>
>
>
> On 27 Mar 2012, at 15:36, Ewan MacMahon wrote:
>
>>> -----Original Message-----
>>> From: Testbed Support for GridPP member institutes [mailto:
TB-
>>>
[log in to unmask]] On Behalf Of Sam Skipsey
>>>
>>>
>>> Um. You can't just say something like that and leave it
>>> hanging; we're going to need some details, especially bearing
>>> in mind that there in no requirement for individual worker
>>> nodes to allow incoming connections, and many don't.
>>>
>>> And, indeed, this specifically breaks (for example) almost all the NATted
>>> solutions which a lot of grid sites use for their worker nodes. Which they
>>> use because, as Ewan notes, there is absolutely no requirement for a
>>> worker node to allow incoming connections (and allowing such makes
>>> security on them harder).
>>>
>> What they could do is have every job VPN back to an ATLAS server
>> where it could be allocated a private internal (to ATLAS) IP
>> address (possibly calculated from it's panda job ID) which would
>> then accept incoming connections. If this is going to be 'command
>> and control' it doesn't need to be high bandwidth.
>>
>> Ewan
>