certificates. Furthermore, this study shows an approach to lower the barrier to access computing resources on the Grid without much impact on traceability. In our case studies this has resulted in a spike in the number of computing hours used by this VO and a high level of user satisfaction with the Grid usage.
AB - A systematic traceability study was conducted on two frontend/VOs to allow certificate free access to a significant resource provider (Fermilab (FNAL)), which previously required certificates. The specific frontends evaluated are OSG-XSEDE frontend (OSG VO) (June 2013) and CHTC frontends (GLOW VO) (March 2014). Based on the careful study we reached the following conclusions. The Glide in WMS has shown to possess significant tracing capabilities. We are satisfied that the system is capable of finding a finite set of users who run jobs at a given worker node at a given timeframe. Furthermore, the system can identify a unique owner for a Grid job at a worker node for a given timeframe. There are a few corner cases discussed in Section 4 that make tracing an individual user for a given job challenging. However, the likelihood of these cases being materialized is quite low; therefore, we are confident in Glide in WMS system's ability in providing traceability information without using end user certificates. Furthermore, when we compare running jobs in Glide in WMS without certificates against running jobs with certificates, we find that both operational modes have equivalent ability in providing traceability information. Having said that some improvements to the Glide in WMS system as discussed in Section 4 can enhance the system in a positive direction. However, the absence of these improvements should not hold back sites and VOs from adopting GlideinWMS system without the end user certificates. The conclusions and recommendations were presented to FNAL security team, for evaluation, since they were the resource provider that was making a transition to accepting pilot jobs without end user certificates. The recommendations were accepted and implemented, which successfully opened up the use of opportunistic resources from FNAL to a large number of users. A simple metric we can use to evaluate the effectiveness is increased opportunistic usage of FNAL resources by the VOs that took part in the study. Figure 3 shows a sharp increase in computing usage of FNAL resources by OSG-XSEDE frontend after October 2013 when the recommendations were accepted. Figure 4 shows the spikes in the number of jobs running in the same timeframe clearly showing opportunistic usage. In summary, through this study we conclude that GlideinWMS system provides equivalent ability in providing traceability with or without certificates. Furthermore, this study shows an approach to lower the barrier to access computing resources on the Grid without much impact on traceability. In our case studies this has resulted in a spike in the number of computing hours used by this VO and a high level of user satisfaction with the Grid usage.
UR - http://www.scopus.com/inward/record.url?scp=84976321221&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84976321221&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:84976321221
SN - 1824-8039
VL - 23-28-March-2014
JO - Proceedings of Science
JF - Proceedings of Science
M1 - 006
T2 - International Symposium on Grids and Clouds, ISGC 2014
Y2 - 23 March 2014 through 28 March 2014
ER -