My take:
I was at the 'hotly debated' meeting and indeed there was lots of
resistance; I would have liked to have said no but I saw no other
alternative, both from the HEP side (where is the generic software that
will do what their VO software is going to do??) and from the Tier-1
side (will anyone send us jobs if we don't install a VO box?)
On the other hand, there are clear no-nos and these have not changed.
We are providing the boxes as a service to the VO in the hope that
something better will appear sometime. After all it looks like the SGM
installation area may finally go away, and Tank and Spark may be dead,
so there is reason to have at least some hope of poor solutions not
becoming permanent. Service here should be understood as hospitality
... we want to help. We all want this to work. However if you spit on
your host's carpet he may ask you to leave. The solution for us to to
help the VOs now, also help push for generic solutions for the long
term, and to make it very clear that if the VO box starts to interfere
with or degrade the quality of our generic Tier-1 services, it will be
turned off. I think that message has been receieved by the experiments,
I don't see problems.
J 'my god what an optimist' T
Gordon, JC (John) wrote:
> Markus, it would be good to hear from Jamie and Ian on the decision. The
> agreement of Tier1s has been with distinct reservations as we still
> don't know what the VOs will do with these boxes. Alice have given some
> information - lists of software but not details of how they will be used
> - and even if we are happy with what runs at first, there seems no
> control over what happens subsequently. So not to be obstructive we have
> agreed but are keeping a close watch and will take action if we see
> problems.
>
> RAL have set up a VObox for Alice although we still have a firewall
> problem. The other UK sites will wait and see how we get on. For the
> moment we are happy to talk about HOW but I am sure we won't be the only
> site who considers WHETHER if VOs are felt to be abusing the privilege.
>
> I am not sure I agree with you on the VO box being the more secure way
> of working. By having the VO box installed you have persuaded sites to
> put aside their security concerns. If the VOs had to justify what they
> were doing sites would feel happier that they weren't installing some
> trojan that will cause problems with their site security people.
>
> I don't mean that VOs should negotiate with each site but I would like
> to think that someone somewhere knew what was being installed and had at
> least thought about possible problems and could reassure the rest of us.
> I don't really mind who this is. It could be you or some other person
> who we all respect and who is independent of the experiments.
>
> John
>
>
>
>
>>-----Original Message-----
>>From: LHC Computer Grid - Rollout
>>[mailto:[log in to unmask]] On Behalf Of Markus Schulz
>>Sent: 06 September 2005 12:33
>>To: [log in to unmask]
>>Subject: Re: [LCG-ROLLOUT] LCG-2_7_0 sooner or later ....
>>
>>Hi Alessandra,
>>yes, there is additional documentation made available by Simone
>>Campana in wiki. http://goc.grid.sinica.edu.tw/gocwiki/VOBOX_HowTo
>>In addition the release note contained quite some material.
>>
>>We can discuss the box there, however for the Tier-1 centers
>>the fact
>>that there are VO-BOXES has been already decided and agreed by the
>>site managers of the T1s. Jamie and Ian can give you more
>>details on
>>the state of this decision.
>>
>>If we discuss this at the workshop we must ensure that we don't try
>>to revert this decision. The discussion has to be focused on the
>>"how" and not on the "wether".
>>
>>
>> markus
|