The Trellis security infrastructure for overlay metacomputers and bridged distributed file systems

Authors:
Paul Lu;Michael Closson;Cam Macdonell;Paul Nalos;Danny Ngo;Morgan Kan;Mark Lee
Affiliations:
Department of Computing Science, University of Alberta, Edmonton, Alta., Canada;Department of Computing Science, University of Alberta, Edmonton, Alta., Canada;Department of Computing Science, University of Alberta, Edmonton, Alta., Canada;Department of Computing Science, University of Alberta, Edmonton, Alta., Canada;Department of Computing Science, University of Alberta, Edmonton, Alta., Canada;Department of Computing Science, University of Alberta, Edmonton, Alta., Canada;Department of Computing Science, University of Alberta, Edmonton, Alta., Canada
Venue:
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Year:
2006

Citing 10
Cited 0

Andrew: a distributed personal computing environment

Communications of the ACM - The MIT Press scientific computation series
SSH, The Secure Shell: The Definitive Guide

SSH, The Secure Shell: The Definitive Guide
A National-Scale Authentication Infrastructure

Computer
Practical Heterogeneous Placeholder Scheduling in Overlay Metacomputers: Early Experiences

JSSPP '02 Revised Papers from the 8th International Workshop on Job Scheduling Strategies for Parallel Processing
Security in Plan 9

Proceedings of the 11th USENIX Security Symposium
User-Level Remote Data Access in Overlay Metacomputers

CLUSTER '02 Proceedings of the IEEE International Conference on Cluster Computing
Security for Grid Services

HPDC '03 Proceedings of the 12th IEEE International Symposium on High Performance Distributed Computing
Decentralized user authentication in a global file system

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Distributed computing in practice: the Condor experience: Research Articles

Concurrency and Computation: Practice & Experience - Grid Performance
Bridging local and wide area networks for overlay distributed file systems

WORLDS'05 Proceedings of the 2nd conference on Real, Large Distributed Systems - Volume 2

Quantified Score

Hi-index	0.00

Visualization

Abstract

Researchers often have non-privileged access to a variety of high-performance computer (HPC) systems in different administrative domains, possibly across a wide-area network. Consequently, the security infrastructure becomes an important component of an overlay metacomputer: a user-level aggregation of HPC systems. The Trellis security infrastructure (TSI) is layered on top of the widely-deployed secure shell (SSH) and systems administrators only need to provide unprivileged accounts to the users. The contribution of TSI is in demonstrating that a single sign-on (SSO) system, for a variety of use-case scenarios, can be implemented without requiring a completely new security infrastructure. We describe the use of TSI for a Canada-wide overlay metacomputer, for computational workloads (i.e., CISS-3) that spanned 22 administrative domains, at its peak had over 4000 concurrent jobs, and included a new distributed file system (i.e., Trellis NFS).