4.3.1.
Links with Other Services
Up one level
Trusted Account Service
The SLA service will record each user's usage of the functional services (e.g. data service, job service). This usage may optionally be converted into a monetary charge according to the pricing terms in the SLA. Therefore, the SLA service may be required to bill users' accounts. The first configuration to make on the SLA service page is the "Trusted management service". This is a list of account services that the client may use with the SLA service. Normally this will just be the TradeAccountService at the same service provider. By default, the TradeAccountService is filled in ready to be used - just press the "Add" button to use it. Alternatively, the "Make service free" button sets the SLA service up so that clients can have SLAs that are never billed - effectively making the SLAs free.
Managed Services
The SLA service is of no use if it does not manage any functional services. There are five conditions that must be met in order for a functional service to be managed:
- At the functional service:
- The SLA service must be in the functional service's list of "Trusted Management Services".
- The SLA service's CA certificate must be a trusted CA in the functional service's key-store.
- The SLA service must be in the "management-services" group of the functional service.
- At the SLA service:
- The functional service's CA certificate must be a trusted CA in the SLA service's key-store.
- The functional service must be in the "sla-managed-services" group of the SLA service.
If the functional services that require managing are hosted on the same machine as the SLA service (and therefore share the same certificate) then steps 2-5 are not necessary, otherwise see below for more detail.
Update Access Control
The access control rules for the application services must be updated to allow the managing service (e.g. SLA service manager) to be able to monitor resource usage and invoke management actions on the application service in response. Furthermore, the access control rules for the management package must be updated to allow the managed application services to be able to check that activity and resource creation and further usage is acceptable.
To modify access control rules, first open the main GRIA administration page for the package concerned.
GRIA Application Services
Open the web page for either the Job Service or Data Service in your browser and follow the instructions given under the "Trusted Management Service" heading. Following the instructions for one service will also have the effect of correctly configuring the other service as the Job and Data services share key-store and group definitions.
When it comes to adding a new rule in the "management-services" group table. Choose the "SubjectDN is..." rule and upload the Subject and Issuer certificate for the server hosting the GRIA management service package when prompted.
GRIA Management Services
Open the SLA Service page in your browser and follow the steps in the instructions under "Managed Services", that is:
- Add the functional service's CA certificate to the management service's key-store as a trusted CA.
- Add a new rule to the "sla-managed-services" group:
- The new rule is to allow the functional service (e.g. data service) to communicate with the SLA service.
- Click on the "sla-managed-services" link in the SLA web page.
- Add a new rule specific to the functional service. This will be a "SubjectDN is..." rule. You will be asked to upload the Subject and Issuer certificate for the server hosting the GRIA basic applications package.
