Rerouting Grid Applications Across Firewalls

The Grid refers to “a distributed computing infrastructure for advanced science and engineering” [4]. Grid applications require advanced computations through distributed processing, with an explicit focus on supporting virtual organizations (VOs). By participating in a VO, participating institutions are able to share and coordinate computations, commonly with the Internet as the underlying communication infrastructure. Unfortunately, on the Internet, there is always the risk of unauthorized access or even sabotage to data, transactions or computational resources. Thus, networks on the Internet are usually protected with firewalls and other measures. This presents a dilemma for VO setups since this reduces the level of collaboration that is possible. Furthermore, current Grid applications often assume that network connectivity is mostly unrestricted. Accordingly, a number of virtual organizations have failed because the member sites have security policies that clash, encountering more restrictions than anticipated in the design of their applications. Moreover, since the participants in a VO are autonomous to one another, their network security measures are likewise quite varied. These issues may be taken together as a security interoperability problem [3]. Somewhere in the interconnected networks involved, a mismatch occurs between what is allowed on one end and what is not allowed on the other. We studied the likely scenarios resulting from security interoperability and developed methods that facilitate connectivity for grid application components despite such restrictions. We refer to our project as Remus, in which we are building a rerouting and multiplexing system that enables intra-firewall connectivity while minimizing the need to modify or rebuild either the grid applications or the firewalls. Our solutions are built on a number of standard secure communication protocols such as SSH and SOCKS. We present our experiments here and the results of tests using Globus and the Nimrod/G middleware. We considered three types of conflicts that can hinder communications between two grid application components. A node conflict occurs when security restrictions block connections to the target node at any port. A port conflict occurs when security restrictions block connections to one or more target ports only. We may also find that, while a port conflict exists, there is instead another vacant port available. In such situation, the connection still cannot be made to the intended component until that vacant port is bound to some mechanism that will facilitate communication. We can also encounter a protocol conflict, when a successful connection can be made to the node at a given port but the service listening behind that port is unable to communicate using the protocol expected by the connecting component. We developed solutions that can handle each of those types of conflicts using various tested means through tunneling, port forwarding and communicating by proxy. Remus is also designed to accommodate, as much as possible, the network connections exactly as expected by the grid application components. Furthermore, it is recommended that rerouters use deliberately only those channels that are authorized by existing security policies. We tested the applicability of Remus to Globus [5][6] and Nimrod [1]. Both are middleware that sit above and harness the computational power of several loosely-coupled processors. While Globus provides a generic facility for resource sharing and distributed computations, Nimrod specifically uses distributed resources for the computations of parametric applications [1]. Nimrod/G [2] is the Grid-enabled version of Nimrod that uses various gridmiddleware services that support various standards, such as Globus [5]. Nimrod/G computations are not the same as Globus computations because Nimrod/G uses agents. When Nimrod/G uses remote resources, agents execute in them, allowing Nimrod/G greater flexibility in job management. Nimrod agents coordinate with Nimrod/G server components in order to perform data transfers to download input data or to upload output data. Nimrod agents may J. Tan, D. Abramson and C. Enticott