Bao Mat Trong Grid Computing

I HC NNG TRNG I HC BCH KHOA
---------------------------
BO CO BI TP LN
MN TNH TON LI
S 1:
TM HIU V C CH BO MT CA GRID COMPUTING
Ging vin hng dn: TS. Hunh Cng Php Thc hin Lp : Bi c Th Nguyn Th Vui : Khoa hc my tnh K23
Nng, thng 05 nm 2012
Nng, thng 09 nm 2011
MC LC
Bo co bi tp ln mn Tnh ton li
LI M U Trong vi nm tr li y tnh ton mng li (Grid computing) pht trin mnh m, m ra cc gii php mi cho cc ng dng i hi kh nng tnh ton ln. Grid computing c th c s dng cho cc bi ton nghin cu v sinh hc, y hc, vt l, ha hccng nh cc ng dng trong phn tch v nh gi ti chnh, khai ph d liu, cc ng dng trong chnh ph in t v rt nhiu cc loi ng dng khc. Trong bo co ny, chng ti trnh by mt cch tng quan v cng ngh Grid computing nh u nhc im, cc m hnh kin trc v cng ngh lin quan. Trn c s i su vo tm hiu cc c ch bo mt ca Grid Computing. Bo co ny gm c cc chng nh sau: Chng 1: Tng quan v Grid Computing. Chng 2: Tm hiu cc c ch bo mt trong Grid Computing.
CHNG 1 TNG QUAN V GRID COMPUTING Trang 3
1.
Grid computing l g?
C nhiu cch khc nhau nh ngha th no l Mng tnh ton li (Grid Computing). c th hnh dung Grid Computing l g, chng ta c th tng tng n nh mt mng li in m mi ngi ch cn cm phch in vo s dng m khng cn bit ngun in t u n.Tng t nh vy, trong Grid Computing, mt ngi dng no c th truy nhp vo cc ti nguyn (bao gm: b x l, lu tr, d liu...) m khng cn bit cc ti nguyn ny nm u, chng dng cng ngh g, cu hnh phn cng nh th no,.v.v. Grid computing phi tri qua nhiu cng on hp nht cc cng ngh v gii php t c thnh qu nh hin nay.Nhn t c bn ca Grid l cng ngh phn tn cc thit b tnh ton.Vi cng ngh ny, ta c th chia s ti nguyn v lin kt cc t chc li vi nhau.y cn gi l cng ngh o ha. c c mt mi trng hn hp c th chia s ti nguyn, ngoi cng ngh o ha, Grid cn dng cc cng ngh khc trong cc lnh vc lp lch, ti chnh, bo mt,.v.v. S o ha trong mi trng grid c nhiu cp khc nhau. Mi cp ph thuc vo phm viv tnh ng nht ca t chc. Hnh 1 m t tng cp ca s o ha t n gin n phc tp khi i theo chiu t tri sang phi. hnh tri nht l t chc ng nht, n ti nguyn. Ti nguyn y c th l CPU, lu tr,cc thit b v chng trnh. Tip n l h thng hn hp gm nhiu ti nguyn khc nhau. Cp o ha phc tp hn l o ha trong mt x nghip. Hnh bn phi l mc o ha cao nht vi phm vi trn ton mng Internet, bao gm cc a t chc hn hp.
Trang 4
Hnh 1: S o ha vi nhiu cp 2. Li ch ca Grid computing Khai thc ti nguyn x l
2.1
Mt trong nhng tnh nng c bn ca tnh ton mng li l kh nng chy mt chng trnh trn nhiu my tnh khc nhau. Trong mt mng li bao gm nhiu my tnh, c mt s my trng thi bn do khi lng cng vic ln, mt s khc trng thi ri do khi lng cng vic nh. Trong hu ht cc t chc, lun c nhng khi lng ln nhng ti nguyn dng tnh ton.Trung bnh mi ngy, mi my tnh c thi gian trung trng thi thi bn l 5%. iu chng t khi lng ti nguyn ri trong mt mng l rt ln. Grid cung cp mt khung lm vic (framework) tn dng nhng ti nguyn ny v v th c th tng hiu qu trong vic s dng cc ti nguyn. Ngoi ti nguyn x l, ti nguyn lu tr cng c s dng hiu qu hn nh Grid computing. Grid tn dng cc dung lng a cng cn trng trong cc my tnh tp hp thnh mt ti nguyn lu tr o trong mng. 2.2 Kh nng x l song song Kh nng kt hp nhiu CPU cng x l song song l mt tnh nng hp dn ca Grid computing. Cc chng trnh chy trn mi trng Grid s dng cc thut ton phn Trang 5
chia cng vic x l thnh nhiu thnh phn c lp. Mi CPU trn mi my tnh trong mng m nhn vic x l mt hay nhiu thnh phn . Tnh c lp ca cc thnh phn cng cao th chng trnh cng d dng c m rng trn phm vi mng li nhiu my tnh hn. Mt mng li c gi l hon ho nu vi mi my tnh, tc x l ca mng tng ln gp mi.Tuy nhin, trn thc t khng c mng li hon ho. C hai l do chnh mng li trn thc t khng th tr thnh hon ho. Th nht l: vic s dng thut ton phn chia cng vic nh hng ln n hiu nng tnh ton chung ca mng. Th hai l: cc thnh phn ca cng vic khng hon ton c lp vi nhau. Khng phi ng dng no cng c th chuyn i Grid c th x l song song. Hn na, khng c mt cng c no c th chuyn i mt ng dng bt k sang dng chy song song trn grid. Kh nng x l song song ca mt chng trnh trn mng li ph thuc vo ngi thit k v khng phi l cng vic n gin. 2.3 S cng tc cc ti nguyn t chc o Mt kh nng khc ca grid computing l to nn mi trng cng tc rng ln, ng nht. Mi mi trng c gi l mt t chc o. Grid computing thm ch c kh nng to nn mt mi trng rng ln hn bng cch kt hp cc t chc o, khng ng nht vi nhau cng cng tc vi nhau. Hnh 2 m t mi trng khng ng nht . Mi ngi s dng mng li c phn b vo mt t chc o no . Cc t chc o ny c th chia s ti nguyn vi nhau nh mt mng li ln. Chia s ti nguyn bt u vi d liu dng tp hay c s d liu. Li d liu c th m rng d liu theo nhiu cch khc nhau. u tin, tp hay c s d liu c th c tri rng trn nhiu h thng to nn dung lng ln hn rt nhiu so vi h thng n. Cch tri d liu ny c th tng tc truyn d liu vi cng ngh striping. D liu thng xuyn c sao lu phc v cho vic khi phc d liu. Ngoi vic chia s ti nguyn l cc tp v c s d liu, ta c th chia s nhiu ti nguyn khc, nh cc thit b chuyn dng, phn mm, dch v, ...Nhng ti nguyn ny c o ha gi chng ng b trong mt h thng mng lui khng ng nht. Cc ti nguyn gi l cc ti nguyn o.
Trang 6
Nhng ngi tham gia hay s dng grid l mt thnh vin trong mt t chc no . Grid c th yu cu ngi dng tun th cc lut l, quyn hn s dng, t c th gii quyt c cc vn v u tin, bo mt,...
Hnh 2: Mng grid o khng ng nht 2.4 S truy cp cc ti nguyn khc Ngoi CPU v ti nguyn lu tr, Grid cn c th truy nhp n nhng ti nguyn khc. Cc ti nguyn ny c th c cung cp di dng s lng hoc kh nng lu tr, bng thng. V d, nu mt ngi mun tng bng thng truy nhp Internet thc hin vic khai thc d liu tm kim, cng vic ny c th phn chia gia cc my trong mng grid c ng truyn Internet khng ph thuc nhau. Trong trng hp ny, kh nng tm kim c nhn ln, khi mi my c ng truyn ring bit. Nu cc my chia s ng kt ni Internet, th n s khng tng bng thng. Trong mt mng li, mt s my tnh no c th c ci t nhng phn mm t tin, c bn quyn m mt my khc khng c. Ngi s dng my tnh khng ci t phn mm c th s dng phn mm ny bng cch gi cng vic n my tnh c ci phn mm yu cu x l. l kh nng tn dng phn mm ca Grid.
Trang 7
Mt vi my tnh c th c nhng thit b c bit, chng hn nh my in. Hu ht cc my in c s dng t xa. Grid c th chia s c nhng thit b c bit ny. Thm ch grid c th chia s nhng thit b, ti nguyn phc tp nh my chun on bnh hay robot h tr phu thut.
