> -----Original Message----- > From: Testbed Support for GridPP member institutes [mailto:TB- > [log in to unmask]] On Behalf Of Sam Skipsey > > > Um. You can't just say something like that and leave it > hanging; we're going to need some details, especially bearing > in mind that there in no requirement for individual worker > nodes to allow incoming connections, and many don't. > > And, indeed, this specifically breaks (for example) almost all the NATted > solutions which a lot of grid sites use for their worker nodes. Which they > use because, as Ewan notes, there is absolutely no requirement for a > worker node to allow incoming connections (and allowing such makes > security on them harder). > What they could do is have every job VPN back to an ATLAS server where it could be allocated a private internal (to ATLAS) IP address (possibly calculated from it's panda job ID) which would then accept incoming connections. If this is going to be 'command and control' it doesn't need to be high bandwidth. Ewan