[fi-rg] Telecon monday 16:00 CET / 10:00 EDT

Leon Gommans lgommans at science.uva.nl
Mon Jul 24 07:11:09 CDT 2006 

Gian Luca,

Excellent points! Let's discuss them.

Regards .. Leon.

Gian Luca Volpato schreef:
> Hello Everybody,
>
> for the discussion about the final version of our first document I 
> would like to share with you a list of items I would like to go 
> through during the phone conference.
>
> - chapter 4:
> for the classification of the Grid applications I proposed some time 
> ago to use 3 different categories:
> 1 - Middlewares and protocols (Unicore, Globus, web services)
> 2 - Data storage and data transfer (GridFTP, dCache, GPFS)
> 3 - System deployment (Net of trust / Bastion hosts, High-bandwidth 
> long-distance networks, TENT, AccessGrid)
> I understood we agreed on this new classification model, but the last 
> version of the document (v1.9) use the old 2 categories.
>
> - chapter 4:
> what makes AccessGrid an interesting use case for us?
> I fully agree that multicast streams and firewall is an interesting 
> topic, but is it a Grid-related issue? I mean, does the problem arise 
> because of the use of Grid-specific software?
> From the text I can't really understand the interaction between 
> AccessGrid and Grid.
>
> - chapter 5:
> the problem of opening a large number of ephemeral ports in the 
> firewall is misleading. When such ports are allowed only for a small 
> set of specific hosts (those running Grid middleware or Grid 
> applications) in the internal network is it really so bad? Of course 
> there is a risk in opening so many ports, but the risk is anyway 
> limited to the hosts running Grid software.
>
> - chapter 5:
> the discussion about DMZ is not clear. Is it good or bad practice to 
> place Grid applications in the DMZ? Why?
> When must an application pass through more than 2 DMZs?
>
> - chapter 6:
> in the summary we introduce some concepts never mentioned before in 
> the document. I refer in particular to:
> - firewalls inspecting streams instead of single packets,
> - firewalls allowing connections because other entities already 
> checked the authorization,
> - definition of standardized authorization mechanisms to be 
> implemented by firewall vendors.
> I think that what we write in the summary should also be presented 
> with more details in some previous chapter. What do you think?
>
>
> Looking forward to talk to you.
> Regards
> /Gian Luca
>
>
>
>
>
>
>
>

More information about the fi-rg mailing list