Difference between revisions of "Swestore-dCache"

From SNIC Documentation
Jump to: navigation, search
(Getting access)
(The JavaScript WebDAV client is dead/unusable now, remove.)
 
(123 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
[[Category:Storage]]
 
[[Category:Storage]]
[[Category:SweStore]]
+
[[Category:Swestore]]
SNIC is building a storage infrastructure to complement the computational resources.
+
[[Category:Swestore]]
 +
[[Category:Swestore user guide]]
  
Many forms of automated measurements can produce large amounts of data. In scientific areas such as high energy physics (the Large Hadron Collider at CERN), climate modeling, bioinformatics, bioimaging etc., the demands for storage are increasing dramatically. To serve these and other user communities, SNIC has appointed a working group to design a storage strategy, taking into account the needs on many levels and creating a unified storage infrastructure, which is now being implemented.
+
Swestore-dCache is distributed across the SNIC centres [http://www.c3se.chalmers.se/ C3SE], [http://www.hpc2n.umu.se/ HPC2N], [http://www.lunarc.lu.se/ Lunarc] and [http://www.nsc.liu.se/ NSC]. Data is stored in two copies with each copy at a different SNIC centre. This enables the system to cope with a multitude of issues ranging from a simple crash of a storage element to losing an entire site while still providing access to the stored data.  
  
Swestore is in collaboration with [http://www.ecds.se/ ECDS], [http://snd.gu.se/ SND], [http://www.bioimaging.se/swedish_bioimaging_network/Welcome.html Bioimage Sweden], [http://www.bils.se/ BILS], [http://www.uppnex.uu.se/ UPPNEX],[http://wlcg.web.cern.ch/ WLCG], [http://www.nrm.se/ NaturHistoriska RiksMuseet].
+
One of the major advantages to the distributed nature of Swestore is the excellent aggregated transfer rates possible. This is achieved by bypassing a central node and having transfers going directly to/from the storage elements if the selected transfer protocol allows it. Swestore can achieve aggregated transfer rates in excess of 100 Gigabit per second, but in practice this is limited by connectivity to the end user, each university or a limited number of files (typically max 1 Gbit/s per file/connection).
  
= National storage "SweStore"=
+
To protect against silent data corruption the dCache storage system checksums all stored data and periodically verifies the data using this checksum.
The Swestore Nationally Accessible Storage, commonly called just Swestore, is a robust, flexible and expandable long term storage system aimed at storing large amounts of data produced by various Swedish research projects. It is based on the [http://www.dcache.org dCache] and  [http://www.irods.org iRODS]
 
storage systems.
 
  
Swestore is distributed across the SNIC centres [http://www.c3se.chalmers.se/ C3SE], [http://www.hpc2n.umu.se/ HPC2N], [http://www.lunarc.lu.se/ Lunarc], [http://www.nsc.liu.se/ NSC], [http://www.pdc.kth.se PDC] and [http://www.uppmax.uu.se Uppmax]. Data is stored in two copies with each copy at a different SNIC centre. This enables the system to cope with a multitude of issues ranging from a simple crash of a storage element to losing an entire site while still providing access to the stored data.  
+
The dCache system does NOT yet provide protection against user errors like inadvertent file deletions.
  
One of the major advantages to the distributed nature of dCache and iRODS ([[Swestore-irods]]) is the excellent aggregated transfer rates possible. This is achieved by bypassing a central node and having transfers going directly to/from the storage elements if the protocol allows it. The Swestore Nationally Accessible Storage system can achieve aggregated  transfer rates in excess of 100 Gigabit per second, but in practice this is limited by connectivity to each University (usually 10 Gbit/s) or a limited number of files (typically
+
== Basic information ==
max 1 Gbit/s per file/connection).
 
  
To protect against silent data corruption the dCache storage system checksums all stored data and periodically verifies the data using this checksum.
+
For basic information on how to apply for storage or become a member of an existing project and managing your storage username/password, please check the main [[Swestore]] page.
  
