cagrid 2.0 december 2013. what is cagrid 2.0??? provides a patch for cagrid 1.x to support sha2 osgi...

Click here to load reader

Post on 27-Dec-2015

220 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • caGrid 2.0 December 2013
  • Slide 2
  • What is caGrid 2.0??? Provides a patch for caGrid 1.x to support SHA2 OSGi implementation of WSRF on the new technical stack. Provides foundation of migrating caGrid 1.x services to new technical stack. caGrid 1.x Services migrated to new technical stack Not all services were migrated. Secure services that need to support two endpoints in the same JVM were migrated. Services that were not migrated will be migrated as part of caGrid 2.1 or deprecated. 2
  • Slide 3
  • caGrid 2.0 Technical Stack Java 7 Spring OSGi A module system and service platform for the Java programming language that implements a complete and dynamic component model Apache Camel is a rule-based routing and mediation engine which provides a Java object-based implementation of the Enterprise Integration Patterns using an API (or declarative Java Domain Specific Language) to configure routing and mediation rules. Apache Service Mix OSGi powered Enterprise Service Bus (ESB) Apache CXF Apache CXF is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI. 3
  • Slide 4
  • caGrid 2.x Service Support 4 ServicecaGrid 2.0caGrid 2.1Retired Authentication ServiceX Credential Delegation ServiceXX DorianXX Grid GrouperXX Grid Trust Service (GTS)XX SyncGTSX Global Model Exchange (GME)XX Index ServiceX Metadata Model ServiceX Federated Query Processor (FQP)X Taverna WorkflowX IdentifiersX
  • Slide 5
  • What caGrid 2.x is Not GAARDS UI GAARDS UI has not been migrated, existing GAARDS UI is backwards compatible. Introduce Introduce has not been migrated. We plan to develop Maven Archetypes that will create service skeletons for new projects Client API caGrid 1.x java client APIs were not migrated. caGrid 1.x java clients will continue to work. New client APIs can be generated using Apache CXF. 5
  • Slide 6
  • Moving to caGrid 2.0 Existing 1.x grid services with SHA-1 host certificates will continue to work normally. When their host certificates expire, they will need to replace a single JAR file in their service when they install a SHA-2 host certificate. Development teams using Introduce may continue to, and will have to swap in a replacement JAR after service generation to support SHA-2. Development teams who wish to build WS or Rest web services that interact with caGrid 2.0 may do so in the tool of their choice (e.g. Eclipse, IntelliJ). Given the state of languages and tools to natively support this, no tooling is provided to support this development. 6
  • Slide 7
  • caGrid Capabilities used by CBIIT Projects Advertisement & Discovery MetadataQuerySecurity caDSR caTissue C3D CTRP EVS NBIA caB2BConsumer NCTN NavigatorAuthentication caArray 7 Information may be incomplete or incorrect, to be verified
  • Slide 8
  • caGrid Deployment 8 Generates caGrid 1.x Service supportssupports supportssupports Advertisement & Discovery Metadata Query Security SHA-1 Host Certificates (SHA-2 with a patch) Deploy to eitherDeploy to either Deploy to eitherDeploy to either JBoss 4.0.5 Tomcat 5.5 Additional upgrade needed: Due to limitations in Globus 4.0.3, JBoss 4.0.5 or Tomcat 5.5 is the latest supported version. Both JBoss 4.0.5 and Tomcat 5.5 are falling off Tech Stack. Additional upgrade to move patched services away from Globus is needed.
  • Slide 9
  • (Absence of) Tooling for caGrid 2.0 Given the evolution of software development tooling since caGrid 1.0 was released, we do not envision providing tooling (e.g. Introduce 2.0): Java language now supports native annotations to build (for instance) REST interfaces caGrid 2.0 SOA web services are backwards compatible to Globus, but are not Globus services, meaning that its possible to build clients and services in other languages that interoperate with the standards and dont require the client JARs for all interactions Many capabilities were not brought forward into 2.0 (e.g. data services, metadata) but are supported through backwards compatibility. 9
