We asked the UREP to rate the usefulness of each of the following use cases and their proposed Capability Delivery Plans (CDPs) at the end of 2019 to assess their importance. These were features requested by XSEDE stakeholders during 2019. The results will guide our work during 2020.
The UREP used the following rating scale.
5 star - XSEDE should do this. (high priority)
4 star - XSEDE should do this. (normal priority)
3 star - XSEDE should do this. (low priority)
2 star - XSEDE should not do this. (maybe)
1 star - XSEDE should not do this. (definitely)
Prioritized Item | Average Rating | Individual Ratings | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
RC-07: Use a container to create a specific runtime environment on a resource (Capability Delivery Plan) RC-07 describes using a container to create a specific execution environment for an application run on an XSEDE resource. In research computing, containers help researchers control the environment in which their applications run, even when the application is run on more than one kind of system or on systems administered by separate organizations. This is important for research reproducibility. Several of XSEDE's resources support this scenario, but there isn't any information on the XSEDE website about how to do it. The specific proposal is to develop (and coordinate) documentation on how to use containers on each of XSEDE's resources, using the documentation provided by SPs as much as possible. | (14 votes) |
| ||||||||||||||||||
SPI-09: Test a system for vulnerabilities using an automated service (Capability Delivery Plan) These three use cases (IAAS-11, SPI-09, SPI-10) are intended to help a broader set of service providers grapple with cybersecurity issues. This broader set includes: campus IT administrators (engaged via campus bridging), new XSEDE Service Providers, and researchers who administer cloud resources. You may rate these three use cases as a set (provide the same rating for each use case) if you don't have time to review each individually. SPI-09 describes a service provider using an automated service to scan his or her service for common vulnerabilities. The idea is for XSEDE to make it easier for newer, less experienced service operators to identify the most common vulnerabilities in their systems so the issues can be fixed before they're exploited by attackers. The specific proposal is for XCI to evaluate existing scanning services to see if any are worth recommending and/or partnering with. | (14 votes) |
| ||||||||||||||||||
SPI-10: Obtain expert help with resolving a system vulnerability (Capability Delivery Plan) These three use cases (IAAS-11, SPI-09, SPI-10) are intended to help a broader set of service providers grapple with cybersecurity issues. This broader set includes: campus IT administrators (engaged via campus bridging), new XSEDE Service Providers, and researchers who administer cloud resources. You may rate these three use cases as a set (provide the same rating for each use case) if you don't have time to review each individually. SPI-10 describes a service provider requesting and receiving assistance in resolving a security vulnerability in his or her service. This is essentially a new type of "consulting as a service." The specific proposal is for XCI to identify potential partner projects or organizations that could work with XSEDE to provide this service. | (14 votes) |
| ||||||||||||||||||
RC-09: Access a repository of files from a cloud resource administered by the researcher (Capability Delivery Plan) These two use cases (RC-08, RC-09) describe researchers using CVMFS (aka CernVM-FS) in their research computing. CVMFS is a read-only, shared filesystem used to distribute software and data to distributed systems. It is used by the Open Science Grid, Compute Canada, and Galaxy (data-intensive biomedical research) communities and related research projects. Several current XSEDE resources (inc. Bridges, Stampede2, Jetstream) already provide CVMFS access. RC-09 describes a researcher accessing data or software from a CVMFS repository on a self-administered system, most likely a cloud VM or virtual cluster. The researcher either needs to install the CVMFS client on the system or use a pre-built system image with CVMFS installed. The specific proposal is to provide documentation (references to CVMFS documentation and XSEDE best practices) enabling the researcher to do this. | (13 votes) |
| ||||||||||||||||||
RC-08: Access a repository of files from a compute resource administered by a service provider (Capability Delivery Plan) These two use cases (RC-08, RC-09) describe researchers using CVMFS (aka CernVM-FS) in their research computing. CVMFS is a read-only, shared filesystem used to distribute software and data to distributed systems. It is used by the Open Science Grid, Compute Canada, and Galaxy (data-intensive biomedical research) communities and related research projects. Several current XSEDE resources (inc. Bridges, Stampede2, Jetstream) already provide CVMFS access. RC-08 describes a researcher accessing data or software from CVMFS on an XSEDE-allocated SP resource. The specific proposal is to coordinate CVMFS access on XSEDE resources by defining the service, developing support materials, conducting a design & security review, and setting up technical support channels. | (13 votes) |
| ||||||||||||||||||
