Personal tools
 

Federated Domain Deployment

Deploying the client management package locally allows you to manage your remote resources centrally.
In order that you can evaluate GRIA and the ideas behind it quickly, IT Innovation has set up demonstration systems with the basic application services and service provider management packages installed. In this tutorial we will use the GRIA client software to access these services.
Page 5 of 6.

Federated Domain Deployment

In order to demonstrate the Federated-Domain Deployment scenario, where client organisations want to control access for large numbers of users and SLAs, you should install the client management package locally. To do this follow these steps:

  1. Download the GRIA Client Management package.
  2. Follow the client management installation instructions.
  3. Ensure the client package is installed and configured as above.
  4. Using Keytool GUI import the GRIA Demo CA certificate (available in gria-keystore.zip) into the server keystore that you created for the client management service.
  5. Add the Membership Service either by dragging its WSDL link or by specifying the URL directly, e.g. https://mymachine/gria-client-mgt/services/MembershipService?wsdl
  6. Add yourself as a manager to the service by selecting your generated demo certificate and the certificate of the demo CA , which are both available in gria-keystore.zip.
  7. Create new membership groups using the GRIA client, by right-clicking on the MembershipService and choosing Create group from the menu.
    Some memebership groups

    Some membership groups

  8. Drag the SLA you created on the griademo2 service to a group to give all members of the group access to the resource. You will be prompted to select the role they should be given (e.g. "user"). When you do this, the access policy on the SLA is updated so that anyone with a token from the membership group has the specified role.
  9. Add another user in your organisation to the membership group, using the Access Control tab.
  10. The other user can now add the membership service to their client and discover the group. Then should choose Set as default group from the menu. Every message they send will now include a SAML token asserting their membership of this group.
    Selecting the group

    Selecting the group

  11. This user should then be able to discover and use the SLA, and use it to store data and run jobs according to the SLA, as before.
You can also use the registry service

to keep track of remote resources, so that users don't have to add each service to their client manually.

 

See the client management package's documentation

for more information about using these services.

Next: Next steps Previous: Using managed services