Special Interest Area: Data
SDSC Improves TeraGrid Cyberinfrastructure
A fundamental aspect of cyberinfrastructure is the Virtual Organization (VO) management. The biggest challenge is to manage access control for thousands of users across different administrative domains. In order for a user to be granted access via Globus GSI authentication to a TeraGrid resource, the user's Distinguished Name (DN) must be present in that system's grid-mapfile. Management of GSI credentials, grid-mapfiles, Certificate Authorities (CA), and DN strings is a complex job. It's even harder to make the complicated process user friendly.
SDSC's Keith Thompson has developed a solution with "gx-map" toolkit for managing and maintaining Globus grid-mapfiles. The system is designed to automate the maintenance of grid-mapfiles, CA certificates, signing_policy files, and CRLs. It gives end users the ability to easily and securely add themselves to systems they are interested in using. Soon to be released, gx-map version 0.5.2 will interact directly with the TeraGrid Central Database (TGCDB), providing users with the ability to propagate their DNs across the TeraGrid by running a single command on any single system. Also, DNs for certificates issued by the SDSC CA are automatically propagated, with no manual intervention by either the user or an administrator.
Another important part of TeraGrid cyberinfrastructure is SDSC's Storage Resource Broker (SRB) software. SRB is a data grid application that allows users to easily and remotely manage distributed data collections. By default, a TeraGrid SRB account is created for all TeraGrid users. But until now, there has been no automated means for users to activate their accounts. SDSC's Roman Olschanowsky has developed an updater tool to do just that for SRB. Now, end users can easily manage their DN strings within SRB's grid map table by simply adding their DN string to SDSC's grid-mapfile (run gx-map on tg-login.sdsc.edu). When the SRB-account-DN-updater checks the grid-mapfile every hour for changes, it passes those changes to SRB's grid map table, activating the SRB account.
Once gx-map 0.5.2 is deployed across the TeraGrid, end users will be able to add their DNs to the SRB's grid map table by running the gx-request command on any TeraGrid system that supports it.
Roman Olschanowsky is reachable via e-mail at firstname.lastname@example.org