SPI-12: Host a repository of files so it can be accessed on many resources and automatically populated (Capability Delivery Plan) These three use cases (RC-10, SPI-11, SPI-12) are the researcher and service provider experiences that would result from XSEDE offering CVMFS (aka CernVM-FS) repository hosting services. A repository hosting service hosts the master (writeable) copy of a repository so it can be accessed on other resources. The contents of the repository can be populated manually (RC-10, SPI-11) or automatically (SPI-12). These use cases share a common capability delivery plan with a total estimate of 12 person-weeks for all three use cases, beginning with a pilot project. You may rate these three use cases as a set (provide the same rating for each use case) if you don't have time to review each individually. SPI-12 describes a service provider hosting a CVMFS repository that is automatically populated. The service provider hosts the storage for the repository and configures the repository to automatically pull its contents from a source repository such as GitHub or DockerHub. | (12 votes) |
| ||||||||||||||||||
SPI-11: Host a repository of files so it can be accessed on many resources and manually populated by authorized individuals (Capability Delivery Plan) These three use cases (RC-10, SPI-11, SPI-12) are the researcher and service provider experiences that would result from XSEDE offering CVMFS (aka CernVM-FS) repository hosting services. A repository hosting service hosts the master (writeable) copy of a repository so it can be accessed on other resources. The contents of the repository can be populated manually (RC-10, SPI-11) or automatically (SPI-12). These use cases share a common capability delivery plan with a total estimate of 12 person-weeks for all three use cases, beginning with a pilot project. You may rate these three use cases as a set (provide the same rating for each use case) if you don't have time to review each individually. SPI-11 describes a service provider hosting a CVMFS repository that is managed manually by a research team. The service provider hosts the storage for the repository and provides access to a research team, enabling the research team to manage the contents of the repository. | (12 votes) |
| ||||||||||||||||||
RC-10: Create or modify the contents of a repository that will be accessed on many resources (Capability Delivery Plan) These three use cases (RC-10, SPI-11, SPI-12) are the researcher and service provider experiences that would result from XSEDE offering CVMFS (aka CernVM-FS) repository hosting services. A repository hosting service hosts the master (writeable) copy of a repository so it can be accessed on other resources. The contents of the repository can be populated manually (RC-10, SPI-11) or automatically (SPI-12). These use cases share a common capability delivery plan with a total estimate of 12 person-weeks for all three use cases, beginning with a pilot project. You may rate these three use cases as a set (provide the same rating for each use case) if you don't have time to review each individually. RC-10 describes a researcher managing the contents of a CVMFS repository so a research team can access the contents on a variety of resources, including SP resources, cloud resources, and potentially others. The repository is hosted by XSEDE. | (12 votes) |
| ||||||||||||||||||
IDM-16: Obtain affiliated institutions when an individual logs in to a service (Capability Delivery Plan) This use case was requested by a service administrator. The service uses the "Login with XSEDE" service (based on Globus), and the service's log file reports each users' XSEDE username. For administrative reasons, the administrator needs to report usage by organization (academic affiliation) and would like the log to also include organization affiliations as well, using the users' linked identities in Globus. The specific proposal is for XSEDE to document how an application can get this information when using "Login with XSEDE." | (14 votes) |
| ||||||||||||||||||
IAAS-11: Protect a virtual cluster by creating a bastion host (Capability Delivery Plan) These three use cases (IAAS-11, SPI-09, SPI-10) are intended to help a broader set of service providers grapple with cybersecurity issues. This broader set includes: campus IT administrators (engaged via campus bridging), new XSEDE Service Providers, and researchers who administer cloud resources. You may rate these three use cases as a set (provide the same rating for each use case) if you don't have time to review each individually. IAAS-11 recognizes the growing trend for researchers to spin up virtual clusters on cloud resources. It aims to encourage researchers to protect these virtual clusters by making it easier for them to set up a bastion host to limit direct access to the cluster. The specific proposal is to collect the documentation and VM images for bastion hosts on specific cloud services and is a total of approximately four person-weeks. | (13 votes) |
| ||||||||||||||||||
DM-13: Small-scale data transfer (Capability Delivery Plan) XSEDE already has use cases for large-scale data transfer (DM-12 & CAN-02) which are satisfied by Globus. Some researchers feel that for simple file transfers (e.g., a single configuration file or script file), it would be easier and more natural to use the scp command. The "twist" is they want to be able to use their XSEDE username and password rather than having to know the local password on each XSEDE resource. They describe it this way: "We want to be able to scp the same way we use the XSEDE Single Sign-On (SSO) Hub." The proposal is to deploy a mechanism that allows researchers to use their XSEDE username and password plus Duo two-factor authentication to create a short-term credential that allows direct scp to/from SP login servers. | (14 votes) |
|