ROST: Remote and hot service deployment with trustworthiness in CROWN Grid
Introduction
Grid computing promises to enable coordinated resource sharing and problem solving in dynamic, multi-institutional virtual organizations [17]. As grids are very heterogeneous environments, there exist various resources including networks, computers, storage and devices, and the like, to better tackle the heterogeneity problem. Service-oriented grid architecture has recently been introduced, which is widely considered to be the future of grid computing [19]. Built on web services, OGSA [18] is the de facto standard for building service grids, in which various resources are encapsulated as services with uniform user interfaces.
The main goal of our key project, CROWN (China R&D Environment Over Wide-area Network) Grid, is to empower the in-depth integration of resources and cooperation of researchers nationwide and worldwide. The CROWN project was launched in late 2003. As illustrated in Fig. 1, a number of universities and institutes, such as Tsinghua University, Peking University, Chinese Academy of Sciences, and Beihang University, have joined CROWN, each contributing 50–100 computing nodes. More universities and institutes are invited to join the CROWN Grid. CROWN will also be connected to some world-famous grids, such as GLORIAD [7] and PRAGMA [8].
In past years, many key issues in grid computing have been extensively studied, such as information services, resource scheduling, and security issues. As an important issue, remote and hot service deployment, however, has not been fully addressed. Before a service is ready for invocation, it must be deployed in a service container, which provides a runtime environment. A grid is a highly distributed environment, in which numerous domains could be involved. The domains are usually geographically dispersed. It is highly desirable for a contributor to deploy its services within remote service containers for multiple purposes. For example, in the CROWN Grid for applications in bioinformatics, there are many computing intensive applications such as BLAST. A computing node could easily become overloaded when multiple jobs arrive in a short time period. The heavy load can be balanced if the node is able to deploy one or more BLAST service replicas to remote nodes and then redirect some jobs. Similar requirements also exist in many other grid applications.
Traditionally, remote service deployment is supported in a cold fashion, which means that to deploy a new service, the runtime environment needs to be restarted. This results in many disadvantages because previously running services must be stopped, and they may have to resume or even restart their jobs, causing significant overheads. Therefore, hot service deployment, which does not need to restart the runtime environment while deploying services, has become increasingly important. With the availability of remote and hot service deployment, many applications will benefit, such as load balancing, job migration and so on.
Service deployment is actually not a new issue. Similar demands also exist in mobile agents [11] and active networks [13]. To the best of our knowledge, however, there is no successful solution to enable remote and hot service deployment in grid systems. The most updated Globus Toolkit (version 4) [4], the de facto standard for grid middleware, does not yet provide the function of remote and hot service deployment. This may be due to the great security challenges arising when a user deploys a service to a remote container. Here, we call a node a deployer, which intends to deploy a service, and the remote service runtime environment the target container, which is responsible for running and managing services being deployed. Without proper security mechanisms, a service provided by a deployer may be malicious, and the target container may be rogue or fragile. Also, the security policies of the deployer and the container could be incompatible. In an open grid environment, we cannot expect any deployer and its corresponding target container to set up a required trust relationship in advance. Moreover, it is too costly to always have to build trust across domains based on the traditional PKI infrastructure during remote deployment.
In this paper, we present our original work, ROST (Remote and hOt Service deployment with Trustworthiness), which achieves its goal by dynamically updating the runtime environment configurations. ROST avoids restarting runtime systems during remote deployment. Moreover, we include trust negotiation in the ROST scheme, which greatly increases the flexibility and security of CROWN. The major contributions of this work are as follows:
- •
We identify the necessity of remote and hot service deployment in service grids, and their challenges.
- •
We propose an effective approach, ROST, to enable remote and hot service deployment. Also, we add trust negotiation into the scheme to meet general security requirements for grid environments.
- •
We implement the ROST scheme in the CROWN Grid with real applications, and evaluate the performance of ROST by means of comprehensive experiments.
The rest of this paper is organized as follows. In Section 2, we present our proposed approach to ROST in detail. The implementation experiences are introduced in Section 3. We present our experimental methodology and performance evaluation of ROST in Section 4. We discuss related work in Section 5 and conclude this work in Section 6.
Section snippets
ROST design
CROWN consists of numerous organizations, with each of them forming a domain, as illustrated by Fig. 2. The public Internet usually connects domains. CROWN, as a service-oriented grid, encapsulates various resources, such as web services. In CROWN, a computer must be installed with a core component of CROWN middleware, the Node Server (NS), before joining the grid system. The computer installed with the Node Server middleware is also referred to as an NS. An NS serves as the service container,
Experiences with ROST implementation
In CROWN, services follow the WSRF specifications [1]. A complete service consists of several files, with each specifying some properties of the service.
- •
Executable programs. Such as Java classes, scripts, EJBs, and the like.
- •
One or multiple WSDL files. Description of interfaces and access protocols of a service.
