AW: [fi-rg] Document contributions

Wed Aug 31 08:04:56 CDT 2005

Hi @all,

Sorry for the late contribution. Attached the use case as presented on last GGF.

A more general description could look like:

"""
The creation of Virtual Organizations (VO) becomes obligatory nowadays. Applications and their matching licenses are shared over several sites. To be more abstract, computational resources are no longer bound to geographical locations. Modern techniques - like Grid Computing - permit remote use and coupling of these resources. The idea of "on demand  business", and all its advantages, supports the creation of Grids. This includes the flexible use of distributed resources to cut IT costs and react to changes of  the market. With Grids formerly impossible solutions can be found.

When creating VOs, not only access has to be granted to each other's resources, but means of communication have got to be established between them. In modern Grids this will mostly be communication for the invocation of services. But non-blocking I/O traffic is also part of this scenario. File transfers would be an example for this. Most companies (and so their sites) use modern firewall technologies to protect their data and so their intellectual property. In most cases this includes several firewalls and security zones. These zones match different levels of security.

Most important is the demilitarized zone (DMZ). It can be accessed from both sides. The trusted network and the untrusted network can contact hosts located in this zone. The use of several firewalls allows the protection of hosts against attacks from either side of the zone.
As a result of this setup the following problems arise when a VO is created:
*	Several firewalls have to be passed (internal and external packet filters). Local site's security policies presume a very strict rule set for these firewalls. No security holes should be opened.
*	Firewalls have to be opened for several TCP and UDP ports.
*	Data transfers have to be passed through the firewalls.

Several ports are being opened to allow communication between the Grid resources. Therefore security holes need to be opened. There is no control over the data traffic. Users can access the resources without control.
"""

Greetings from Germany,

-Thijs Metsch

-----Ursprüngliche Nachricht-----
Von: owner-fi-rg at ggf.org [mailto:owner-fi-rg at ggf.org] Im Auftrag von Leon Gommans
Gesendet: Freitag, 19. August 2005 08:55
An: fi-rg at ggf.org
Betreff: [fi-rg] Document contributions

Hi all,

GGF-15 is approaching fast and most of us on the northern hemisphere returned from our holidays :-(

It is now time to start to collect the contributions to our first document. Would those people who feel they could write a 1-2 page description of the issues they feel firewall type devices are are causing send them to me (and CC the list) so I can start to put them into a document. We can then organise a telecon and start to discuss the contributions.

Thanks .. Leon Gommans.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fi-rg_usecase_tent.pdf
Type: application/octet-stream
Size: 244308 bytes
Desc: fi-rg_usecase_tent.pdf
Url : http://www.ogf.org/pipermail/fi-rg/attachments/20050831/51997dd1/attachment.obj 