2.5
Cn bng ti nguyn Grid lin kt cc ti nguyn t nhiu my khc nhau to thnh mt h thng duy nht. Grid c th thc hin cn bng ti nguyn trong cc chng trnh bng cch lp lch lm vic cho cc cng vic, nh hnh 3 di y. Chc nng ny c ngha rt ln trong vic x l cc trng hp qu ti v x l, tnh ton trong mt t chc. Chc nng cn bng c th c thc theo 2 cch sau: Nhng im qu ti c a n nhng my ri trn mng li. Nu ton mng grid bn, nhng cng vic c u tin thp c tm ngng nhng cho nhng cng vic khc c u tin cao. i khi c nhng cng vic t ngt c tng u tin do cn hon thnh gp. Grid khng th x l c nhng cng vic cn hon thnh qu gp.Tuy nhin grid c th phn chia n thnh nhiu cng vic nh v huy ng mt lng ln ti nguyn x l n mt cch nhanh nht.
Hnh 3: Chia s cng vic trong mng
Trang 8
Mt li ch khc khi dng grid l cn bng ti. Khi mt cng vic lin lc vi mt cng vic khc, vi Internet, hoc cc ti nguyn khc, Grid c th lp lch cho chng c th gim thiu ti a lu lng ng truyn cng nh khong cch truyn. iu ny gip Grid c th gim thiu tc nghn mng. Cui cng, Grid cn c kh nng thng mi ti nguyn. Cc trng thi ca tt c cc ti nguyn trong mng c Grid qun l. Cc t chc trn grid c th to ti khon v tr tin s dng cc ti nguyn ny khi cn thit. iu ny to nn ti chnh mng li. 2.6 tin cy Nhng h thng tnh ton mnh s dng phn cng t tin tng tin cy. Chng s dng b x l kp khi hng hc c th thay th b x l th hai m khng cn tt h thng. Cc ngun v h thng lm mt cng u c nhn bn. H thng cn s dng mt ngun c bit c th pht in khi ngun in b mt. Tt c chng to nn mt h thng tin cy, tuy nhin, gi thnh cho h thng ny rt cao. Trong tng li, mt mng li c th c kh nng thay th mt h thng ng tin cy nh th. Grid mi ch bt u cng ngh ny. M hnh my ch ng tin cy s dng Grid c th c m t nh sau. Mt mng li gm nhiu my tnh c phn b khp ni. Do , khi c mt s c ti mt nt mng no trn mng li, cc im khc s khng b nh hng. Khi mt my tnh b hng hc, phn mm qun l trong Grid c th t ng chuyn cng vic x l t my ny n mt my no trong mng. Trong trng hp quan trng, nhiu bn sao ca cng vic c to ra v c chuyn n nhiu my khc nhau trn mng li nh hnh 4 di y.
Trang 9
Hnh 4: Cc bn sao ca cng vic Nhng h thng grid nh th s to nn kh nng tnh ton t ng. N l mt dng phn mm c kh nng t sa li trn grid, trc khi thng bo cho b x l hay ngi qun l bit. V nguyn tc, hu ht nhng h thng tin cy t tin ngy nay da vo phn cng hon ton cng c th dng phn mm to nn s tin cy . 2.7 Kh nng qun l Vic o ha ti nguyn v nhiu h thng hn hp c to ra trn grid s to nn quy m rng hn, cc thit b c phn phi nhiu hn. N lm cho cc nh doanh nghip d dng qun l chi ph v ti nguyn tnh ton trn phm vi ln. Grid qun l u tin gia cc d n. Trc y, mi d n qun l ring ti nguyn v chi ph ca n. C th nhng ti nguyn ang ri trong khi cc d n khc gp s c, cn thm nhng ti nguyn khc. Vi tm nhn bao qut, grid c th gii quyt d dng tnh hung ny. Trong hnh 5, nh qun l c th thay i cc quyn hn vi ti nguyn cc t chc khc c th chia s hay s dng.
Trang 10
Hnh 5: Cc nh qun tr c th iu chnh chnh sch thch hp vi ti nguyn
3. Cc thnh phn ca Grid 3.1 Thnh phn qun l Bt k mt li no cng cn c mt thnh phn qun l. Trc ht, thnh phn ny theo di cc ti nguyn ang sn dng v thnh vin no ang c mt trong h thng. Cc thng tin ny rt quan trng trong vic gn cng vic cho my no trong li. Tip l thnh phn o lng xc nh dung lng ca tng nt mng v t l ti nguyn c s dng ti mt thi im bt k. iu ny l c s cho vic lp lch cho cc tin trnh li. N cng cho thy tnh trng ca li, cnh bo ti ngi s dng v kh nng c th xy ra tht bi do thiu ti nguyn, ng hay cc nguyn nhn khc. Mt th tc khc cng cn n cc thng tin ny l cc thng k v s dng h thng, vic chi tr cho h thng khi chy cc phn mm trn li.
Trang 11
3.2 Thnh phn donor Mi my tnh thnh vin ng gp ti nguyn vo h thng u cn c qu trnh ng nhp trc khi c xem nh mt thnh vin chnh thc. Thng th s c cc th tc nh danh v thm quyn thc hin, cc th tc ny s gip to lp mt ti khon cho my thnh vin cng nh ngi ch ca my . Mt s h thng li t ng ng nhp trong khi mt s khc s dng ngay vic ng nhp vo h iu hnh trn my a phng. Trong kiu th hai, h thng i chiu nh danh ngi dng s quyt nh quyn ca ngi s dng i vi cc my khc nhau trong h thng li. Nhng quyn hn ny thng c quyt nh bi ngi qun tr h thng. Anh ta s lp ra CSDL v ngi dng v c vo ni c bo v cn mt. Trong mt s h thng li, ngi ta khng c mt c ch nh danh hay thm quyn no, v ngi dng no cng c th trnh cng vic thc hin trn li. Cc h thng nh vy c u im l d ci t, cc phn mm khng phc tp.Tuy vy, khi quy m ca h thng c m rng th iu ny l cc k nguy him bi n s d dng b hacker tn cng v hu qu tht kh lng trc. H thng li c kh nng thng bo ti tt c cc my thnh vin rng c mt ti nguyn mi c kt ni vo h thng. My trnh phi tin hnh mt s cc hot ng theo di, o lng t l ti nguyn c s dng trn mt my, my no trng thi ngh, Cc thng tin ny c truyn n h thng qun l li phc v cho cng vic lp lch sau ny. Vn quan trng nht vn l kh nng tip nhn cng vic v thc hin cng vic ca mt phn mm c ci t trn mt my no khi c gn nhim v. Qu trnh c m t nh sau: ti mt trm no trn li, ngi s dng trnh mt cng vic v yu cu thc hin trn li. Phn mm qun l phi c kh nng chn ra my thc hin, lin lc vi my gi cng vic cn thc hin. Phn mm trnh phi c kh nng nhn c file chy hoc chn bn copy trn my sn, tip file chy c thc hin trn my trnh v kt qu c tr v cho ngi yu cu. H thng tin tin cn cho php iu chnh ng u tin cho cc cng vic, dng chng li khi cn thit v sau c th khi ng tip tc qu trnh trn mt my khc. Cc hot ng ny thng cn c vo ti hin thi ca h thng, cc u tin thay i trn li. Trang 12
3.3 Phn mm trnh Thng thng ngi ta c th dng bt c my thnh phn no trong li tin hnh trnh mt cng vic no . Tuy vy, trong mt s h thng, vic trnh cc cng vic c thc hin bi mt s thnh phn ci t trn mt s my gi l nt trnh hay my khch trnh. Khi li c xy dng da trn cc ti nguyn chuyn dng hn ti nguyn thng th cc thnh phn trnh thng c ci t trn my ca ngi dng hay cc trm lm vic. 3.4 Qun l phn tn Cc li c ci t trn phm vi rng ln thng c cu trc hnh cy hay cc dng th hnh khc ph hp vi dng kt ni. Theo , cc my tnh c kt ni thng qua mng LAN to thnh cc cluster. Cc li c th c to nn t cc cluster ca cc cluster ny. V th i hi phi c cc th tc qun l cc li phn tn sao cho t hiu qu tnh ton cao nht.Cc thao tc trn li cng nh cc th tc chia s d liu v lp lch phi ph hp vi cu hnh ca li. V d: b lp lch trung tm s khng gn trc tip cng vic cho mt my c th m gn cho mt cluster di n, sau b lp lch ca cluster ny mi thc hin gn cng vic cho mt my c th trong cluster . Tng t nh th khi mt my trnh mt cng vic no : cng vic ny s c chuyn ti b qun l ca cluster cha my thnh phn, sau c tip tc chuyn ln b qun l cao hn t thc hin lp lch cho cng vic ny. 3.5 B lp lch
