TGQR 2010Q2 Report.pdf - Teragridforum.org

More documents

Recommendations

Info

8.6.7 SDSC SDSC put our Dash resource into production on April 1 for Startup allocations. Dash is precursor experimental system for Gordon coming in 2011. 8.6.8 UC/ANL The UChicago/Argonne RP has continued to host repo.teragrid.org, which includes the TeraGridwide CVS repository. 8.7 GIG Operations The GRAM5 usage collector software was updated on globus-usage.teragrid.org. Ongoing support of MyProxy and Kerberos servers for TeraGrid at NCSA, the mail.teragrid.org server, as well as the MyProxy, GSI-OpenSSH, and GSI-SSHTerm software used by TeraGrid continued. This includes regular maintenance as well as addressing incoming support tickets. The CIC IDM WG TeraGrid Pilot, worked with the TeraGrid Security WG to obtain sign-off on the Federated IDM Security Incident Response Policy. After updating the policy to address the TG Security WG's comments, the TG Security WG voted to approve the policy (8 in favor, 3 abstain). The policy was also presented at the InCommon Campus Authentication & Middlware Planning meeting on June 22, 2010. 8.8 Security 8.8.1 Security Working Group Summary of Security Incidents: There were five compromised user accounts and two login node compromises. A machine used by science gateway developers was compromised which lead to other account credentials being captured. In some instances the attackers inserted unauthorized SSH keys into users directories to allow alternate methods of access. The Incident Response team has disabled all of the accounts involved and audited TeraGrid productions machines for the known fraudulent SSHKeys. Securing Community Account Revisited: Victor Hazlewood has been documenting community account usage on the TG. Currently, documentation of the use cases for 22 science gateways is provided at Teragrid Forum wiki Science Gateway Use Cases site A summary of software used and security methods employed for the user accounts used at the RPs is available in the Summary Table at this website. We are planning on setting up a meeting to discuss community account management and implementation in the near future with Victor and Nancy. Goal is to establish some standards or commonly accepted positions relating to community accounts, for example: Community account cannot have an interactive shell session on productions machines). Accessing the community account information page: With the move of the Teragrid webserver to LifeRay complete, the access control permissions for specific areas of the website needed to be re-defined. The docs group contacted Jim Marsteller to ask who should have access to the science gateway info page. Since this page is used to look up contact information for community accounts, ever member of the incident response team requires access to this page. Jim supplied the docs group the names of all of those on the TG security contact list so they have access. Vetted/Unvetted Process Review: The Core2 working group team has been working on an implementation document for Vetted & Unvetted TGUP accounts in order to move forward with improving the account creation process with TGUP. The security working group was asked to review the document and provide comments. Jim sent Maytal the security working group's comments on May 35th. One of the major questions is whether the pops reconciliation process will still have a TG staff member vetting the authenticity of a user generated account request. 88
