Clique/Trust Solution
Suitable for Level 2 Grid
Trusted Host Database
• Remote database of IP addresses, port
ranges etc.
• Accessible by firewall administrators
• Secure access
• Quickly propagate changes
• Compatible with future developments
• Has access control for VO-level access
restrictions
Access Method
• Web interface
• Certificate based access
• Access Controls
GridSite !
Database Structure
• Updating via VO management tools (such
as LeSC’s VOM)
• Also could update via XML-based user
database (in development at CLRC DL)
• Create static web pages accessible from
the web
Changes to database
• Additions to a particular VO’s “allowed” list
should be moderated
• Removal of IP addresses should
propagate as quickly as possible
• Firewall administrators must be prompted
to inspect the web pages when changes
have been made
Pro’s and Con’s
•
•
•
•
•
Quick solution
Secure
Uses existing applications
May result in lengthy firewall rule tables
All participating sites must be secure – no weak
links
• Changes to the firewalls need to be made
quickly
• Can’t cope with “roaming users” – no DHCP etc.
Conclusions
• Good solution for more static Level 2 grid
• Bad solution for dynamic, roaming user
grid – how about a VPN?