Poster by: Jeff Tan, Caulfield School of I.T., Monash University.

When an organization joins the Grid, it is likely that firewall issues are encountered. It is natural for organizational networks to be secure against threats coming from over the Internet. A common approach is to block all access by default except for key services.

Grid connectivity can involve a huge number of ports. For example, Globus requires two or three service ports open for incoming requests, as well as 10 or 20 extra ports open for the transactions of each simultaneous user. It may not be an option for security administrators to refuse these additional port openings. On the other hand, surrendering too many openings, which compromises security, appears to be the norm.

The poster presentation will describe two general solutions that balances the need for security with the need for Grid connectivity.

We will also present an architectural solution that should effectively bring both approaches within one framework, in order to accommodate different scenarios where one or the other approach is inappropriate.