SLIDE 1
Secure Grid Services for Cooperative Work in Medicine and Life - - PowerPoint PPT Presentation
Secure Grid Services for Cooperative Work in Medicine and Life - - PowerPoint PPT Presentation
Secure Grid Services for Cooperative Work in Medicine and Life Science Anette Weisbecker, Fraunhofer IAO, Stuttgart International Symposium on Grid Computing Taipei, 11 th April 2008 Overview MediGRID Application Classes and
SLIDE 2
SLIDE 3
– Increasing Data:
Genomic diagnostics Dynamic biosignal recording High-quality diagnostic imaging Clinical documentation Life Course Data; 10-20 PByte / Year / University Hospital
high performance research methods are necessary – Service oriented Approaches:
Change from closed systems to services Medical research and health care based on the same data sources
Traditional Compute Center Structures will change:
Purchase of services for medical research and health care Cooperative research based on collaboration platforms Grid and SOA has came together Reseacher are customers of service providers Quality of Services and billing are essential
Reasons for Grids in Life Sciences
SLIDE 4
Bioinformatics
– Genome Sequence Analysis (Augustus/Agrippa) – Single nucleotide polymorphisms selection (SNPSelection) – Ribonucleic acid interference screening (RNAi) – Sequence correlation (SequCorr)
Medical Image Processing
– 3D Prostate Biopsy (USI) – Statistical Analysis of Functional Brain Images (fMRI) – Virtual Vascular Surgery (VirtSurgery)
Clinical Research
– QRS analyses of sleep electrocardiograms (ECGs) (CR-QRS)
Ontologies
– Biomedical ontologies – Integration of different ontologies with heterogeneous formats – D-Grid ontology
MediGRID Application Classes with their Applications
SLIDE 5
MediGRID and its Applications
Dresden Berlin Leipzig Karlsruhe Göttingen
Portal
Augustus Agrippa SequCorr SNPselect CR-QRS USI fMRI VirtSurgery Bioinformatics Medical Image Processing Clinical Research MediGRID core site being part of D-Grid D-Grid core site
SLIDE 6
Specific Requirements in MediGRID
– Highest requirements on data protection and privacy (patient data, data from biosamples, genome data) – The data basis is relatively inhomogenious as the standardization of data formats (e.g. in medical imaging or clinical studies) is so far not very advanced. Lack of semantic interoperability. – Virtualisation for grid resources – Heterogenouse User Community which needs user friendly interfaces for the usage of grid services MediGRID users and their main tasks: Doctor (looking for data, providing data, processing data) Assistant Medical Technician (providing data) Researcher doing bioinformatics (processing data) Researcher doing clinical studies (processing data) Radiologist (providing and processing data – e.g. mammograms -> medical image processing) etc.
SLIDE 7
Grid Certificate MediGRID User MediGRID Admin MediGRID Developer
StandardGrid Portlets Administration Services
Applications CLI
MediGRID User MediGRID Developer
Grid Certificate CLI MediGRID Admin Grid Certificate
MediGRID Portal
MediGRID-specific Services Application Portlets
Medical Image Processing Ontology Clinical Research Bioinformatics D-GRDL Metadata Management Resource Management Resource Monitoring Workflow Management D-GRDL Metadata Creation File Browser Credential Management
SLIDE 8
Secure Access to MediGRID
MediGRID User Registration Authority MediGRID Application Services, Resources, etc. Certification Authority VO Manager in VOMRS identify against sign request request certificate issue certificate grant VO Membership User Whitelist
<DN> <role> <DN> <role> …
add user to whitelist request VO Membership User Certificate MediGRID Portal MyProxy Server (Proxy Certificate Database) Upload Proxy (Validation: 7 days) create account login User Credential Validation: 2h retrieve Credential grid use according to granted role authorization MediGRID Guest MediGRID Application Services, Resources, etc. mail registration link request account Service Certificate MediGRID Portal login limited guest grid use
Guest-User Registration Standard-User Registration
SLIDE 9
Credential Upload to the Grid
- 1. Portal authentication and download of proxy upload tool via Java Webstart
- 2. Creation of certificate proxy and upload to the MyProxy Server
- 3. Creation of credentials via Credential Management Portlet
- 4. Usage of portal applications that require credential-based authorization
Gr Grid id certif certificat cate
User er PC PC MyProx MyProxy Server y Server Portal Portal
Grid Proxy id Proxy Upload Upload Tool Tool
Lifet Lifetime me: 2 2 years years Lifetime Lifetime : 7 : 7 days ys Li Lifeti time : 2 : 2 hours rs
Gri Grid Applicat Application ion Portlets Portlets Grid Resources and Applications id Resources and Applications
Pro Proxy y Portal rtal Cred eden entials
1. 2. 3. 4.