The dCache system does NOT yet provide protection against user errors like inadvertent file deletions and so on. The [[Swestore-irods]] system provides this protection. Deleted files are moved to a trashcan.
+
== Acquire and manage certificate (for users accessing with certificate authentication) ==
  
== Getting access ==
+
Certificate authentication is needed in some special cases, and more convenient for use in automation (ie. Robot certificates).
  
SweStore currently has a lack of resources. New projects will not be allocated until spring 2015. Existing projects on SweStore that are in need of more storage capacity are strongly encouraged to review their present data to see whether there is a potential to compress or delete data. In case you have any questions, please contact the SNIC office (office@snic.se).
+
Some communities require certificate authentication and such users might already have a certificate, that certificate is likely good to use with Swestore.
  
; Apply for storage
+
If you need to use Certificate authentication, follow the instruction on the page [[Certificate Setup for Swestore]].
: Please follow the instructions on the [[Apply for storage on SweStore]] page.
 
: iRODS is in <span style="color:#FF0000"> pilot phase </span><br>
 
: The iRODS system dosen't have the uptime and performance that our production system have.
 
: We are still working with iRODS to get it into production.
 
  
;Difference between dCache and iRODS user authentication
+
= Using Swestore =
:SweStore's dCache system uses eScience client certificates.
+
== Download and upload data ==
:SweStore's iRODS system uses [http://www.yubico.com/products/yubikey-hardware/yubikey/ Yubikey] one-time passwords (OTP). With a simple touch of a button, a 44 character one-time password is generated and sent to the system. The user will be provided with a SweStore yubikey.
+
=== From the command line ===
:Yubikey has a status as pilot now. It can be changed in the future.
 
  
; dCache usage - How to acquire an eScience client certificate
+
There are several command line tools capable of using the protocols provided by Swestore. For usage on SNIC clusters we recommend using the ARC tools which should be installed on all SNIC resources.
: Follow the instructions on [[Grid_certificates#Requesting_a_certificate|Requesting a certificate]] to get your client certificate. This step can be performed while waiting for the storage application to be approved and processed. Of course, if you already have a valid eScience certificate you don't need to acquire another one.
 
:; For Terena certificates
 
:: If intending to access SweStore from a SNIC resource, please make sure you also [[Exporting_a_client_certificate|export the certificate]], transfer it to the intended SNIC resource and [[Preparing_a_client_certificate|prepare it for use with grid tools]] (not necessarily needed with ARC 3.x, see [[Grid_certificates#Creating_a_proxy_certificate_using_the_Firefox.2FThunderbird_credential_store|proxy certificates using Firefox credential store]]).
 
:; For Nordugrid certificates
 
:: Please make sure to also [[Requesting_a_grid_certificate_from_the_Nordugrid_CA#Installing_the_certificate_in_your_browser|install your client certificate in your browser]].
 
:; Request membership in the SweGrid VO
 
:: Follow the instructions on [[Grid_certificates#Requesting_membership_in_the_SweGrid_VO|Requesting membership in the SweGrid VO]] to get added to the SweGrid Virtual Organisation (VO) and request membership to your allocated storage project.
 
  
; iRODS usage - How to acquire a SweStore yubikey
+
As an integration point for building scripts and automated systems we suggest using the curl program and library.
:Please send an email to [mailto:support@swestore.se?subject=Yubikey support@swestore.se] and provide the shipping address to where the yubikey should be sent.<br>
 
:Yubikey has a status as pilot now. It can be changed in the future.
 
