Grid Meter | March 2006

MORE ENTRIES

March 2006

March 31, 2006 | Comments: (0)

It's been a while since I collided my favorite subjects of Grid computing and embedded systems in consumer devices, but this Reuters article made it all bubble to the top again.

Cable TV provider, Cablevision has a plan to offer a digital video recording service that can replace DVR boxes. The key word here is service, as in lieu of a piece of dedicated hardware.

This new service will allow cable TV subscribers to record programs on Cablevision Systems' network servers, instead of on hard disk based video recorder set top boxes.

The primary motivation for offering this as a service is to cut the costs of deployment and maintenance of physical resources in widely distributed locations.

All that sound familiar?

I've long said that the largest collection of distributed computational resources, on a per seat basis are the digital set top boxes of the big cable companies. Granted the seats are rather anemic when compared to the number crunchers and disk farms we usually mention in the same breath as Grid, however, the network is one that lives under the auspices of a single entity which makes deployment concerns and security issues much more manageable.

Management of distributed data as the foundation for a virtualized application. If it quacks like a duck it might just be a duck ...

Posted by Greg Nawrocki on March 31, 2006 11:55 AM

March 29, 2006 | Comments: (0)

I recently obtained a copy of a new book, Globus Toolkit 4, Programming Java Services by Borja Sotomayor and Lisa Childers. Yes I know it's been out a while, but having been through Borja's on-line GT4 Programmer's tutorial, upon which some of this book is based, I really wanted to give it a good read so I could truly appreciate it.

First off, this book is way more than the original GT4 Programmer's tutorial, but I'll get to that. I suspect that this tutorial is a frame of reference for many out there, not just myself, so lets start there. The topics covered in the GT4 Programmer's tutorial are non-trivial, at least to me. I have been through the on-line version and I sure would have liked to have this book by my side back then! Like my daughter's stuffed hippo that travels with her nearly everywhere, it is not absolutely necessary for survival, but when you get a little frustrated it sure can bring comfort.

As an extrapolation to the GT4 Programmer's tutorial, this book not only adds a few chapters, but an entire section on GT4 security and it's application to the information in the GT4 Java WS Core chapters. There is also a section with an entirely new example, a resource brokering system that has real world enterprise applications.

Don't forget the appendices, which are worth their weight in gold as a quick reference to many topics. Like my daughter does with her stuffed hippo, next time I am working with the Globus Toolkit I may just tear the appendices out of the book and sleep with them by my side.

Now all the above being said I have still not touched upon what I like most about this book. The very first part on key concepts and the first chapter in the GT4 security section are amongst the best and most concise explanations of those topics I have ever read, and believe me, I've read plenty. The explanations on key concepts of grid computing, OGSA, WSRF and Web Services may indeed be just the medicine the confused Grid masses need to make the light bulb go on it their heads. Likewise the chapter on fundamental security concepts which touches on topics including the three pillars of secure communication, cryptography, public key systems and certificates is recommended reading not just for aspiring Grid pros, but anyone looking to understand these important security concepts in a few short pages.

If you buy this book for nothing more than the first 39 pages, and the first 12 pages of the GT4 Security section, you will walk away happy.

Posted by Greg Nawrocki on March 29, 2006 10:39 AM

March 23, 2006 | Comments: (0)

Service Attack on Sun Grid

One of the promises of Grid -- as a platform for distributed, virtualized applications -- is that it will deliver a quality of service beyond simple hosted applications.

Yesterday, on its maiden voyage, Sun Grid was hit by a denial of service attack. (Stephen Shankland at CNET broke the story yesterday evening).

The value proposition for companies to go outside of their corporate firewalls for compute horsepower or data storage is greatly diminished if there is a question mark around reliability of service. In Sun's defense, I understand that sometimes service interruptions "just happen," and a chain is only a strong as its weakest link. And in this particular case, the service that was attacked was publicly exposed instead of being available only to members of the club.

However, every time my service provider drops a call on my mobile phone I'm quick to blame the phone itself and toss it aside in disgust. Hopefully Sun's prospective customers will overlook the snag and make the leap of faith.

The timing on this denial of service attack -- so immediately after the official, highly-promoted launch -- was a cruel twist of fate. And kudos to Sun for pushing the envelope with a truly public grid.

However, when we in the community use the term Grid, we need to all make sure that it is more than just the same old hosted apps with the same old problems.

Posted by Greg Nawrocki on March 23, 2006 08:01 AM

March 20, 2006 | Comments: (0)

Grid and Virtualization finding common ground in Linux

Novell's Brainshare event kicked off today, and early on, virtualization themes are taking the limelight. Most notably so far, Dell has announced (according to this Eric Lai article on Computerworld) that it will offer Novell ZENworks for Linux servers.

