Firewall Traversal in the Grid Architecture

Computational grids have been at the forefront of e-science supercomputing for several years now. Many issues have been settled over the years, but some may only appear to be so. One of these issues is firewall traversal. Many solutions have been proposed and developed. We have developed two such solutions ourselves: Remus and Romulus, but like all other solutions, they are limited in application. Others are working on proposed standards or solutions based on existing Internet standards and RFCs. However, we still have production-level grids that instead operate their grid resources on an open firewall policy. Some propose moving grids on top of peer-topeer networks and/or overlay networks, or rebuilding grids on top of clouds instead. Existing grid infrastructures have not rushed to follow either path, however, as the required changes will take considerable effort and cost for currently running systems. This paper investigates the problem and offers a different proposal: a minor revision to the grid architecture. In order to support what we propose, we will look at several proposed solutions and identify their limitations. We also classify them into two distinct approaches, and discuss how each one is not by itself sufficient for all situations. Then we shall show that a slight improvement to the grid protocol architecture provides a multi-pronged architectural solution.

[1]  David Abramson,et al.  REMUS: A Rerouting and Multiplexing System for Grid Connectivity Across Firewalls , 2008, Journal of Grid Computing.

[2]  Jürgen Quittek,et al.  Middlebox Communications (MIDCOM) Protocol Semantics , 2005, RFC.

[3]  Jeffrey D. Case,et al.  Simple Network Management Protocol (SNMP) , 1989, RFC.

[4]  Mary Barnes Middlebox Communications (MIDCOM) Protocol Evaluation , 2005, RFC.

[5]  David Abramson,et al.  Nimrod: a tool for performing parametrised simulations using distributed workstations , 1995, Proceedings of the Fourth IEEE International Symposium on High Performance Distributed Computing.

[6]  Christian Grimm,et al.  Firewall Issues overview. , 2006 .

[7]  P. Oscar Boykin,et al.  WOW: Self-Organizing Wide Area Overlay Networks of Virtual Workstations , 2006, 2006 15th IEEE International Conference on High Performance Distributed Computing.

[8]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[9]  Omar Santos,et al.  Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance , 2005 .

[10]  Brian E. Carpenter,et al.  Middleboxes: Taxonomy and Issues , 2002, RFC.

[11]  D Manyu,et al.  Hypertext transfer protocol , 2009 .

[12]  David Abramson,et al.  Nimrod/G: an architecture for a resource management and scheduling system in a global computational grid , 2000, Proceedings Fourth International Conference/Exhibition on High Performance Computing in the Asia-Pacific Region.

[13]  Miron Livny,et al.  Recovering internet symmetry in distributed computing , 2003, CCGrid 2003. 3rd IEEE/ACM International Symposium on Cluster Computing and the Grid, 2003. Proceedings..

[14]  Miron Livny,et al.  A Generic Proxy Mechanism for Secure Middlebox Traversal , 2005, 2005 IEEE International Conference on Cluster Computing.

[15]  Matt Ganis,et al.  SOCKS Protocol Version 5 , 1996, RFC.

[16]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[17]  Sven Graupner,et al.  Globus Grid and Firewalls: Issues and Solutions in a Utility Data Center Environment , 2002 .

[18]  Jason Maassen,et al.  Smartsockets: solving the connectivity problems in grid computing , 2007, HPDC '07.

[19]  P. Oscar Boykin,et al.  IP over P2P: enabling self-configuring virtual IP networks for grid computing , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[20]  Mitsuhisa Sato,et al.  Performance evaluation of a firewall-compliant Globus-based wide-area cluster system , 2000, Proceedings the Ninth International Symposium on High-Performance Distributed Computing.

[21]  Miron Livny,et al.  CODO: firewall traversal by cooperative on-demand opening , 2005, HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005..

[22]  Tatu Ylonen,et al.  SSH: secure login connections over the internet , 1996 .

[23]  David Abramson,et al.  Optimizing tunneled grid connectivity across firewalls , 2009, AusGrid '09.

[24]  Jonathan D. Rosenberg,et al.  Middlebox communication architecture and framework , 2002, RFC.

[25]  Melinda Shore,et al.  Middlebox Communications (midcom) Protocol Requirements , 2002, RFC.

[26]  Jürgen Quittek,et al.  Network Working Group Definitions of Managed Objects for Middlebox Communication , 2022 .

[27]  Ian T. Foster,et al.  Globus Toolkit Version 4: Software for Service-Oriented Systems , 2005, Journal of Computer Science and Technology.

[28]  David Abramson,et al.  A Virtual Connectivity Layer for Grids , 2009, 2009 Fifth IEEE International Conference on e-Science.

[29]  Jeffrey D. Case,et al.  Simple Network Management Protocol (SNMP) , 1990, RFC.