Phn ln cc li tnh ton u c cc phn mm lp lch, cc phn mm ny c nhim v chn ra cc my thnh phn thc thi cc cng vic c trnh ti mt my no . C ch lp lch n gin nht l c ch round-robin, tc l h thng s chn my tip theo c cc ti nguyn p ng nhu cu ca cng vic thc thi. Tuy vy trong cc h thng tin tin th cc c ch lp lch phc tp v hiu qu hn s c p dng. Mt s b lp lch thc hin gn u tin cho tng cng vic. iu ny c thc hin bng cch duy tr cc hng i cng vic, mi hng i cha mt tp cc cng vic vi cng mc u tin. Khi mt my thc hin xong cng vic ca mnh, n s chn tip mt cng vic hng i c mc u tin cao nht. C ch ny s c kt hp vi mt s
Trang 13
quy nh khc da trn c s l cc ti nguyn ngi s dng ....V d nh mt ti nguyn trong t chc c th b hn ch s dng trong khong thi gian no trong ngy. B lp lch phi da vo cc thng tin nh ti ca li, cc thng tin c o lng nh t l ti nguyn c s dng c th quyt nh xem my thnh phn c bn khng trc khi trnh mt cng vic. Cng nh t chc ca mng, b lp lch cng c th c t chc theo cu trc cy. V d: b siu lp lch (meta-scheduler) s trnh mt cng vic ti mt b lp lch mc di ch khng phi l mt my thnh phn c th. Cc b lp lch tin tin hn cn c cc chc nng theo di qu trnh thc hin ca cc cng vic trong li, t c th qun l c lung cng vic ca ton b h thng. Nu mt cng vic b ngng do thiu ti nguyn h thng, b lp lch tt phi c nhim v trnh li cng vic ti mt ni khc trong h thng. Tng t nh vy: khi tin trnh ri vo trng thi lp v hn v t ti thi gian gii hn th cng vic s khng c thc hin li na. Thng th mi cng vic s c mt m tr v khi kt thc. iu ny s gip thc hin cc hot ng sau ny (v d c phi thc hin li hay khng). Vic t trc cc ti nguyn phc v cho vic thc hin cc cng vic sau ny c thc hin bi cc h thng t trc chuyn dng. y thc cht khng phi b lp lch thng thng, m trc ht n nh b lch cng tc quy nh cc cng vic c th trong mt khong thi gian nht nh v bo v cc ti nguyn c s dng khi s chim dng ca cc tin trnh khc. N cn c kh nng dng cc cng vic ang thc hin khi ti thi gian c t t trc. 3.6 Cc thnh phn truyn thng H thng li c th c cc phn mm gip cc tin trnh c th lin lc vi nhau. V d: trong trng hp mt cng vic c chia thnh nhiu cng vic nh khc nhau, cc cng vic ny c thc hin ring l trn li. Tuy vy, c th cc cng vic ny phi s dng kt qu ca cng vic khc. iu ny dn n vic cc cng vic phi c kh nng lin kt vi nhau. Cc phn mm truyn thng s gip mt tin trnh c kh nng lin lc vi cc tin trnh khc, gi v nhn cc d liu cn thit. Trong h thng c th s dng chun giao din MPI (Message Passing Interface) v mt s chun khc thc hin cc lin kt ny. 3.7 Cc thnh phn qun l, theo di v o lng
Trang 14
Nh ta cp trn cc hot ng lp lch i hi phi c cc thng tin v h thng hin ti nh cc my no sn dng, t l ti nguyn c s dng, ti ca cc nt li.... Thng thng cc phn mm donor s dng mt s cng c ca h iu hnh hoc trc tip o cc thng s ny. Cc phn mm ny i khi cn c gi l sensor ti. Cc thng tin ny khng nhng c gi tr vi vic lp lch m n cn o lng c kh nng s dng li. Cc thng s ny c th d bo cho ngi qun tr thy c xu hng ca li v cc thit b c th cn thit phi thm vo h thng. Cc thng tin o lng c th tit kim cho mc ch k ton, l c s cho th tc mi gii ti nguyn, qun l u tin d dng hn. Ngi ta c th th hin cc thng tin o lng di cc dng biu din khc nhau sao cho trc quan i vi ngi s dng nht.
CHNG 2 C CH BO MT TRONG GRID COMPUTING 1. Nhng thch thc cho tnh ton li An ninh trong mi trng tnh ton li phi p ng c nhng yu cu v tnh ton din rng, tnh ng ca h thng, v phn phi nhng t chc o. T gc an ninh, mt thuc tnh quan trng ca cc t chc o l nhng thnh vin v ti nguyn c iu phi bi cc quy nh v chnh sch ca t chc trc m h l thnh vin.
Trang 15
Mt khc, trong khi mt s t chc o, nh t chc hp tc khoa hc trong nhiu nm, c th rt ln v tn ti lu di (gi s rng cc m phn vi nhng nh cung cp ti nguyn c chp nhn), th mt s t chc o ch tn ti thi gian ngn, h tr mt nhim v nh duy nht, v d hai c nhn chia s ti liu, d liu. Trong nhng trng hp nh nh vy, nhng yu cu v iu khin v an ninh trong t chc o khng c qu ln. Mt yu cu c bn nh vy l cho php cc t chc o truy cp vo ti nguyn tn ti trong cc t chc trc .Khi c chnh sch gia nhng ngi s dng.Mt t chc o phi c thit lp v phi hp thng qua cc s tin tng gia nhng ngi dng a phng vi t chc ca h; v ca nhng t chc o vi ngi s dng. Chng ta khng th khng nh s tin cy gia nhng t chc trc y v nhng t chc o hay nhng thnh vin bn ngoi. Nh trong hnh 6 h thng an ninh trong tnh ton li gii quyt yu cu bng cch xem mt t chc o l mt lp ph vi chnh sch khu vc v li a ch cc c ch bo mt nhng thch thc bng cch cho php mt VO c i x nh l mt lp ph chnh sch min. Nhiu ngun ti nguyn ang thu hoc cc t chc h tr bn ngoi s cp pht mt s quyn cho t chc th ba: mt t chc o iu phi cc chnh sch ngun ti nguyn bn ngoi nhm thng nht cch thc phi hp ti nguyn v chia s s dng.
Trang 16
Hnh 6: Cc min (Domain) trong t chc o VO H thng an ninh trong tnh ton li rt phc tp v trn thc t, c rt nhiu dch v mi (ti nguyn) c pht trin v vn hnh trong sut qu trnh chy ca mt t chc o. V d nh ngi dng c th thit lp mt giao din c nhn truy xut vo cc ti nguyn, hay t chc o c th t sinh ra mt th mc lu li lch s lm vic ca cc thnh vin trong t chc. S kt hp ca cc lp ph (v chnh sch lin quan) vi cc thc th (c to ra lin tc) cn ba yu t quan trng trong mt m hnh an ninh dnh cho tnh ton li. C ch bo mt a thnh phn Nhng t chc tham gia cc t chc o thng u t ng k cho c ch an ninh v c s h tng. H thng bo mt mi thch ng vi ci ang c, thay v thay th chng. Linh ng to ra nhng dch v Ngi s dng phi c quyn to ra cc dch v mi (ti nguyn) mt cch t ng m khng cn s can thip ca qun tr. Nhng dch v ny phi c phi hp c v
Trang 17