In the Grid community, there has been a lot of discussion recently about the synergies between Grid and virtualization ... and there are also some pilot proof of concept projects underway.

It will be interesting to watch whether Linux continues to be the common ground that brings the Grid and virtualization communities together

Adam Fineberg, Vice President of Engineering at Levanta, sees some specific technical reasons why Linux has become the most widely used OS for Grid environments:
"Some of the key aspects of an operating system that you really need take advantage of in a Grid computing environment are the networking and file systems. The networking side is very important because of the large number of nodes, the need to quickly / easily add more nodes, exchange information between the nodes with low latency, as well as access shared storage systems and devices. Linux does very good 'zero copy' networking, meaning that once the data reaches the network stack, it doesn't have to be copied again all the way through the rest of the operating system. That really keeps the networking efficient in Linux systems.

With respect to file systems -- because of the very strong interface that's defined within Linux, there are a great number of file systems that are available for you. And that's something that's fairly unique to the Linux OS. Most of the operating systems don't actually have a large number of file systems available for them, other than some standard ones like NFS. That makes it relatively easy to pick a file system that's well-suited for your particular application. So having access to, for instance, XFS or JFS -- which are two very high performance file systems that have good characteristics, but by the same token have very different implementations and therefore very different operating characteristics -- you can optimize by choosing the file system that's best suited for your application."

The embracing of Linux by the Grid / Virtualization community boils down to being able to understand the boundary values of this set of complex use-case equations. Linux, being open source, lets you get at the raw OS kernel code. This gives you access to the "boundaries" of the OS, the way it interfaces to applications and the hardware. An intimate understanding of these boundary conditions are critical to Grid and Virtualization.

Posted by Greg Nawrocki on March 20, 2006 09:19 AM

March 16, 2006 | Comments: (0)

Georgetown U. Tackles Grid Security with Shibboleth

Five years ago, Georgetown University -- home to numerous leading medical research facilities, such as the Lombardi Comprehensive Cancer Center -- did not have a core computational facility, let alone a Grid in place.

But in a short while, their Advanced Research Computing (ARC) team has not only created a shared computing infrastructure for Georgetown researchers -- but is also one of the leading contributors to the National Cancer Institute's caBIG collaborative research Grid project.

Because Georgetown's Grid so quickly grew from scratch, the administrative pains of scaling the security were pretty immediate.

"Every time we'd stand up a cluster, it would have its own user base," said Arnie Miles, Systems Architect. "We were using local accounts, and creating tiny administrative domains. And we quickly realized that while (Condor) has functionality to span across these Beowulf clusters -- it was all IP or host database security, and it was too labor intensive. And after administrative configurations were complete, it didn't meet our security requirements."

Georgetown tackled the security scale issue by hiring an identity management expert to work with the ARC team. Chad La Joie had previously spent years developing and managing an identity management infrastructure at Virginia Tech. With the ARC team, he saw an opportunity to apply Shibboleth in the healthcare arena.

Shibboleth has a trust fabric mechanism based on the SAML 2.0 metadata file.
It's a public key infrastructure (PKI) that allows for simpler trust negotiation with a service provider. As it goes to connect to the identity provider, certificates get passed and verified. The response that gets sent back is an XML document which is digitally signed, again using the public and private key pairs obtained in the certification process, to sign and verify the data. This metadata describes each service provider, each identity provider, and all of their PKI information. It is really a simple and elegant method to configure the necessary trust.

"We saw Shibboleth's potential for importing and making available to the Grid the identities, attributes, and credentials of the researchers participating in the Grid at Georgetown," said La Joie. "Shibboleth is a way to make it easier for them to participate -- not having to know about all of the certificates or deal with all of those issues."

Posted by Greg Nawrocki on March 16, 2006 06:17 AM

March 15, 2006 | Comments: (0)

MyProxy Brings Single Sign-On Security to the Grid

For Grid professionals, managing credentials, certificates and private keys across multiple administrative domains can get pretty complicated and tough to scale.

Increasingly, the community is leveraging MyProxy -- an open source solution for managing x.509 PKI security credentials. MyProxy certificates provide single sign-on, and allow the user to easily unlock a private key and establish a proxy credential for use throughout the day in his/her Grid sessions.

"One of the reasons we like to plug MyProxy in to different systems is to get closer to this holy grail of single sign-on, where a user doesn't have different islands of single sign-on - a Grid single sign-on, a web single sign-on, a Kerberos single sign-on," said Jim Basney, Senior Research Scientist with the National Center for Supercomputing Applications. "With one single sign-on, I can retrieve additional credentials for the different security protocols as required."

MyProxy was originally developed by Jason Novotny, Steve Tuecke and Von Welch in 2000.

