1 / 5

Computing Panel Discussion: SSH Bastion

Computing Panel Discussion: SSH Bastion. Henry Nebrensky Brunel University. 1. Background: “PPD” nodes.

nell-downs
Download Presentation

Computing Panel Discussion: SSH Bastion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computing Panel Discussion:SSH Bastion Henry Nebrensky Brunel University 1 Henry Nebrensky – CM26 – 24 March 2010

  2. Background: “PPD” nodes We had already agreed last year to purchase a number of systems, which will be physically located in a proper computing rack room in RAL PPD (Particle Physics Dept.) under the auspices of their Grid team. PPD will also help with systems administration. Note that PPD are providing these services gratis and on a best-effort basis.(The PPD Grid team is different to PPD IT support) It is hoped to separate the services in PPD into separate virtual machines, to improve security and resilience. 2 Henry Nebrensky – CM26 – 24 March 2010

  3. External Connectivity MICO Slide SSH Bastion Micenet / MLCR Outside World SSH ssh EPICS EPICS Gateway Config Database DB DB API “Web” services PPD-Grid managed DB API eLog EPICS archiver web interface Spare node SSH / web services Grid Transfer Box MICE managed Grid clients PPD-IT supervised heplnw17 SSH ssh + analysis code Who will fix this? 3 Henry Nebrensky – CM26 – 24 March 2010

  4. SSH Bastion (1) An SSH Bastion allows user to: Make onward connections using SSH It might, if asked: allow transfer of files in and out with scp. allow X11 forwarding It is NOT: a way to access data – that’s the Grid a place to run analysis a software development system a way to watch iPlayer from outside the UK... 4 Henry Nebrensky – CM26 – 24 March 2010

  5. SSH Bastion (2) After 6 weeks of pressure from Adam Dobbs, the RAL “Central” Bastions now allow SSH connections to micenet strange-numbered ports X11 forwarding File transfers (by setting up a tunnel) Site VPN and EPICS gateway also provide expert routes in. A MICE specific bastion is slowly being set up in PPD – management of users and their keys still being worked on. It will allow intermediate storage of limited amounts of data for two-step scp transfers. RAL firewall issues untouched. Given the former, DOESN’T THE LATTER LOOK LIKE A SERIOUS WASTE OF TIME? 5 Henry Nebrensky – CM26 – 24 March 2010

More Related