Thank you very much for your explanation, Mingchao.
Elena
On 16 Jun 2011, at 11:41, Mingchao Ma wrote:
> Hi Elena,
>
>> there is still a question from Matt who is not on tb-support list:
>>
>> ....
>> Specifically we wanted to find out if either or both of these 2 ports: PAP
>> and PEP; should be open to connections from off-site.
>> It is unclear to us from the documentation whether the server will be
>> contacted on these ports just from local worker nodes and/or ce's or also
>> from elsewhere on the grid.
>> ....
>
> Argus supposes to be your site central authorization service (eventually),
> there should be no reason why you expose it to off-site network at all. It
> should be carefully firewalled just make sure that your PEP client can talk
> to it (such as your CE, glexec etc.), for management/admin reason you might
> need to connect it from off-site (e.g. remotely manage policies), in this
> case, please use VPN or SSH tunnel.
>
> Cheers,
>
> Mingchao
__________________________________________________
Dr Elena Korolkova
Email: [log in to unmask]
Tel.: +44 (0)114 2223553
Fax: +44 (0)114 2223555
Department of Physics and Astronomy
University of Sheffield
Sheffield, S3 7RH, United Kingdom
|