Presentation is loading. Please wait.

Presentation is loading. Please wait.

Henry Nebrensky – CM26 – 24 March 2010 Computing Panel Discussion: SSH Bastion Henry Nebrensky Brunel University 1.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Henry Nebrensky – CM26 – 24 March 2010 Computing Panel Discussion: SSH Bastion Henry Nebrensky Brunel University 1."— Presentation transcript:

1 Henry Nebrensky – CM26 – 24 March 2010 Computing Panel Discussion: SSH Bastion Henry Nebrensky Brunel University 1

2 Henry Nebrensky – CM26 – 24 March 2010 Background: “PPD” nodes We had already agreed last year to purchase a number of systems, which will be physically located in a proper computing rack room in RAL PPD (Particle Physics Dept.) under the auspices of their Grid team. PPD will also help with systems administration. Note that PPD are providing these services gratis and on a best-effort basis. (The PPD Grid team is different to PPD IT support) It is hoped to separate the services in PPD into separate virtual machines, to improve security and resilience. 2

3 Henry Nebrensky – CM26 – 24 March 2010 External Connectivity MICO Slide SSH EPICS Gateway DB API DB Outside World Micenet / MLCR DB API eLog SSH Bastion Config Database “Web” services EPICS archiver web interface ssh SSH / web services EPICS Spare node Grid clients Grid Transfer Box 3 PPD-Grid managed SSH + analysis code heplnw17 ssh Who will fix this? MICE managed PPD-IT supervised

4 Henry Nebrensky – CM26 – 24 March 2010 SSH Bastion (1) An SSH Bastion allows user to:  Make onward connections using SSH It might, if asked:  allow transfer of files in and out with scp.  allow X11 forwarding It is NOT:  a way to access data – that’s the Grid  a place to run analysis  a software development system  a way to watch iPlayer from outside the UK... 4

5 Henry Nebrensky – CM26 – 24 March 2010 SSH Bastion (2) After 6 weeks of pressure from Adam Dobbs, the RAL “Central” Bastions now allow  SSH connections to micenet strange-numbered ports  X11 forwarding  File transfers (by setting up a tunnel) Site VPN and EPICS gateway also provide expert routes in. A MICE specific bastion is slowly being set up in PPD – management of users and their keys still being worked on. It will allow intermediate storage of limited amounts of data for two-step scp transfers. RAL firewall issues untouched. Given the former, DOESN’T THE LATTER LOOK LIKE A SERIOUS WASTE OF TIME? 5

Download ppt "Henry Nebrensky – CM26 – 24 March 2010 Computing Panel Discussion: SSH Bastion Henry Nebrensky Brunel University 1."

Similar presentations

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Chris Brew RAL PPD Site Report Chris Brew SciTech/PPD.

Chris Brew RAL PPD Site Report Chris Brew SciTech/PPD.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Software Summary Database Data Flow G4MICE Status & Plans Detector Reconstruction 1M.Ellis - CM24 - 3rd June 2009.

Software Summary Database Data Flow G4MICE Status & Plans Detector Reconstruction 1M.Ellis - CM24 - 3rd June 2009.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.

Grid and CDB Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.
Batch Production and Monte Carlo + CDB work status Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.

Batch Production and Monte Carlo + CDB work status Janusz Martyniak, Imperial College London MICE CM37 Analysis, Software and Reconstruction.
Controls and Monitoring Implementation Plan J. Leaver 03/06/2009.

Controls and Monitoring Implementation Plan J. Leaver 03/06/2009.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Computing Panel Discussion Continued Marco Apollonio, Linda Coney, Mike Courthold, Malcolm Ellis, Jean-Sebastien Graulich, Pierrick Hanlet, Henry Nebrensky.

Computing Panel Discussion Continued Marco Apollonio, Linda Coney, Mike Courthold, Malcolm Ellis, Jean-Sebastien Graulich, Pierrick Hanlet, Henry Nebrensky.
Background Info The UK Mirror Service provides mirror copies of data and programs from many sources all over the world. This enables users in the UK to.

Background Info The UK Mirror Service provides mirror copies of data and programs from many sources all over the world. This enables users in the UK to.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.

Oxford Jan 2005 RAL Computing 1 RAL Computing Implementing the computing model: SAM and the Grid Nick West.
Computing Needs Panel Marco Apollonio, Linda Coney, Mike Courthold, Malcolm Ellis, Jean-Sebastien Graulich, Pierrick Hanlet, Henry Nebrensky.

Computing Needs Panel Marco Apollonio, Linda Coney, Mike Courthold, Malcolm Ellis, Jean-Sebastien Graulich, Pierrick Hanlet, Henry Nebrensky.
A Guide to major network components

A Guide to major network components
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

Similar presentations

Ads by Google