LCG Service Deployment Proposal

Introduction - Goals

This document is intended to address the following issues:

• Delineate the job execution model to be supported by LCG-1. This depends in large part on what is feasible with the software expected to be available in LCG-1, and discussed in:
• Services “architecture”, in terms of what services must run, where and how many of them need to run, and how this will evolve

The scope of this document is the initial service to be run in July 2003.

Infrastructure Services

Summary of Services

• Certificate Authorities
• Virtual Organisation Services and MyProxy Server
• Resource Broker
• Replica Location Service
• SE
• CE
• Information Service
• Worker node components:
  • CA certificates and CRLs
  • EDG executables and needed libraries
  • Experiment specific software
  • gass_cache shared area
  • Virtual users definition

For each service we will define how to implement the service with the following parameters:

• Which version will be deployed
• How many instances need to run
• At what granularity – grid-wide, per VO, per site, etc. it will be deployed
• Which machines are required to run the service, what software and services are needed (e.g. databases, application servers, etc.)
• What infrastructure is needed – for example system backups
• What support expertise is required
• Which sites are proposed to run the service
• What is the target date for implementation at each site
• What are the dependencies on other services

Services

Certificate Authorities

The proposal is to use National, Regional, or community CA's.  In general LCG will not be responsible for providing personal certificates.  The exception to this is the CERN CA, currently run and supported by the LCG deployment group, which will provide certificates to CERN resident users.

There is a need for a "catch-all" CA.  The need for this is for exceptional cases, for testing, and for getting things running.  Presently this is the EDG (WP6) CA; but probably should become the CERN/LCG CA.   Production systems and all users should, however, use their appropriate official CA.

Proposal:

• National, Regional, Community CA's for most cases (including CERN CA for CERN users)
• CERN CA as "catch-all" for exceptions.

Virtual Organisation Services

Instances:

• 1 VO server per experiment.  Note that there is a single-point of failure here, as it is currently not possible to run back-up VO servers.  In addition the "mkgridmap" process must be fixed to prevent writing a null gridmap file if the VO server is down.
• 1 VO server for LCG-1.  This will be a VO where all users register to accept the usage policy of LCG.  A user must register here and with one of the experiment VO's.

Proposal:

• LCG VO: CERN, run by Grid Deployment group (IT-GD-GIS section - Ian Neilson)
• Experiment VO's: use existing EDG services at Nikhef/CNAF:
  • ALICE: Nikhef
  • Atlas: Nikhef (was at CNAF?)
  • CMS: Nikhef (was at CNAF?)
  • LHCb: Nikhef
• MyProxy Server: Needs either 1 per site or 1 per RB.  Until we understand the new RB, this will be hard to specify without testing.  Need to be under same administrative control as RB since it must be highly trusted by the RB.

In the longer term the CERN experiment secretariats must run the registration and VO membership service.  LCG will maintain the tools.

Information Service

In the following we assume that the Information Service is based on R-GMA.  The needs are an IS instance at each participating site (all Tiers) into which information at all sites are published.  This will be installed as part of the general LCG deployment process at each site.  In addition, in the current implementation of R-GMA, a single look-up registry service must be run.

(Not yet clear if can only be 1 instance of registry)

Proposal:

• R-GMA Registry Service:  CERN
• If it is possible to have several instances of the registry: FNAL and Taipei

Scenario with MDS as fall back solution:

If R-GMA is demonstrated to have serious problems, LCG must set up an MDS structure instead.  We will use a hierarchy in the same way that EDG has been running.

• GRIS: The GRIS runs at every site - associated with a compute and/or storage element.
• GIIS: One instance in every geographical region - for example in each Tier 1.
• Top-level GIIS: Run at CERN (would want 1 in each continent?)

Replica Location Service (RLS)

The Replica Location Service (RLS) consists of several components:

• The local replica catalog (LRC) (1 LRC per site with storage per VO)
• The replica location index (RLI) (1 RLI per VO)
• The replica metadata catalog (RMC)
• The optimiser service (ROS) (1 ROS per site)

For the July, 2003 release of LCG-1 only the LRC will be implemented (RLI scheduled for integration not before June 6).  Without the RLI, there can only be a single instance of the LRC for each VO.

Proposal:

• For July, run 4 LRC instances at CERN.  These can be run with Oracle ...

Once the RLI is available, the goal would be to run a LRC at each site with a mass storage system that will hold file replicas.  The LRC is associated with that MSS and is separate for each VO.  Thus a site supporting 4 VOs will run 4 LRC instances.  There will be a set of RLI's at strategic locations. 

• LRC to run at all sites with a grid-enabled mass storage system
  •   Propose to run under Oracle at Tier 1 centres, Mysql elsewhere (but if Oracle expertise can run Oracle too)
• RLI: run 1 per VO at all Tier 1 centres
• ROS: run 1 instance at all sites (thus it should become part of the general installation)
• WP7 network monitor (used by ROS) - 1 instance at each site, and central servers at Tier 1 centres (no need to have by VO).

Notes:  Any LCG centre can run Oracle (license has been negotiated).  The LRC database can run on any hardware (i.e. Oracle can run on a supported platform - does not have to be Linux).  However, Oracle on Linux must use Redhat Advanced Server in order to get support.

Not clear if RMC is needed at all.  LRC does mapping from GUID to physical file names; if experiment db maps from LFN to GUID then no RMC is needed.

Replica Management tools

These are currently client tools, and will be installed so that they are available at all worker nodes and service nodes.

Storage Service

This will be based on SRM and will run wherever the local MSS has an agreed implementation of the SRM interface that is demonstrated to interoperate with other implementations.

Compute Element (CE)

This is the gateway service to the compute farm of worker nodes.  All sites will run this and it is part of the standard LCG-1 distribution.

Resource Broker (RB)

How many to run and where depends on testing still to be done.  We should foresee at least 1 per VO in each continent.

Proposal:

• ALICE
  • Europe: CERN
• Atlas
  • Europe:
  • US: BNL
  • Asia: Tokyo
• CMS
  • Europe: CERN
  • US: FNAL
  • Asia: Taipei
• LHCb
  • Europe: CERN
  • Asia:

Monitors

• Network monitor (WP7) - needed by ROS (part of RLS) - needs daemon at each site, and central servers at Tier 1's
• Information Providers to publish into R-GMA/RLS - may need site customisation.

Operations Centres

RAL have agreed to lead the project on defining the functions and responsibilities of the LCG operations centres.  IN2P3 Lyon will collaborate in the development work.  In the US the iVDGL project will collaborate (and act as the US operations centre for LCG -- to be confirmed).  A proposal for prototype operations centres with an implementation timescale of the 4th quarter of 2003 will be produced in May.

For the July deployment, we foresee that we will have an installation of the DataTag (Nagios-based) monitoring tools at CERN as a minimum, together with a problem reporting system.

Support Centres

FZK Karlsruhe have agreed to lead the activity on LCG support centres, and will build a first prototype based on a web service and problem reporting system.