The second issue related to adding a user to an allocation, although the PI may "check off" on an addition request electronically, it may create a situation where PIs approve additions automatically without proper review. One suggestion is to have the PI specify the means of validating the relationship with the user to the project. In this case an error could cost the PI allocations so they SHOULD have an interest in reviewing additions. 8.8.2 Expanded TeraGrid Access Development to integrate Shibboleth/InCommon authentication with the TeraGrid User Portal (TGUP) was completed. Documentation and source code was provided to the TGUP team, and work is proceeding to deploy the new functionality in the production TGUP. The GIG assisted PSC in successfully completing TAGPMA accreditation for their MyProxy CA, which now serves as the backup for TGUP authentication in the event the NCSA MyProxy CA is offline. The GIG also assisted the TGUP team in deploying the fail-over functionality between the NCSA and PSC MyProxy servers. 8.9 RP Operations: Security During this quarter, TG RPs provided expert staff in support of local and TG-wide collaborative security. TG RP local security operations include intrusion detection, examining log data, investigating unusual use patterns, and incident response for all hardware and networks on a 24- hour on-call basis. All TG RP partners are required to participate in the TG-wide Security Working Group which coordinates security operations and incident response across the project. 8.9.1 IU [FutureGrid] A VM running on the India cluster was broken into due to a weak root password. The machine was taken down and because of the stateless nature of the image it did not need to be cleaned. The password has since been changed to something stronger. 8.9.2 LONI There were no security incidents this quarter. 8.9.3 NCAR NCAR disabled five accounts that had been implicated in three different incidents at other RPs. None of these accounts had been used for unauthorized access, and no compromised ssh keys needed to be removed from our systems. 8.9.4 NCSA The NCSA security team responded to three different incidents involving TeraGrid users or resources in the second quarter of 2010. All three of these incidents involved remotely compromised user accounts. Each the incidents were detected with the current security monitoring done within NCSA. On two of the intrusions they were able to escalate to root privileges on the machines. The downtime for the machines for each incident was less than an hour. NCSA worked with users in each incident to get their remote systems cleaned and access back to NCSA re-enabled within a day. 8.9.5 ORNL During the second quarter of calendar 2010, there were no root compromises on the NSTG computing nodes. There were no users who lost control of their credentials from activities on NSTG machines. TeraGrid users who were the victims of stolen credentials at other TeraGrid sties did not use those credentials to log on to NSTG machines. NSTG staff took timely action to de-activate accounts of users whose credentials were stolen and users whose credentials may have 89
Page 1 and 2:
NSF Extensible Terascale Facility T
Page 3 and 4:
Working Group Leaders Accounting Ad
Page 5 and 6:
6.7 RP Operations: User Facing Proj
Page 7 and 8:
1 Overview The TeraGrid is an open
Page 9 and 10:
Further details can be found §6.2.
Page 11 and 12:
2.1.10 2.1.11 2.1.12 2.1.13 2.1.14
Page 13 and 14:
Figure 2-3. Illustration of the thr
Page 15 and 16:
mapped out pathways from the bisabo
Page 17 and 18:
The Center for Analysis and Predict
Page 19 and 20:
density distribution. ADF/cofilin b
Page 21 and 22:
Ranger at TACC, they simulated the
Page 23 and 24:
Presentations at gateway telecons f
Page 25 and 26:
USGS National Map infrastructure an
Page 27 and 28:
Figure 4-4 Effect of adaptive optic
Page 29 and 30:
4.2.0/. The NCSA team will support
Page 31 and 32:
significantly improve the user expe
Page 33 and 34:
petascale applications and tools, a
Page 35 and 36:
Srinivasa Jampani, University Rao D
Page 37 and 38: efforts: Advanced Support for TeraG
Page 39 and 40: CMU Global Kinetic Simulations of t
Page 41 and 42: Heat Transfer Simulation of Suspens
Page 43 and 44: VanBriesen, CMU Villous Motility as
Page 45 and 46: • Subversion source management ha
Page 47 and 48: may be necessary to use a different
Page 49 and 50: Prof. Cheatham’s ptraj MD analysi
Page 51 and 52: PI: Choi (U. Nevada, Las Vegas, Ast
