caGrid 2.0

December 2013

2

What is caGrid 2.0???

• Provides a patch for caGrid 1.x to support SHA2

• OSGi implementation of WSRF on the new technical stack.– Provides foundation of migrating caGrid 1.x

services to new technical stack.• caGrid 1.x Services migrated to new

technical stack– Not all services were migrated.– Secure services that need to support two endpoints

in the same JVM were migrated.– Services that were not migrated will be migrated

as part of caGrid 2.1 or deprecated.

3

caGrid 2.0 Technical Stack• Java 7• Spring• OSGi

– A module system and service platform for the Java programming language that implements a complete and dynamic component model

• Apache Camel– is a rule-based routing and mediation engine which provides a Java

object-based implementation of the Enterprise Integration Patterns using an API (or declarative Java Domain Specific Language) to configure routing and mediation rules.

• Apache Service Mix– OSGi powered Enterprise Service Bus (ESB)

• Apache CXF – Apache CXF is an open source services framework. CXF helps you

build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.

4

caGrid 2.x Service SupportService caGrid 2.0 caGrid 2.1 Retired

Authentication Service X

Credential Delegation Service X X

Dorian X X

Grid Grouper X X

Grid Trust Service (GTS) X X

SyncGTS X

Global Model Exchange (GME) X X

Index Service X

Metadata Model Service X

Federated Query Processor (FQP) X

Taverna Workflow X

Identifiers X

5

What caGrid 2.x is Not

• GAARDS UI– GAARDS UI has not been migrated, existing

GAARDS UI is backwards compatible.• Introduce

– Introduce has not been migrated.– We plan to develop Maven Archetypes that will

create service skeletons for new projects• Client API

– caGrid 1.x java client APIs were not migrated.– caGrid 1.x java clients will continue to work.– New client APIs can be generated using Apache

CXF.

6

Moving to caGrid 2.0

• Existing 1.x grid services with SHA-1 host certificates will continue to work normally. When their host certificates expire, they will need to replace a single JAR file in their service when they install a SHA-2 host certificate.

• Development teams using Introduce may continue to, and will have to swap in a replacement JAR after service generation to support SHA-2.

• Development teams who wish to build WS or Rest web services that interact with caGrid 2.0 may do so in the tool of their choice (e.g. Eclipse, IntelliJ). Given the state of languages and tools to natively support this, no tooling is provided to support this development.

7

caGrid Capabilities used by CBIIT ProjectsAdvertisement

& Discovery Metadata Query Security

caDSR

caTissue

C3D

CTRP

EVS

NBIA

caB2B Consumer Consumer

NCTN Navigator Authentication

caArray

Information may be incomplete or incorrect, to be verified

8

caGrid Deployment

Generates

caGrid 1.x Service

supports

• Advertisement & Discovery• Metadata• Query• Security• SHA-1 Host Certificates

(SHA-2 with a patch)

Deploy to eitherJBoss 4.0.5 Tomcat 5.5

Additional upgrade needed: Due to limitations in Globus 4.0.3, JBoss 4.0.5 or Tomcat 5.5 is the latest supported version.

Both JBoss 4.0.5 and Tomcat 5.5 are falling off Tech Stack. Additional upgrade to move patched services away from Globus is needed.

9

(Absence of) Tooling for caGrid 2.0

Given the evolution of software development tooling since caGrid 1.0 was released, we do not envision providing tooling (e.g. Introduce 2.0):• Java language now supports native annotations to build

(for instance) REST interfaces• caGrid 2.0 SOA web services are backwards compatible

to Globus, but are not Globus services, meaning that it’s possible to build clients and services in other languages that interoperate with the standards and don’t require the client JARs for all interactions

• Many capabilities were not brought forward into 2.0 (e.g. data services, metadata) but are supported through backwards compatibility.

10

Migration Path for Tools/Sub-projects

caGrid Transfer “Service” – Introduce extension developed to support out-of-band data transmission, overcoming a limitation of Axis 1.2 used by Globus• Will continue to work through backwards compatibility• New, modern options are available if using the caGrid

2.0 approach, but one will not be prescribed

11

What does Application Development for Grid 2.0 look like?

Uses Java/ Eclipse to

build

SOA Web Service

implements

• Advertisement & Discovery• Query (e.g. secure REST

Interface, not CQL data service)• caGrid Security / PKI w/ SHA-2D

eploy to

Container of Choice

DevelopmentTeam

12

Documentation

• Guides– Checkout and build caGrid 2.0– Patching a caGrid 1.4 service– Patching a caGrid 1.4 distribution– Obtaining SHA2 Host Credential– Create Trust Fabric Certificate Authority

• Core Service guides– Developer– Administrator

• Service upgrade guides

• https://www.cagrid.org/display/caGrid20/Home

13

Documentation - Cookbooks

• Provides best practices and example implementations• Provides framework to start your implementations• Maven Archetypes

– Builds project skeleton based on provided settings– Fill in your business logic– Deploy your service

• Cookbooks– Develop a caGrid 2.0 Analytical Service (REST, SOAP)– Develop a caGrid 2.0 Secure Analytical Service (SOAP)– Migrate a caGrid 1.4 Analytical Service to caGrid 2.0

(SOAP)

14

Secure Analytical Service

• This tutorial walks you through the steps of creating and using a secure analytical service using caGrid 2.x. This tutorial focuses on fine-grained service-level permissions using Grid Grouper to enable secure photo sharing use case

• https://www.cagrid.org/display/caGrid20/Secure+Analytical+Services+Tutorial

15

Analytical RESTful service

• This tutorial illustrates how to create caGrid 2.x analytical RESTful service following the best practices mentioned. First, you will create a stock quoting service with operations. Then you will deploy generated service to test it with a client program.

• https://www.cagrid.org/display/caGrid20/Develop+caGrid+2.x+Analytical+RESTful+Service

16

Analytical SOAP service

• This tutorial illustrates how to create caGrid 2.x analytical SOAP service following the best practices mentioned. First, you will create a stock quoting service with operations. Then you will deploy generated service to test it with a client program.

• https://www.cagrid.org/display/caGrid20/Develop+caGrid+2.x+Analytical+SOAP+Service

17

Upgrade caGrid 1.4 Analytical SOAP service

• This tutorial illustrates how to upgrade an existing caGrid 1.4 analytical SOAP service to caGrid 2.0 analytical SOAP service. You will deploy generated service to test it with a client program.

18

Backup Slides

19

What caGrid 1.x Users must do to use caGrid 2.0

• Services and Clients do not need to do anything:– caGrid 2.0 services are backwards compatible with caGrid

1.x clients and services– Once the Production Grid is upgraded, services will

advertise as they always have

20

What caGrid 1.4 Services must do to support SHA-2

They need not do anything until their SHA-1 certificate expires. When it does:• Shutdown the container (JBoss or Tomcat)• Patch your caGrid 1.4 service to support SHA-2 • Launch the GAARDS-UI

– Change your target grid to use the SHA-2 endpoint– “Renew” their existing host certificate– SHA-1 certificates are replaced with a SHA-2 certificates– Replace the deployed SHA-1 cert with new SHA-2 cert

• Restart the service