phi tng tc an ton vi cc dch v khc. Nhng ngi tham gia phi nh danh c nhng dch v cp quyn tng ng v ph hp vi nhng quy tc chung. Linh ng thit lp cc khu vc tin cy phi hp cc ngun ti nguyn, nhng t chc o cn thit lp s tin tng khng ch gia nhng ngi s dng vi cc ngun ti nguyn ca h thng m cn gia chnh cc ngun ti nguyn vi nhau. Nhng khu vc tin cy ny c th m rng ra v phi linh ng thch ng vi nhng c nhn hay t chc mi gia nhp vo, hoc ri khi h thng. Nhng c ch qun l an ninh truyn thng khng th gii quyt cc vn cp pht ng ca h thng tnh ton li. Chng ta cn mt m hnh linh ng hng n ngi s dng h c th to ra nhng thc th v nhng khu vc quy nh chung, t tham gia vo v cng chia s ti nguyn trong nhng t chc o. 2. Nhng yu cu an ninh trong h thng tnh ton li T chc o l mt trong nhng khi nim c bn trong tnh ton li. Mt t chc o c nh ngha l mt nhm linh ng (c th tham gia vo hoc ri khi nhm trong qu trnh vn hnh) ca nhiu c nhn, nhm, hoc cc t chc tha mn cc iu kin v quy nh chia s ti nguyn. Mt mi trng tnh ton li rt cn thit phi hp qun l ti nguyn v chia s chng trong mt t chc o, v t chc o ny c th m rng, tch hp thm nhiu t chc khc na. iu ny cho thy mt ng dng tnh ton li c th bao trm ln nhiu khu vc c cp quyn khc nhau. Mi khu vc cp quyn s c nhng yu cu v chnh sch ring. Mt c s h tng an ninh cho tnh ton li l cn thit bo v cho nhng chnh sch ca tng khu vc cng nh nhng chnh sch do t chc o t ra. t c yu cu v c s h tng an ninh tnh ton li th cn phi c kh nng tng tc gia cc khu vc khc nhau trong khi vn duy tr mt s tch bit r rng v cc chnh sch an ninh v c ch trin khai ca hai t chc o v thc. 2.1 Tch hp C s h tng an ninh ca li cn phi tch hp vi c s h tng hin ti thng qua nn tng v mi trng lu tr. Cc kin trc an ninh tng th cn phi c hin thc c lp v c kh nng m rng kt hp cc dch v bo mt mi. 2.2 Kh nng cng tc Cc dch v tnh ton li di chuyn qua nhiu khu vc v cc mi trng lu tr cn c kh nng tng tc vi nhau trao i cc thng ip (v d, thng qua SOAP / Trang 18
HTTP), cho php mi t chc xc nh chnh sch an ninh p dng cho mi giao dch, v xc nhn mt ngi s dng ca mt khu vc cho mt khu vc khc. 2.3 Mi quan h tin cy Mt yu cu dch v trn li c th bao trm nhiu khu vc an ninh khc nhau. Nhng khu vc an ninh lin quan p ng mt yu cu dch v s thit lp mt c ch tin cy vi nhau. Do tnh cht nng ng ca mi trng tnh ton li, l khng th thit lp ton b cc mi tin cy trc khi thc hin cc ng dng. Vn c s tin cy tr nn phc tp trong h thng tnh ton li. 3. Bo mt ca h thng tnh ton li Cc h thng tnh ton li cao cp yu cu mc bo mt c cc c im sau: Chng thc: cc giao thc Cung cp chng thc cn c tch hp cc c ch bo mt v cch thc cc c ch ny hot ng vi nhau. y quyn: nhng c ch cung cp y quyn cho php ngi c y thc c quyn yu cu cc dch v ng thi m bo rng cc quyn truy cp c gii hn cho cc dch v ph hp vi chnh sch ca ton h thng. ng nhp mt ln: iu ny m bo cho vic xc thc ngi s dng xuyn sut trong qu trnh lm vic, d cho cng vic ny cn phi qua nhiu khu vc ti nguyn khc nhau ti cc khong thi gian khc nhau. Lm mi mt chng thc: h thng c kh nng lm mi li mt chng thc nu thi gian thc hin tc v ln hn thi gian sng ca mt chng thc c cp. Xc minh danh tnh: khng nh ng ngi s dng c cp quyn truy cp vo h thng.
Tnh ring t: yu cu c ngi yu cu dch v v nh cung cp chp hnh chnh sch v ring t. B mt: bo v b mt ni dung cc thng ip bn trong qu trnh truyn ti, cc thnh phn OGSA trong tt c m chng xut hin. Kim nh thng ip: bo m rng vic thay i tri php ni dung thng ip hoc d liu s b pht hin ti im nhn. m phn chnh sch: cho php ng cnh bo mt m phn c ch gia cc yu cu dch v v cc nh cung cp dch v ty vo cc thng tin ca chnh sch an ninh.
Trang 19
Bo mt ng nhp: cung cp c s cho vic khng th chi b ng nhp v kim tra ng nhp tt c cc dch v s c nh du thi gian m khng l gin on thng tin. Kh nng qun l: cung cp nhng cng c c th gim st v qun l cc mc v cc mi trng lu tr Thng qua tng la: gii quyt vn bo mt khi c nhiu dch v cn mc bo mt khc nhau v cc vn nh qun l danh tnh, chnh sch qun l. m bo c s h tng OGSA:
4. Bo mt thng tin Bo mt thng tin l khoa hc nghin cu cc nguyn l v phng php cho php m ho thng tin sao cho ch ngi c kha gii m (b mt) mi c th gii hiu uc thng tin gc. V d: Nu mt ngi gi ti mt mt m bt u bng "ULFW NZFXZ", da vo kha c ti d dng gii m c thng tin "VIDU BAOMAT" v ch U thay ch V, ch L thay ch I, ch F thay ch D... Trong bo mt thng tin hai vn cn nghin cu v mt nguyn l ln phng php l: Bo mt (Encryption): Nhm ngn cn khng cho ngi l trch chn thng tin t cc thng ip c gi trn cc knh truyn ph bin. Chng thc (CA Certification (Authority): Nhm m bo ch c ngi nhn ng mi c th c thng ip, ng thi ngi gi khng th ph nhn thng ip mnh gi. C th chia cc h m thnh 2 loi chnh: 4.1 H m kha b mt Qu trnh m ha v gii m u s dng mt kha gi l kha b mt, hay cn gi l h m i xng. Trong qu trnh trao i thng tin gia A vi B nu dng h m kha b mt ek. Th A ngi gi s m ha thng ip ca h bng ek ny.V pha B ngi nhn, sau khi nhn thng ip th gii m thng ip cng bng kho ek. Nh vy mt ngi khc nh cp uc kho ek th h s c th gii m v xem c ni dung thng ip ca ngi gi. in hnh thut ton kha b mt l m ha khi vi n Byte u vo thnh mt khi Byte u ra, cc phng php m ha khi c a vo ng dng nh:RC2
Trang 20
(8Byte), DES (8Byte), TRIPPLE DES (24Byte), RIJINDAEL (32 Byte),thut ton m ha b mt c tc nhanh hn so vi h m kha cng khai. 4.2 H m kha cng khai Qu trnh m ho s dng mt kha c th cng khai v khi gii m th s dng mt kha khc.V s sng 1 cp kha trong c mt kha c th c cng b nn gi l h kha cng khai, hay cn gi l h phi i xng. Thc cht h m kho cng khai s dng hai kha c lin quan vi nhau: Kha cng khai (Public key) c s dng m ho nhng thng tin m bn mun chias vi bt c ai. Chnh v vy bn c th t do phn pht n cho bt c ai m bn cn chias thng tin dng m ho. Kho ring (Privatekey) kha ny thuc s hu ring t ca ngi c cp v n c s dng gii m thng tin. 5. M hnh bo mt trong Grid M hnh bo mt trong grid c phn lm hai loi: Xy dng mt m hnh hon ton mi bo mt cho grid. Xy dng dch v bo mt da trn nhng yu cu cn thit: iu c ngha l dch v bo mt c xy dng cung cp mt tp cc service cho cc ng dng bn pha host trong mi trng OGSA. Hnh 7 m t cc chc nng mt m hnh bo mt c th c trong grid gm cc chc nng binding security, audit & non-repudiation, mapping rules, privacy policy, authorization policy, service/end-point policy Sau y chng ta s tm hiu qua mt s chc nng.
Trang 21
