Open Shop 1.0
production environment

Open Shop is a global production environment tailored to the needs of scientific collaboration for shared simulation and data analysis facilities. It is similar to a data grid in that it enables any number of institutions connected over the internet to pool their data storage and computational resources together and access them as a single network service. It is more restrictive than the data grid in that it specifies its own model for job scheduling and execution.
In the Open Shop model, the basic conceptual object is the project. A project defines a processing pipeline that turns some input into some output. At each stage of the pipeline there are user methods which are used to set up the job, submit it for execution, browse the results, etc. The basic computational resource in the model is a project member. A member is a cluster of compute and disk servers at a particular site that participates in the project. What binds the cluster together into a single member is the fact that they all have access to a single project file system (usually nfs) which is devoted to the project. Job execution is managed by condor or any other batch system that is installed and administered at the member site.
All Open Shop services are provided using the standard web service over http. For this reason, at least one of the cluster nodes at any Open Shop site (not necessarily the manager node) must provide http access to the project file system from anywhere on the internet. It must run as a user (preferably not root) that has write access to the project file system, and must grant cgi-exec privilege to all scripts therein. Such a server is called a member server. Member servers know about what projects are being served at the local site, and can respond to queries within the Open Shop framework for information regarding the local site configuration. For each project, only member server in the world is designated as the project server, and serves all requests for project-wide information. All other member servers that participate in a project respond to queries for that project by forwarding (http redirection) the request to the project server.
All Open Shop transactions are initiated by standard http GET, PUT or POST requests. Responses to valid requests are either in html or xml format, depending on whether they are intended to be invoked by the user or by a program. For a summary of the standard set of queries, see the MI documentation.
Clients are authenticated to the Open Shop framework using client certificates. The exchange of certificates over the network is performed over a secure ssl link using the https protocol so that privacy is assured in over insecure networks. A single Open Shop certificate authority is used to sign client certificates for project users. Certificates issued by the DOEgrids certificate authority are also currently recognized. Clients that connect without a valid certificate are granted visitor rights to the projects, and are blocked from performing functions that would consume or modify project resources. Visitors with recognized certificates are granted member access, with which they can perform all of the normal project functions like uploading executables, creating and launching jobs, and browsing results. Special administrator rights are granted to users who present a certificate found in list of locally authorized administrators.
All Open Shop data access is done using the Globus service gridftp. One server on a local cluster (preferrably the primary host of the project file system) is designated to serve data access requests from other sites. Which host is the designated data acess server at a site must be known by other project members in order to be able to initiate data get requests. This information is supplied by the member's cluster server in response to a query, and may change at any time. In the current implementation, a single grid certificate installed on the project file system is used to authenticate all data transfers across all projects. This may change in future releases.

This material is based upon work supported by the National Science Foundation under Grant No. 0072416.
Richard Jones, Department of Physics, University of Connecticut
unit 3046, 2152 Hillside Road, Storrs CT 06269-3046