Transcript swimglobus5
SWiM-Globus : Secure Wireless Mobile (SWiM) Grid Computing Using Globus Toolkit 3.0 Xueying Chen and George Massoud ([email protected] and [email protected]) CS218 Fall 2003 Project Tutor: JieJun Kong ([email protected]) Professor Mario Gerla ([email protected]) Outline Background and Problem Grid computing & Mobile wireless computing SWiM Marriage of grid computing & wireless computing Design Implementation Globus Toolkit Registration and Connect Components Conclusions Grid Computing: Large-scale resource sharing Example Web Service vs. Grid Service (e.g., Globus’ Open Grid Services Architecture, OGSA) Web service Interface to persistent state of a single domain Subject to centralized control Pure application layer business Grid service Interfaces to transient states of distributed activities Subject to de-centralized coordination But not subject to centralized control A middleware between applications and the network Problem Statement IP protocol stack: an “hourglass” applications IP media Simple network IP layer scalable Internet “end- to-end argument”: new functions not easy to add inside network, but on end terminals Cross-domain/subnet mobility Mobile-IP [Perkins], complexity totally in IP layer End-to-end mobility [Snoren], changes TCP protocol Our design choice: grid middleware, no change to standard IP protocol stack Node can roam across SWiM grids while keep application/computing alive Marrying Mobile Wireless Computing with Grid Computing 1. Both applicable to large scale networks In particular, around the Internet 2. Resource sharing in different local domains not subject to centralized control But should be coordinable in service provisioning 3. Such coordination rely on standard, open, general-purpose protocols/interfaces IPv4 (de facto network layer) Globus (de facto grid computing standard) Modeling Wireless LANs as SWiM Grids • An autonomous WLAN becomes a grid by running Globus • This grid becomes a SWiM-Grid by running SWiM-Globus • SWiM-Grid can expand to global scale when more and more WLANs join • Any IPv4-conforming wireless node can roam across any SWiM-Grids Design: Zero IP stack change Basic SWiM-Grid Standard IPv4 stack, no extra supports (i.e., IPv4+TCP/UDP only, no Mobile IP/IPv6 or DHCP/RADIUS/Kerberos etc.) Satiated SWiM-Grid Has extra supports SWiM must be consistent with both scenarios IPNL (IP Next Layer, P.Francis SIGCOMM 2001) Use Network Address Translation (NAT) Tolerate any foreign address Scalable, efficient, expand local IP space High Level Design Flow Registration coordinates with NAT-box Establish connection Use your current SWiM-Grid to register Becomes a Grid: Globus Open source downloadable from www.globus.org Currently version 3.0.2, installed in our home computers, Netlab3.cs.ucla.edu, and a laptop functioning as escort Secure resource allocation, management, directory service, communication, fault detection, and portability Done! Globus’ Grid Architecture “Coordinating multiple resources”: ubiquitous infrastructure services, appspecific distributed services “Sharing single resources”: negotiating access, controlling use “Talking to things”: secured communication (Internet protocols) “Controlling things locally”: Interface access to, & control of, resources Collective Application Resource Connectivity Fabric Transport Internet Link Internet Protocol Architecture Application Becomes SWiM-Grid: SWiM-Globus SWiM-grid Registration Service to coordinate NAT-boxes Collective Single NAT-boxes realized Resource A NAT-box with secure communication capability Connectivity Interface to realize a raw NAT in operating system kernel and network interfaces Fabric Application Transport Internet Link Internet Protocol Architecture Application SWiM Implementation Using Globus Components: Registration Page: provide client web-based GUI to request token Registration Service: implemented using Globus OGSA Service. Authentication Issue Token to client. Coordination for NAT-Box Factory Service. Client Connect GUI: Java application. Connect user to NAT-box NAT-Box Service: Verify Client IP/Token Network Address Translation Coordination between client and secured LAN Globus Factory Service Registration Service Instance Registration Service Factory Registration Service Instance Registration Service Instance Globus Grid uses factory approach (e.g. OGSA web service) Client A Encapsulated Individuals do not Client B interfere with each other Transient Client C Has States and history Secure and robust Create New Instance Client D SWiM-Globus Grid Service Work Flow Client Invalid Credentials: Request Error Valid Message Credentials: Anonymous to Client Token Issue Token to Client (using web GUI) Registration Service Authentication Failed Authentication Success Invalid IP/Token Present Token Client (using Client Connect GUI) Notify Client IP Modify NAT-Box Anonymous Token IP Table NAT Box SWiM-Grid Low-end Interface: SWiM-Globus Fabric Layer Input from the client: Client Choosen IP Anonymous Token Grid service information IPv4 address 128 bit Long Integer The complete service name Generate Script to modify the IP table: /sbin/iptable /sbin/iptable /sbin/iptable /sbin/iptable -A -A -A -t OUTPUT -d Client-chosenIP -j ACCEPT FORWARD -d Client-chosenIP -j ACCEPT FORWARD -s Client-chosenIP -j ACCEPT nat -A POSTROUNTING -o eth0 -j MASQUERADE Implementation: Inner 3 layers Registration Service as NAT-box coordinator Implemented on OGSA (Open Grid Service Architecture) Globus’ Grid augmentation for Web services Mobile nodes connect to Web frontend Globus OGSA service Coordinate NATboxes upon successful registration Data Flow: Inner 3 Layers Input to Registration Service From the Client Credentials Client choosen IP Start-Date/Time End-Date/Time String IPv4 Date:Hour:Minute Date:Hour:Minute Output From Registration to the Client ESSID Anonymous Token Grid Service Information 2-254 128bit Long Integer The complete service name Notification From Registration Service to the NAT Server Service Client IP Anonymous Token Start-Date/Time End-Date/Time IPv4 128bit Long Integer Date Hour:Minute Date Hour:Minute High-end Interface: SWiM-Globus Application Layer Register Client implemented using Tomcat to allow user request token from any standard Web browser Demo? Future Work Create an open source archive for SWiMGlobus-1.0 (reference to Globus-Toolkit 3.0.2) Persistent connection handoff No change on IP and TCP Transparent to end terminals (i.e., no change to both ends’ states) Use coordinable NAT-boxes in-between the two ends to handle transitions