Hnh 7: M hnh an ninh mng li 5.1 Binding Security SOAP v IIOP thng c s dng trong lp Binding security.Bo mt binding da trn bo mt ca giao thc hoc kiu nh dng dliu c s dng. Khi mt giao thc hay mt nh dng d liu mi c a ra cn phi c cc yu cu bo mt i km v phi m bo ti thiu 3 yu cu: xc thc, ton vn v bo mt. HTTP l mt giao thc quan trng v n trong sut vi firewall v c chp nhn rng ri.Trong trng hp lin kt da trn HTTP, cc request c th c gi thng qua SSL, SSL h tr c ch xc thc, ton vn v bo mt. Tuy nhin SSL ch m bo cht lng dch v nu cc end point tham gia s dng kt ni SSL. Nu mt request cn traverse thng qua cc im trung gian th ti mi end-to-end cc vn bo mt cng cn phi c a ra ti lp pha trn giao thc SSL. Trong trng hp dliu s dng c ch SOAP, thng tin bo mt c th c nh km trong chnh dliu SOAP ny. Ngoi ra dliu SOAP cn c bo mt v ton vn khi s dng XML Digital Signature v XML Encryption. 5.2 Policy expression and Exchange Web services cn phi a ra cc yu cu nhng ai s dng phi tun th, cc yu cu ny cn phi c gii quyt trc khi user tng tc c vi service. V d, khi mt requester mun sdng mt service th requester cn a ra cc chng thc m bo rng
Trang 22
mnh c quyn s dng service ny ng thi cc message phi ng format do service ny yu cu... iu quan trng i vi service requester l lm th no bit c cc requirement i km vi target service. Ngay khi service requester bit c cc yu cu v kh nng m target service h tr, n s tnh ton v c service requester ln service provider s la chn mt tp cc binding ti u nht giao tip vi mt service khc. WS-policy s m t lm th no c service provider v service requester c th a ra cc yu cu v kh nng cung cp ca mnh. Nh vy lp policy expression and exchange s gii quyt yu cu v trao i chnh sch gia cc end-point tham gia. Xa hn na cho php service requester v service provider khm ph policy ca service khc. 5.3 Secure Association Service requester v service provider cn phi trao i nhiu thng tin, bo mt thng tin khi truyn trn mng cn c c ch thc thi vic xc thc v thit lp kt ni trong ng cnh an ton. C nhiu giao thc (IPSEC, SSL, IIOP...) v c ch (Kerberos...) c h tr bo mt trong ng cnh ny. WS-SecureConversation l mt c t Web service c a ra bi IBM v cc t chc khc, lm vic cng vi WS-Security, WSTrust v WS-Policy cho php to ra ng cnh bo mt khi trao i d liu SOAP, WSSecureConversation s m t lm th no mt web service c th xc thc cc thng ip c gi t service requester, lm th no service requester c th xc thc li c service provider, v lm th no thit lp c c ch xc thc ln nhau trong ng cnh bo mt. WS-SecureConversation c thit k hot ng trn lp thng ip SOAP bi v thng ip SOAP c th s traverse thng qua nhiu service trung gian. 5.4 Authorization Enforcement Chnh sch authorization l mt phn quan trng trong m hnh bo mt li.Mi mt domain s s hu mt dch v cp quyn (authorization service). Trong mi trng internet, authorization thng kt hp vi service provider iu khin truy cp vo resource da trn ID ca service requester. Client hay service requester thng thng phi tin tng vo server hoc service provider.Trong trng hp khng c s tin tng ny th service provider s cung cp c ch xc thc thng qua giao thc SSL, y l c ch thit lp giao tip tin tng gia service requestor v service provider. Authorization trong mi domain c cc m hnh khc nhau: Role based authorization.
Trang 23
Rule based authorization. Capabilities, access control list... 5.5 Identity and Credential Mapping/Translation Mi trng Grid l s kt hp ca nhiu t chc, mi t chc li c domain bo mt khc nhau.Operations gia cc entity trong domain khc nhau cn yu cu c ch xc thc ln nhau (mutual authentication). Tuy nhin vic gistt c cc domain cng chia s mt ni ng k (global user registry) l phi thc t. Bi vy khi mt operation gia cc entities vt qu domain hay ranh gii ca VO, ID ca service requestor v providers tng ng nh cc credential c m t trong domain ny c th khng cn ng v c php cng nh ng ngha trong domain ca partner. Chnh v vy cn c thnh phn c chc nng nh xID/credentials chuyn function trong domain ny tng ng cc function trong domain khc. 5.6 Secure Logging y l chc nng c bn nht ca mt service.Khi bn mun s dng mt service no , iu u tin l bn cn phi ng nhp xc thc quyn bn ng k s dng service ny hay cha. Chc nng ny kh n gin nn c th c p dng vo mi thnh phn trong m hnh. 5.7 Management of Security M hnh bo mt Grid s nhm cc chc nng qun l bo mt da theo cc kha cnh v binding, policy v federation. Mi mt kha cnh s a ra cc gii php bo mt nh: s dng hm m ha, qun l ng k ca user, chnh sch authorization, privacy... Ngoi ra cn pht hin kh nng xm phm, a ra cc anti-virus service... 6. C s h tng bo mt li 6.1 C ch xc thc GSI Khi ta xy dng c Grid host, lm th no ta c th yu cu CA xc thc (cp certificate) cho Grid host ny? Sao chp public key ca CA ln grid host. To private key v certificate cho grid host.
Gi certificate va c to ra cho CA.
CA sau khi nhn c yu cu s s dng private key chng thc ln certificate ny v gi ngc tr li. Trang 24
Hnh 8 C ch xc thc GSI Sau khi bc xc thc c hon tt trn grid host s c ba tp tin quan trng: Public key ca CA. Private key ca grid host. Digital certificate m CA chng thc cho grid host. 6.2 Authentication v authorization
Trang 25
Gi s chng ta l host A v mun s dng mt ng dng no trn host B. Liu chng ta c m bo rng ng dng chng ta yu cu c phi xut pht t chnh host B hay khng? C ch authentication sgip chng ta xc thc c host B c phi ang giao tip vi host A hay khng.
1. User bn host A s gi certificate sang host B. 2. Host B sly public key ca A v s dng public key ny ly thng tin trn certificate (bng cch s dng public key ca CA). 3. Host B to mt s ngu nhin v gi li cho host A. 4. Host A nhn s ngu nhin ny v m ha s dng private key ca mnh. Sau gi li thng ip c m ha ny cho host B. 5. Host B nhn thng ip c m ha s dng public key gii m xem sngu nhin c trng vi s ngu nhin m host B to ra gi cho bn A trc hay khng? Sau host B xc thc c certificate thc s l t bn host A gi ti bi v ch c bn host A mi c th m ha c. 6. Chng ch ca ngi dng trn host A c host B chng thc, sau , host B s nh x subject (l mt dng ca DN, l tn c s dng bi LDAP phn bit cc im vo trong directory service) ly c trong bc 2 vo ngi dng cc b thng qua gridmap-file.
Trang 26
