Using the Data Grid

From BeSTGRID

BeSTGRID is providing a service based on the Storage Resource Broker, SRB. Users can use several ways to authenticate to the service - Shibboleth authentication, X509 certificates, or a password-based login.

This page describes how to start using the Data Grid - and is primarily focused on users who would be using Shibboleth as the form of authentication.

Contents 1 Preparing Shibboleth login 1.1 Troubleshooting 2 Install and start Hermes 2.1 Configuring CA certificates 3 Configuring BeSTGRID SRB connection in Hermes 4 Logging in via Shibboleth 5 Other authentication methods 6 Using Hermes and SRB 7 Hermes Documentation

[edit] Preparing Shibboleth login

The Shibboleth login uses the users login details to retrieves a short-lived certificate from the SLCS server behind the scenes, and afterwards uses the short-lived certificate to authenticate to the SRB server.

Before logging in for the first time, you may have to manually configure permissions on the Identity Provider (IdP) for releasing user attributes.

This is described in detail at Using SLCS certificates at University of Canterbury.

In a nutshell, you should:

1. Open the URL https://slcs1.arcs.org.au/SLCS/login in a browser (hint: open the link in a new tab or window to keep this page open).
2. You will get prompted to pick your IdP.
3. You should enter the login details for your home IdP.
4. If you are redirected to Autograph to permit attribute release, click the Make Available button.
5. Afterwards, click Go to Service Provider
6. Finally, the you should see an XML document starting with

   <Status>Success</Status>

7. If so, the attribute release is correctly configured. Skip the next section and go straight to Install and start Hermes

[edit] Troubleshooting

If the SLCS server gives you a reply like:

<SLCSLoginResponse>
    <Status>Error</Status>
    <Error>Required Shibboleth attribute urn:mace:federation.org.au:attribute:auEduPersonSharedToken missing</Error>
    <StackTrace>....
    ....

Then the perhaps you did not configure the attribute release on the first visit to Autograph (Autograph does not automatically step-in on subsequent visits), and you need to re-enter Autograph manually.

If you are logging in via the University of Canterbury IdP:

• Go to the Autograph login page https://idp.canterbury.ac.nz/Autograph/Login and from 'SP Specific IDCards', select "SLCS1 Short-lived certificate service".
• Or, alternatively, follow this direct link to enter Autograph and start configuring the attribute release policy for the SLCS service: https://idp.canterbury.ac.nz/Autograph/Login?serviceProviderId=urn:mace:federation.org.au:testfed:slcs1.arcs.org.au
• Follow the above instructions for configuring the attributes to be released: either hit the Make Available button, or add Common Name, E-mail address, Organization, Shared Token, and optionally also the Country attribute.

[edit] Install and start Hermes

For accessing the Data Grid, we recommend to use Hermes.

Hermes can be started via Java WebStart by simply clicking the Hermes JavaWebStart link, or downloaded from http://sourceforge.net/projects/commonsvfsgrid.

[edit] Configuring CA certificates

When starting Hermes for the first time, one has to download and install CA root certificates.

• Download the certificates.tgz file to a directory, and after starting Hermes, pick "Install Certificates" from the Edit menu and point Hermes to the certificates.tgz file you've just downloaded.

• Alternatively, you may just start the Grix application via the Grix JavaWebStart link. When started for the first time, Grix automatically installs the certificates for you into the same directory as Hermes would. After Grix starts up, your CA certificate have already been installed, and you can close Grix right after it starts.

[edit] Configuring BeSTGRID SRB connection in Hermes

When connecting for the first time, you will have to create a connection profile, including all the instructions on how to connect to the SRB server.

Select "New Connection" from the File menu and enter the following connection paramters:

Protocol: SRB
Display Name: "Canterbury SRB" (your choice)
Host: srb.canterbury.ac.nz
Port: 5544 (default)
Zone, Domain, Home: leave blank
Resource: "datafabric.srb.bestgrid.org.nz"
Authentication: Shibboleth

Please take special care when filling in the Resource field (the name of the default resource to use for storing files). If it's not filled correctly, you might be uploading files to a wrong resource - or you might not be able to upload files because you would not have enough permissions to access the resource selected for you.

After clicking the OK button, you will be prompted to login via Shibboleth.

[edit] Logging in via Shibboleth

Each time you start Hermes again, you may reuse the already existing connection profile - and you will be only prompted to login, in the same way as when logging in for the first time.

1. Pick your Identity Provider from the list of IdPs.
2. Enter your username and password.
3. Click Authenticate.
4. Ignore the VOMS Attributes section.
5. The Status section should now show you have a valid proxy.
6. Click Done.
7. Hermes should now connect to the SRB server.

[edit] Other authentication methods

• GSI (Grid Security Infrastructure)
  Besides Shibboleth login, SRB allows logging in also via a traditional Grid certificate. Select the GSI authentication setting , and Hermes will be using your proxy certificate (if you already have created one) or prompt you for the passphrase for your main certificate.
• MyProxy
  Hermes can also retrieve a certificate from a MyProxy server. Use myproxy.arcs.org.au as the server name.
  Note: there are some issues with the MyProxy (being investigated now). Please refrain from using this option until further notice.
• Username/password.
  Hermes also supports a login with your SRB username and password. Use this only if you cannot use any of the other options. Talk to the SRB server administrator about configuring your account for this way of logging in.

[edit] Using Hermes and SRB

Now you are able to browse the resources available on the server - and upload files to your home directory. Please ask the SRB server administrator if you would like to have a project hosted on the Data Grid.

• In Hermes, you can now navigate between directories on the local and remote systems, via the Local System and Remote Connections nodes.
• To copy files, open a new (Hermes) Browser Window (Ctrl-B or New Browser Window in the File menu) and drag the files (or directories) between the two windows.
• While the copy operation is in progress, the status bar at the bottom of the Hermes window will change to Transfers Active. Click the label to open a detailed status window and monitor the progress.

• To examine and modify metadata on a file, the "+" (plus) button close to the top-right corner of the Hermes window will open the metadata editor panel.
  • Select a file to see it's metadata (initially empty for each file)
  • Start filling in rows to store metadata for a file

• To search files in the Data Grid, type in a search string into the search box and hit Enter.

• To search by metadata, click the Search Icon (in the top-right corner) and fill in your query
  • To search for a specific value in a metadata attribute, will in both the attribute name and the value and pick equals ("=") as the operator.
  • To search for a mere presents of a metadata attribute, fill in just the attribute name, select "LIKE" as the operator, and enter "*" as the value.

[edit] Hermes Documentation

For more information, please see the ARCS wiki page on Hermes. The videos linked at the bottom of the page show Hermes in action. To get a quick taste, have a look at Dragging and dropping a file from the desktop to a remote site with Hermes.