Flexible Session Management in a Distributed Environment

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems

Supporting checkpointing and process migration outside the Unix kernel

We have implemented both checkpointing and migration of processes under UNIX as a part of the Condor package. Checkpointing, remote execution, and process migration are different, but closely related ideas; the relationship between these ideas is explored. A unique feature of the Condor implementation of these items is that they are accomplished entirely at user level. Costs and benefits of implementing these features without kernel support are presented. Portability issues, and the mechanisms we have devised to deal with these issues, are discussed in concrete terms. The limitations of our implementation, and possible avenues to relieve some of these limitations, are presented. 1

Condor Technical Summary

Introduction to the Problem A common computing environment consists of many workstations connected together by a high speed local area network. These workstations have grown in power over the past several years, and if viewed as an aggregate they can represent a significant computing resource. However in many cases even though these workstations are owned by a single organization, they are dedicated to the exclusive use of individuals. In examining the usage patterns of the workstations, we find it useful to identify three "typical" types of users. "Type 1" users are individuals who mostly use their workstations for sending and receiving mail or preparing papers. Theoreticians and administrative people often fall into this category. We identify many software development people as "type 2" users. These people are frequently involved in the debugging cycle where they edit software, compile, then run it possibly using some kind of debugger. This cycle is repeated many times duri

Condor Technical Summary

Condor is a software package for executing long running "batch" type jobs on workstations which would otherwise be idle. Major features of Condor are automatic location and allocation of idle machines, and checkpointing and migration of processes. All of these features are achieved without any modifications to the UNIX kernel whatsoever. Also, users of Condor do not need to change their source programs to run with Condor, although such programs must be specially linked. The features of Condor for both users and workstation owners along with the limitations on the kinds of jobs which may be executed by Condor are described. The mechanisms behind our implementations of checkpointing and process migration are discussed in detail. Finally, the software which detects idle machines and allocates those machines to Condor users is described along with the techniques used to configure that software to meet the demands of a particular computing site or workstation owner. 1. Introduction to the ..

Usenix Winter Conference

We have implemented both checkpointing and migration of processes under UNIX as a part of the Condor package. Checkpointing, remote execution, and process migration are different, but closely related ideas; the relationship between these ideas is explored. A unique feature of the Condor implementation of these items is that they are accomplished entirely at user level. Costs and benefits of implementing these features without kernel support are presented. Portability issues, and the mechanisms we have devised to deal with these issues, are discussed in concrete terms. The limitations of our implementation, and possible avenues to relieve some of these limitations, are presented. 1. Introduction Condor is a software package for executing long-running, computation-intensive jobs on workstations which would otherwise be idle. Idle workstations are located and allocated to users automatically. Condor preserves a large measure of the originating machine's execution environment on the exec..