Paul Trepka wrote:
>
> The question what we have is like which services should be enabled
> to access over WAN within grid and which should be close to LAN use only
> and which is requested by WAN with outbound connections to the rest
> of deployed resources across the Grid community under LCG
> release 2.7.0 and it's successor over each of the deployed resources?
>
> Any comments is appreciate welcome.
One question I had is whether sites are allowing or disallowing
outbound HTTP/HTTPS on 80/443? Since some sites with otherwise
permissive outbound rules ban 80/443, we're suggesting 777 for HTTP
and 488 for HTTPS, for file servers. (This isn't an issue yet, since
the GridSite-aware SRM hasn't been written - it's the only piece missing
now though.)
The WMProxy service does use HTTPS for moving sandboxes from CE to WN
within sites, between the CE and WN too, but I think that's on the same
port as the WMProxy web service on the CE (7443?) since it's a CGI web
service in C not in Java. If you're going to enforce LAN rules, you
need to take that into account too.
Cheers,
Andrew
-------------------------------------------------------------------
Dr Andrew McNab [log in to unmask] +44-(0)161-275-4227
Co-ordinator of Security Middleware Groups, GridPP & Manchester HEP
|