FERRY: access control and quota management service

Fermilab developed the Frontier Experiments RegistRY (FERRY) service that provides a centralized repository for access control and job management attributes such as batch and storage access policies, quotas, batch priorities and NIS attributes for cluster configuration. This paper describes the FERR...

Full description

Saved in:
Bibliographic Details
Published inEPJ Web of Conferences Vol. 214; p. 3026
Main Authors Altunay, Mine, Boyd, Joseph, Coimbra, Bruno, Herner, Kenneth, Jacobs, Krysia, Kahn, Farrukh, Levshina, Tanya, McKittrick, Brian, Scott, Rennie, Skirvin, Timothy, Stores, Felix, Teheran, Jeny, Votava, Margaret, Whited, Tammy
Format Journal Article Conference Proceeding
LanguageEnglish
Published Les Ulis EDP Sciences 2019
Subjects
Access control
Communities
Data retrieval
Ferries
Gums
Management services
Quotas
Repositories
User interfaces
Online AccessGet full text

Cover

More Information
Summary:Fermilab developed the Frontier Experiments RegistRY (FERRY) service that provides a centralized repository for access control and job management attributes such as batch and storage access policies, quotas, batch priorities and NIS attributes for cluster configuration. This paper describes the FERRY architecture, deployment and integration with services that consume the stored information. The Grid community has developed several access control management services over the last decade. Over time, services for Fermilab experiments have required the collection and management of more access control and quota attributes. At the same time, various services used for this purpose, namely VOMS-Admin, GUMS and VULCAN, are being abandoned by the community. FERRY has multiple goals: maintaining a central repository for currently scattered information related to users' attributes, providing a Restful API that allows uniform data retrieval by services, and providing a replacement service for all the abandoned grid services. FERRY is integrated with the ServiceNow (SNOW) ticketing service and uses it as its user interface. In addition to the standard workflows for request approval and task creation, SNOW invokes orchestration that automates access to FERRY API. Our expectation is that FERRY will drastically improve user experience as well as decrease effort required by service administrators.
ISSN:2100-014X
2101-6275
2100-014X
DOI:10.1051/epjconf/201921403026