VO Creation and Security Policies

When an experiment asks to enter in grid and to form a new Virtual Organization, a formal request is needed.

VO Security Policies

For security reasons, the VO needs to comply to a number of policies. The following policies need to be carefully read and understood before opening a new VO:

VO Creation (steps)

STEP 0. VO Scope

VOs are also categorised based on the geographical distribution of the Resource Centres (RCs) which accept them.

  • Local VO: a VO accepted by only one Resource Centre (RC) within a given National Grid Infrastructure. Such VOs don’t need to go through the Registration Procedure defined below.

  • Regional VO: a VO accepted by more than one RCs within a single National Grid Infrastructure. Those VOs may wish to properly register in view of further expansion.

  • Global VO: a VO accepted by RCs in multiple federations. If those VOs wish to ensure their validity grid-wide they need to register.

  • External VO: a VO which is supported by a dedicated project.

  • Global selected VO: a global VO which requires dedicated support, due to the specific Grid use cases and compelling requirements it brings.

STEP 1. VO Information

Contact the Italian Grid operations centre managers (igi-noc-managers AT lists.italiangrid.it) to provide the following information:

  • specification of the amount of needed resources and of the contribution - in terms of new resources to be added to the Grid, if any - to be sent to the Grid Executive Board (eb-grid AT infn.it), for a formal agreement;

  • definition in collaboration with the Italian operations centre (igi-noc AT lists.italiangrid.it) of the type/versions of grid middleware needed at the site level and at the grid core level to enable the VO-specifc applications on the Grid;

  • define the list of Grid production sites (at the Italian and/or international level, depending on the scope of the VO) that will make the respective local resources accessible to the VO, and the minimum amount of resources for each site. This is an iterative process that involves the VO manager and the Grid site managers, and which requires the establishement of a formal agreement. The Italian operations cenre (igi-noc AT lists.italiangrid.it) can aid the VO in this process.

  • inform the Italian operations center (igi-noc AT lists.italiangrid.it) about whom will hold the role of VO manager/s, software manager/s, and about the people who will support the VO users in the various selected Grid sites;

  • define the software requirements, the type of computing jobs that will be submitted to the Grid, the type of storage resources needed for data management (tape resources such as CASTOR and TSM, SRM Storage Elements, etc.).

STEP 2. VO Approval

The Italian Operations managers will ask the IGI partners for approval of the new VO under creation.

STEP 3. VO Name

A VO is defined by its name. A DNS-based naming scheme defines the syntax to be followed when choosing the VO name. Instruction are given in the Virtual Organisation Registration Process in EGI.

STEP 4. VO Registration form

The VO managers identifies and makes public the VO profile by supplying information in the VO registration form. The supplied information will constitute the VO Identity Card. NOTE. The VO Identity Card needs to be periodically checked and kept up to date by the VO manager!

STEP 5. Enabling the VO on the Grid

The Italian operations centre is now responsible for:

  • creating the VO on its VO Management servers - VOMS (if the VO does not use an instance of its own)
  • creating the VO support group on the Italian helpdesk
  • advertising the existence of the new VO to the Grid site managers, asking the relevant sites to enable the VO to use the respective local resources.

Read more (in Italian)

-- AlessandroPaolini - 2012-02-24

Topic attachments
I Attachment Action Size Date Who Comment
PDFpdf EGI-SPG-VOManagement-V1_0.pdf manage 195.3 K 2012-02-24 - 12:57 AlessandroPaolini  
PDFpdf EGI-SPG-VOOperations-V1_0.pdf manage 160.8 K 2012-02-24 - 12:57 AlessandroPaolini  
PDFpdf EGI-SPG-VOPortal-V1_0.pdf manage 206.9 K 2012-02-24 - 12:57 AlessandroPaolini  
PDFpdf EGI-SPG-VORegistration-V1_0.pdf manage 173.7 K 2012-02-24 - 12:57 AlessandroPaolini  
PDFpdf newvo.pdf manage 46.4 K 2012-02-24 - 12:54 AlessandroPaolini  
Topic revision: r1 - 2012-02-24 - AlessandroPaolini
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback