Hi all,
On Mon, Jan 17, 2005 at 08:17:21PM +0100, Jeff Templon wrote:
> It's even worse than that:
> > ...
> At some point we were wondering here why so many smaller sites were
> interested in setting up a MyProxy server. Just made no sense
> whatsoever. Until one of us was looking at the LCG manual install
> (specially recommended for small sites without a lot of expertise) and
> in the example config file, there was a) CE, b) SE, c) WN, d) MyProxy.
> All those myproxies since sites were just assuming they needed to have
> one of each just like the example!!
Could at least the MyProxy server be taken out of this example list?
Running a MyProxy server in a reasonable way is a very delicate business,
there are no guidelines on how to operate a MyProxy server securely,
and even if there were any small sites are usually not up to par on
protecting stuff.
I think the ROCs/CICs/GOCs/Tier-1s/LargeSites(TM) are far better
equipped to take that role
(dedicated system, no normal user logins, additional firewalling
and a DMZ inbetween, intense IDS monitoring both on the box and the network
and a very awake admin is the least what it takes to run a proper MyProxy).
For this reason, NIKHEF does not run a MyProxy but happily leaves that
role to SARA :-)
An RB/BDII is a much more useful thing than a MyProxy server, even for
small sites, so if you crave for more example configs ...
Cheers,
DavidG.
--
David Groep
** National Institute for Nuclear and High Energy Physics, PDP projectgroup **
** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009 DB Amsterdam NL **
|