MediGRID
Advantage: Grid users do not need direct access to a Grid node / no middleware installation required
SLIDE 10
Credential Upload to the Grid
SLIDE 11
Certificate based portal login
Situation so far: – Gridsphere login with username/password users need to keep passwords in mind
- nly medium security as passwords can be spied, guessed or cracked
Fraunhofer IAO solution: – Certificate based login with browser certificate User needs to keep certificate anyway for Grid A&A cannot forget password higher security level as it is much more difficult to steal the private key DN-based self-registration at portal is possible
Portal detects I D from certificate DN One Click login
SLIDE 12
Automatic VO-based Portal User Management
Situation so far:
– Users register at Virtual Organisation (VO) – Resource Providers can automatically create accounts and user mappings using the Grid Resource Registration Service (in D-Grid) – Portal accounts need to be created separately (by hand)
Fraunhofer IAO solution:
– similar to resource account management – portal retrieves VOMRS data for VO user DN / VO membership / group membership – portal accounts created automatically – advantage: user management in only one place (i.e. VOMRS)
- > grid-wide consistency
SLIDE 13
Service Certificates
– Certificates are necessary for job submission to distributed resource and execution. – Guest user don‘t have certificates. – The E-Mail adress of the guest user is known and verified. Thus each user has a unique ID which is attached as job parameter. – Application services act on behalf of the users. – Solution: services certificates
SLIDE 14
Data Protection and Data Security
Network-Switch Recoding Sites of polysomnographic data in the sleep disorders centre Database for polysomnographic recordings (INTRANET) PatID = Identifier Firewall Grid-enabled Research Database PSN = Identifier WAN-Connection Hospital Information System (KIS) storing PatID + IDAT
Central (De-) Pseudonymization Service PatID PSN PSN PatID
NO DIRECT CONNECTION!!! Concept from: Reng CM, Debold P, Specker Ch, Pommerening K. Generische Lösungen zum Datenschutz für die Forschungsnetze in der
- Medizin. Medizinisch Wissenschaftliche Verlagsgesellschaft, 2006.
Source: Drepper J, Semler SC, Mohammed Y, Sax U. Aktuelle Themen des Datenschutzes und der Datensicherheit in der biomedizinischen Forschung. In: Sax U, Mohammed Y, Viezens F, Rienhoff O, editors. Grid-Computing in der biomedizinischen Forschung - Datenschutz und Datensicherheit. München: Urban&Vogel, 2006: 25-36.
Data Protection Issues within in MediGRID:
– Strict separation between IDAT (identification data) and MDAT (medical data) by means of separate databases – Multi-Level Pseudonymization – Central Pseudonymization Service – Re-Allocation only possible for clinical sites providing data for analysis
SLIDE 15
Services@MediGRID: verticale service grid for biomedical research
Partners and Applications – SFB 680 (University of Cologne): Moleculare Basis of Evolutionary Innovations – University of Heidelberg (KIP), MoBiTec, Invitrogen:
Molecular and cell biology
– University of Heidelberg / Rotterdam: Genome Browser – Bayer Technology Services: Identification of dynamic models of biological systems – University of Kiel / c.a.r.u.s / European Screening Port: volume oriented billing of genetic and high- throughput screening analysis
Haplotype: genetic constitution of a chromosome Phenotype: any observed quality of an
- rganism
Services@MediGRID MediGRID
Middleware and Resource fusion in MediGRID D-Grid
BTS Genom- Browser BTS EVOTEC
MoBi Tec Portal (GridSphere) MediGRID Vertical Services Services (WSRF)
SFB 680
Mikro- skopie
InVitro- gen c.a.r.u.s HCS
Service provider Customer Middleware and Resource fusion in MediGRID D-Grid
BTS Genom- Browser BTS EVOTEC
MoBi Tec Portal (GridSphere) MediGRID Vertical Services Services (WSRF)
SFB 680
Mikro- skopie
InVitro- gen c.a.r.u.s HCS
Service provider Customer
SLIDE 16
Service Concept
Service Eningeering: The four dimensions of Business Services
Service customers bring in their objects or themselves personally in the process (external factor) Ability and readiness to deliver a service (potential dimension) Delivery of a service is characterized as a process (process dimension) Services deliver material and immaterial results (result dimension) Resource Model Process Model Product Model
Source: Hilke, W. (1984): Dienstlesitungs-Marketing ausder Sicht der Wissenschaft. Diskussionsbeiträge des betriebswirtschaftlichen Seminars der Albert-Ludwigs-Universität Freiburg.
structure process
- utcome
Methodology Theory
The outcome of the service has material and immaterial impacts for the external factors. The service is performed on
- r with the external factors
integrated in the process. The structure determines the ability and willingness to deliver the service.