Page 53 and 54: Amanda Hughes, a PhD student of Dr.
Page 55 and 56: Yang Wang (PSC). Initial contact wa
Page 57 and 58: community. User feedback received,
Page 59 and 60: 6 User Facing Projects and Core Ser
Page 61 and 62: Table 6-1. Q2 2010 Most Visited TGU
Page 63 and 64: “replacement” model, in which t
Page 65 and 66: The TGUP responded to 106,097 portl
Page 67 and 68: Most new documentation came as a di
Page 69 and 70: 6.8 Information Production and Qual
Page 71 and 72: initial testing of NFS4 as a gatewa
Page 73 and 74: (pnetCDF and netCDF4) was completed
Page 75 and 76: provide a path to becoming Longhorn
Page 77 and 78: Figure 8-2: Total transfer (GB) per
Page 79 and 80: 8.5.1 Data Movement (GridFTP) Stati
Page 81 and 82: Figure 8-5: Total number of GridFTP
Page 83 and 84: 8.5.2 Job Submission (GRAM) Statist
Page 85 and 86: Figure 8-9: GRAM-submitted jobs as
Page 87: As part of the NIGMS award, NRBSC a
Page 91 and 92: Figure 8-9. TeraGrid Computational
Page 93 and 94: Figure 8-11. Top 20 TeraGrid PIs, Q
Page 95 and 96: Institution Users Colorado Sch of M
Page 97 and 98: Institution Users CSU-San Bernardin
Page 99 and 100: objects that pass Futuregrid testin
Page 101 and 102: 9.4.1 Technology Audit Services Pro
Page 103 and 104: user management is complete. Local
Page 105 and 106: developers to see what they have al
Page 107 and 108: GIG place and orient new data. I pa
Page 109 and 110: north of UT Austin’s main campus)
Page 111 and 112: • Invite potential users of Gordo
Page 113 and 114: Modules Under Development Advanced
Page 115 and 116: Purdue RP has recruited two undergr
Page 117 and 118: eak-out session to the regional STE
Page 119 and 120: to coordinate press for all related
Page 121 and 122: ER-RP Reports for Q210: NCSA TeraGr
Page 123 and 124: The ORNL RP continues to collaborat
Page 125 and 126: NCAR Type Title Location Date(s) Ho
Page 127 and 128: Lab, TN Workshop Computational Thin
Page 129 and 130: tion Industry Technology Incubator
Page 131 and 132: Students Part 2 W Proteins in Actio
Page 133 and 134: Q2 ‘09 638 216 Q3 '09 504 403 Q4
Page 135 and 136: Factory Berkeley, Berkeley Lab (LBL
Page 137 and 138: performance analysis of parallel pr
Page 139 and 140:
them with a thorough overview of th
Page 141 and 142:
MIDAS Network software development
Page 143 and 144:
12. Wang, S. 2010. "A Cyber-GIS Fra
Page 145 and 146:
36. Xue, M., M. Tong, and G. Zhang,
Page 147 and 148:
press, 2010 (arXiv:0909.0011) TeraG
Page 149 and 150:
121. Rast, M.P., Talk, “Precision
Page 151 and 152:
171. Brown, B.P.,Talk, “Solar rot
Page 153 and 154:
214. Cui, Y., Chourasia, A., Moore,
Page 155 and 156:
253. Le, P.M., and D.V. Papavassili
Page 157 and 158:
291. Liu, M.; Li, T.; Amegayibor, F
Page 159 and 160:
338. Xu, J., M. A. Sharpe, L. Qin,
Page 161 and 162:
387. Galan, J. F.; Brown, J.; Wildi
Page 163 and 164:
2008 ACM/IEEE Conference on Superco
Page 165 and 166:
461. Spinks, P.Q., Thomson, R.C., L
Page 167 and 168:
MCA06N063 498. "Emerging Photolumin
Page 169 and 170:
543. Zhu, J., Zhu, J., Negri, A., P
Page 171 and 172:
Physics AST030030 583. N. F. Lourei
Page 173 and 174:
634. M. S. Pindzola, J. A. Ludlow,
Page 175 and 176:
683. C. Reisswig et al., Gravitatio
Page 177 and 178:
726. E. Schnetter, P. Diener, N. Do
Page 179 and 180:
SI.Pkg 2.0.4.6.1 M Extension Quarte
Page 181 and 182:
Work Package Dependencies Planned Q
Page 183 and 184:
Work Package Dependencies Planned Q
Page 185 and 186:
TeraGrid AUS Project Plan Work Pack
Page 187 and 188:
TeraGrid AUS Project Plan Work Pack
Page 189 and 190:
Work Package Dependencies Planned R
Page 191 and 192:
Work Package Dependencies Planned R
Page 193 and 194:
TeraGrid DV PY5 Project Plan (as of
Page 195 and 196:
TeraGrid NOS Project Plan Work Pack
Page 197 and 198:
Albert[85%], Bennett[45%], ongoing
Page 199 and 200:
Project-ID WBS O P M Work Package D
Page 201 and 202:
Page 203:
show all

TGQR 2010Q2 Report.pdf - Teragridforum.org

Create successful ePaper yourself

Delete template?

Save as template?