r6 - 12 May 2017 - 18:38:51 - AlvaroFernandezYou are here: TWiki >  ECiencia Web  > GridAccessProcedure
  1. Grid Access Procedure

Introduction

The procedure for accessing the IFIC computing grid infrastructures implies basically the following steps:


- Getting an account at the IFIC Computing resources GOG-IFIC
- Obtaining a personal Grid Digital Certificate.
- Registering to a Virtual Organization

1.- Getting an account at the IFIC Computing resources GOG-IFIC

After getting your AFS account, you may want to register for a GOG (Grupo de Ordenadores para Grid) account to access the computing resources of the IFIC GOG-Farm and the GRID. To do this, read first the GOG usage rules, then fill this application form and sign it; then give it to the IFIC secretariat. Once your application is accepted, you will be given access to a Grid User Interface where you can login using your AFS account and then accessing the Grid resources.

2.- Getting your Personal Grid Digital Certificate

The GOG-Farm at IFIC only allows a Grid access, and then, you need a Digital Certificate (sometimes called a PKI or X509 certificate) that acts as a passport and says who you are (known as Authentication).

Since March 2017 the procedure has changed, because the previous Spanish Certification Authority is no longer active. Now certificates for IFIC and other Spanish e-infrastructures are avaliable using the GÉANT (TCS - Trusted Certificate Service), currently provided by DIGICERT.

Consequently, the certificate subject has changed for all the users, ie:

DC=org, DC=terena, DC=tcs, C=ES, O=Consejo Superior de Investigaciones Cientificas, CN=ALVARO FERNANDEZ CASANI 21523@csic.es

To obtain your Personal Certificate complete the following steps

  1. Be sure that you have already filled the application form to access the GOG-Farm and that the application has been signed by the Project Manager and the Director of IFIC.
  2. Take the printed, filled and signed, apllication form titled "SOLICITUD DE CERTIFICADO DE USUARIO PKIRISGRID.VERIFICACION DE IDENTIDAD" to the Computing Services of IFIC.
  3. Access the Digicert web page to request a new certificate: https://digicert.com/sso
    1. Select your identity provider, writing: "CSIC - Consejo Superior de Investigaciones Cientificas". You will be redirected to the CSIC authentication page, to introduce your credentials.
      ventana1.png
      ventana2.png
    2. Request a Certificate selecting the "Grid Premium" product.
      ventana3.png
    3. You will receive an email with a temporary link. Visiting that link, your certificate will be generated and saved in the browser.
      ventana4.png

3.- Registering to a Virtual Organization (VO)

You must register to a Virtual Organization for being able to use their resources.

Even if you were already registered, with the new certificates signed by Terena/Digicert, their identification (DN) has changed so you should update your data in the corresponding Virtual Organization registration pages:


For IFIC vo: Register with the new certificate: https://swevo.ific.uv.es:8443/voms/ific/
For ATLAS VO: You can update with the new certificate at: https://lcg-voms2.cern.ch:8443/voms/atlas/
For LHCb VO: You can update with the new certificate at: https://lcg-voms2.cern.ch:8443/voms/lhcb

If you have a previously valid loaded certificate (Pkirisgrid), you can log in with that certificate and update with the new certificate (Digicert):

VO_multiple_certs.png

4.- Installing your Personal Certificate in your computer

This procedure has not changed and its valid for PkIrisgrid? and Terena/Digicert certificates.

Once you have obtained your Personal Certificate, and want to use it with globus in order to access the Grid Computing Resources, you have to install it on your computer on the specific directory ~/.globus. Your certificate consists of two parts. A public key and a private key. It is very important that you save the private key with the adequate permissions to avoid access to it from other persons. Remember that for more security it is coded with the AFS password that you had when you applied for it. To install your certificate on your computer, complete the following instructions :

1- Backup your certificate from your browser to a temporal directory, let us say ~myusername/temp/, as follows (this example is done with Mozilla Firefox) :

Select in your browser Edit -> Preferences -> Advanced -> View Certificates Select your new certificate and click on Backup Save your certificate with a name you choose (for example "MyCertificate") into a directory of your choice, for example ~myusername/temp/. You will be asked for the password of your certificate.

2- Once you have your certificate "MyCertificate.p12" in the p12 format in your ~myusername/temp/ directory, login into a User Interface machine and execute the following script (you can do it on your PC if you have AFS as well) , from the ~myusername/temp/ directory, then follow the instructions (note: type Mycertificate without the .p12 extension) :

myhost:~/temp> ~sanchezj/public/p12toglobus.sh MyCertificate

This will OVERWRITE the files existing in your ~/.globus directory

3- Be sure that all has been done ok, then backup your MyCertificate?.p12 file in a safe place and delete it from the ~myusername/temp/ directory.

If you need more help please visit the following page of PkIRISGrid ?


toggleopenShow attachmentstogglecloseHide attachments
Topic attachments
I Attachment Action Size Date Who Comment
pngpng ventana1.png manage 34.0 K 07 Mar 2017 - 17:54 AlvaroFernandez Select your identity provider, writing: "CSIC - Consejo Superior de Investigaciones Cientificas"
pngpng ventana2.png manage 169.8 K 07 Mar 2017 - 17:55 AlvaroFernandez Authenticate with your CSIC credentials
pngpng ventana3.png manage 52.5 K 07 Mar 2017 - 17:58 AlvaroFernandez Request a Certificate selecting the "Grid Premium" product.
pngpng ventana4.png manage 91.4 K 07 Mar 2017 - 18:12 AlvaroFernandez You will receive an email with a temporary link. Visiting that link, your certificate will be generated and saved in the browser.
pngpng VO_multiple_certs.png manage 28.4 K 13 Mar 2017 - 11:41 AlvaroFernandez ultiple certificates with the same VirtualOrganization? account
Edit | WYSIWYG | Attach | PDF | Raw View | Backlinks: Web, All Webs | History: r6 < r5 < r4 < r3 < r2 | More topic actions
 
Powered by TWiki
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback