> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Tom Whyntie
>
>
> Just to follow up on a point from this morning's Ops meeting: the problem
> Gareth R's "happy user" encountered was getting a proxy on a custom
> ScotGrid VM because access to the VOMS servers via this VM was blocked by
> a university Firewall.
>
> As this could well be a common problem for many new users, is the only way
> around this to get the relevant ports unblocked in said Firewall?
>
AIUI it's fairly unusual on 'real' networks (as opposed to, say, visitor networks) to filter outgoing traffic that aggressively, but it would certainly break things (and not just the VOMS - lots of things) if a client can't access services run on non-web ports. A lot of places block a few specific things outgoing (email, Windows file/print sharing), but blocking the sort of essentially random high ports that a lot of grid services run on is unusual.
> If so, Gareth's solution of providing a cluster user account would be something
> to recommend in the "GridPP Champion's Guide" (or whatever we call it...!).
>
There was an idea, quite some time back, of resurrecting the even older idea of having a central UI run at the Tier 1; there wasn’t a great deal of enthusiasm for it then, but if we're strategically pushing the boat out to give new users the easiest possible way of getting onto the grid, that's probably still the easiest (for the users) way of doing it, because it completely relieves them of the needs to run anything on their own machine/network beyond an SSH client.
Ewan
|