Presentation is loading. Please wait.

Presentation is loading. Please wait.

5 January 2003USA-Israel BSF Grid collaboration1 Submitting Grid jobs through firewalls TAU: Halina Abramowicz, Itzhak Ben Akiva, David Horn WI: Ehud Duchovni,

Published byMilo Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "5 January 2003USA-Israel BSF Grid collaboration1 Submitting Grid jobs through firewalls TAU: Halina Abramowicz, Itzhak Ben Akiva, David Horn WI: Ehud Duchovni,"— Presentation transcript:

1 5 January 2003USA-Israel BSF Grid collaboration1 Submitting Grid jobs through firewalls TAU: Halina Abramowicz, Itzhak Ben Akiva, David Horn WI: Ehud Duchovni, David Front, Lorne Levinson, Morton Taragin, Rafi Yaari www.weizmann.ac.il/~dfront/Submittingwww.weizmann.ac.il/~dfront/Submitting Grid jobs through firewalls.ppt

2 5 January 2003USA-Israel BSF Grid collaboration2 Topics The issue Testing Firewalls in the presence of web services Firewalls and OGSA ‘Grid firewall security service’ – teaching firewalls ‘Grid security’

3 5 January 2003USA-Israel BSF Grid collaboration3 The issue Various Grid projects experience difficulties submitting Grid jobs through firewalls: –Security managers are not willing to open firewall (dynamic ranges of) ports, required for Grid jobs, in order to prevent compromising local network security –Resources at domains that require a secureid to access, are not accessible by automated Grid applications Our goal: Contribute to research that deals with this issue Preliminary testing mission: –Learn what difficulties are experienced while submitting (VDT) Grid jobs between firewall guarded sites at multiple Israeli universities

4 5 January 2003USA-Israel BSF Grid collaboration4 Testing: settings A Weizmann Institute Fire wall Main (secureid) domain DMZ eio01.weizmann.ac.il eio03.weizmann.ac.il Condor-GUser Globus GRAM GridFT P MDS

5 5 January 2003USA-Israel BSF Grid collaboration5 Testing: settings B Weizmann Institute TelAviv University Fire wall Fire wall Main (secureid) domain DMZ eio01.weizmann.ac.il Globus Condor-GUser GRAM GridFTP MDS

6 5 January 2003USA-Israel BSF Grid collaboration6 Testing: results Security managers cooperated At WI, ports were opened only for testing At WI, a permanent Grid dedicated DMZ cluster is envisioned No major difficulties have been experienced

7 5 January 2003USA-Israel BSF Grid collaboration7 Testing results: Used ports (Setting A) Submit Globus job: Request: 2119Response: A range of ports Globus MDS: Request: 2135Response: 2135 GridFTP: Request: 2811Response: 113 + a range of ports Submit Condor job: Request: 2119Response: 37774. Range of ports of responses starts at about 33000 and going up Conclusion: Nothing unexpected

8 5 January 2003USA-Israel BSF Grid collaboration8 Firewalls in the presence of Grid web services It may be more relevant to learn firewalls in the presence of Grid web services than firewalls in the presence of Globus 2 Web services use http port ‘Traditionally’, http port is not blocked by firewalls Firewalls are being enhanced to block web services streams by adding XML interpretation capability Hence, Grid web services will also have to deal with firewalls

9 5 January 2003USA-Israel BSF Grid collaboration9 Firewalls and OGSA OGSA security group, published an architecture and roadmap at: http://www.cs.virginia.edu/~humphrey/ogsa-sec-wg/ Among other security grid services, ‘firewall friendly’ grid service will be specified At: ‘OGSA firewall Interoperability’ The ‘firewall friendly’ seems to replace rather than communicate with a firewall

10 5 January 2003USA-Israel BSF Grid collaboration10 Replacing firewalls by an OGSA firewall?

