A Virtual Connectivity Layer for Grids

Computational grids are now mainstream facilities for e-research worldwide. While enterprise grids exist within organizations, national grids have become common, usually consisting of government as well as academic facilities. Such facilities are not uncommonly lenient with blanket policies to allow inbound and outbound grid traffic. This is far from ideal, from a security perspective, but given the dynamic nature of grid use, it is impractical to keep restrictive firewalls and manually keep up with on-demand firewall reconfiguration. Other solutions are necessary, where security is not sacrificed. Apart from first generation solutions that were mostly not sufficiently generic, standardization work is now ongoing, but exclusively aimed at firewall virtualization. We argue for an architectural solution that encompasses firewall virtualization as well as other methods that can be more appropriate in many environments. This paper describes our notion of the missing layer between grid and fabric, which we refer to as the virtual connectivity layer. We have developed two implementations within this layer and discuss how they fit into a complete and well-defined architectural solution.

[1]  Mary Barnes Middlebox Communications (MIDCOM) Protocol Evaluation , 2005, RFC.

[2]  David Abramson,et al.  Nimrod: a tool for performing parametrised simulations using distributed workstations , 1995, Proceedings of the Fourth IEEE International Symposium on High Performance Distributed Computing.

[3]  Russ Miller,et al.  Grid-enabled virtual organization based dynamic firewall , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[4]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[5]  Christian Grimm,et al.  Firewall Issues overview. , 2006 .

[6]  Miron Livny,et al.  CODO: firewall traversal by cooperative on-demand opening , 2005, HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005..

[7]  David Abramson,et al.  REMUS: A Rerouting and Multiplexing System for Grid Connectivity Across Firewalls , 2008, Journal of Grid Computing.

[8]  David Abramson,et al.  Grid Resource Management, Scheduling and Computational Economy , 2000 .

[9]  Jürgen Quittek,et al.  Network Working Group Definitions of Managed Objects for Middlebox Communication , 2022 .

[10]  Jürgen Quittek,et al.  Middlebox Communications (MIDCOM) Protocol Semantics , 2005, RFC.

[11]  David Abramson,et al.  Optimizing tunneled grid connectivity across firewalls , 2009, AusGrid '09.

[12]  Sven Graupner,et al.  Globus Grid and Firewalls: Issues and Solutions in a Utility Data Center Environment , 2002 .

[13]  David Abramson,et al.  Bridging organizational network boundaries on the grid , 2005, The 6th IEEE/ACM International Workshop on Grid Computing, 2005..

[14]  Kees Verstoep,et al.  Wide-area communication for grids: an integrated solution to connectivity, performance and security problems , 2004, Proceedings. 13th IEEE International Symposium on High performance Distributed Computing, 2004..