Leveraging OpenStack and Ceph for a Controlled-Access Data Cloud

While traditional HPC has and continues to satisfy most workflows, a new generation of researchers has emerged looking for sophisticated, scalable, on-demand, and self-service control of compute infrastructure in a cloud-like environment. Many also seek safe harbors to operate on or store sensitive and/or controlled-access data in a high capacity environment. To cater to these modern users, the Minnesota Supercomputing Institute designed and deployed Stratus, a locally-hosted cloud environment powered by the OpenStack platform, and backed by Ceph storage. The subscription-based service complements existing HPC systems by satisfying the following unmet needs of our users: a) on-demand availability of compute resources, b) long-running jobs (i.e., $> 30$ days), c) container-based computing with Docker, and d) adequate security controls to comply with controlled-access data requirements. This document provides an in-depth look at the design of Stratus with respect to security and compliance with the NIH's controlled-access data policy. Emphasis is placed on lessons learned while integrating OpenStack and Ceph features into a so-called "walled garden", and how those technologies influenced the security design. Many features of Stratus, including tiered secure storage with the introduction of a controlled-access data "cache", fault-tolerant live-migrations, and fully integrated two-factor authentication, depend on recent OpenStack and Ceph features.Comment: 7 pages, 5 figures, PEARC '18: Practice and Experience in Advanced Research Computing, July 22--26, 2018, Pittsburgh, PA, US

Web-cam as an Easy-to-Use Way for Distant Collaborative Activities

Web-cam is a decade-old technology, but it has received major impetus from recent advancements in both software and hardware. Here we report our experiences from using off-the-shelf web-cam tools for various configurations in collaborative ventures. They span from Macintosh to PC in hardware and IchatAV and SquidCam in software. We work from various locations in the U.S. One prominent impediment is the presence of firewalls in networks. We summarize the results from the various combinations of parties involved by a matrix. Web-cams can be utilized today as an economical and viable means of point-to-point communication for the public. Greater bandwidth is sorely needed for multi-party conferencing on the present Internet network. We then propose Web-cam can be utilized as a web service for facilitating collaborative research, using the newly developed middleware coined Narada-Brokering. We expe ct that web-cam will play an important role in geoinformatics. 1 I

VLab: Collaborative Grid Services and Portals to Support

Abstract: We present the initial architecture and implementation of VLab, a Grid and Web Service-based system for enabling distributed and collaborative computational chemistry and material science applications for the study of planetary materials. The requirements of VLab include job preparation and submission, job monitoring, data storage and analysis, and distributed collaboration. These components are divided into client entry (input file creation, visualization of data, task requests) and backend services (storage, analysis, computation). Clients and services communicate through NaradaBrokering, a publish/subscribe Grid middleware system that abstracts specific hardware information through the use of topics. We describe two aspects of VLab in this paper: 1) data entry and submission, and 2) a visualization web client/service. Grid Web Portals, Java Server Faces (JSF) and JSF Grid Beans are used to build an interface that permits input file specification, multiple code submissions, and multiple job submissions (of a given code) with backend data persistence. In addition, to investigate our collaboration and visualization infrastructure, we have developed a service that transforms a scalar data set into its wavelet representation. A client (java applet) can retrieve the coordinates of the centers of the dominant fraction of the wavelets and display the results as a collection of spheres. General adaptors are placed between the endpoints and NaradaBrokering, which serve to isolate the clients/services from the middleware. This permits client and service development independently of potential changes to the middleware

Virtual laboratory for planetary materials: System service architecture overview

This paper brings an overall view of the service-oriented architecture (SOA) used in VLab, a system aimed to handle concurrent calculations of geo-materials participating in extensive workflows. We recap the algorithms of physical importance that underly the system requirements. The system architecture then emerges naturally. A usage view diagram is shown and thoroughly discussed. We also show how analysis tools are integrated in the SOA. © 2007 Elsevier B.V. All rights reserved

VLab: collaborative Grid

services and portals to support computational material scienc