2 Access to the DEISA infrastructure
The Acceptable Use Policy (AUP) document describes the Grid Acceptable Use Policy which a user of the DEISA infrastructure is deemed to accept. Please, read this document carefully. It is based on the version 3.1 of the AUP as produced by the JSPG as a general document for Grid infrastructures.
Getting access to the DEISA HPC infrastructure and becoming a DEISA user requires that one of the following conditions is met.
The user is:
- a principal investigator or collaborator who is working on a DECI project that has been approved according to procedures specified by the DEISA Extreme Computing Initiative (DECI).
- a member of a Virtual Science Community which has an official relationship with DEISA
- a trainee who participates at one of the DEISA training sessions. In this case a DEISA Training Account is provided which is valid for a short time period and usable for a small amount of compute resources
In any of these cases mentioned above, the DEISA user will be assigned to a dedicated DEISA site which acts as the user's DEISA Home site. The DEISA Home site is responsible to support the user in questions of:
- getting a DEISA user account,
- getting access to the remote Execution Sites' facilities via a gateway provided by the Home site,
- getting a Grid certificate (e.g., to some limited extend the DEISA Home site will have to communicate with the national Certification Authority (CA) or will have to support the user to identify the proper Registration Authority (RA). Every DEISA site also offers a RA service that could be used by the user.)
The user's Home site creates an DEISA user account that enables the user to access the whole DEISA HPC infrastructure, provided the user or project of the users has sufficient credits.
Technically, the access to the DEISA HPC facilities is provided either via a gateway at the user's home site, e.g., a login node that is connected to the DEISA internal network where users can login with username/password or a single-sign-on mechanism. On the other hand, DEISA supports the access to its facilities via Grid middleware such as UNICORE, the DESHL and/or Globus.
As a prerequisite for getting access to the DEISA HPC facilities the user need a valid personal Grid certificate that has been issued from a Certification Authority of the IGTF. European Certificates are issued by the European member of IGTF, namely the EUGridPMA, which coordinates the trust fabric for e-Science Grid authentication within Europe. For Europe you will find the corresponding Certification Authority in your country on the map here.
Usually the CA of your country has established a network of Registration Authorities (RA) where users can apply for their certificate. Users who need a Grid certificate should contact either a RA which is closely related to the user's institution or the user should contact a RA who is geographically close. If a corresponding RA is not available or can not be identified (e.g., check the list of Registration Authorities that is provided by the national CA), the national CA should be contacted directly and asked for support. In case of unexpected obstacles, the DEISA Home site can give support.
The details concerning the generation and submission of a certificate request depends on the procedures that the national CA of your country requires. You can find your national CA at the EUGridPMA website, the authority which maintains a list of trusted CAs: http://www.eugridpma.org/members/worldmap/. If you are located outside of the EUGridPMA region you may find your CA at one of the sister PMA organizations, also through the above link. And if none can be found you can contact your home site or DEISA support.
Each attendee of a training session needs a DEISA account and a valid certificate. If the attendee does not possess a DEISA account, then dedicated training accounts will be set up, according to the personal information provided by the attendees. For authorization, short lived certificates will be provided for these accounts by ECMWF. The life time of the certificates will be at most four weeks. The actual life time can be seen by inspection of the certificate that will be provided at the training event.
The training account will remain open for test purposes during the weeks following the training event for as long as the certificate is valid, with a limit of 1000 normalized wall clock hours over the whole infrastructure. After the validity of the certificate has expired, authorization to use the account will not be possible anymore.
In order to ensure a smooth service for the user before and during the course of his project some responsibilities have to be assigned to the DEISA Home site, to the DEISA Execution site and to the user.
Before the project starts
Before a project can start running on the DEISA infrastructure, the user is responsible to:
- submit a proposal to DEISA, e.g., via the DECI or the Virtual Scientific Community calls, or the user should contact one of the DEISA sites,
- contact his dedicated DEISA Home Site and to apply for a DEISA account (and perhaps also for accounts for his collaborators in the project).
- get a valid Grid certificate. Since this task can be cumbersome, the user's home site will give limited support to ease the procedure as much as possible,
- inform his Home site about the subject (DN) of the certificate he will use.
Before the project starts, the user's Home site is responsible to:
- contact the user after the DEISA site has been assigned to him as his Home Site,
- create the user account according to the users needs and to propagate the user account record to their Execution Sites. The Home site is also responsible to inform the user about the account that has been created and about the site-local and the DEISA resource usage policies.
- arrange adequate application-specific support in cooperation with the ATASKF and also with the applications support at the Execution site,
- inform the user about the prospective time slots he can use for running his jobs.
Before the project starts, the project Execution site is responsible to:
- provide an efficient application level support that ensures that the user will run his application efficiently on the computer platform of the Execution site.
- arrange that the user gets sufficient resources during the project run time.
During project runtime
During project runtime the user is responsible to:
- inform his project coordinator at the DEISA Home Site immediately if problems appear that may cause significant delays or which prevent the project from successful completion.
During project runtime the DEISA Home site is responsible to:
- provide an efficient User Support and to ensure that the required access facilities and/or middleware are available,
- provide limited support on application level,
- contact either the user support or other experts at the Execution Site in order to solve problems in cooperation whenever required,
- inform the user in advance about scheduled maintenance times of relevant parts of the DEISA infrastructure.
During project runtime the DEISA Execution site is responsible to:
- inform the DEISA Home site (user support, operations team) about issues that may cause delays or prevent a successful execution of the user's project,
- provide user support on application level if needed during project execution time,
- make sure that the resource usage does not exceed the allocated budget.
Typically, DEISA resources are accessed via the DEISA middleware, such as UNICORE, the DESHL, Portals, etc. These methods of access are described in detail elsewhere within the User Documentation.
However, in general, users can also access their Execution Site(s) interactively using gsissh and/or ssh. This can be done directly from the workstation, using the public internet, or via their Home Site, using the DEISA internal network.
Some Execution Sites operate more than one HPC platform and, in this case, users must first access a single site-specific login node.
Further details regarding gsissh/ssh access can be found in the 'Interactive Access via gsissh and ssh' manual.