Security on the Grid

(Graphic - Open Science Grid map) A powerful new vision of computing—called grid computing—is becoming a reality. Although the web now facilitates data access, it is limited by storage and computing capabilities. Grid computing takes one step further by connecting servers around the world, pooling resources and sharing computing power and data storage. Today's grids are invaluable tools for large-scale scientific projects like the Large Hadron Collider (LHC).

"Grid computing spans across organizations and across countries," said Bob Cowles, SLAC's Computer Security Officer. "Developing such a grid is a very difficult problem, and the LHC experiments are depending on grids for all their analyses when the machine becomes operational at the end of the year." Cowles also works with the Open Science Grid (OSG), a distributed computing infrastructure for scientific research. SLAC is a charter member of the OSG.

A primary example of grid computing is SLAC's role as a Tier 2 computing center for the ATLAS (A Toroidal LHC ApparatuS) Collaboration. In this capacity, SLAC and other institutions will provide computing resources for the entire scientific community. Grid software is still rapidly evolving, but eventually researchers will be able to take advantage of computing power from every corner of the planet. "You don't care where the job gets run," Cowles said. "You just send it off and you get your results back."

One of the most difficult challenges of grid computing is security for thousands of worldwide users. In a fashion similar to what is used for web security, a researcher who wants to access the grid is issued a digital form of identification called a certificate. This allows experiments to ensure that only authorized researchers use their grid resources and allows Cowles and other security officers to track down suspicious cyber-behavior.

Without the grid, researchers need computer accounts specific to the particular computing facility they are using—BaBar, for example, might require a researcher to get separate accounts at SLAC, the Rutherford Appleton Laboratory (RAL) in the UK, the Institut National de Physique Nucléaire et de Physique des Particules (IN2P3) in France, and the Istituto Nazionale di Fisica Nucleare (INFN) in Italy. But once computing resources are unified on a grid, users will only need one certificate to use the computing facilities of dozens of institutions.

Cowles' role in developing grid security involves finding security standards that are acceptable to both researchers and computing facilities in all parts of the world. This is a complicated endeavor, as it requires substantial coordination across many organizations with differing computer security models.

"Grid computing is forcing us to find new ways to deal with security and how grid participants find new ways to enhance trust and reduce risk," Cowles said. "It's a big change for SLAC and the entire scientific community."

More information:
Grid computing
Open Science Grid
ATLAS experiment

—Marcus Woo, March 2, 2007

Handy Links

SLAC News Center

SLAC Today

SLAC News

Lab News

SLAC Links

Stanford

Around the Bay

Security on the Grid



Handy Links SLAC News Center News Center home page SLAC Today SLAC Today Subscribe Archives: Feb 2006-May 20, 2011 Archives: May 23, 2011 and later Submit Feedback or Story Ideas About SLAC Today SLAC News SSRL Headlines symmetry magazine TIP Archives Lab News Interactions Lightsources.org ILC NewsLine Int'l Science Grid This Week Fermilab Today Berkeley Lab News @brookhaven TODAY DOE Pulse CERN Courier DESY inForm US / LHC SLAC Links Emergency Safety Policy Repository Site Entry Form Site Maps M & O Review Computing Status & Calendar SLAC Colloquium SLACspeak SLACspace SLAC Logo Café Menu Flea Market Web E-mail Marguerite Shuttle Discount Commuter Passes Award Reporting Form SPIRES SciDoc Activity Groups Library Stanford Stanford University Stanford Report Stanford Events Life on Campus Around the Bay Bay Area Traffic Bay Area Weather Caltrain BART	Security on the Grid A powerful new vision of computing—called grid computing—is becoming a reality. Although the web now facilitates data access, it is limited by storage and computing capabilities. Grid computing takes one step further by connecting servers around the world, pooling resources and sharing computing power and data storage. Today's grids are invaluable tools for large-scale scientific projects like the Large Hadron Collider (LHC). "Grid computing spans across organizations and across countries," said Bob Cowles, SLAC's Computer Security Officer. "Developing such a grid is a very difficult problem, and the LHC experiments are depending on grids for all their analyses when the machine becomes operational at the end of the year." Cowles also works with the Open Science Grid (OSG), a distributed computing infrastructure for scientific research. SLAC is a charter member of the OSG. A primary example of grid computing is SLAC's role as a Tier 2 computing center for the ATLAS (A Toroidal LHC ApparatuS) Collaboration. In this capacity, SLAC and other institutions will provide computing resources for the entire scientific community. Grid software is still rapidly evolving, but eventually researchers will be able to take advantage of computing power from every corner of the planet. "You don't care where the job gets run," Cowles said. "You just send it off and you get your results back." One of the most difficult challenges of grid computing is security for thousands of worldwide users. In a fashion similar to what is used for web security, a researcher who wants to access the grid is issued a digital form of identification called a certificate. This allows experiments to ensure that only authorized researchers use their grid resources and allows Cowles and other security officers to track down suspicious cyber-behavior. Without the grid, researchers need computer accounts specific to the particular computing facility they are using—BaBar, for example, might require a researcher to get separate accounts at SLAC, the Rutherford Appleton Laboratory (RAL) in the UK, the Institut National de Physique Nucléaire et de Physique des Particules (IN2P3) in France, and the Istituto Nazionale di Fisica Nucleare (INFN) in Italy. But once computing resources are unified on a grid, users will only need one certificate to use the computing facilities of dozens of institutions. Cowles' role in developing grid security involves finding security standards that are acceptable to both researchers and computing facilities in all parts of the world. This is a complicated endeavor, as it requires substantial coordination across many organizations with differing computer security models. "Grid computing is forcing us to find new ways to deal with security and how grid participants find new ways to enhance trust and reduce risk," Cowles said. "It's a big change for SLAC and the entire scientific community." More information: Grid computing Open Science Grid ATLAS experiment —Marcus Woo, March 2, 2007