Information Technology Reference
In-Depth Information
10. User activity at the site
11. Historical system availability data
4. Always use encrypted data streams and se-
cure protocols to send information, instead
of using clear text. Many OSG services,
such as Gratia or Syslog-ng, offer both SSL
and clear-text options to send data to their
respective collectors. Sites should always
use the former, when given a choice.
While much of this data is very important to
users and VOs on the grid, and essential in cre-
ating a robust and flexible grid architecture, it is
important to design the systems that publish this
information such that they can support the desired
level of protection for the data. In other words,
information should be restricted to legitimate users
of the grid, and sites should have ultimate control
over what information they wish to publish, and
at what level of detail.
RECOMMENDATIONS FOR
DATA PROTECTION
Additionally, it is in the best interest of the grid
provider (OSG), to provide methods for protect-
ing this data. This protection must happen in
multiple ways:
RECOMMENDED GRID
MIDDLEWARE CONFIGURATION
1. All grid infrastructure software that transmits
or collects data from public networks should
support secure and encrypted communica-
tion protocols.
2. The software design should allow sites to
override arbitrary attributes being published.
3. Information collectors should endeavor to
authenticate the machines that publish site
data - only machines whose identities can be
verified should be allowed to publish their
information. This prevents third parties from
publishing fake or invalid data for a given
site. GSI host certificates are an effective
way to achieve this kind of authentication.
CEMon already uses this, and the model
could easily be extended to other OSG col-
lection services.
4. Use of grid certificates to restrict access to
data where possible. Web servers should at-
tempt to verify the identity of the user before
allowing access to grid resource information.
Current technologies, (e.g. mod_gridsite
(“Gridsite,”) for Apache based web servers)
provide the ability to control access based
on the user certificates. Additionally, this
information could be restricted along VO
While software may evolve, and the specific
methods for configuring software may change, the
general goals for proper middleware configuration
remain the same. The following recommendations
will help provide some amount of control to sites
that wish to protect sensitive data:
1. Override attributes that are considered sensi-
tive with alternate values that can convey the
equivalent information. For example the GIP
allows named attributes to be overwritten
by specifying them in a special file (alter-
attributes.txt). This could allow a site to
replace detailed software levels with more
generic information.
2. Use site level collectors for multi-resource
sites. This will allow the site to filter sensi-
tive data at this level before forwarding it to
OSG. Syslog-ng is designed with this sort
of architecture in mind.
3. Turn down level of detail for the published
information to the minimum required -
during troubleshooting efforts, this can be
turned up for more diagnostic information.
This limits the overall exposure of the site.
Search WWH ::
Custom Search