Dr Christophe Haen (CERN)
Considering the growing need of computing power, in addition to the experiment resources, the LHCb community aspires to profit also from volunteer computing. Beauty@LHC is the LHCb volunteer computing project that aims to exploit opportunistic resources to run simulation jobs. The project uses the CERNVM Virtual Software Appliance, the Berkeley Open Infrastructure for Network Computing (BOINC) framework, and the DIRAC system for distributed computing. A first prototype of Beauty@LHC was developed in 2013 and was used by volunteer users belonging to the LHCb Virtual Organisation. However, the architecture did not provide a secure technique to authenticate volunteers, a trusted host certificate was contained in the machine dispatched to the user. A secure authorization and authentication process was a mandatory requirement to open the project to the outside world and triggered the development of a gateway service called WMSSecureGW (Workload Management System Secure Gateway). The objective of the WMSSecureGW service is to authenticate the BOINC users against the DIRAC framework and to authorize them to execute LHCb jobs. This new service enables the execution of LHCb jobs by untrusted VMs bypassing the necessity of having a valid grid certificate to talk with the DIRAC services and thus allows the transition from the insecure volunteer computing world to the secure Grid computing environment. The WMSSecuteGW runs on a trusted machine and accepts a dummy grid certificate signed by a dummy CA. The service is responsible for receiving all calls to different DIRAC services and to properly dispatch them. Before the real storage phase, the output data produced by the volunteer machines are uploaded on the gateway machine. Here a check has to be performed in order to avoid the storage of wrong data on the LHCb storage resources. This paper describes the new architecture of the Beauty@LHC project and the implementation of the WMSSecureGW service.
Cinzia Luzzi (CERN)