50 likes | 151 Views
Computing Panel Discussion: SSH Bastion. Henry Nebrensky Brunel University. 1. Background: “PPD” nodes.
E N D
Computing Panel Discussion:SSH Bastion Henry Nebrensky Brunel University 1 Henry Nebrensky – CM26 – 24 March 2010
Background: “PPD” nodes We had already agreed last year to purchase a number of systems, which will be physically located in a proper computing rack room in RAL PPD (Particle Physics Dept.) under the auspices of their Grid team. PPD will also help with systems administration. Note that PPD are providing these services gratis and on a best-effort basis.(The PPD Grid team is different to PPD IT support) It is hoped to separate the services in PPD into separate virtual machines, to improve security and resilience. 2 Henry Nebrensky – CM26 – 24 March 2010
External Connectivity MICO Slide SSH Bastion Micenet / MLCR Outside World SSH ssh EPICS EPICS Gateway Config Database DB DB API “Web” services PPD-Grid managed DB API eLog EPICS archiver web interface Spare node SSH / web services Grid Transfer Box MICE managed Grid clients PPD-IT supervised heplnw17 SSH ssh + analysis code Who will fix this? 3 Henry Nebrensky – CM26 – 24 March 2010
SSH Bastion (1) An SSH Bastion allows user to: Make onward connections using SSH It might, if asked: allow transfer of files in and out with scp. allow X11 forwarding It is NOT: a way to access data – that’s the Grid a place to run analysis a software development system a way to watch iPlayer from outside the UK... 4 Henry Nebrensky – CM26 – 24 March 2010
SSH Bastion (2) After 6 weeks of pressure from Adam Dobbs, the RAL “Central” Bastions now allow SSH connections to micenet strange-numbered ports X11 forwarding File transfers (by setting up a tunnel) Site VPN and EPICS gateway also provide expert routes in. A MICE specific bastion is slowly being set up in PPD – management of users and their keys still being worked on. It will allow intermediate storage of limited amounts of data for two-step scp transfers. RAL firewall issues untouched. Given the former, DOESN’T THE LATTER LOOK LIKE A SERIOUS WASTE OF TIME? 5 Henry Nebrensky – CM26 – 24 March 2010