Basney added that as Grid evolves into enterprise, there is not a single security solution that's going to fit in all cases.

"To support secure collaboration, you need translation services and bridging services between different security mechanisms, protocols and credential formats," said Basney. "I think we're seeing a lot of good work in web services creating bridges between X.509 PKI credentials and SAML credentials."

Posted by Greg Nawrocki on March 15, 2006 07:35 AM

March 14, 2006 | Comments: (0)

On Cisco's role in the "digital home" ...

Long time readers of this blog will know of my affinity to combine my current world of Grid computing, with my previous world of consumer electronics, particularly as applied to home entertainment. In the digital world in which we live, media data is just that... data.

In that spirit I found this Newsweek article to be pretty interesting:

While I'm not completely sold on his target application, John Chambers does lean on the themes of data virtualization and telepresence, areas where Grid computing in it's non-compute Grid forms has seen some traction.

"...according to Chambers, television, telephone and Web services will flow into living rooms over the same fat Internet pipe. Consumers will exert as much control over their TVs as they now have over their Web browsers, ordering from a limitless menu of programming."

But how fat does that pipe need to be? In an interview last year, Bob Aiken from Cisco showed that one of Cisco's strengths is to think beyond raw bandwidth, using examples that reach right into the living room.

"With other types of applications, like in gaming, some of the problems they worry about are different. The problem they're primarily concerned with is the latency of how they do cache coherency which has the players state information. They have information about the players and information about their locations and state in the game, but you can't have that all in one server - so they put it on multiple servers, and you have to have the cache coherancy associated with that person playing the game at that time and it needs to be distributed quickly. It's not necessarily a lot a lot of data that they're pushing, but the latency is important-and the way they're caching it addresses how to move a player from one kind of a node to another node, and it's all done internal to the system. In this case, the operating system and the network have merged to become a gaming system."

We've all heard about "the battle for the living room." In fact, after being bombarded with this phrase on a daily basis while in the consumer electronics / set top box space, I still have a bout of nausea when I hear it. One of the key points that really resonated with me was in the following quote from the article.

Another quote from the MSN article: "Chambers doesn't simply want to join the race for the digital home of the 21st century, he wants to own the racetrack all the ways in which data flow into, out of and around the home."

As Chambers alludes to, the real battle shouldn't be over the living room at all, but over the driveway and the foyer. You can't get into the living room without first going through the front door.

Posted by Greg Nawrocki on March 14, 2006 06:46 AM

March 13, 2006 | Comments: (0)

Open Source Identity Management and the Grid

For all the vendor hype around single sign-on and federated identity, enterprises still tend to face significant administrative challenges when they try to interoperate with various other identity systems (such as NIS, OpenID, SXIP, etc.).

IBM and Novell's joint announcement earlier this month about their efforts around the Higgins Trust Framework -- an identity meta system built on open standards and open source -- was exciting to the Grid community, whose security challenges tend to be even more identity-specific than the average enterprise's.

"The biggest challenge in Grid security is how to cross administrative domains in a well understood way," said Frank Siebenlist, Senior Software Architect with the Globus Alliance.

Open identity efforts such as the Higgins Trust framework are interesting to Grid developers, because they present the possibility of abstracting multiple identity systems behind a single, open interface that can more easily be written to.

"We're looking at open source as a foundation so that a community of developers can work with user-centric identity, and no one gets locked into a proprietary system," said Nataraj Nagaratnam, Chief Architect for Identity Management at IBM.

The great promise of Grid in resource virtualization presents some unique challenges. Not so much in the technology itself, but in the wide scope of implementations that the technology is applied to. While issues of security have always presented potential stumbling blocks for Grid, it has also been an area where "the right people" have been in place to overcome such obstacles. In fact, it seems as though we only hear about these Grid security challenges because they have been solved.

Posted by Greg Nawrocki on March 13, 2006 08:48 AM

March 13, 2006 | Comments: (0)

Univa Names New CEO

According to the Chicago Sun-Times, Grid start-up Univa -- aka "the Red Hat of The Globus Toolkit" -- today announced a new CEO.

Mike Ellis, formerly a VP with Oracle and i2 Technologies (a supply chain vendor), has a deep background in enterprise sales (including international sales and channel programs). Ellis replaces Steve Tuecke, the co-founder of Univa (along with Ian Foster), and the original chief architect of the Globus Toolkit. Tuecke will resume duties as CTO of Univa.

For the last six months, Tuecke has led Univa through funding ($8mil), in addition to juggling the technical decisions for the company's flagship product (Univa Globus Enterprise). With the move, Tuecke can focus 100% of his energies on the product and strategic technology partner alliances.

Ellis' enterprise sales chops will come into play immediately as Univa carves out its revenues in the emerging enterprise Grid market.

