Agency creates software for secure World Wide Web access to systems.
Researchers at one federal agency are adding a new dimension to remote access computing via the Internet. A computer program created through research at the agency provides a web-based interface that simplifies command-driven queuing systems and applications environments. Without extensive expertise in complicated command language, users can now perform computing tasks on remote systems as if directly connected to them.
The purpose of this program is to use the Internet to complete computing processes instead of simply using this medium for information exchange. The software connects with applications on high-performance computing systems to offer a seamless environment.
The concept of remote computing is not new. Users have long used functions such as telnet and file transfer protocol to perform tasks in a networked computing environment, but developers sought to design a tool that could be used easily by people of varying skill levels to perform a wide range of computing tasks.
Created in 1996 at the National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, the first version of the WebSubmit product was released in December 1998. Researchers particularly focused on tightening the technology’s security. Their goal was to exceed the security levels available through telnet and file transfer protocol. They are now working on the second release of the program.
The tool can be used for many applications, including quantum chemistry, physics, material science, mathematics and statistics research. Many NIST scientists employ the technology for modeling. It can also be used in building and fire research or to measure the flow of hazardous waste and fluids underground. The military can measure changing situations anywhere through a simple Internet connection and a handheld device, as one developer envisions. But, researchers emphasize that there is no limit to the kinds of applications for WebSubmit. The program is not solely for supercomputers; simple personal computers can be linked via the software as well.
Because the software was developed by employees of the U.S. government, it is in the public domain and is available on the web to be downloaded and tailored to meet specific requirements. Designed with parallel processing applications in mind, the product can be helpful in many applications to shield the user from a program with a bad interface. It is especially well suited for work with legacy systems, developers say.
Currently, all NIST machines are integrated through the WebSubmit program. This includes an IBM SP2 with LoadLeveler, an IBM workstation cluster, a Silicon Graphics Incorporated Origins 2000 with network queuing system/network queuing environment, and a Linux Pentium Cluster with load sharing facility. The modules designed for each computing system are tailored to the requirements of that system. Two generic modules compose each system, and additional job-specific interfaces support quantum chemistry applications and message-passing interface jobs.
With an extremely dynamic computing system, NIST relies on WebSubmit to provide an uninterrupted flow of information to the user. While the computer system changes underneath, the environment appears to be unchanged.
Explaining the system, developers refer to a basic transaction model comprising clients, a WebSubmit server and targets. The clients represent systems of users performing remote computing tasks. The WebSubmit server interacts with target systems, formatting and routing the tasks, and the targets are the systems upon which the tasks are performed. A group of targets is called a cluster.
To perform remote computing tasks, an individual connects to the WebSubmit server’s master page via a web browser on a client system. A link is established from the master page to the application module page. The user fills in an HTML form on the application module page and then submits it to the WebSubmit server. The server reads the form and directs the task to the appropriate target or target system and returns the output to the user’s client system-based browser.
The HTML forms act as the interface for the program. WebSubmit creator Dr. Judith E. Devaney, who led the project at NIST’s Information Technology Laboratory, says that people are using the program with ease. “People are already comfortable with it,” she says, because they are familiar with using web browser technology. “We tried to make this as simple as possible.”
The HTML forms, along with the CGI code, make up the application module. NIST employs modules that serve system and user needs at the institute, but generic modules such as command execution interface, file editor and file transfer capability are also being used with the systems.
Databases hold the WebSubmit information, enabling transparent job processing. A master page database delineates the modules available to the user. Information contained in the master page database is automatically loaded onto the master page. This page serves as the main entry point to WebSubmit. Similarly, an authorization database maintains security features such as access to computer systems. When users or their access privileges change, information in the database must reflect this to maintain system security.
Mathematician John E. Koontz, who also works with Devaney in NIST’s Information Technology Laboratory, helped develop WebSubmit. Koontz explains the attention given to security when developing the product. Now in its third security model, WebSubmit provides a secure interface for individual accounts. This security extends beyond that of functions utilized in telnet or file transfer protocol, where hackers can learn passwords.
Koontz states that WebSubmit applies the same concepts employed by commercial electronic commerce web sites to provide confidentiality to transactions. Secure sockets layer and secure shell technology maintain authentication procedures. Users have access only to unrestricted accounts, namely their own. WebSubmit yields two-way channel or validation for security. It is “basically like a version of telnet with the difference being that there’s encryption,” Koontz notes.
The program’s security features operate throughout the remote computing processes, foiling attempts to hack into the system. Before gaining access to the server, clients’ digitally signed certificates help determine user authenticity. A central authority grants the certificates, and a third-party signature on the certificates is an important additional aspect of maintaining a secure system, developers say. The server features secure sockets layer protocol and provides bidirectional authentication—from server to client and client to server. A WebSubmit user identification database is accessed for subsequent validations. Registered information for certificate authentication includes name, electronic mail address and certificate issuer.
After the server has accepted the certificate, it must communicate with the target system to allow acceptance of the user name on the system. Without this acceptance, an individual will not be able to perform tasks that require access to target systems.
The secure shell protocol with its encryption features lends security as tasks are being performed on remote systems. The protocol not only encrypts all transmissions, but also uses a public-key cryptology to link the server to the target system.
“Most of the work that we put in deals with the security issue,” Devaney says about the program. She offers that the technology has potential military applications to provide secure remote computing operations for the forces. But, developers note that policy regarding information systems must support the security allowed by WebSubmit.
Since the software is highly customizable, government or commercial customers can apply modules, adjusting the software’s capabilities to suit task and departmental requirements. “There’s a lot that can be done with this,” Devaney relates. While the framework is being used at NIST for high-performance computing efforts, developers are still exploring other options for the program applications. The program is suitable for any remote computing application where security is a necessary requirement to perform tasks. Developers contend that the software can be easily installed or removed at various sites. WebSubmit is designed to be highly flexible and thus can be modified to allow for the addition of new applications.