XAP

Securing the Grid Services

Enabling Security

Data grid security is enabled by setting the gs.security.enabled system property. Append the property to GS_OPTIONS_EXT in the setenv-overides script. The following example sets the property along with other optional security parameters.

-Dcom.gs.security.enabled=true -Dcom.gs.security.userid=xxx -Dcom.gs.security.password=yyy -Dcom.gigaspaces.webui.username.mandatory=true 

This property affects the GSAClosed Grid Service Agent. This is a process manager that can spawn and manage Service Grid processes (Operating System level processes) such as The Grid Service Manager, The Grid Service Container, and The Lookup Service. Typically, the GSA is started with the hosting machine's startup. Using the agent, you can bootstrap the entire cluster very easily, and start and stop additional GSCs, GSMs and lookup services at will., GSMClosed Grid Service Manager. This is is a service grid component that manages a set of Grid Service Containers (GSCs). A GSM has an API for deploying/undeploying Processing Units. When a GSM is instructed to deploy a Processing Unit, it finds an appropriate, available GSC and tells that GSC to run an instance of that Processing Unit. It then continuously monitors that Processing Unit instance to verify that it is alive, and that the SLA is not breached., and GSCClosed Grid Service Container. This provides an isolated runtime for one (or more) processing unit (PU) instance and exposes its state to the GSM..

Grid Service Agent

The Grid Service Agent (GSA) acts as a process manager that can spawn and manage Service GridClosed A built-in orchestration tool which contains a set of Grid Service Containers (GSCs) managed by a Grid Service Manager. The containers host various deployments of Processing Units and data grids. Each container can be run on a separate physical machine. This orchestration is available for XAP only. processes (GSM, GSC, etc.). When the GSA is secured, a spawned GSM/GSC will also be secured. To start, kill, or restart a process you need Manage Grid privileges.

Grid Service Manager

The Grid Service Manager (GSM) is responsible for managing Processing UnitsClosed This is the unit of packaging and deployment in the GigaSpaces Data Grid, and is essentially the main GigaSpaces service. The Processing Unit (PU) itself is typically deployed onto the Service Grid. When a Processing Unit is deployed, a Processing Unit instance is the actual runtime entity. and Grid Service Containers. The GSM accepts deployment and un-deployment requests of Processing Units, and provisions them to GSCs. To deploy and un-deploy you need Provision PUClosed This is the unit of packaging and deployment in the GigaSpaces Data Grid, and is essentially the main GigaSpaces service. The Processing Unit (PU) itself is typically deployed onto the Service Grid. When a Processing Unit is deployed, a Processing Unit instance is the actual runtime entity. privileges.

A secured GSM can only connect to another secured GSM. This means that a Processing Unit managed by a secured GSM can be recoverable upon failover only by another secured GSM.

GigaSpaces Manager

The GigaSpaces Manager is a component that stacks together the LUSClosed Lookup Service. This service provides a mechanism for services to discover each other. Each service can query the lookup service for other services, and register itself in the lookup service so other services may find it. and GSM along with Apache ZooKeeper and GigaSpaces's REST Manager API. The privileges of the GSM are the same as if it were standalone. For each RESTClosed REpresentational State Transfer. Application Programming Interface An API, or application programming interface, is a set of rules that define how applications or devices can connect to and communicate with each other. A REST API is an API that conforms to the design principles of the REST, or representational state transfer architectural style. operation, we list the required privilege in the yaml file, also viewable in the Swagger tool (see the REST Manager API topic). For example, starting a container would require Manage Grid privileges. Deploying a SpaceClosed Where GigaSpaces data is stored. It is the logical cache that holds data objects in memory and might also hold them in layered in tiering. Data is hosted from multiple SoRs, consolidated as a unified data model. or a Processing Unit would require Provision PU privileges. For more information about using the REST Manager APU with security, refer to REST Manager API - Security.

Grid Service Container

A Grid Service Container (GSC) is a container that hosts deployed Processing Unit Instances, and reports its status to the GSM. In general, operations on the GSC are routed to the managing GSM of the processing unit. To scale up/down, relocate, restart PU instance, destroy PU instance you need Manage PU privileges.

A secured GSC can only connect to a secured GSM. This means that a Processing Unit managed by a secured GSM can only be provisioned to a secured GSC.

Security of a GSC does not enforce any security on the deployed Processing Unit. i.e., a secured GSC can contain a Processing unit with a non-secured Space, and a non-secured GSC can contain a Processing Unit with a secured Space.