Dimensions
SLIDE 17
Framework for Development of Services
Idea Manage- ment Require- ments Analysis Service Concept Service Imple- mentation Market Introduc- tion
Source: Meiren, T.; Barth, T. (2002): Service Engineering in Unternehmen umsetzen. Stuttgart: Fraunhofer IRB
Outcome Process Structure Marketing
SLIDE 18
Fraunhofer Grid Process Model and Grid Check
Normierung/ Ergänzung Verteilung Zusammen- fassung
Erhebung Erfassung Verarbeitung Analyse
Normierung / Ergänzung
Modul H Hard Factors Modul S Soft Factors Modul K Kosten/Nutzenmodell Modul A Analyse- verfahren
TCO diverse Ergebnisse Datenbasis Datenbasis
Eingabe Methoden Ausgabe
Kunde anderer Verwendung Normierung/ Ergänzung Verteilung Zusammen- fassung
Erhebung Erfassung Verarbeitung Analyse
Normierung / Ergänzung
Modul H Hard Factors Modul S Soft Factors Modul K Kosten/Nutzenmodell Modul A Analyse- verfahren
TCO diverse Ergebnisse Datenbasis Datenbasis
Eingabe Methoden Ausgabe
Kunde anderer Verwendung
Extended Cost-Benefit model
SLIDE 19
Fraunhofer Grid Check: Criteria Analysis Check List (Samples)
– Organisation
- Size
- Number of locations
- IT organisation
- Cost allocation
- ….
– Applications
- Number and knowledge of
current / potential users
- Requirements
- Type of application
- Standards
- Multicore able
- Resource usage
- Licence problems
- Security Policies
- Dependencies
- Bottlenecks
- ….
– Advantages/Disadvantages of Grid Computing
- Analysis of the abilities to improve
- Cost-benefit model comparing current/potential infrastructure
– Hardware infrastructure
- Network topology
- Existing hardware
- Security infrastructure (firewalls, policies…)
- Administration
- Planned changes
- Bottlenecks
- ….
– Data infrastructure
- File Server
- Databases
- ….
SLIDE 20
Fraunhofer Grid Check
Objectives for the implementation of a grid:
– Supporting new business processes / models – Performance improvement – Providing access to applications via: GUI Portal Console – Administration model / Monitoring – Cost Reduction – Service Level Agreements Management – Scalability – Reliability – Virtualisation level
SLIDE 21
Modu Modularisatio larisation & iterative & iterative Refinement Refinement Id Identifikation entifikation of
- f
id idenitical enitical / similar / similar proces process moduls
- duls
Systematic Systematic Process Process Analysis nalysis
From Business Processes to Grid Services
M1 M1 M2 M2 M3 M3 M3 M3 M4 M4 M5 M5 M6 M6 M6 M6 M8 M8 IterativeRefin IterativeRefinement ement Id Identification entification of
- f
Service C Service Cand ndid idates ates
SLIDE 22
Services@MediGRID: Role Model
Application Services Provider Resource Provider Grid Middleware Provider Customer Organisation
Storage Data Devices Computer Network Resource Broker Resource Reservation Workflow Management User Management VO Management Security Metering Accounting Billing SLA Management Monitoring Auditing
…
Infrastructure Services Provider
…
Clincal Research Augustus fMRI USI Vir Surg. SequCorr
Services@ Services@
Genome Browser
Services Provider
Consultant Broker Gridifier
Content Provider
… … … …
User
Producer Application Software Middleware Hardware Data
SLIDE 23
Services@MediGRID: Business Models
Applications Resources Grid Middleware Infrastructure Services Services Content Software as a Service Utility Computing
Main Components of a Business Model: – Product or Service, Value Proposition, customer value – Market Opportunity, Scope – Revenue Model / Price / Revenue Sources / Cost Structure – Competitive Environment – Competitive Advantage / Sustainability – Generic market entry strategies – Organization and Activities, Implementation – Management Team
Source: Laudon, K. C.; Traver, C. G. (2006): E-commerce: business, technology, society. Upper Saddle River: Pearson Prentice Hall
SLIDE 24