Henry Nebrensky – CM26 – 24 March 2010 Computing Panel Discussion: SSH Bastion Henry Nebrensky Brunel University 1.

Slides:

Advertisements

Similar presentations

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

Advertisements

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Chris Brew RAL PPD Site Report Chris Brew SciTech/PPD.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Software Summary Database Data Flow G4MICE Status & Plans Detector Reconstruction 1M.Ellis - CM24 - 3rd June 2009.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.

Batch Production and Monte Carlo + CDB work status Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.

Controls and Monitoring Implementation Plan J. Leaver 03/06/2009.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Computing Panel Discussion Continued Marco Apollonio, Linda Coney, Mike Courthold, Malcolm Ellis, Jean-Sebastien Graulich, Pierrick Hanlet, Henry Nebrensky.

Background Info The UK Mirror Service provides mirror copies of data and programs from many sources all over the world. This enables users in the UK to.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.

Computing Needs Panel Marco Apollonio, Linda Coney, Mike Courthold, Malcolm Ellis, Jean-Sebastien Graulich, Pierrick Hanlet, Henry Nebrensky.

A Guide to major network components

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Andrew McNab - Manchester HEP - 22 April 2002 UK Rollout and Support Plan Aim of this talk is to the answer question “As a site admin, what are the steps.

Course 201 – Administration, Content Inspection and SSL VPN

INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.

CM26 March 2010Jean-Sebastien GraulichSlide 1 Online Summary o The heplnw17 case o DAQ o CAM o Online Reconstruction o Data Base o Data Storage Jean-Sebastien.

Software Summary 1M.Ellis - CM23 - Harbin - 16th January 2009  Four very good presentations that produced a lot of useful discussion: u Online Reconstruction.

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

SOFTWARE & COMPUTING Durga Rajaram MICE PROJECT BOARD Nov 24, 2014.

Virtualization Dr. John P. Abraham Professor. Grid computing Multiple independent computing clusters which act like a “grid” because they are composed.

Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

+ discussion in Software WG: Monte Carlo production on the Grid + discussion in TDAQ WG: Dedicated server for online services + experts meeting (Thusday.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Software & Computing 1M.Ellis - CM th July 2010  Announcement  Software u Current Status u Open Issues u Roles u Next Steps  Computing u Status.

Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT THE PAUL SCHERRER INSTITUTE Swiss Light Source (SLS) Particle accelerator.

AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.

MICE Operations Manager Report Linda Coney University of California, Riverside UKNF Meeting June 8, 2010.

Configuration Database MICE Collaboration Meeting 28, Sofia David Forrest University of Glasgow Antony Wilson Science and Technology Facilities Council.

Configuration Database Antony Wilson MICE CM February 2011 RAL 1.

WP8 Meeting Glenn Patrick1 LHCb Grid Activities in UK Grid WP8 Meeting, 16th November 2000 Glenn Patrick (RAL)

13 May 2004EB/TB Middleware meeting Use of R-GMA in BOSS for CMS Peter Hobson & Henry Nebrensky Brunel University, UK Some slides stolen from various talks.

ITGS Networks. ITGS Networks and components –Server computers normally have a higher specification than regular desktop computers because they must deal.

Configuration Database David Forrest 15th January 2009 CM23, HIT, Harbin.

1 J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006 Amsterdam, DEC 4, 2006 Jörg Keller FernUniversität in Hagen,

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

Brunel University, School of Engineering and Design, Uxbridge, UB8 3PH, UK Henry Nebrensky (not a systems manager) SIRE Group.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Gareth Smith RAL PPD RAL PPD Site Report. Gareth Smith RAL PPD RAL Particle Physics Department Overview About 90 staff (plus ~25 visitors) Desktops mainly.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

WEB SERVER SOFTWARE FEATURE SETS

Interactive Data Analysis on the “Grid” Tech-X/SLAC/PPDG:CS-11 Balamurali Ananthan David Alexander

NETWORKING COMPONENTS lLTEC 4550 JGuadalupe. HUB -THIS IS A HARDWARE DEVICE THAT IS USED TO NETWORK MULTIPLE COMPUTERS TOGETHER. IT IS A CENTRAL CONNECTION.

R. Krempaska, October, 2013 Wir schaffen Wissen – heute für morgen Controls Security at PSI Current Status R. Krempaska, A. Bertrand, C. Higgs, R. Kapeller,

Gareth Smith RAL PPD HEP Sysman. April 2003 Security Changes at RAL.

Accounting in DataGrid HLR software demo Andrea Guarise Milano, September 11, 2001.

1 Configuration Database David Forrest University of Glasgow RAL :: 31 May 2009.

MICE Online Group Linda R. Coney UCR MICE CM31 UMiss October 2011.

The RAL PPD Tier 2/3 Current Status and Future Plans or “Are we ready for next year?” Chris Brew PPD Christmas Lectures th December 2007.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Computer Security Sample security policy Dr Alexei Vernitski.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Dirk Zimoch, EPICS Collaboration Meeting October SLS Beamline Networks and Data Storage.

18/12/03PPD Christmas Lectures 2003 Grid in the Department A Guide for the Uninvolved PPD Computing Group Christmas Lecture 2003 Chris Brew.

Computer Networks Part 1

Database High-Level Overview

Data Management and Database Framework for the MICE Experiment

Amazon Web Services as a team project platform

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast

Client/Server and Peer to Peer

Production Manager Tools (New Architecture)

Presentation transcript:

Henry Nebrensky – CM26 – 24 March 2010 Computing Panel Discussion: SSH Bastion Henry Nebrensky Brunel University 1

Henry Nebrensky – CM26 – 24 March 2010 Background: “PPD” nodes We had already agreed last year to purchase a number of systems, which will be physically located in a proper computing rack room in RAL PPD (Particle Physics Dept.) under the auspices of their Grid team. PPD will also help with systems administration. Note that PPD are providing these services gratis and on a best-effort basis. (The PPD Grid team is different to PPD IT support) It is hoped to separate the services in PPD into separate virtual machines, to improve security and resilience. 2

Henry Nebrensky – CM26 – 24 March 2010 External Connectivity MICO Slide SSH EPICS Gateway DB API DB Outside World Micenet / MLCR DB API eLog SSH Bastion Config Database “Web” services EPICS archiver web interface ssh SSH / web services EPICS Spare node Grid clients Grid Transfer Box 3 PPD-Grid managed SSH + analysis code heplnw17 ssh Who will fix this? MICE managed PPD-IT supervised

Henry Nebrensky – CM26 – 24 March 2010 SSH Bastion (1) An SSH Bastion allows user to:  Make onward connections using SSH It might, if asked:  allow transfer of files in and out with scp.  allow X11 forwarding It is NOT:  a way to access data – that’s the Grid  a place to run analysis  a software development system  a way to watch iPlayer from outside the UK... 4

Henry Nebrensky – CM26 – 24 March 2010 SSH Bastion (2) After 6 weeks of pressure from Adam Dobbs, the RAL “Central” Bastions now allow  SSH connections to micenet strange-numbered ports  X11 forwarding  File transfers (by setting up a tunnel) Site VPN and EPICS gateway also provide expert routes in. A MICE specific bastion is slowly being set up in PPD – management of users and their keys still being worked on. It will allow intermediate storage of limited amounts of data for two-step scp transfers. RAL firewall issues untouched. Given the former, DOESN’T THE LATTER LOOK LIKE A SERIOUS WASTE OF TIME? 5