Automatic verification of sla for firewall configuration in grid environments
This presentation is the property of its rightful owner.
Sponsored Links
1 / 11

Automatic verification of SLA for Firewall Configuration in Grid Environments PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on
  • Presentation posted in: General

Automatic verification of SLA for Firewall Configuration in Grid Environments. Gian Luca Volpato Christian Grimm Martin Janitschke. Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008. Motivation. Facilitate the integration of new resources into a Grid:

Download Presentation

Automatic verification of SLA for Firewall Configuration in Grid Environments

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Automatic verification of sla for firewall configuration in grid environments

Automatic verification of SLA for Firewall Configuration in Grid Environments

Gian Luca Volpato

Christian Grimm

Martin Janitschke

Gian Luca Volpato – Cracow Grid Workshop 08 – 15 October 2008


Motivation

Motivation

Facilitate the integration of new resources into a Grid:

  • Definition of security profiles

  • Certification of firewall setup

  • Monitoring firewall configuration as part of the Service Level Agreements

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Summary

Summary

  • Firewall configuration issues

  • Classification of middleware components

  • Definition of security profiles

  • SLA extension

  • Tool for automatic verification of firewall configuration

  • Q&A

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Integration of new partners

Integration of new partners

  • Installation of Grid middleware(s)

  • Creation of local user accounts

  • Registration to the information services

  • ...

  • Configuration of firewall rules

    • If too restrictive  prevent legitimate communications

    • If too loose  allow unauthorized communications

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Classification of middleware components

Classification of middleware components

Worker Node

Globus GRAM

Four categories of middleware components:

  • Computing frontends

  • Data frontends

  • Interactive nodes

  • Worker nodes

Worker Node

Worker Node

LCG/gLite CE

Batch system

Worker Node

Worker Node

Worker Node

UNICORE NJS

Worker Node

Interactive node

dCache SE

OGSA-DAI

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Communication paths

Communication paths

Identification of network ports used by each component for incoming connections

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Security profiles

Security profiles

Minimize the number of connections traversing firewalls

Range from basic services to complete set of functionality

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Sla extension

SLA extension

Each site declares which security profile will be implemented

Provide guarantee that communications to/from certain Grid services is allowed, i.e. firewall is correctly configured

Verification:

  • before accepting a site in production

  • periodically for all the duration of the collaboration

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Verification of firewall configuration

Verification of firewall configuration

Central service performing periodic verifications:

  • requested ports are accessible

  • all other ports are blocked

    In a further evolution

  • allow peer-to-peer verification of selected sites

  • triggered on-demand

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Automatic verification of sla for firewall configuration in grid environments

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


Summary1

Summary

  • Firewall configuration issues

  • Classification of middleware components

  • Definition of security profiles

  • SLA extension

  • Tool for automatic verification of firewall configuration

    Q&A

Gian Luca Volpato - Cracow Grid Workshop '08 - 15 October 2008


  • Login