In order that you can evaluate GRIA and the ideas behind it quickly, IT Innovation has set up demonstration systems with the basic application services and service provider management packages installed. In this tutorial you will

• install and configure the GRIA client software;
• use the client to run an image processing job on the "free" demonstration service;
• use the client to obtain a Service Level Agreement, and use this to access the "managed" demonstration services; and
  
• install the client management services to manage your remote resources centrally.
  

To access a GRIA service you need some client software. The GRIA client libraries can be used to create a variety of client applications, but for this tutorial we will use the standard GRIA client package. To install it:

1. Download the GRIA Client package from the downloads page.
   
2. Unpack the archive somewhere.

. Having this private key allows you to prove who you are when you access a service, so keep your keystore safe! The keystore also contains certificates for authorities that you trust to identify other people and services. If you already have a keystore then you can use that, but if not you can get one easily using this web-site:

1. Register with this web-site, if you haven't already done so.
2. Read the GRIA Demo CA Certificate Policy, and check you agree with the terms.
   
3. Download your keystore from the downloads page (it's in the Keystore Management section).
4. Unpack the downloaded gria-keystore.zip file in the conf directory of the client (so that, for example, you end up with a file called gria-client-cli-5.1-bin/conf/crypto.properties).
   

Your personal GRIA keystore is generated using the information contained in your profile. Keep it secure as it contains personal information. Its sole purpose is for your evaluation of the GRIA systems at IT Innovation and any other use is prohibited. The keystore is generated when you request it, and is deleted from our server once you have downloaded it. See the GRIA Demo CA Certificate Policy for more details.

You are now ready to run the client:

1. Run the gridcli launcher script inside the client directory. Consult the GRIA Client User Guide for more detailed instructions if you have difficulty with this step.

The GRIA client

Note: The GRIA client shown above is intended mainly as a demonstration of GRIA, allowing you to test the various features of GRIA easily. For real use, you may want to write your own specialised client or make GRIA calls directly from your existing application software.

, the basic application services package have been deployed and configured to run on the griademo1 system as 'free'. This means that GRIA's management infrastructure is not used because there is no requirement for users to pay for services, and so no need for usage monitoring, management and billing. To use these services follow these steps:

1. Start the client, if it isn't already running.
   
2. Add the 'free' basic application services to the client by dragging both of the following URLs from your browser into the top-left are in the client's window (the "Service View" area):
   • https://griademo1.it-innovation.soton.ac.uk/gria-basic-app-services/services/JobService?wsdl
   • https://griademo1.it-innovation.soton.ac.uk/gria-basic-app-services/services/DataService?wsdl
3. You can now use the client to store data and run jobs. For example:
1. Right-click on the JobService to open the menu and choose New Job.
2. The client gets a list of available applications from the service. Choose swirl from the menu.
3. You will be shown information about the job's inputs. Click OK to accept.
4. A new swirl job appears under the job service, with one input and one output.
5. Right-click on source-image and choose Upload data from the Data Functions sub-menu.
6. Select an image on your computer to upload.
7. After uploading the file, the input will still say "(empty)"; you need to choose Update EPR from the menu to get the new status "(full)" (an "EPR" is an "EndPoint Reference"; every remote resource is represented by an EPR).
   
8. Right-click on the swirl job and choose Start Job and Monitor to start the job running. You don't need to enter any arguments; just click OK.
9. You can watch the progress of the job using the Job Log tab.
10. When the job finishes, you can select the swirled-image output and view the processed image in the Preview tab. Click on Load Data to see it,
    

Previewing the swirled image.

You can do much more than this with the client. Consult the Client User Guide for full details.

In order to demonstrate the Inter-Domain Deployment scenario the basic applications services have been installed and configured on the griademo2 system as 'managed'. This means access to application services is managed by an SLA service and usage is billed to a Trade Account service. For convenience, the service provider management package (containing the SLA and Acccount services) has also been installed on the griademo2 system, although GRIA does not require them to be located on the same machine.

To use all these services follow these steps:

1. Ensure the Client package is installed and configured as above.
2. Add the 'managed' basic application services to the client by specifying the following URLs (drag the links from your browser into the GRIA client):
   
   • https://griademo2.it-innovation.soton.ac.uk/gria-basic-app-services/services/JobService?wsdl
   • https://griademo2.it-innovation.soton.ac.uk/gria-basic-app-services/services/DataService?wsdl
3. If you try to create a job at this new service as you did for the one at griademo1 you will be refused and told that you need an SLA.
   
4. Add the Trade Account and SLA services to the client by specifying the following URLs:
   • https://griademo2.it-innovation.soton.ac.uk/gria-service-provider-mgt/services/TradeAccountService?wsdl
   • https://griademo2.it-innovation.soton.ac.uk/gria-service-provider-mgt/services/SLAService?wsdl
5. Open a Trade Account by selecting the trade account service and clicking on Open Account in the Details tab.
6. In a real deployment scenario the next stage would be for the service provider to perform some credit checks before approving or denying the account. However, since this is a demo system we will open the account if you send us an account approval request. Use Update EPR to check the status of your account approval (it will change from pending-credit-checks to open):
   

   An open trade account

7. Once you have received notification of the account approval, select the Sample Job and Data Package 1 SLA template and click on Load Details and then on Propose SLA:
   

   Proposing an SLA

8. You can now use the client to store data and run jobs, much as you did before, but managed by the SLA that you proposed and billing to the trade account that you have just opened.

Viewing usage of your SLA.

for information about monitoring your usage.

Federated Domain Deployment

In order to demonstrate the Federated-Domain Deployment scenario, where client organisations want to control access for large numbers of users and SLAs, you should install the client management package locally. To do this follow these steps:

1. Download the GRIA Client Management package.
2. Follow the client management installation instructions.
3. Ensure the client package is installed and configured as above.
4. Using Keytool GUI import the GRIA Demo CA certificate (available in gria-keystore.zip) into the server keystore that you created for the client management service.
   
5. Add the Membership Service either by dragging its WSDL link or by specifying the URL directly, e.g. https://mymachine/gria-client-mgt/services/MembershipService?wsdl
6. Add yourself as a manager to the service by selecting your generated demo certificate and the certificate of the demo CA , which are both available in gria-keystore.zip.
7. Create new membership groups using the GRIA client, by right-clicking on the MembershipService and choosing Create group from the menu.
   

   Some membership groups

8. Drag the SLA you created on the griademo2 service to a group to give all members of the group access to the resource. You will be prompted to select the role they should be given (e.g. "user"). When you do this, the access policy on the SLA is updated so that anyone with a token from the membership group has the specified role.
   
9. Add another user in your organisation to the membership group, using the Access Control tab.
   
10. The other user can now add the membership service to their client and discover the group. Then should choose Set as default group from the menu. Every message they send will now include a SAML token asserting their membership of this group.
    

    Selecting the group

11. This user should then be able to discover and use the SLA, and use it to store data and run jobs according to the SLA, as before.
    

to keep track of remote resources, so that users don't have to add each service to their client manually.

for more information about using these services.

The next step depends on which deployment scenario meets your needs:

If it is the Single Trusted Domain Deployment scenario then install and configure the basic application services ensuring that you configure the Data and Job Service as free.

If it is the Inter-Domain Deployment scenario then follow the basic application services guide and service provider management guide ensuring that the Data and Job Service are managed by the SLA service, and the SLA service itself is managed by the Trade Account Service.