  
== Support ==
+
:; Interactive tools
 +
:: Best suited for interactive use with various support for directory listings, wildcards etc.
 +
::;Currently no suitable tools to recommend
 +
:; Command-line tools
 +
:: These tools are also suitable for scripting or automation.
 +
::; rclone
 +
::: Supports multiple protocols.
 +
::: Please see the instructions for [[Accessing Swestore with rclone]].
 +
::; cURL
 +
::: Please see the instructions for [[Accessing Swestore with cURL]]. We suggest using this as integration point for building scripts and automated systems.
 +
::; davix
 +
::: Swestore-specific documentation not written yet. See upstream documentation at https://davix.web.cern.ch/davix/docs/master/
 +
::: Use access URL: davs://webdav.swestore.se:1443/
 +
::; ARC
 +
::: Certificate authentication only. Supports multiple protocols.
 +
::: Please see the instructions for [[Accessing Swestore with the ARC client]].
 +
::; gfal2
 +
::: Certificate authentication only. Supports multiple protocols.
 +
::: Swestore-specific documentation not written yet. See upstream documentation at https://dmc.web.cern.ch/projects/gfal-2/documentation
 +
::: Use access URL: gsiftp://gsiftp.swestore.se/
 +
::; https://duck.sh/
 +
::: Command-line client for Windows/macOS/Linux (not documented yet)
  
If you have any issues using SweStore please do not hesitate to contact [mailto:support@swestore.se support@swestore.se].
+
=== Using a GUI client ===
  
== dCache ==
+
Graphical User Interface (GUI) clients are known to work on some operating systems.
  
=== Access protocols ===
+
:; Cyberduck
; Currently supported protocols
+
:: Please see the instructions for [[Accessing Swestore using Cyberduck]] '''Recommended method on macOS'''
: GridFTP - gsiftp://gsiftp.swestore.se/
+
:; WinSCP
: Storage Resource Manager - srm://srm.swegrid.se/
+
:: Please see the instructions for [[Accessing Swestore using WinSCP]] '''Recommended method on Windows'''
: Hypertext Transfer Protocol (read-only), Web Distributed Authoring and Versioning - http://webdav.swestore.se/ (unauthenticated), https://webdav.swestore.se/
 
: NFS4.1
 
  
For authentication eScience certificates are used, which provides a higher level of security than legacy username/password schemes.
+
=== From a web browser ===
  
=== Download and upload data ===
+
Swestore is accessible in your web browser as a simple directory index interface at https://webdav.swestore.se/.
; Interactive browsing and manipulation of single files
+
 
: SweStore is accessible in your web browser in two ways, as a simple and reliable directory index interface at https://webdav.swestore.se/ and with a richer interactive file manager at https://webdav.swestore.se/browser/. '''Note''' that the interactive file manager has a lot of features and functions not supported in SweStore, only the basic file transfer features are supported.
+
Web browser access supports both username/password and certificate authentication.
: To browse private data you need to have your certificate installed in your browser (default with Terena certificates, see above). Projects are organized under the <code>/snic</code> directory as <code><nowiki>https://webdav.swestore.se/snic/YOUR_PROJECT_NAME/</nowiki></code>.
 
; Upload and delete data interactively or with automation
 
There are several tools that are capable of using the protocols provided by SweStore national storage.
 
For interactive usage on SNIC clusters we recommend using the ARC tools which should be installed on all SNIC resources.
 
As an integration point for building scripts and automated systems we suggest using the curl program and library.
 
: Use the ARC client. Please see the instructions for [[Accessing SweStore national storage with the ARC client]]. '''Recommended''' method when logged in on SNIC resources.
 
: Use lftp. Please see the instructions for [[Accessing SweStore national storage with lftp]].
 
: Use cURL. Please see the instructions for [[Accessing SweStore national storage with cURL]].
 
: Use globus-url-copy. Please see the instructions for [[Accessing SweStore national storage with globus-url-copy]].
 
  
=== Tools and scripts ===
+
Projects are organized under the <code>/snic</code> directory as <code><nowiki>https://webdav.swestore.se/snic/DIRECTORY_NAME/</nowiki></code>.
  
There exists a number of tools and utilities developed externally that can be useful. Here are some links:
+
=== Legacy documentation ===
  
* [https://github.com/samuell/arc_tools ARC_Tools] - Convenience scripts for the arc client (Only a recursive rmdir so far).
+
There are other clients/methods available, but not recommended for new deployments. See [[:Category:Swestore user guide]] for a complete list of documentation.
* [http://sourceforge.net/projects/arc-gui-clients ARC Graphical Clients] - Contains the ARC Storage Explorer (SweStore supported development).
 
