Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic verification of SLA for Firewall Configuration in Grid Environments Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008 Gian Luca Volpato.

Published byTeresa Leonard Modified over 9 years ago

Similar presentations

Presentation on theme: "Automatic verification of SLA for Firewall Configuration in Grid Environments Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008 Gian Luca Volpato."— Presentation transcript:

1 Automatic verification of SLA for Firewall Configuration in Grid Environments Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008 Gian Luca Volpato Christian Grimm Martin Janitschke

2 Page 2Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008 Motivation Facilitate the integration of new resources into a Grid: 1.Definition of security profiles 2.Certification of firewall setup 3.Monitoring firewall configuration as part of the Service Level Agreements

3 Page 3 Summary 1.Firewall configuration issues 2.Classification of middleware components 3.Definition of security profiles 4.SLA extension 5.Tool for automatic verification of firewall configuration 6.Q&A Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008

4 Page 4 Integration of new partners  Installation of Grid middleware(s)  Creation of local user accounts  Registration to the information services  … ...  Configuration of firewall rules  If too restrictive  prevent legitimate communications  If too loose  allow unauthorized communications Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008

5 Page 5 Classification of middleware components Four categories of middleware components: 1.Computing frontends 2.Data frontends 3.Interactive nodes 4.Worker nodes Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008 Globus GRAM UNICORE NJS LCG/gLite CE OGSA-DAI dCache SE Interactive node Batch system Worker Node

6 Page 6 Communication paths Identification of network ports used by each component for incoming connections Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008 GT 4.0 GRAM 2811 8443 20000-25000 dCache SE 2135 2811 8443 20000-25000 OGSA-DAI 8443

7 Page 7 Security profiles Minimize the number of connections traversing firewalls Range from basic services to complete set of functionality Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008 LevelComputingDataWorker node Interactive node 1 -- 2 - 3 - 4

8 Page 8 SLA extension Each site declares which security profile will be implemented Provide guarantee that communications to/from certain Grid services is allowed, i.e. firewall is correctly configured Verification:  before accepting a site in production  periodically for all the duration of the collaboration Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008

9 Page 9 Verification of firewall configuration Central service performing periodic verifications:  requested ports are accessible  all other ports are blocked In a further evolution  allow peer-to-peer verification of selected sites  triggered on-demand Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008

10 Page 10Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008

11 Page 11 Summary 1.Firewall configuration issues 2.Classification of middleware components 3.Definition of security profiles 4.SLA extension 5.Tool for automatic verification of firewall configuration Q&A Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008

Download ppt "Automatic verification of SLA for Firewall Configuration in Grid Environments Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008 Gian Luca Volpato."

Similar presentations

March 6 th, 2009 OGF 25 Unicore 6 and IPv6 readiness and IPv6 readiness

March 6 th, 2009 OGF 25 Unicore 6 and IPv6 readiness and IPv6 readiness
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
Polish Infrastructure for Supporting Computational Science in the European Research Space EUROPEAN UNION Services and Operations in Polish NGI M. Radecki,

Polish Infrastructure for Supporting Computational Science in the European Research Space EUROPEAN UNION Services and Operations in Polish NGI M. Radecki,
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Cracow Grid Workshop, November 5-6, 2001 Towards the CrossGrid Architecture Marian Bubak, Marek Garbacz, Maciej Malawski, and Katarzyna Zając.

Cracow Grid Workshop, November 5-6, 2001 Towards the CrossGrid Architecture Marian Bubak, Marek Garbacz, Maciej Malawski, and Katarzyna Zając.
S. Gadomski, ATLAS computing in Geneva, journee de reflexion, 14 Sept 20071 ATLAS computing in Geneva Szymon Gadomski description of the hardware the.

S. Gadomski, "ATLAS computing in Geneva", journee de reflexion, 14 Sept ATLAS computing in Geneva Szymon Gadomski description of the hardware the.
1 GRID Workshop – Toulouse IAS – October 20th Ground segment & products Department Globus TK4 experiment for image data processing : security architecture,

1 GRID Workshop – Toulouse IAS – October 20th Ground segment & products Department Globus TK4 experiment for image data processing : security architecture,
Massimo Cafaro GridLab Review GridLab WP10 Information Services Massimo Cafaro CACT/ISUFI University of Lecce, Italy.

Massimo Cafaro GridLab Review GridLab WP10 Information Services Massimo Cafaro CACT/ISUFI University of Lecce, Italy.
Tunis, Tunisia, 18-19 June 2012 Cloud Research Activities Pr. Mohamed JEMNI Computing Center Al Khawarizmi (CCK) Research Laboratory LaTICE

Tunis, Tunisia, June 2012 Cloud Research Activities Pr. Mohamed JEMNI Computing Center Al Khawarizmi (CCK) Research Laboratory LaTICE
Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.
1 Deployment of an LCG Infrastructure in Australia How-To Setup the LCG Grid Middleware – A beginner's perspective Marco La Rosa

1 Deployment of an LCG Infrastructure in Australia How-To Setup the LCG Grid Middleware – A beginner's perspective Marco La Rosa
Network Configuration Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P3 24-25 October 2013.

Network Configuration Charles (Cal) Loomis & Mohammed Airaj LAL, Univ. Paris-Sud, CNRS/IN2P October 2013.
Using Windows Firewall and Windows Defender

Using Windows Firewall and Windows Defender
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
EMI SA2: Quality Assurance (EMI-SA2 Work Package) Alberto Aimar (CERN) WP Leader.

EMI SA2: Quality Assurance (EMI-SA2 Work Package) Alberto Aimar (CERN) WP Leader.
Dynamic Firewalls and Service Deployment Models for Grid Environments Gian Luca Volpato, Christian Grimm RRZN – Leibniz Universität Hannover Cracow Grid.

Dynamic Firewalls and Service Deployment Models for Grid Environments Gian Luca Volpato, Christian Grimm RRZN – Leibniz Universität Hannover Cracow Grid.
SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.
EMI INFSO-RI-261611 EMI Quality Assurance Processes (PS06-4-499) Alberto Aimar (CERN) CERN IT-GT-SL Section Leader EMI SA2 QA Activity Leader.

EMI INFSO-RI EMI Quality Assurance Processes (PS ) Alberto Aimar (CERN) CERN IT-GT-SL Section Leader EMI SA2 QA Activity Leader.
Chapter 1 Introduction to the Help Desk Introduction to Help Desk Concepts & Skills Mike Meyers’ Computer Skills.

Chapter 1 Introduction to the Help Desk Introduction to Help Desk Concepts & Skills Mike Meyers’ Computer Skills.

Similar presentations

Ads by Google