Clique/Trust Solution Suitable for Level 2 Grid Trusted Host Database • Remote database of IP addresses, port ranges etc. • Accessible by firewall administrators • Secure access • Quickly propagate changes • Compatible with future developments • Has access control for VO-level access restrictions Access Method • Web interface • Certificate based access • Access Controls GridSite ! Database Structure • Updating via VO management tools (such as LeSC’s VOM) • Also could update via XML-based user database (in development at CLRC DL) • Create static web pages accessible from the web Changes to database • Additions to a particular VO’s “allowed” list should be moderated • Removal of IP addresses should propagate as quickly as possible • Firewall administrators must be prompted to inspect the web pages when changes have been made Pro’s and Con’s • • • • • Quick solution Secure Uses existing applications May result in lengthy firewall rule tables All participating sites must be secure – no weak links • Changes to the firewalls need to be made quickly • Can’t cope with “roaming users” – no DHCP etc. Conclusions • Good solution for more static Level 2 grid • Bad solution for dynamic, roaming user grid – how about a VPN?