- •
A WSDD file. Web Service Description Descriptor, description of service configuration for the service container.
- •
A JNDI configuration file. Description of WSRF resources of a service.
- •
A
Performance evaluation
The ROST scheme is implemented as a core component of CROWN middleware. We evaluate the performance of ROST by comprehensive experiments based on the abovementioned real applications.
Related work
The Globus Toolkit is the most famous grid middleware, and it has begun to support service-oriented grid computing based on OGSA since version 3. However, even in the updated release, version 4, remote and hot service deployment is not supported. A grid service is actually built on the Web service, and extended to include functions such as state and life cycle management. For Web services, a number of middlewares, such as Apache Axis [5], JBOSS [15], and Microsoft .NET [6], have partly
Conclusions and future work
Our key project, CROWN Grid, strives to integrate valuable nationwide and worldwide Internet resources. In CROWN, remote and hot service deployment is in high demand. In this paper, we present our remote and hot service deployment with a trustworthiness (i.e. our ROST) scheme. With ROST, a service can be deployed to a remote container in a different security domain in a hot fashion, which significantly improves service efficiency and quality. We implement ROST in CROWN, and the experiments
Acknowledgements
This work was supported by the National Natural Science Foundation of China under Grant No. 90412011 and 60473010, the National Natural Science Funds for Distinguished Young Scholars under Grant No. 60525209, and the National Grant for Fundamental Research 973 Program of China under Grant No. 2005CB321803.
Jinpeng Huai is a Professor and Vice-President of Beihang University. He serves on the Steering Committee for Advanced Computing Technology Subjects, the National High-Tech Program (863) as Chief Scientist. He is a member of the Consulting Committee of the Central Government’s Information Office, and Chairman of the Expert Committee in both the National e-Government Engineering Taskforce and the National e-Government Standard office. Dr. Huai and his colleagues are leading the key projects in
References (36)
- WSRF Specifications....
- ActiveX....
- Java Applet....
- The Globus Toolkit....
- Apache Axis....
- Microsoft .NET....
- GLORIAD....
- PRAGMA....
- R. Anand, N. Islam, T. Jaeger, J.R. Rao, A flexible security model for using internet content, in: Proceedings of the...
- F. Baude, D. Caromel, F. Huet, L. Mestre, J. Vayssiere, Interactive and descriptor-based deployment of object-oriented...
The anatomy of the grid: Enabling scalable virtual organization
The International Journal of High Performance Computing Applications
Grid services for distributed system integration
IEEE Computers
Cited by (0)
Jinpeng Huai is a Professor and Vice-President of Beihang University. He serves on the Steering Committee for Advanced Computing Technology Subjects, the National High-Tech Program (863) as Chief Scientist. He is a member of the Consulting Committee of the Central Government’s Information Office, and Chairman of the Expert Committee in both the National e-Government Engineering Taskforce and the National e-Government Standard office. Dr. Huai and his colleagues are leading the key projects in e-Science of the National Science Foundation of China (NSFC) and Sino-UK. He has authored over 100 papers. His research interests include middleware, peer-to-peer (P2P), grid computing, trustworthiness, and security.
Hailong Sun is a Ph.D. candidate in the School of Computer Science and Engineering, Beihang University, Beijing, China. He received his B.S. degree in Computer Science from Northern Jiaotong University in 2001. His research interests include grid computing, web services, peer-to-peer computing, and distributed systems.
Chunming Hu is a research staffer in the Institute of Advanced Computing Technology at the School of Computer Science and Engineering, Beihang University, Beijing, China. He received his B.E. and M.E. in the Department of Computer Science and Engineering in Beihang University. He received the Ph.D. degree in School of Computer Science and Engineering of Beihang University, Beijing, China, in 2005. His research interests include Peer-to-Peer and Grid Computing, distributed systems, and software architectures.
Yanmin Zhu is a Ph.D. candidate in the Department of Computer Science, Hong Kong University of Science and Technology. He received his B.S. degree in Computer Science from Xi’an Jiaotong University, Xi’an, China, in 2002. His research interests include grid computing, peer-to-peer networking, pervasive computing, and sensor networks. He is a member of the IEEE and the IEEE Computer Society.
Yunhao Liu received his B.S. degree in the Automation Department from Tsinghua University, China, in 1995, and an M.A. degree in Beijing Foreign Studies University, China, in 1997, and an M.S. and a Ph.D. degree in Computer Science and Engineering at Michigan State University in 2003 and 2004, respectively. He is now an assistant professor in the Department of Computer Science and Engineering at Hong Kong University of Science and Technology. His research interests include peer-to-peer computing, pervasive computing, distributed systems, network security, grid computing, and high-speed networking. He is a senior member of the IEEE Computer Society.
Jianxin Li is a Ph.D. candidate at the School of Computer Science in Beihang University. He is currently working on the CROWN Grid project funded by the National Science Foundation of China. His current research interests include information security, trust management, and grid computing.