Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network.

Similar presentations


Presentation on theme: "Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network."— Presentation transcript:

1 Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network environment

2 Firewalls - fact of life for many Institutions What is a firewall –Router with ACLs providing Port/Address Filters –Commodity system (e.g PC) running Open source or commercial Firewall code –Custom appliance Features may range from –ACLs providing IP port and address filters –Statefull inspection - monitoring and controlling discrete flows –Application aware e.g H323

3 Firewalls - Grid Rrequirements Need to open access for certain ports –gatekeeper –GRIS/GIIS2135 –GridFTP2811 –GSI Enabled SSH22 –Plus Port range defined by Globus_TCP_Port_Range These requirements relate specifically to Globus Access Grid Node and other Apps will impose additional requirements

4 Firewalls - Operational Constraints Institutional security Policy Political Consideration Firewall performance –Filtering and Forwarding capabilities Throughput –Number of Flows supported –Effect on performance of adding additional rulesets Knowledge of Grid applications and their behavior –Effect on site security –Effect on Firewall performance/stability Opening port range considered bad practice

5 Firewalls - Possible solutions Better understanding and confidence: –Grid applications and behavior –Grid Middleware security –Globus security audit ByPass Firewalls –Parallel Universe –Grid Application Proxies Grid Application aware Firewalls (Proxies) Standardize Globus port range –IANA assigned –If not then agreement at UK level Consider multiple site firewalls rather than single Institutional firewall

6 Firewalls - Recommendations Improve dialogue between Grid community and CS Departments Improve CS Departments knowledge and understanding of Grid applications and middleware Improve Grid communities understanding of CS departments responsibilities, priorities and available resources Request IANA assigned port range for Grid Applications Attempt to produce best practice guide for different scenarios –Single institutional firewall –Firewall By-Pass –Multiple site firewalls GNT to discuss requirements with CS departments

7 Networking - Grid Requirements Anticipated Demand –Massive bandwidth Low latency and Jitter Actual Demand –Not yet known Multicast support for Access Grid Node

8 Networking - Operational Constraints Institutions current campus Network Institutions link to MAN MANs link to SuperJANET Location of Grid Activity –Consolidated –Dispersed Funding source for Grid resources –Specific –Shared

9 Networking - Possible solutions Better understanding and confidence: –Grid applications and behavior Campus LAN Upgrades –Parallel Universe (costly) –Overlay on campus LAN VLANS QoS Treat as just another application –Add QoS as and when required Upgrade Institutions link to MAN Negotiate Private Grid feed to SuperJANET –May need special engineering Parallel Universe or Overlay Routing Policies

10 Networking - Recommendations Improve dialogue between Grid community and CS Departments Improve CS Departments knowledge of Grid applications including Multicast, Bandwidth and QoS requirements Improve Grid communities understanding of CS departments responsibilities, priorities and available resources Capacity Planning for Institutions Grid activities Attempt to produce best practice guides for different scenarios –Parallel Universe –Overlay with QoS –Just another set of applications GNT to discuss requirements with CS departments and MAN RNOs

11 Monitoring - Grid Requirements Data Grid Monitoring Tools – End-to-End probes to determine capacity, loss, latency and jitter between source and destination sites Possible uses –Validate SLAs QoS profiles –Determine viability of proposed bulk transfers

12 Monitoring - Operational Constraints Site policy may block probes To many probes from different Grid activities may cause operational problems Lack of knowledge of local, MAN and SJ topologies may give rise to misleading interpretations Sites may also wish to monitor Grid activity for possible effects on Network performance, Firewall friendliness and application behavior

13 Monitoring - Recommendations Improve dialogue between Grid community and CS Departments Improve CS Departments knowledge of Grid applications including Multicast, Bandwidth and QoS requirements Improve Grid communities understanding of CS departments responsibilities, priorities and available resources Liaise with CS departments on Monitoring requirements Consider asking CS to perform monitoring or work closely with them Attempt to produce best practice guides for monitoring activities GNT to discuss requirements with CS departments and MAN RNOs


Download ppt "Firewalls, Networking and Monitoring Rolly Gilmour Object: to discuss issues relating to the Operation of the Grid and Grid middleware in a campus network."

Similar presentations


Ads by Google