The Scalable Computing Infrastructure Project (SCOPE)

University of Southern California
Information Sciences Institute

Project Staff

• Jon Postel, Division Director (Project Leader)
• B. Clifford Neuman, Scientist and Research Assistant Professor (Co-Project Leader)
• Sridhar Gullapalli, Research Programmer
• Rebecca Jordan, Project Support
• Jeanine Yamazaki, Project Support

Project Goals

SCOPE provides a comprehensive environment for sharing computing resources by integrating the elements of resource allocation with resource discovery, resource selection based on assurance credentials, distributed authorization, and online payments. The Prospero Resource Manager (PRM), developed as part of earlier DARPA work, supports resource management for large distributed systems and serves as the foundation for SCOPE.

Technical Approach

Resource Discovery

PRM allows users to execute applications on processors managed by the users organization, or by a small set of organizations known by the user. To enable the job manager to find resources in a large, geographically and administratively distributed system, mechanisms are needed that will allow the job manager to discover appropriate resources. This is the "resource discovery" problem applied to processing resources and the same techniques used for information discovery can be applied.

System managers register with directory servers, providing aggregate information about the resources they manage and the characteristics of the service itself such as security and reliability guarantees and pricing. When the job manager is unable to find the processing resources it needs locally, it uses the resource directory service to identify system managers that can provide processing resources matching the needs of the job. Once appropriate system managers have been identified, the job will be executed as usual using PRM.

Authorization and Payments

When computing resources must be made accessible across organizational boundaries, distributed authorization is used to restrict resource access to particular users. To obtain access to resources, the job manager present authorization credentials to the system manager, proving the user's membership in a group listed in the service provider's authorization database. Ability to use computing services may also be based on ability to pay for the cycles consumed. In this case, a distributed accounting server issues credentials certifying that the client can pay for the service, and can provide payment to the service provider when the service is complete.

Related Projects

Software

SCOPE in the News

Recent Accomplishments (July 1998)

• An authorization model has been developed to be used in distributed meta-computing environments spanning multiple administrative domains and supporting multiple security and access policies. The model uses Extended Access Control Lists (EACLs) and a Generic Authorization and Access (GAA) API. A paper describing the model will be presented at the 7th IEEE Symposium on High Performance Distributed Computing.
• A directory service based on Prospero has been deployed, enabling the dynamic discovery and selection of available computational resources across administrative domains. This service supports the scalability required for massively parallel computations and enables the automatic selection of the optimal resources based on static network bandwidth and latencies.

• A framework has been developed to support authentication and verification of mobile code in heterogeneous computing environments. The principal to be authenticated may be represented by a pair PROGRAM/CHECKSUM, where PROGRAM is a special program and CHECKSUM is an MD5 checksum of the executable. A node's access policy (implemented by an Extended ACL) requires that the executable be run on behalf of an authorized user and that the program is specifically authorized for execution by the authorized user. For use during authorization, the program loader provides the running program with credentials certifying the programs checksum.

Technical Plan for 1998-99

• Implement and deploy the designed architecture for authorization and for the authentication and verification of mobile code in heterogeneous computing environments.

• Extend the resource discovery mechanism by using the Prospero Directory Service to store information about the dynamic state of managed resources such as network bandwidth and latency, CPU load, etc. This information will be accessed by the resource managers, which will use it to make optimal decisions about the allocation of the resources.

• Integration of additional results from the SCOPE effort into the Globus meta-computing environment.

Technology Transition

ISI has started protocols and API's along the standards track through the IETF, improving our ability to transfer the technology to others during and at the completion of our work. An Internet Draft has been prepared describing the authorization API that has been integrated with PRM.

The software developed by the SCOPE project has been made available for retrieval over the Internet where it may be picked up and used by those requiring scalable distributed computing services.

We have set up and deployed PRM nodes at ISI, on campus at the University of Southern California, and at the Massachusetts Institute of Technology; deployment is underway at other locations on the Internet.

We have begun technology transfer of initial SCOPE results to the Globus Large-Scale Meta-computing Project at USC/ISI. In Globus, computations encompass multiple processes running on remote hosts in different administrative domains. We enhanced existing tools and scripts to parse and plot network bandwidth and latency data and made them available to the Globus effort. Further transfer of PRM and its tools to Globus is anticipated.

Former Students