AASCI - Distributed Computing Environments
Production Support Facility Tri-Lab Collaborative Computing |
The Tri-Lab Distributed Computing team (a consortium of computer scientists from Lawrence Livermore, Los Alamos, and Sandia National Laboratories) is collaborating on a project to provide a common set of distributed computing services at each of the three laboratories to facilitate the joint development and use of terascale applications. These distributed computing services are structured to give users a single view of the unique ASCI high-performance computing resources in a secure, user-authenticated environment with a common home directory. Impact The success of the ASCI Problem Solving Environment (PSE) depends greatly on the use of a common set of distributed computing software across the ASCI complex to smoothly extend the computational reach of customers from their desktops to the unique resources installed at any of the Tri-Lab sites. The middleware component of the PSE is the Open Software Foundation's Distributed Computing Environment (OSF/DCE). We are planning to support all user services and PSE layered products (e.g., Distributed Resource Management, High Performance Storage System, Distributed Visualization, Scientific Data Management) over the DCE components. The Open Software Foundation's Distributed Computing Environment
(OSF/DCE) provides services and tools that support the creation, use, and maintenance of
distributed applications in a heterogeneous computing environment. Distributed computing
involves the cooperation of two or more machines communicating over a network. DCE
provides services that allow distributed applications to interact securely with a
collection of possibly heterogeneous computers, operating systems, and networks as if they
were a single system. |
Multi-Site Infrastructure |
DCE Production Cells DCE production cells are administrative domains of server machines that offer DCE core and distributed file services, and client processes that make use of these services. The DCE core services include the Security Service, Cell Directory Service, Global Directory Agent, and Time Service. All use POSIX threads to process multiple requests concurrently and the DCE Remote Procedure Call (RPC) for secure communication with the client processes. The DCE Project team will leverage the availability of the DCE core services on multiple vendor operating systems and configure the services to provide consistency across the three laboratories. Because much of the ASCI work is classified, the most important of the core services is the Security Service. The Tri-Lab environment requires a common, network-based, secure authentication and authorization mechanism to support the common environment. Inter-cell trust relationships enable a user with a single authentication sign-on, with no transmission of clear text passwords over the network, to access those ASCI resources for which the user is authorized. Each Need To Know group will have the responsibility for creating and maintaining the access control lists (ACL), which limit the exposure of the group's shared information. Efforts in early FY97 will concentrate on providing secure and consistent access to the Options Red and Blue initial delivery machines from any Tri-Lab site. This requires accreditation of DCE in the Tri-Lab (SecureNet) environment, interoperability with Kerberos clients, and the establishment of inter-cell trust relationships. We will also refine production systems, upgrade to DCE 1.2.1, and prepare for upgrade to DCE 1.2.2. |
DCE-Web product plans |
Distributed File Service (DFS) Production Servers The
Distributed File Service (DFS) is the foremost DCE application because its tight
integration with DCE provides a secure, location-independent, and efficient means of
building a global file system. Any user in the ASCI Tri-Lab environment can share data by
placing it in the global namespace. The data is then accessible to a userŠspecified list
of authorized clients. DCE Web Several commercial products based on the DCE Web technology are being evaluated for their utility in exchanging sensitive and classified information via the World Wide Web. This technology offers secure communication using the DCE RPC between any commercial Web browser and the Wand (Web and DCE) server. In addition, it provides access protection down to the URL level for any information stored on the server. DCE Desktop Deployment The services offered by the DCE cells will be useful to the customers and their organizations only if we make a concerted effort to integrate the local computing environments and desktops at each site into the DCE. Our goal is to make the transition to full desktop use of DCE as painless as possible; therefore, a major effort will be undertaken to put DCE on users' desktops in various organizations supporting ASCI and to build system manager DCE knowledge in those environments. Object-based Distributed Computing Environments DCE is a major part of the Problem Solving Environment and is the only complete distributed environment with integrated security and file systems. Object-based technologies are, however, of more interest to some developers of distributed applications for ASCI. The Legion Project, partially funded by ASCI, is one such object-based environment that needs to be integrated into the ASCI distributed environment. The Common Object Request Broker Architecture (CORBA) and use of CORBA by such systems as POOMA must also be integrated into the ASCI distributed environment. We don't expect to completely solve these issues in FY97, but progress in this area is essential to make these environments useful for ASCI. |
For more information, contact: Bob Tomlinson, LANL, bob@lanl.gov Barry Howard, LLNL (lead PI), bhoward@llnl.gov Doug Brown, SNL, cdbrown@sandia.gov | SAND96-2659C |
Joanne Perra: Webmaster |
Kay Rivers: Designer/Author |