Hnh 9 Th tc chng thc v phn quyn vi GSI. Lc ny, ngi dng trn host A c cho php hot ng nh mt ngi dng cc b trn host B. Trong mi trng Grid, mt host c vai tr l client trong mt s trng hp, c th l server trong mt s trng hp khc, do host c th phi chng thc mt host khc v c chng thc bi host kia ti cng mt thi im. Trong trng hp ny c th s dng chc nng mutual authentication ca GSI. Chc nng s c gii thiu chi tit hn phn sau. 6.3 C ch u quyn (delegation) C ch u quyn trong GSI gii quyt yu cu v ng nhp mt ln (single sign-on) ca mt h thng Grid. y l mt s m rng ca protocol SSL nhm gim s ln phi g passphrase ca ngi dng khi s dng nhiu ti nguyn Grid c yu cu chng thc. Ngi dng khng cn phi g li passphrase bng cch to ra mt proxy v y quyn cho n. Mt proxy bao gm mt chng ch mi (c nh km kha cng khai mi ca proxy) v mt kha b mt mi. Chng ch mi cha nh danh ca ngi ch proxy, c sa li cho bit l mt proxy. Chng ch mi c k bi ngi ch s hu thay v CA. Trong proxy certificate c cha thm thi gian sng ca proxy, khi ht thi gian sng, proxy s tr nn khng hp l, thng th thi gian sng ca proxy rt ngn. Cc proxy li c th to ra v u quyn cho cc proxy khc to thnh mt chui cc i din cho ngi
Trang 27
dng trn cc ti nguyn, t cho php ngi dng c th s dng nhiu ti nguyn khc nhau m ch cn ng nhp mt ln.
Hnh 10 C ch y quyn trong GSI. C ch u quyn c m t trong hnh 10. C ch gm 2 bc chnh: khi to proxy trn host xa (host B) v chng thc proxy trn mt host khc (host C). Bc 1: Khi to proxy khi to mt proxy:
1. Mt kt ni tin cy phi c to ra gia host A v host B (thc hin quy trnh chng thc trn host B nh trn). 2. Ngi dng trn host A gi yu cu host B to mt proxy i din cho mnh. 3. Host B to mt bn yu cu cho proxy certificate ca ngi dng v gi yu cu ny v host A. 4. Host A s dng kha b mt ca ngi dng k xc nhn vo bn yu cu proxy certificate v gi n li cho host B. 5. Host A gi chng ch ca ngi dng cho host B.
Trang 28
Hnh 11: Th tc u quyn ca mt proxy trong GSI. Bc 2: Chng thc proxy Lc ny proxy trn host B c ngi dng u quyn, proxy trn host B c th lin lc v c chng thc v phn quyn trn host C nh th l user trn host A. Trc khi c th gi yu cu thc hin cng vic trn host C, proxy cn c chng thc trn host C. Quy trnh thc hin nh sau:
6. Proxy ca ngi dng trn host B gi user certificate v proxy certificate n host C. 7. Host C ly kha cng khai ca proxy thng qua th tc path validation: 7.1. Host C s dng kha cng khai ca CA ly subject v kha cng khai ca ngi dng trong user certificate. 7.2. Host C s dng kha cng khai ca ngi dng ly subject v kha cng khai ca proxy trong proxy certificate. Trang 29
Bo co bi tp ln mn Tnh ton li 7.3. Gi s subject ca ngi dng l : /O=Grid/O=GridTest/OU=test.domain.com/CN=GreenStar" Subject ca proxy certificate cng ging nh subject ca ngi to ra n ( y l ngi dng trn host A) v c dng nh sau: /O=Grid/O=GridTest/OU=test.domain.com/CN=GreenStar/CN=proxy" Do , kim tra tnh hp l ca proxy, host C ch cn kim tra phn chui cn li trong
6.4 Thit lp giao tip an ton gia Client v Service y s cung cp hai c ch xc thc c s dng trong Grid: c ch bt tay SSL v c ch Keberos. C ch bt tay SSL thit lp giao tip an ton gia Grid server v Grid client, mt c ch bt tay phi c thit lp. C ch bt taySSL c nhim v xc nh nhng ci t SSL cn thit, c chtruyn kha (public key) v cc yu t cn bn cho x l xc thc ln nhau (mutual authentication). C ch bt tay SSL c thc thi qua nhng bc sau:
1. Grid Client lin hvi grid server bt u mt session s dng Digital X.509 ID Certificate. 2. Grid Client t ng gi cho Grid Server s phin bn SSL (SSL version number), ci t m ha, t ng sinh ra d liu v mt vi thng tin khc m grid server cn cho qu trnh thit lp giao tip vi grid client. 3. Grid server p ng li bng cch cng gi li cho grid client: digital certificate, SSL version number, ci t m ha... 4. Client xem xt thng tin cha ng trong certificate ca server v kim tra xem: a. Server certificate c hp l hay khng? b. Server certificate c c k bi mt CA tin tng hay khng? c. S dng public key i km xc nh tnh hp l cho digital signature. Trang 30
5. Nu server xc thc thnh cng, bn client ssinh ra mt key session duy nht s dng cho qu trnh m ha trong sut qu trnh giao tip vi grid server s dng c ch m ha bt i xng. 6. User bn client m ha session key bi chnh public key ca server. Chnh v vy m ch c bn pha server mi c th c c session key. 7.Server sau khi nhn c session key c m ha s s dng private key gii m v ly ra session key. 8.Grid client gi thng ip cho server cho bit nhng thng tin giao tip v sau s c m ha bng session key ny. V server cng thng bo ngc li cho client bit. 9.SSL secured session c thit lp. 10. Ngay khi session hon tt, session key s b hy b.
Kerberos l giao thc xc thc v phn phi kha: s dng h thng m ha i xng (symmetric encyption systems), thc thi hiu qu hn h thng s dng public keyhay h thng m ha bt i xng. Kerberos ph hp cho qu trnh phi xc thc mt cch thng xuyn. Kerberos c mt trung tm gi l trung tm phn phi kha (key distribution center-KDC). KDCb bao gm hai chc nng: my ch xc thc (authentication serverAS) v my ch cung cp v (ticket granting server-TGS). Ticket trong h thng Kerberos chnh l cc chng thc nhn dng cho mt user ang s dng. Kerberos thc hin cc qu trnh sau xc thc: mt user mun xc thc mnh vi authentication server (AS), sau s chng minh vi ticket granting server (TGS) rng mnh c xc thc nhn ticket ri, cui cng chng minh vi service server (SS) rng mnh c chp nhn s dng dch v ri.
Trang 31
1. Client gi mt yu cu n AS yu cu dch v. 2. AS kim tra bn client c nm trong c s d liu ca mnh hay khng? Nu c AS s gi li cho bn client 2 gi tin: a. Gi tin A: client/TGS session key c m ha bi kha b mt ca client. b. Gi tin B: ticket (cha ID, a ch mng client, thi hn hiu lc ticket v client/TGS session key) c m ha bi kha b mt ca TGS. 3. Khi nhn c 2 gi tin trn client gii m gi tin A c c session key (TGS). Session key ny c s dng giao tip vi TGS, tuy nhin client khng th gii m c gi tin B v n c m ha bi kha b mt ca TGS. 4. Client sau s gi 2 gi tin n TGS: a.Gi tin C: gi tin B (cha ticket)v ID ca dch v yu cu. b. Gi tin D: ID (client), timestamp, mt m ha s dng client/TGS session key. 5. Khi nhn c 2 gi tin C v D, TGS s ly gi tin B ra khi C. Gii m gi tin B s dng kha b mt ca mnh: a. Gi tin E: ticket (bao gm ID ca client, a ch mng ca client, thi hn s dng session key (client/server)) c m ha bi SS (my ch cung cp dch v). b. Gi tin F: session key (client/server) c m ha bi session ke y (TGS). 6. Khi nhn c 2 gi tin E v F, client s gi 2 gi tin n SS: a. Gi tin E thu c t bc trc. b. Gi tin F: ID ca client, thi im yu cu v c m ha bi session key (client/server). 7. SS gii m ticket bng kha b mt ca mnh v gi gi tin sau cho client: Gi tin H: client/server session key. 8. Client gii m chng thc s dng client/server session key v kim tra timestamp cho ph hp hay khng? Nu c th client c th tin tng vo server v s dng dch v ny.