* Transfer script, [[SweStore/swetrans_arc|swetrans_arc]], provided by Adam Peplinski / Philipp Schlatter
 
* [http://www.nordugrid.org/documents/SWIG-wrapped-ARC-Python-API.pdf Documentation of the ARC Python API (PDF)]
 
  
=== Slides and more ===
+
== Enabled access protocols ==
 +
A design criteria for Swestore is to provide the storage over a number of standardized and public protocols. There is no vendor specific client needed for access.
  
[http://docs.snic.se/wiki/Swestore/Lund_Seminar_Apr18 Slides and material from seminar for Lund users on April 18th]
+
:; GridFTP
 +
:: Also called gsiftp. Well supported within Swestore.
 +
:: Features: Transfer checksums. Direct transfer from/to storage pools for high speed transfers.
 +
:: Access URL: gsiftp://gsiftp.swestore.se/
 +
:; HTTP/WebDAV
 +
:: Contender for being the recommended protocol for Swestore.
 +
:: Features: Support in web browsers. Supports direct transfer of files from/to storage pools improving performance (varying support in clients).
 +
::; Authenticated access
 +
::: This is the normal read-write access.
 +
::: Access URL: https://webdav.swestore.se/ (non-redirected)
 +
::: Access URL: https://webdav.swestore.se:1443/ (redirected)
 +
::: Access URL: https://webdav.swestore.se:2443/ (redirected reads)
 +
::; Unauthenticated read-only access
 +
::: For special cases only.
 +
::: Access URL: http://webdav.swestore.se/ (unauthenticated, read-only, non-redirected)
 +
::: Access URL: http://webdav.swestore.se:1080/ (unauthenticated, read-only, redirected)
 +
::: Access URL: http://webdav.swestore.se:2080/ (unauthenticated, read-only, redirected reads)
 +
:; NFSv4.1
 +
:: Used by some communities, not recommended for general use
 +
:; SRM - Storage Resource Manager
 +
:: Used by some communities, not recommended for general use.
 +
:: Access URL: srm://srm.swegrid.se/
 +
:; Xrootd
 +
:: Used by some communities, not recommended for general use
 +
:; DCAP
 +
:: Used by some communities, not recommended for general use
  
=== Usage monitoring ===
+
== Usage monitoring ==
* [http://status.swestore.se/munin/monitor/monitor/ Per Project Monitoring of Swestore usage]
+
* On the project page in SUPR: https://supr.snic.se
 +
* On the monitoring server for Swestore: http://status.swestore.se/munin/monitor/monitor/ (only accessible from .se-domains.
  
== iRODS ==
+
= Support =
  
Documentation of the SNIC iRODS system: [[Swestore-irods]].
+
If you have any issues using Swestore, please do not hesitate to contact [mailto:support@swestore.se support@swestore.se].

Latest revision as of 09:42, 20 October 2021


Swestore-dCache is distributed across the SNIC centres C3SE, HPC2N, Lunarc and NSC. Data is stored in two copies with each copy at a different SNIC centre. This enables the system to cope with a multitude of issues ranging from a simple crash of a storage element to losing an entire site while still providing access to the stored data.

One of the major advantages to the distributed nature of Swestore is the excellent aggregated transfer rates possible. This is achieved by bypassing a central node and having transfers going directly to/from the storage elements if the selected transfer protocol allows it. Swestore can achieve aggregated transfer rates in excess of 100 Gigabit per second, but in practice this is limited by connectivity to the end user, each university or a limited number of files (typically max 1 Gbit/s per file/connection).

To protect against silent data corruption the dCache storage system checksums all stored data and periodically verifies the data using this checksum.

The dCache system does NOT yet provide protection against user errors like inadvertent file deletions.

