Presentation on theme: "Clique/Trust Solution Suitable for Level 2 Grid. Trusted Host Database Remote database of IP addresses, port ranges etc. Accessible by firewall administrators."— Presentation transcript:
Clique/Trust Solution Suitable for Level 2 Grid
Trusted Host Database Remote database of IP addresses, port ranges etc. Accessible by firewall administrators Secure access Quickly propagate changes Compatible with future developments Has access control for VO-level access restrictions
Access Method Web interface Certificate based access Access Controls GridSite !
Database Structure Updating via VO management tools (such as LeSCs VOM) Also could update via XML-based user database (in development at CLRC DL) Create static web pages accessible from the web
Changes to database Additions to a particular VOs allowed list should be moderated Removal of IP addresses should propagate as quickly as possible Firewall administrators must be prompted to inspect the web pages when changes have been made
Pros and Cons Quick solution Secure Uses existing applications May result in lengthy firewall rule tables All participating sites must be secure – no weak links Changes to the firewalls need to be made quickly Cant cope with roaming users – no DHCP etc.
Conclusions Good solution for more static Level 2 grid Bad solution for dynamic, roaming user grid – how about a VPN?