Trang 32
Hnh 12: Hnh nh trc quan khi s dng c ch Kerberos
Trang 33
Theo nh hnh 12, chng ta c th thy c im yu trong h thng Kerberos: nu my ch trung tm ngng hot ng th mi hot ng s ngng li. Tuy nhin ta c th khc phc bng vic s dng nhiu my ch Kerberos. 6.5 Cc m hnh bo mt Grid trong cc phin bn Globus Toolkit Trong GT2, nhng dch v nh Grid Resource Allocation and Management (GRAM), Monitoring and Discovery (MDS), data movement (GridFTP) s dng cng mt kin trc GridSecurity Infrastructure (GSI) chung cung cp chc nng bo mt nh thay i c h bo mt chung, to ng v cp quyn cho cc thc th, to v qun l ng cc khu vc bao ph tin cy. Chc nng thay i c ch bo mt chung c hin thc qua vic GSI nh ngha mt nh dng chung da trn xc thc nh danh X.509 v giao thc chun da trn lp bo mt transport (TLS, SSL). Ngoi ra, chng cn s dng nhiu gateways chuyn i qua li gia kin trc GSI chung v chun ni b cami t chc. Mi xc nhn GSI c cp bi mt nhm th ba tin cy chnh l CA. Nhm CA c nhim v cung cp thng tin phc v qu trnh xc thc trong grid.Chc nng to ng v cp quyn cho thc th c th hin qua vic GSI m rng n khi nim xc nhn proxy X.509. Xc nhn ny cho php ngi dng gn ng nh danh mi n thc th v sau ph thcvi quyn cho thc th . Vic gn nh danh v nhng quyn cho thc th ca ngi dng khng cn thit phi c s xc thc ca CA. Chc nng to v qun l ng cc khu vc bao ph tin cy c bo m GSI s dng dch v ng thi c vic xc thc proxy v dch v bo mt gi l CAS. Nhim v ca CAS biu th chnh sch ca t chc o thng qua nhng t chc tham gia. Qu trnh xc thc thng qua CAS c minh ha nh hnh 13.
Trang 34
Hnh 13: Qu trnh xc thc thng quan CAS u tin ngi dng xc thc vi CAS v h s nhn c yu cu ca t chc o h c th s dng resource. K n, ngi dng s gi yu cu n t chc cng vi yu cu ca h. Sau cng l qu trnh kim tra xem c cp ti nguyn theoyu cu ca ngi dng hay khng. Nhn chung, trong m hnh GT2 ny m bo c ba thch thc m bo mt li ra. Trong GT3, kin trc GIS nng ln mt tm mi da trn m hnh OGSA. M hnh bo mt ny s dng nhng c tnh tt ca OGSA v Web Service (WS) p ng bn mc tiu c bn. Th nht, xem cc chc nng bo mt nh l mt dch v ca OGSA v cho php cc ng dng c th dng khi cn thit. Vic ny lm tng thm tnh linh ng cho vic s dng h thng. Th hai, s dng mi trng hosting iu khin bo mt cho ng dng v iu chnh c ch bo mt ph hp vi ng dng. N gip chng ta khng cn phi chnh sa li ng dng khi chnh sch bo mt thay i.Vic ny s gim bt gnh nng cho ngi lp trnh. Th ba,cho php cng khai chnh sch bo mt t lm cho h tin tng hn vo dch v v cng lm cho c ch bo mt ca mi t chc c th lm vic c vi nhau. Th t, thnh lp c chun cho php thc hin trao i gia cc t chc. Hnh 14, m t r hn cho bn mc tiu trn trong c ch bo mt ca GT3.
Trang 35
Hnh 14: C ch bo mt trong GT3 Theo hnh 14, chng ta c th thy bo mt trong h thng GT3 thc cht l nhng dch v thc hin tun t kt hp vi nhau. Nu gi s chnh sch bo mt c g thay i th chng ta ch cnvic sa li ng dch v b nh hng bi chnh sch y. ng thi qua chng ta c th thythm tnh linh hot trong vic kt hp chnh sch bo mt ca tng mi trng hosting khc nhau. Hnh 14 ang m t cho chng ta qu trnh thc hin tng tc gia hai hosting. Qu trnh ny c thc hin thng qua bn dch v: dch v phn b chnh sch bo mt, dch v giao dch gia hai hosting, dch v thc thi chun chung cho hai hosting giao tip v dch v kim tra quyn hn. Qu trnh bo mt c thc hin mt cch tun t thng qua bn dch v trn v c nh s t nh n ln. Trong GT4, c ch bo mt tng i ging vi GT3. Nhng GT4 c nhiu ci tin thm vo nhm tng hiu qu s dng ca dch v nh lm thay i WS-Security v Https lm gim s d tha tin nhn trong mi trng WS. Ngoi ra, phng php bo mt c s dng vi GSI thay i t hng tip cn message level thnh transport level. y l
Trang 36
hng nhn nhm ci tin n hiu qu lin quan n dch v bo mt. GT4 cn h tr thm tnh nng WS-I(Web Services Interoperability Organization) gm c Web Services Resource Framework (WS-RF) and Web Services Notification (WS-N) specifications; Security Markup Language (SAML); Extensible Access Control Markup Language (XACML). Tm li, c ch security trong GT2 khng da trn chun v th vic m rng s tr nn kh khn hn. Cn i vi GT4, do da vo kin trc hng i tng WS nn sm hnh thnh chun cho mi trng security trong grid. Ngoi ra, vic m rng da trn kin trc i tng WS gip cho GT4 c nhiu ci thin v tnh hiu qu v linh ng ca h thng. V th, vic p dng GT4 trong thng mi cng ngy cng c trin khai 6.6 Bo mt trong c s kin trc h thng ca Grid Phn ny ch yu cp n vic bo mt trong c s kin trc ca Grid nh bo mt vt l; bo mt h iu hnh; Grid v tng la; pht hin tn cng hosta s nhng vn ny trong bt k mt h thng bo mt u cn phi c ch khng ring g trong Grid. Nhn chung, cc phng php trn u hng n cng mc ch l lm sao chng ta c th gim sot v iu khin c vic truy xut h thng n nh v an ton. Trong bo mt vt l cc hot ng m chng ta thng lm nh ghi li qu trnh truy xut, back up d liu h thng, s dng UPS khng xy ra hin tng mt in lm gin on h thng hoc s dng phn mnh phn chia cc mng khc nhau. Bn cnh , i vi bo mt h iu hnh, ngi qun tr h thng thng hay cu hnh cho cc file hay thnh phn trung gian tng kh nng bo mt cho h thng. Nhng li khuyn ca cc nh qun tr h thng khi cu hnh cho h iu hnh yu cu chng ta cn lu cc vn sau: tt ht tt c cc dch v khng cn thit; loi b tt c cc user v group user khng nn c; s dng password cng di cng tt; thng xuyn theo di v update cc phin bn v li mi ca h thng; hn ch vic truy xut th mc ca ngi dng. Ngoi ra, vic thit lp tng la vn c xem l gii php tng thm tnh bo mt cho h thng. H thng c cng nhiu c ch bo th vic bo mt ca n cng tr nn hiu qu hn. Nhng khng v l do m chng ta p dng nhiu gii php. Ty vo mi h thng mc bo mt th no m nn la chn gii php ph hp. Nu vic thit lp qu nhiu c ch bo mt th hao ph ti nguyn v ch s xy ra v lm cho h thng gim i hiu sut.
Trang 37
KT LUN 1. Kt qu t c - Tm hiu tng quan v Grid computing. - Tm hiu cc c ch bo mt trong Grid computing. 2. Hn ch - Nghin cu cha y v cc c ch bo mt. 3. Hng pht trin - Nghin cu y v su hn v cng ngh Grid Computing. - Nghin cu cc m ngun m cng ngh Grid computing ng dng vo thc t.
Trang 38
TI LIU THAM KHO

