Deploying Grids on Campus Networks Andrew Cormack Chief Security Adviser, UKERNA

advertisement
Deploying Grids on Campus
Networks
Andrew Cormack
Chief Security Adviser, UKERNA
A.Cormack@ukerna.ac.uk
Campus Grid workshop, NESC
©The JNT Association, 2005
World Pictures
Grid World
Research
oriented
Everyone friendly
Same rules everywhere
Common trust level
Peaceful
Campus Grid workshop, NESC
Campus Network World
Service
oriented
Good guys & bad guys
Rules vary
Internal trust frontiers
Hostile background noise
©The JNT Association, 2005
How to bring these worlds together?
Campus Grid workshop, NESC
©The JNT Association, 2005
Issues for Network Managers
How to design networks?



That provide service
That limit spread of problems
That protect systems that can’t protect themselves
Tools available



Physical design – capacity planning
Logical design – group systems with similar requirements
Control points – routers & firewalls protect and contain
Campus Grid workshop, NESC
©The JNT Association, 2005
Issues for Grid Managers
Putting research systems in a hostile environment


Must secure all software (o/s, services & apps)
Grids are designed to spread problems!
Grids need firewalls



To reduce network congestion
To reduce intensity of system/software management
To contain the spread of problems
Design Grids to be firewall-friendly


Don’t expose yourself to threats
Don’t expose others to threats
Campus Grid workshop, NESC
©The JNT Association, 2005
Issues for Everyone
How to monitor/measure Grid performance?
Grids should be doing useful work
 Grids should not be doing bad things

How to detect and respond to incidents?
Grid incidents may not be network incidents
 Network “incidents” may be Grid successes!

Campus Grid workshop, NESC
©The JNT Association, 2005
Ideas to make Campus Grids easier
Clear agreed purpose -> policies -> implementation
Standard system image(s)

Automatic updates, patches etc reduce firefighting
Recognisable (private?) network addresses

Mostly for ease of configuration, not host security
Work with, not against, network level controls
Effective incident detection & response plan

Incidents will spread fast and far in a grid
Campus Grid workshop, NESC
©The JNT Association, 2005
Collecting Best Practice
UKERNA Grid Deployment Technical Guide
General Principles
 Tools, Techniques & Resources

Appendices: Specific Package Issues
 1st Edition:
Globus pre web services, Condor
Future versions maintained and developed by
practitioners?
Campus Grid workshop, NESC
©The JNT Association, 2005
Download