When executing tasks and jobs on the grid you may be faced with the question: "How do I make sure that tasks from other users are not executed on nodes started by me?" For example, what if you have several grid/cloud nodes used by everyone and a couple of private grid/cloud nodes started by you and you want to make sure that other users don't get to use your private grid nodes.

Here is how this problems solved with GridGain. Let me firstly note that we are not solving any security issues here, but simply trying to facilitate proper usage of resources within a trusted environment.

Now, let's state the problem:

Lets assume that we have grid users Tom and Jim. Let's also assume the following grid topology:

• Nodes NodeP1 and NodeP2 are public and can be used by everyone.
• Node NodeT1 and NodeT2 are private nodes that should only be used for tasks executed by Tom. Tom can start execution of his tasks from any of these nodes.
• Node NodeJ1 and NodeJ2 are private nodes that should only be used for tasks executed by Jim. Jim can start execution of his tasks from any of these nodes.

So the problem at hand is how does Tim ensure that his tasks run on his private nodes and public nodes, but do not run on Jim's private nodes?

In GridGain this is solved purely by configuration without touching user's code. Let's assume that Tom's user name is 'tom' and Jim's user name is 'jim'. Let's also assume that public nodes are started from account 'publicuser'.In GridGain all system properties are available on every node as attributes. Since user name is available in Java as system property 'user.name', we can get it as follows:

GridNode localNode = GridFactory.getGrid().getLocalNode();

String userName = localNode.getAttribute("user.name");

We need to ensure that tasks started by Tom are only executed on public nodes and Tom's private nodes. For this we have to configure GridNodeFilterTopologySpi to only include required nodes. GridGain comes with a special node filter, GridJexlNodeFilter, based on Apache JEXL, which allows us to specify node inclusion rules in one-liner JEXL expression:

<bean id="grid.custom.cfg" 
 class="org.gridgain.grid.GridConfigurationAdapter" 
 singleton="true">
 ...
 
  <bean 
   class="org.gridgain.grid.spi.topology.nodefilter.GridNodeFilterTopologySpi">
   
    
     
      
       <![CDATA[
        node.attributes['user.name'] == 'tom' ||
        node.attributes['user.name'] == 'publicuser'
       ]]>
      
     
    
   
  </bean>
 
 ...
</bean>

Consequently, JEXL expression for Jim would look like follows:

...

 
  
   <![CDATA[
    node.attributes['user.name'] == 'jim' ||
    node.attributes['user.name'] == 'publicuser'
   ]]>
  
 

...

The above configuration ensures that Tom's tasks will never run on Jim's nodes and vice versa. Now all we have to do is to bring up the all the nodes from proper user accounts and we are good to go.

I invite you to download GridGain and try it for yourself. Of watch a set of online demos here.

 

John Willis has an interesting blog where he has done many very interesting podcasts about cloud computing. Recently he has done a podcast on "GridGain - A Grid In a Cloud" where he interviewed Nikita Ivanov about GridGain and how it can help with development of Cloud Applications. What I found really interesting is the concept of "Native Cloud Application" which can be built on top of GridGain. With more and more products moving their infrastructure onto clouds, it is becoming critical that application can reuse native cloud services with minimal changes in configuration - and GridGain with SPI-based Architecture fits right in.

You can listen to the podcast here.