NCSA CyberSecurity

Project News

• Observatory Middleware Framework Demo at INGRID 2009

Overview

In recent years the National Science Foundation has initiated several large observatory projects and planning grants incorporating ground-based instruments, including the Large Synoptic Sky Telescope, the ORION/OOI ocean observatory, the National Ecological Observatory Network ecological observatory, and the Water and Environmental Research System. These large observatory projects are poised to build independent national scale in-situ and remote sensing cyberinfrastructures to gather and publish "community"-sensed data and generate synthesized products based on current needs for a specific targeted community of researchers. Each of these community-owned observatories is defining ways to collect information addressing a broad set of issues, and each is building customized mechanisms to generate and publish both derived and raw data to their own constituents. This approach will be inefficient and present challenges both for inter-observatory coordination and for how researchers might efficiently aggregate sensor data from different observatories; however, it is being pursued because common observatory management middleware is needed that doesn't yet exist.

A team of researchers at the National Center for Supercomputing Applications, the Monterey Bay Aquarium Research Institute, and the Scripps Institution of Oceanography sees a need for improved management of sensors/instruments, data streams, and data processing. Our research is focused on the design and prototyping of a generalized Observatory Middleware Framework to integrate existing and proposed technologies, and reduce duplication of functionality across observatories. Specifically, we are researching alternative observatory cyberinfrastructure approaches that extend beyond a single physical observatory to support multi-domain research, integrate existing sensor and instrument networks with a common instrument proxy, and support a set of security (authentication and authorization) capabilities critical for community-owned observatories.

To meet these requirements we are investigating existing technologies, APIs, ontologies, and sensor, grid, and enterprise service bus middleware components to support sensor access, control, and exploitation in a secure and reliable manner across heterogeneous observatories. Our work focuses on two functional areas within this framework to demonstrate the effectiveness of our proposed architecture: (1) Instrument Access and Management, and (2) Security (specifically access control).

Project Goals

• Prototype the application of an Enterprise Service Bus (ESB) Architecture as an effective foundation for a large-scale observatory network.
• Design a security architecture for authentication and policy enforcement in a federated, public ESB-based observatory.
• Design and develop an instrument proxy that provides an abstraction away from instrument-specific command and control systems.

OMF Workflow Scenario

Architecturally, we are pursuing an implementation that draws from previous work demonstrating the benefits of a message-based system such as that found in ROADNet and in industry, and are taking the next evolutionary step with an Enterprise Service Bus (ESB) architecture. ESBs have been widely accepted in industry and proven to readily integrate web service, Grid, HTTP, Java Message Service, and other well known message-based technologies. The resulting cyberinfrastructure implementation, known simply as the Observatory Middleware Framework (OMF), is being validated through a series of bench tests and through pilot implementations that will be deployed on the Monterey Ocean Observing System (MOOS) and Monterey Accelerated Research System (MARS) observatories, culminating in a demonstration of a multi-observatory use case scenario. We are working closely with the ocean research community, as their Ocean Observatory Infrastructure (OOI) architecture is one of the most mature, but we are targeting OMF for broader adoption and are looking for opportunities to pilot capabilities in other observatory domains through collaboration with other projects.

The security model for our prototype utilizes a Security Proxy (SP) that sits between the user, instrument, or other managed resource and the ESB. The SP signs outgoing messages on behalf of the managed resource and verifies the identity of incoming messages. The SP does this by signing SOAP messages with X.509 credentials. Signed messages are authorized within the ESB via an authorization service unit. Our prototype will include a simple policy management service which will support cross-observatory messages where managed resources are connected to various ESBs.

The Instrument Proxy (IP) sits between the ESB and the managed instruments and provides a common instrument interface for command and control. We are working with the Sensor Modeling Language (SensorML) and the Observations and Measurements (OnM) encoding standards, as well as the Sensor Observation Service (SOS) and Sensor Planning Service (SPS) interface standards. Those specifications, coupled with the MBARI developed Software Infrastructure and Application for MOOS (SIAM) system, provide the basis for the IP. We have documented a set of “least common denominator” services and metadata to support a collection of basic instrument commands. Our prototype will support common instrument access to SIAM managed instruments as well as native instruments. In the later part of our project we plan to demonstrate support for the Scripps-developed Real-Time Observatories, Applications, and Data Management Network (RoadNet) instrument management system as well.

Deployments

MARS (Monterey Accelerated Research System)

MBARI-supported experimental apparatus such as the Seafloor Seismometer, which monitors seismic tremors in real time, and the Deep-Sea Environmental Sample Processor, a robotic biology lab which filters and identifies microbes found in surface water, currently require their own individual power sources (batteries) and data storage components. With the MARS observatory, more than eight different experiments could instead be attached to a "science node," located more than 2,923 feet below the surface of Monterey Bay, connected to facilities on land by a 32-mile undersea cable that supplies power and transmits data.

MOOS/SIAM (Monterey Ocean Observing System/Software Infrastructure and Application for MOOS)

In order to support a wide variety of scientific instruments, MBARI's Software Infrastructure and Applications for MOOS (SIAM) provides a framework for integrating "plug-and-work" instruments, remote instrument control from shore, data acquisition and telemetry, autonomous system management, and autonomous event detection and response.

Contributors

• Randal Butler
• Duane Edgington
• Terry Fleury
• Kevin Gomes
• John Graybeal
• Bob Herlien
• Von Welch

The National Science Foundation, award #0721617, funds the OMF project, which builds on previous work at the National Center for Supercomputing Applications (NCSA), the Monterey Bay Aquarium Research Institute (MBARI), and the Scripps Institution of Oceanography (Scripps).