  • Slide 10
  • Migration Path for Tools/Sub-projects caGrid Transfer Service Introduce extension developed to support out-of-band data transmission, overcoming a limitation of Axis 1.2 used by Globus Will continue to work through backwards compatibility New, modern options are available if using the caGrid 2.0 approach, but one will not be prescribed 10
  • Slide 11
  • What does Application Development for Grid 2.0 look like? 11 Uses Java/ Eclipse to build SOA Web Service implementsimplements implementsimplements Advertisement & Discovery Query (e.g. secure REST Interface, not CQL data service) caGrid Security / PKI w/ SHA-2 Deploy toDeploy to Deploy toDeploy to Container of Choice Development Team Development Team
  • Slide 12
  • Documentation Guides Checkout and build caGrid 2.0 Patching a caGrid 1.4 service Patching a caGrid 1.4 distribution Obtaining SHA2 Host Credential Create Trust Fabric Certificate Authority Core Service guides Developer Administrator Service upgrade guides https://www.cagrid.org/display/caGrid20/Home 12
  • Slide 13
  • Documentation - Cookbooks Provides best practices and example implementations Provides framework to start your implementations Maven Archetypes Builds project skeleton based on provided settings Fill in your business logic Deploy your service Cookbooks Develop a caGrid 2.0 Analytical Service (REST, SOAP) Develop a caGrid 2.0 Secure Analytical Service (SOAP) Migrate a caGrid 1.4 Analytical Service to caGrid 2.0 (SOAP) 13
  • Slide 14
  • Secure Analytical Service This tutorial walks you through the steps of creating and using a secure analytical service using caGrid 2.x. This tutorial focuses on fine-grained service-level permissions using Grid Grouper to enable secure photo sharing use case https://www.cagrid.org/display/caGrid20/Secure+Analytic al+Services+Tutorialhttps://www.cagrid.org/display/caGrid20/Secure+Analytic al+Services+Tutorial 14
  • Slide 15
  • Analytical RESTful service This tutorial illustrates how to create caGrid 2.x analytical RESTful service following the best practices mentioned. First, you will create a stock quoting service with operations. Then you will deploy generated service to test it with a client program. https://www.cagrid.org/display/caGrid20/Develop+caGrid +2.x+Analytical+RESTful+Servicehttps://www.cagrid.org/display/caGrid20/Develop+caGrid +2.x+Analytical+RESTful+Service 15
  • Slide 16
  • Analytical SOAP service This tutorial illustrates how to create caGrid 2.x analytical SOAP service following the best practices mentioned. First, you will create a stock quoting service with operations. Then you will deploy generated service to test it with a client program. https://www.cagrid.org/display/caGrid20/Develop+caGrid +2.x+Analytical+SOAP+Servicehttps://www.cagrid.org/display/caGrid20/Develop+caGrid +2.x+Analytical+SOAP+Service 16
  • Slide 17
  • Upgrade caGrid 1.4 Analytical SOAP service This tutorial illustrates how to upgrade an existing caGrid 1.4 analytical SOAP service to caGrid 2.0 analytical SOAP service. You will deploy generated service to test it with a client program. 17
  • Slide 18
  • Backup Slides 18
  • Slide 19
  • What caGrid 1.x Users must do to use caGrid 2.0 Services and Clients do not need to do anything: caGrid 2.0 services are backwards compatible with caGrid 1.x clients and services Once the Production Grid is upgraded, services will advertise as they always have 19
  • Slide 20
  • What caGrid 1.4 Services must do to support SHA-2 They need not do anything until their SHA-1 certificate expires. When it does: Shutdown the container (JBoss or Tomcat) Patch your caGrid 1.4 service to support SHA-2 Launch the GAARDS-UI Change your target grid to use the SHA-2 endpoint Renew their existing host certificate SHA-1 certificates are replaced with a SHA-2 certificates Replace the deployed SHA-1 cert with new SHA-2 cert Restart the service 20

View more