Primary Items for discussion at the PEARC Conference. Please feel free to clarify these items and add more!
Identity and Access Management (IAM)
Although several XSEDE services will be retired and no longer available after August 31, 2022, the primary XSEDE username/password mechanism will remain the same. In ACCESS, we are referring to this simply as one’s ACCESS ID and password, which customers will continue to employ to authenticate to common ACCESS services. Login to user interfaces requiring a higher level of assurance (e.g., access to project allocations and member information) will require additional authentication with DUO.
Web services that currently rely on idp.xsede.org to facilitate authentication should redirect to idp.access-ci.org instead. We expect to have idp.access-ci.org available for testing no later than August 1, 2022.
Customers who currently authenticate using their XSEDE username and password via CILogon will instead select ACCESS from the list of CILogon authentication providers to authenticate in the same manner.
Single Sign On Hub - alternative approaches
Primarily focused on Resource Providers and Partner Institutions. Guidance on how to log into resource provider directly.
For individual SSOHub customers, guidance will need to be provided by each XSEDE Service Provider (ACCESS Resource Provider) about how to use ssh to login directly to the SP's login hosts. All SPs have their own documentation at their websites for this. Some SPs will need to update their current documentation accordingly. [Generate a list of links to documentation for the SPs to which XSEDE customers can login from the SSOHub today]
Strategies for ACCESS RPs to authenticate customer ssh logins with ACCESS IDs are being developed. The main obstacle is mapping or translation of ACCESS IDs to site-local IDs. We are coordinating with XSEDE to publish guidance for ACCESS RPs as soon as possible. [Need contact info for who/where RPs should send questions to on this topic - fallback: send to Derek Simmel <dsimmel@psc.edu>]
ACCESS Portal
The AMP portal will be online in a primitive form on September 1. On that date, users can expect that they will be able to:
Submit tickets via a web form
See scheduled RP service downtimes
View and edit their profile information
View some documentation, with the expectation that this will be added to throughout the life of the project
View their current allocations (via a link to the RAMPS portal)
Have access to news and subscriptions
Provide access to the available software stacks on the resources they have access to
Reset their password
Track their SU usage
Report security incidents
Access pilots of MATCH Tiered setvices
Access user forums (http://ask.ci )
Users should expect that the AMP will evolve over time and that features will be added. What is available on September 1 will be a first draft of what will eventually be available moving forward.
Globus
ACCESS Operations is providing a Globus subscription through August 2023. After that time Globus will remain the preferred data transfer mechanism. Note that researchers can transfer data using Globus at no charge, and many of the ACCESS-allocated resource providers offer Globus subscriptions that include enhanced features.
CONECTnet
ACCESS wide area network connectivity for RPs is via a Layer3 VPN (L3VPN) provisioned on Internet2, the national research and education (R&E) network backbone provider. The NDTS team is available to facilitate RP integration with CONECTnet and provide network performance consulting upon request.
RAMPS Marketplace
All active XSEDE allocations (with an expiration date beyond September 1, 2022) will be “mapped” to the new ACCESS allocations tiers. More information on the new tiers will be broadcast on the Advance to ACCESS page.
ACCESS Allocations will continue to accommodate the variety of projects that have been supported through XSEDE (educational, Campus Champion, Gateway, etc.).
The research communities and Resource Providers can expect an emphasis on time savings and simplification in the allocations process and policies.
The upcoming allocation proposal opportunity will follow the XSEDE timeline:
Opportunity opens on September 15
Closes on October 15
Review meeting will take place in early December
Allocations will start (or be renewed) on January 1
Groups with modest resource requirements can expect a lighter weight allocations process.
Questions, comments, or interest in joining the review panel for ACCESS allocations requests, please use this form to contact Allocations.
Ticketing System
ACCESS uses a Jira Service Management-based ticket system. Users submit tickets via a webform that is located in the Support portal.
Integrating Allocated Compute/Storage/Cloud into ACCESS
ACCESS uses an Integration Roadmaps Framework to define how operators can integrate classes of infrastructure into the ACCESS environment to achieve a defined operational status. This framework defines, for example, how HPC compute clusters can achieve the ACCESS allocated operational status, and will also be used to define how many new classes of emerging infrastructure can integrated to achieve ACCESS allocated, un-allocated, discoverable, or other statuses. Learn more here.
MATCH Tier Support for Researchers
Tier 1:
Trying to reach as many researchers as possible with existing ease of use tools
Intention is to help researchers focus on their research, be confident in the results they are getting, and to reduce their time to solution
Our focus is on utilizing Open OnDemampand, the Pegasus workflow tool, and the Cnct.CI portal, all of which will be modified, integrated, and updated to promote ACCESS wide work
Tier 2:
This tier provides support through our knowledge base resources. The resources we are focusing on here include anything that can assist researchers with educating themself on topics that can help them interact with ACCESS resources
These resources might include documentation, tutorials, code templates, and responses to questions posted on Ask.CI, or other items
We will engage the community via the community grants financial incentivization program to help build out these resources
We plan to build up a repository of information that will provide self-service for education resources for users of ACCESS resources
Tier 3:
This tier will allow us to support researchers who have a short term project needs (three to six months) by utilizing student-facilitators paired with mentors with relevant domain expertise
Some examples of a short term project might include porting a workflow from a local resource to an ACCESS wide resource, modifying code, etc.
MATCH provide a matchmaking service to identify student facilitators and mentors with relevant skill sets
MATCH will provide a lightweight but structured format for tracking project progress
Tier 4:
This tier will allow for us to support researchers who have a need for a longer term engagement to meet their research goals
This would involve a staff consultant who may need to be more embedded in their work
An example might be help optimizing code
Similar to Tier 3, we’ll be able to connect researchers with consultants who have skill sets that are relevant to the work they need to complete
Tier 4 engagements are planned at least six months ahead. Consultants are paid for by researchers. MATCH will facilitate the matchmaking of consultants with researchers.