The Trellis security infrastructure for overlay metacomputers and bridged distributed file systems


Researchers often have non-privileged access to a variety of high-performance computer (HPC) systems in different administrative domains, possibly across a wide-area network. 1 Consequently, the security infrastructure becomes an important component of an overlay metacomputer: a user-level aggregation of HPC systems. The Trellis Security Infrastructure (TSI) is layered on top of the widely-deployed Secure Shell (SSH) and systems administrators only need to provide unprivileged accounts to the users. The contribution of TSI is in demonstrating that a single sign-on (SSO) system, for a variety of use-case scenarios, can be implemented without requiring a completely new security infrastructure. We describe the use of TSI for a Canada-wide overlay metacomputer, for computational workloads (i.e., CISS-3) that spanned 22 administrative domains, at its peak had over 4,000 concurrent jobs, and included a new distributed file system (i.e., Trellis NFS). Server ssh−agent ssh−agent ssh−agent ssh−agent (a) (b) (d)

DOI: 10.1016/j.jpdc.2006.04.005

5 Figures and Tables