11 5 January 2003USA-Israel BSF Grid collaboration11 Current (and future?) Grid security Grid Cluster at DMZ firewall Grid client Grid gate keeper Client may submit resource request Firewall is not directly aware of Grid security. Hence, more resources should be allowed through firewalls than really required, causing a security compromise. Organization

12 5 January 2003USA-Israel BSF Grid collaboration12 Morton Taragin’s suggestion: Define a ‘Grid firewall security service’, teaching firewalls ‘Grid security’ Grid Cluster at DMZ Grid firewall security server firewall Grid client Grid gate keeper 1) Grid firewall security request 2) ‘ Allow resource through ’ request 3) Client may submit resource request Organization

Download ppt "5 January 2003USA-Israel BSF Grid collaboration1 Submitting Grid jobs through firewalls TAU: Halina Abramowicz, Itzhak Ben Akiva, David Horn WI: Ehud Duchovni,"

Similar presentations

Experiences with GridWay on CRO NGI infrastructure / EGEE User Forum 2009 Experiences with GridWay on CRO NGI infrastructure Emir Imamagic, Srce EGEE User.

Experiences with GridWay on CRO NGI infrastructure / EGEE User Forum 2009 Experiences with GridWay on CRO NGI infrastructure Emir Imamagic, Srce EGEE User.
Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.

Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.
Interaction model of grid services in mobile grid environment Ladislav Pesicka University of West Bohemia.

Interaction model of grid services in mobile grid environment Ladislav Pesicka University of West Bohemia.
JLab Lattice Portal – Data Grid Web Service Ying Chen, Chip Watson Thomas Jefferson National Accelerator Facility.

JLab Lattice Portal – Data Grid Web Service Ying Chen, Chip Watson Thomas Jefferson National Accelerator Facility.
Distributed Systems basics www.smartphonetech.org.

Distributed Systems basics
Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.

Condor-G: A Computation Management Agent for Multi-Institutional Grids James Frey, Todd Tannenbaum, Miron Livny, Ian Foster, Steven Tuecke Reporter: Fu-Jiun.
A Computation Management Agent for Multi-Institutional Grids

A Computation Management Agent for Multi-Institutional Grids
Seminar Grid Computing ‘05 Hui Li Sep 19, 2005. Overview Brief Introduction Presentations Projects Remarks.

Seminar Grid Computing ‘05 Hui Li Sep 19, Overview Brief Introduction Presentations Projects Remarks.
USING THE GLOBUS TOOLKIT This summary by: Asad Samar / CALTECH/CMS Ben Segal / CERN-IT FULL INFO AT:

USING THE GLOBUS TOOLKIT This summary by: Asad Samar / CALTECH/CMS Ben Segal / CERN-IT FULL INFO AT:
Universität Dortmund Robotics Research Institute Information Technology Section 03.06.2015 Grid Metaschedulers An Overview and Up-to-date Solutions Christian.

Universität Dortmund Robotics Research Institute Information Technology Section Grid Metaschedulers An Overview and Up-to-date Solutions Christian.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Massimo Cafaro GridLab Review GridLab WP10 Information Services Massimo Cafaro CACT/ISUFI University of Lecce, Italy.

Massimo Cafaro GridLab Review GridLab WP10 Information Services Massimo Cafaro CACT/ISUFI University of Lecce, Italy.
Sergey Belov, LIT JINR 15 September, NEC’2011, Varna, Bulgaria.

Sergey Belov, LIT JINR 15 September, NEC’2011, Varna, Bulgaria.
4b.1 Grid Computing Software Components of Globus 4.0 ITCS 4010 Grid Computing, 2005, UNC-Charlotte, B. Wilkinson, slides 4b.

4b.1 Grid Computing Software Components of Globus 4.0 ITCS 4010 Grid Computing, 2005, UNC-Charlotte, B. Wilkinson, slides 4b.
JPDPS 2003 Grid computing SGCB1 Secure Generic Connection Brokering – SGCB enhancing secure submission of grid jobs across firewalls David Front, Lorne.

JPDPS 2003 Grid computing SGCB1 Secure Generic Connection Brokering – SGCB enhancing secure submission of grid jobs across firewalls David Front, Lorne.
Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003 1 Secure Generic Connection Brokering SGCB enhancing secure submission of grid jobs.

Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec Secure Generic Connection Brokering SGCB enhancing secure submission of grid jobs.
The Open Grid Service Architecture (OGSA) Standard for Grid Computing Prepared by: Haoliang Robin Yu.

The Open Grid Service Architecture (OGSA) Standard for Grid Computing Prepared by: Haoliang Robin Yu.
Grid Computing Net 535.

Grid Computing Net 535.
Grid Toolkits Globus, Condor, BOINC, Xgrid Young Suk Moon.

Grid Toolkits Globus, Condor, BOINC, Xgrid Young Suk Moon.
- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)

- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)

Similar presentations

Ads by Google