With Ellis now at the helm, and Tuecke able to spend the bulk of his time in the engine room, better keep an eye on this ship.

Posted by Greg Nawrocki on March 13, 2006 08:46 AM

March 09, 2006 | Comments: (0)

Simplifying the Grid Security Experience

In geology and microscopy, Grid users are showing interest in a new GSI credential management and integration project -- GAMA (Grid Account Management Architecture) that 'makes Grid security as easy to use as any commercial web site, while maintaining the security and delegation capabilities of GSI.'

According to Kurt Mueller, one of the technical leads on the project:

"Grid systems rely on a collection of back-end software packages to create and manage Grid credentials for users. Installation and maintenance of these packages can be complicated for system administrators, and oftentimes users are required to explicitly manage their own Grid credentials through command-line interfaces. Our idea was to package the required tools together, make them easy to install, and then provide a nice user interface for users to request accounts, and for administrators to manage the whole account approval process. We provide a web services interface to the entire server infrastructure, so that the Grid can be accessed by many different types of client applications, including web portals, stand-alone applications, handheld devices, etc.
Basically, GAMA unifies a number of Grid components into a single tool, making Grid security as easy to use as any commercial Web site while maintaining the security and delegation capabilities of GSI. It provides an appropriate, simplified interface to end users, and to portal and application developers."

Mueller and his colleagues are currently working on the GAMA 2 release, which seeks to continue to reduce the administrative hassles of scaling Grid security, and provide a more extensible framework.

"This technology was used by the projects we supported, but of course there may be other people who want use the software that have their own existing infrastructures; they may already have a certificate management system, they may already have users with certificates in place, and they may have additional sorts of systems that are already installed at their locations. They may have an LDAP server that they use for authentication. They may support SRB, and they may need SRB accounts for users. So GAMA 2 has removed all of the hard coding of the very specific technologies we implemented for GAMA 1 and has replaced that with a plug-in system whereby people who use and implement GAMA at their site can, without much difficulty, create a custom plug-in that will do whatever task they need. They can create a plug-in for their existing LDAP authentication infrastructure, or they can create a plug-in to interface with their SRB account system, for example.
Unlike GAMA 1, which has a singular log-in function, GAMA 2 includes the notion of sequences of tasks that are designed in a work flow manner to perform a single function. With GAMA 2, a log-in could consist of retrieving a credential from MyProxy, opening a socket connection to an SRB server, and retrieving some other information from an LDAP server all at once. So the administrator of GAMA will be able to combine smaller tasks into more complex sequences and make those available, through simple Web services interfaces, to any applications or portals or other GAMA clients. We are increasing the ability of GAMA significantly and making it easier to use and integrate with existing infrastructures."

Posted by Greg Nawrocki on March 9, 2006 08:53 AM

March 06, 2006 | Comments: (0)

HP Expected to Announce ChinaGrid Project Efforts ...

Last week, Kenneth Li at Reuters weighed in on the opportunities for US IT vendors trying to tap into the market in China, and cited a whopping, "near double-digit economic growth" for the country in 2005. For the vendors that can get past the red tape, there's a lot of gold in them thar hills.

In the Grid world, some U.S. vendors are planting seeds for future success in China by participating in the ChinaGrid project (pdf), one of the world's largest Grid implementations (seeking to support more than 290 million Chinese students and researchers). ChinaGrid is pretty analogous to the TeraGrid effort here in the U.S., albeit on a slightly smaller scale (TeraGrid has 50 teraflops of compute power; ChinaGrid has 15). Most of ChinaGrid's applications have a heavy research flavor (image processing, bioinformatics, large scale information processing, etc.) -- however, ChinaGrid also supports online courses for remote students, and it would appear that the door is open for other content-delivery types of applications as well.

Tomorrow, HP's Beijing Lab is expected to announce their recent contributions to the China Grid (according to the release, "HP has had an established presence in China for more than 20 years and powers many of the IT systems of the country's universities"). For ChinaGrid -- HP's ProLiant and Integrity servers apparently provide a substantial portion of the Grid's compute power. HP is also developing security software agents and participating in the construction of a monitoring system.

For all of the concern about the government bureaucracy that must be navigated to penetrate the Chinese market -- tech vendors are wise to participate in projects like ChinaGrid. And Apple and Microsoft proved how successful it is to put an emerging technology into students' hands. As one Slashdot reader recently pointed out, "[b]oth Apple and Microsoft realize that the toys people have in college become the toys they demand in real life."

If ChinaGrid does start bundling in more content delivery / entertainment applications -- that sure plays out well for a company like HP, with such a broad range of enterprise and consumer technologies.

Posted by Greg Nawrocki on March 6, 2006 11:05 AM

Technology White Papers

InfoWorld Technology Marketplace

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert