Enabling a priority-based fair share in the EGEE infrastructure

Abstract

While starting to use the Grid in production, applications have begun to request the implementation of complex policies regarding the use of resources. Some Virtual Organizations (VOs) want to divide their users in different priority brackets and classify the resources in different classes, others instead do not need advanced setups and are satisfied in considering all users and resources equal. Resource managers have to work for enabling these requirements on their site, in addition to the work necessary to implement policies regarding the use of their resources, to ensure compliance with Acceptable Use Policies.These requirements end up prescribing the existence of a security framework not only capable to satisfy them, but that must also be scalable and flexible enough in order to do not need continuous and unnecessary low-level tweaking of the configuration setup every time the requirements change. Any security framework implementing these priorities should not require constant tweaking by site administrators.Here we will describe in detail the layout used in several Italian sites of the EGEE (Enabling Grid for E-sciencE) infrastructure to deal with these requirements, along with a complete rationale of our choices, with the intent of clarifying what issues an administrator may run into when dealing with priority requirements, and what common pitfalls should be avoided at any cost.Beyond the feedback on interfaces for policy management, from VO and site administrators, we will especially report on the aspects coming from the mapping of Grid level policies to local computing resource authorization mechanisms at Grid sites and how they interfere from a management and security point of view.