Stephen,
The problem of the worker nodes is not solved satisfactorily, and
as you say various people have been pointing out this problem for around 3
years. We will do our best to make sure the machines run in a way
compatible with LCG, by creative use of the tools available and by
negotiating with our network and security people. But it will take
patience.
Putting the machines outside the firewall does not completely
solve the problem. If I put a machine up with a .brunel.ac.uk name and it
starts causing problems for external sites, then the brunel site
management gets it in the neck. Other sites might for instance block all
.brunel.ac.uk traffic.
I think the way forward is for the GRID developers to be more
sensitive to problems in the wider community and for us to strive to
establish grid computing as a valuable resource which does not represent a
security problem.
Paul
On Wed, 23 Mar 2005, Burke, S (Stephen) wrote:
> LHC Computer Grid - Rollout
> > [mailto:[log in to unmask]] On Behalf Of Paul Kyberd said:
> > If we don't have a robust an believable response then
> > university
> > computer centres will just close the ports and if that stops
> > us working then ... well it is our problem.
>
> What are you planning on doing about your worker nodes? At the moment,
> to be useful they are expected to have unrestricted outbound access - we
> have no way to advertise that only specific ports are open, and I'm not
> sure that we'd want to do it anyway ... of course, people have been
> saying for a long time that that should be changed, but so far it hasn't
> happened. And what do you do about globus, which normally chooses ports
> at random in a specified range?
>
> The answer may be simply that grid systems should be outside the
> firewalls and not inside ...
>
> Stephen
>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Paul Kyberd Brunel University +
+ E-mail: [log in to unmask] Department of Electronic and +
+ Phone: +44-(0)1895-203201 Computer Engineering +
+ Fax: Uxbridge, Middlesex UB8 3PH +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|