Fermilab Computing Division

CS Document 6495-v2

FERRY: Access Control and Quota Management Service

Document #:
CS-doc-6495-v2
Document type:
Presentation
Submitted by:
Tanya Levshina
Updated by:
Tanya Levshina
Document Created:
02 Jul 2018, 13:10
Contents Revised:
04 Dec 2018, 10:34
Metadata Revised:
04 Dec 2018, 13:37
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Other Versions:
CS-doc-6495-v1
30 Oct 2018, 11:34
Abstract:
Fermilab is developing the Frontier Experiments RegistRY (FERRY) service that provides a centralized repository for the access control and job management attributes such as batch and storage access policies, quotas, batch priorities and NIS attributes for cluster configuration. This paper describes FERRY architecture, deployment and integration with services that consume the stored information.
The Grid community has developed several access control management services over the last decade. Over time support for Fermilab experiments has required the collection and management of more access control and quota attributes. At the same time, various services used for this purpose, namely VOMS-Admin, GUMS and Vulcan (in-house authorization service for CMS analysis jobs running locally), are being abandoned by the community.
FERRY has multiple goals: maintaining a central repository for currently scattered information related to users' attributes; providing a Restful API that allows uniform data retrieval by services; providing a replacement service for all the abandoned grid services.
FERRY will be integrated with the ServiceNow (SNOW) ticketing service and use it as its user interface. In addition to the standard workflows for request approval and task creation, SNOW will invoke orchestration that automates access to FERRY API. Our expectation is that FERRY will drastically improve user experience as well as decrease efforts spent on support by service administrators.
Files in Document:
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.9, contact Document Database Administrators