Automatic verification of sla for firewall configuration in grid environments
Download
1 / 11

Automatic verification of SLA for Firewall Configuration in Grid Environments - PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on

Automatic verification of SLA for Firewall Configuration in Grid Environments. Gian Luca Volpato Christian Grimm Martin Janitschke. Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008. Motivation. Facilitate the integration of new resources into a Grid:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Automatic verification of SLA for Firewall Configuration in Grid Environments' - tanisha-dickerson


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Automatic verification of sla for firewall configuration in grid environments

Automatic verification of SLA for Firewall Configuration in Grid Environments

Gian Luca Volpato

Christian Grimm

Martin Janitschke

Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008


Motivation
Motivation Grid Environments

Facilitate the integration of new resources into a Grid:

  • Definition of security profiles

  • Certification of firewall setup

  • Monitoring firewall configuration as part of the Service Level Agreements

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Summary
Summary Grid Environments

  • Firewall configuration issues

  • Classification of middleware components

  • Definition of security profiles

  • SLA extension

  • Tool for automatic verification of firewall configuration

  • Q&A

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Integration of new partners
Integration of new partners Grid Environments

  • Installation of Grid middleware(s)

  • Creation of local user accounts

  • Registration to the information services

  • ...

  • Configuration of firewall rules

    • If too restrictive  prevent legitimate communications

    • If too loose  allow unauthorized communications

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Classification of middleware components
Classification of middleware components Grid Environments

Worker Node

Globus GRAM

Four categories of middleware components:

  • Computing frontends

  • Data frontends

  • Interactive nodes

  • Worker nodes

Worker Node

Worker Node

LCG/gLite CE

Batch system

Worker Node

Worker Node

Worker Node

UNICORE NJS

Worker Node

Interactive node

dCache SE

OGSA-DAI

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Communication paths
Communication paths Grid Environments

Identification of network ports used by each component for incoming connections

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Security profiles
Security profiles Grid Environments

Minimize the number of connections traversing firewalls

Range from basic services to complete set of functionality

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Sla extension
SLA extension Grid Environments

Each site declares which security profile will be implemented

Provide guarantee that communications to/from certain Grid services is allowed, i.e. firewall is correctly configured

Verification:

  • before accepting a site in production

  • periodically for all the duration of the collaboration

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Verification of firewall configuration
Verification of firewall configuration Grid Environments

Central service performing periodic verifications:

  • requested ports are accessible

  • all other ports are blocked

    In a further evolution

  • allow peer-to-peer verification of selected sites

  • triggered on-demand

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008



Summary1
Summary 2008

  • Firewall configuration issues

  • Classification of middleware components

  • Definition of security profiles

  • SLA extension

  • Tool for automatic verification of firewall configuration

    Q&A

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


ad