Basic information

For basic information on how to apply for storage or become a member of an existing project and managing your storage username/password, please check the main Swestore page.

Acquire and manage certificate (for users accessing with certificate authentication)

Certificate authentication is needed in some special cases, and more convenient for use in automation (ie. Robot certificates).

Some communities require certificate authentication and such users might already have a certificate, that certificate is likely good to use with Swestore.

If you need to use Certificate authentication, follow the instruction on the page Certificate Setup for Swestore.

Using Swestore

Download and upload data

From the command line

There are several command line tools capable of using the protocols provided by Swestore. For usage on SNIC clusters we recommend using the ARC tools which should be installed on all SNIC resources.

As an integration point for building scripts and automated systems we suggest using the curl program and library.

Interactive tools
Best suited for interactive use with various support for directory listings, wildcards etc.
Currently no suitable tools to recommend
Command-line tools
These tools are also suitable for scripting or automation.
rclone
Supports multiple protocols.
Please see the instructions for Accessing Swestore with rclone.
cURL
Please see the instructions for Accessing Swestore with cURL. We suggest using this as integration point for building scripts and automated systems.
davix
Swestore-specific documentation not written yet. See upstream documentation at https://davix.web.cern.ch/davix/docs/master/
Use access URL: davs://webdav.swestore.se:1443/
ARC
Certificate authentication only. Supports multiple protocols.
Please see the instructions for Accessing Swestore with the ARC client.
gfal2
Certificate authentication only. Supports multiple protocols.
Swestore-specific documentation not written yet. See upstream documentation at https://dmc.web.cern.ch/projects/gfal-2/documentation
Use access URL: gsiftp://gsiftp.swestore.se/
https://duck.sh/
Command-line client for Windows/macOS/Linux (not documented yet)

Using a GUI client

Graphical User Interface (GUI) clients are known to work on some operating systems.

Cyberduck
Please see the instructions for Accessing Swestore using Cyberduck Recommended method on macOS
WinSCP
Please see the instructions for Accessing Swestore using WinSCP Recommended method on Windows

From a web browser

Swestore is accessible in your web browser as a simple directory index interface at https://webdav.swestore.se/.

Web browser access supports both username/password and certificate authentication.

Projects are organized under the /snic directory as https://webdav.swestore.se/snic/DIRECTORY_NAME/.

Legacy documentation

There are other clients/methods available, but not recommended for new deployments. See Category:Swestore user guide for a complete list of documentation.

Enabled access protocols

A design criteria for Swestore is to provide the storage over a number of standardized and public protocols. There is no vendor specific client needed for access.

GridFTP
Also called gsiftp. Well supported within Swestore.
Features: Transfer checksums. Direct transfer from/to storage pools for high speed transfers.
Access URL: gsiftp://gsiftp.swestore.se/
HTTP/WebDAV
Contender for being the recommended protocol for Swestore.
Features: Support in web browsers. Supports direct transfer of files from/to storage pools improving performance (varying support in clients).
Authenticated access
This is the normal read-write access.
Access URL: https://webdav.swestore.se/ (non-redirected)
Access URL: https://webdav.swestore.se:1443/ (redirected)
Access URL: https://webdav.swestore.se:2443/ (redirected reads)
Unauthenticated read-only access
For special cases only.
Access URL: http://webdav.swestore.se/ (unauthenticated, read-only, non-redirected)
Access URL: http://webdav.swestore.se:1080/ (unauthenticated, read-only, redirected)
Access URL: http://webdav.swestore.se:2080/ (unauthenticated, read-only, redirected reads)
NFSv4.1
Used by some communities, not recommended for general use
SRM - Storage Resource Manager
Used by some communities, not recommended for general use.
Access URL: srm://srm.swegrid.se/
Xrootd
Used by some communities, not recommended for general use
DCAP
Used by some communities, not recommended for general use

Usage monitoring

Support

If you have any issues using Swestore, please do not hesitate to contact support@swestore.se.