A very long time ago, faced with a computing shortfall, I applied to the National Grid Service (NGS) for some extra time. It was a reasonably fast turnaround for the case for support, but then our difficulties started. The NGS is a very secure service. It presumably needs to be, because giving, for instance, spammers, access to a large volume of cpu time is a Really Bad Thing. In addition, minimising the risk of attack also means data is more secure and doesn’t need multiple backups for recovery in case of the unfortunate – and this can be quite important as major users of the grid (such as the STFC) are liable to generate vast quantities of data. In this respect, minimising vulnerability is the call of the day. Unfortunately, such security measures raise an issue with our local firewalls – designed to prevent the same thing happening to our machines, especially for the non-standard ports that the NGS requires to work. Having to work through each firewall issue step by step, I soon gave up as I had several other pressing things to be getting on with.
Recently, however, we have decided to give it all another go. There are several developments helping us here:
1. I have two new super-talented PhD students around (one visiting and one about to start here with me), who will be able to take the lead in sorting access issues out :> (and who also need vast quantities of compute time)
2. This time, NGS provided us with a list of firewall holes required, as well as some more detailed instructions for our tech guys. Right away :) (so I didn’t have to feel guilty about mailing them about 16 times a day – although they kept assuring me it was fine, I never quite believed them)
3. Kieron, working at Southampton and funded in part by JISC Engage, has been developing new tools to allow us to integrate NGS submission with the LaBlog lab blogging system, being developed by Jeremy Frey and exploited heavily by his colleague Cameron Neylon. Combined with slightly easier accessing protocols, an extremely attractive feature here is the real-time data storage and tagging facilities. With appropriate meta data, many useful aspects of simulations can be linked, along with following of the simulation through different stages, accurate tracing of input files (a real problem when they’re all named CONFIG and the filesystem used is not transparent), and possible linking to other web services … (more on the joys and possibilities of LaBlog later)
So how have we gone so far?
The first stage in the process is to obtain a grid certificate - something that is embedded in your browser and used by the NGS utilities to uniquely identify you and only you to the service (the step-by-step startup guide is quite detailed). If you are thinking of using the service, you can apply (by following the links through the application pages) to get a new user certificate. You’ll also need to install the main e-science certificates, but this is quite easy. One you’ve made your application for a certificate, if you are an NGS virgin, you will need to go in person to meet your local RA (Registration Authority) representative with some forms of id and, importantly, your pin that you used to register. Don’t forget the pin – its 10+ characters long, and if your RA is far away and you can’t remember it, they’ll need to revoke the certificate and you need to start again from the computer you intend to access the grid from. (The warning here is because I forgot mine, one of my students forgot his – I have a feeling almost everyone (who is used to 6-8 characters for passwords) thinks up something usual and clever, only to forget it by the time they tramp halfway across the campus … certainly our RA was very accommodating :)
Once you have your certificate – back it up! preferably somewhere other than the harddrive your browser is on, and perhaps more than one other location (in case of double harddrive/machine failure, as happened in my case last year). Without the certificate you can no longer access the grid.
With the certificates backed up and loaded into your browser, you can now apply for an account, including appropriate usage hours. If this is your first time, you can apply for a test number of hours to get a feel for how much to ask for in future. This was the stage we were up to when we started (so I can’t yet comment on how it benchmarks – but hopefully soon). I was delighted though to find that my account details are still accessible and up to date after renewing my certificate for the second time – and that the interface seems to have improved significantly.
As for accessing the grid – I’ll leave that for the next post … if you haven’t already applied and found out for yourself …
TBC
