welcome: please sign in
location: Middleware / i2glogin


The middleware tool i2glogin resulted from adapting the interactive grid tool glogin to the requirements of the int.eu.grid infrastructure. While glogin is a standalone tool offering services such as secure remote shell access to grid resources based on GSSAPI encryption, i2glogin has been specifically adapted to fulfil the requirements of the int.eu.grid infrastructure and to provide seamless integration with other middleware components.

The interactive bi-directional channel provided by i2glogin interconnects any application running in the grid with the user desktop. For enabling this connection only outbound connectivity from the worker nodes is needed to initiate the interactive connection. This enables an interactive encrypted session which is created in a way completely transparent for the user.


TCP Port Forwarding

Using this functionality i2glogin enables access to grid worker nodes with private IP addresses. The port forwarding technique applied is comparable to the one provided by ssh. If i2glogin is used to access a worker node with a private IP another instance of i2glogin is executed on another node within the same private network which offers a public IP address. This i2glogin process forwards the network traffic to the node with the private IP address in a manner transparent to the application using the connection. Besides accessing nodes with private IP addresses the port forwarding functionality of i2glogin can also be used for securing the network traffic of another protocol if the port forwarding functionality is used in combination with the communication encryption functionality of i2glogin.

X11 Forwarding

The X11 forwarding feature is comparable to port forwarding. Since within a Unix/Linux environment which is commonly used for grid installations, the X-server handles the graphics requests generated by local and remote applications. X11 forwarding is commonly used for getting the graphics output from a remote machine displayed on the local monitor. i2glogin enables this type of connectivity for nodes which are accessible over the grid. This functionality is an important feature to enable the transmission of graphics output from grid nodes to the local desktop, where the user is able to view the output of an interactive grid job. If somebody is only considering ordinary batch jobs, the job output is commonly analysed post mortem. But if a user is running an interactive job on the grid the forwarding of X11 traffic is an important feature.


Security has been an important consideration throughout the development of i2glogin. Therefore arbitrary traffic sent over i2glogin can be encrypted without further problems. The generic security service (GSS) is applied for encryption of i2glogin traffic. If one combines this functionality with port forwarding arbitrary grid traffic can be encrypted seamlessly.

Virtual Private Networks

i2glogin can also be applied for the realization of virtual private networks (VPNs). Compared to the approaches mentioned above the VPN functionality offers the possibility of routing additional types of network traffic such as UDP or ICMP packages over a secured network.

Submission of i2glogin

If you are running the interactive job from a basic user interface you need to start a local instance of i2glogin before on the UI:

$ i2glogin
-p 21015:

The output has to be used in the JDL within the arguments section.

Here follows an example of the JDL used for the Interactive job:

JobType = "normal";
Executable = "job.sh";
Arguments = "-p 21015:";
InputSandbox ={ "/opt/i2g/bin/i2glogin", "job.sh"};

and the job.sh:

   1 #!/bin/sh
   3 chmod +x i2glogin
   4 ./i2glogin -r $1 -t -c /bin/sh

Once the job starts running the i2glogin session previously started will establish the interactive communication channel with the remote worker node

$ /opt/i2g/bin/i2glogin
-p 21015:
/home/ngies001 > hostname
/home/ngies001 > exit
Connection closed by foreign host.


Source code is available for download at: i2glogin-1.1.9.tar.gz

RPMs for SL5 x86_64 is available at http://devel.ifca.es/rep/ifca/slc5/RPMS/x86_64/i2glogin-1.1.9-0.x86_64.rpm

eciencia: Middleware/i2glogin (last edited 2011-06-23 09:59:31 by enol)