An edge services framework (esf) for egee, lcg, AND osg

We report on first experiences with building and operating an Edge Services Framework (ESF) based on Xen virtual machines instantiated via the Workspace Service available in Globus Toolkit, and developed as a joint project between EGEE, LCG, and OSG. Many computing facilities are architected with their compute and storage clusters behind firewalls. Edge Services are instantiated on a small set of gateways to provide access to these clusters via standard grid interfaces. Experience on EGEE, LCG, and OSG has shown that at least two issues are of critical importance when designing an infrastructure in support of Edge Services. The first concerns Edge Service configuration. It is impractical to assume that each virtual organization (VO) using a facility will employ the same Edge Service configuration, or that different configurations will coexist easily. Even within a VO, it should be possible to run different versions of the same Edge Service simultaneously. The second issue concerns resource usage: since Edge Services may become a bottleneck to a site, it is essential that an ESF be able to effectively arbitrate resource usage (e.g., memory, CPU, and networking) among different VOs. By providing virtualization on the level of instruction set architecture, virtual machines allow configuration of independent software stacks for each VM executing on a resource. Modern implementations of this abstraction are extremely efficient and have outstanding fine-grained enforcement capabilities. To securely deploy virtual machines, we use the Workspace Service from the Globus Toolkit, which allows a VO administrator to dynamically launch appropriately-configured system images. In addition, we are developing a library of such images, reflecting the needs of presently participating communities ATLAS, CMS, and CDF. We will report on first experiences building and operating this Edge Services Framework.