automatic verification of sla for firewall configuration in grid environments
Download
Skip this Video
Download Presentation
Automatic verification of SLA for Firewall Configuration in Grid Environments

Loading in 2 Seconds...

play fullscreen
1 / 11

Automatic verification of SLA for Firewall Configuration in Grid Environments - PowerPoint PPT Presentation


  • 105 Views
  • Uploaded on

Automatic verification of SLA for Firewall Configuration in Grid Environments. Gian Luca Volpato Christian Grimm Martin Janitschke. Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008. Motivation. Facilitate the integration of new resources into a Grid:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Automatic verification of SLA for Firewall Configuration in Grid Environments' - tanisha-dickerson


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
automatic verification of sla for firewall configuration in grid environments

Automatic verification of SLA for Firewall Configuration in Grid Environments

Gian Luca Volpato

Christian Grimm

Martin Janitschke

Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008

motivation
Motivation

Facilitate the integration of new resources into a Grid:

  • Definition of security profiles
  • Certification of firewall setup
  • Monitoring firewall configuration as part of the Service Level Agreements

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

summary
Summary
  • Firewall configuration issues
  • Classification of middleware components
  • Definition of security profiles
  • SLA extension
  • Tool for automatic verification of firewall configuration
  • Q&A

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

integration of new partners
Integration of new partners
  • Installation of Grid middleware(s)
  • Creation of local user accounts
  • Registration to the information services
  • ...
  • Configuration of firewall rules
    • If too restrictive  prevent legitimate communications
    • If too loose  allow unauthorized communications

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

classification of middleware components
Classification of middleware components

Worker Node

Globus GRAM

Four categories of middleware components:

  • Computing frontends
  • Data frontends
  • Interactive nodes
  • Worker nodes

Worker Node

Worker Node

LCG/gLite CE

Batch system

Worker Node

Worker Node

Worker Node

UNICORE NJS

Worker Node

Interactive node

dCache SE

OGSA-DAI

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

communication paths
Communication paths

Identification of network ports used by each component for incoming connections

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

security profiles
Security profiles

Minimize the number of connections traversing firewalls

Range from basic services to complete set of functionality

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

sla extension
SLA extension

Each site declares which security profile will be implemented

Provide guarantee that communications to/from certain Grid services is allowed, i.e. firewall is correctly configured

Verification:

  • before accepting a site in production
  • periodically for all the duration of the collaboration

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

verification of firewall configuration
Verification of firewall configuration

Central service performing periodic verifications:

  • requested ports are accessible
  • all other ports are blocked

In a further evolution

  • allow peer-to-peer verification of selected sites
  • triggered on-demand

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

summary1
Summary
  • Firewall configuration issues
  • Classification of middleware components
  • Definition of security profiles
  • SLA extension
  • Tool for automatic verification of firewall configuration

Q&A

Gian Luca Volpato - Cracow Grid Workshop \'08 - 15 October 2008

ad