1. S. Tuecke, K. Czajkowski, I. Foster, J. Frey, S. Graham, C. Kesselman, T. Maquire,
T. Sandholm, D. Snelling, P. Vanderbilt, Open Grid Services Infrastructure (OGSI) Version 1.0, GLOBAL GRID FORUM, 27/06/2003, http://www.ggf.org/ogsi-wg. 2. Fran Berman, Anthony G.G. Hey, Geoffrey C. Fox, Grid Computing, Wiley, 2003. Computing, IBM Redbooks, 2005. 4. Bi ging v Grid Computing ca thy Hunh Cng Php.
3. Bart Jacob, Michael Brown, Kentaro Fukui, Nihar Trivedi, Introduction to Grid
Trang 39

Bao Mat Trong Grid Computing

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bao Mat Trong Grid Computing

Uploaded by

Copyright:

Available Formats

I HC NNG TRNG I HC BCH KHOA

TM HIU V C CH BO MT CA GRID COMPUTING

Nng, thng 05 nm 2012

Nng, thng 09 nm 2011

CHNG 1 TNG QUAN V GRID COMPUTING Trang 3

Hnh 1: S o ha vi nhiu cp 2. Li ch ca Grid computing Khai thc ti nguyn x l

Hnh 3: Chia s cng vic trong mng

Hnh 5: Cc nh qun tr c th iu chnh chnh sch thch hp vi ti nguyn

Gi certificate va c to ra cho CA.

Hnh 12: Hnh nh trc quan khi s dng c ch Kerberos

TI LIU THAM KHO

You might also like