UFTP High-performance data transfer for UNICORE



Similar documents
File transfer in UNICORE State of the art

Anwendungsintegration und Workflows mit UNICORE 6

UNICORE UFTPD server UNICORE UFTPD SERVER. UNICORE Team

UFTP AUTHENTICATION SERVICE

Websense Content Gateway v7.x: Troubleshooting

Exam Questions SY0-401

A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration

Novell Access Manager SSL Virtual Private Network

Ignify ecommerce. Item Requirements Notes

Enterprise Manager. Version 6.2. Installation Guide

SSL SSL VPN

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Network Configuration Settings

Owner of the content within this article is Written by Marc Grote

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

File Transfer Protocol (FTP) & SSH

CS5008: Internet Computing

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Creating client-server setup with multiple clients

Installing and Configuring vcenter Multi-Hypervisor Manager

GlobalSCAPE DMZ Gateway, v1. User Guide

UNICORE s UNICORECC Toolbox and SDKs

Federated Access to High-Performance Computing and Big Data Resources

Enhancing UNICORE Storage Management using Hadoop

Configuring Security Features of Session Recording

SSL Overview for Resellers

Secure Web Appliance. SSL Intercept

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

Single Sign On for UNICORE command line clients

Mitglied der Helmholtz-Gemeinschaft UNICORE. Uniform Access to JSC Resources. Michael Rambadt, 20.

SecurEnvoy Security Server. SecurMail Solutions Guide

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

F-Secure Messaging Security Gateway. Deployment Guide

Experian Secure Transport Service

Ciphermail Gateway Separate Front-end and Back-end Configuration Guide

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Laptop Backup - Administrator Guide (Windows)

StreamServe Persuasion SP5 StreamStudio

Network Security and Firewall 1

CSCE 465 Computer & Network Security

Directory and File Transfer Services. Chapter 7

Security Guidelines for MapInfo Discovery 1.1

enicq 5 System Administrator s Guide

CareGiver Remote Support Information Technology FAQ

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc.

Solution of Exercise Sheet 5

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

RSA SecurID Ready Implementation Guide

For the protocol access paths listed in the following table, the Sentry firmware actively listens on server ports to provide security for the CDU.

Setting Up Scan to SMB on TaskALFA series MFP s.

Transport Level Security

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

Managing Multi-Hypervisor Environments with vcenter Server

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

Device Log Export ENGLISH

Testing Network Security Using OPNET

Configuring the WT-4 for ftp (Ad-hoc Mode)

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Configuring the WT-4 for ftp (Infrastructure Mode)

BlackBerry Enterprise Service 10. Version: Configuration Guide

1 Introduction: Network Applications

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

JobScheduler Installation by Copying

Step-by-Step Configuration

Globus Striped GridFTP Framework and Server. Raj Kettimuthu, ANL and U. Chicago

Enabling SSL and Client Certificates on the SAP J2EE Engine

Last Updated: July STATISTICA Enterprise Server Security

Securing Networks with PIX and ASA

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

13.1 Backup virtual machines running on VMware ESXi / ESX Server

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

Mitglied der Helmholtz-Gemeinschaft. System monitoring with LLview and the Parallel Tools Platform

Setting Up SSL on IIS6 for MEGA Advisor

Proxy firewalls.

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

SSL VPN. Virtual Private Networks based on Secure Socket Layer. Mario Baldi. Politecnico di Torino. Dipartimento di Automatica e Informatica

White Paper. Securing and Integrating File Transfers Over the Internet

Computer Networks. Secure Systems

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

UNICORE REGISTRY MANUAL

Network setup and troubleshooting

Introduction to Endpoint Security

Chapter 2 Editor s Note:

FTP, IIS, and Firewall Reference and Troubleshooting

openft Enterprise File Transfer Copyright 2011 FUJITSU

On Enabling Hydrodynamics Data Analysis of Analytical Ultracentrifugation Experiments

INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access

Application Security Policy

RevShield Software Suite Network Security Review


TLS and SRTP for Skype Connect. Technical Datasheet

Chapter 11 Phase 5: Covering Tracks and Hiding

VoIPon Tel: +44 (0) Fax: +44 (0)

Installing and Configuring Websense Content Gateway

Transcription:

Mitglied der Helmholtz-Gemeinschaft UFTP High-performance data transfer for UNICORE Dr. Bernd Schuller, Tim Pohlmann Federated Systems and Data division Jülich Supercomputer Centre Forschungszentrum Jülich GmbH July 8, 2011 UNICORE Summit, Toruń

Outline Filetransfer in UNICORE UFTP Outlook Principles Deployment Examples July 8, 2011, UNICORE Summit, Toruń Slide 2

Storages, Jobs and Data HOME, TMP,... Server-to-server data movement HOME, TMP,... UNICORE Server Local Filespace Import & Export Job directories Job data staging HTTP GridFTP FTP... Client UNICORE Server UNICORE Server July 8, 2011, UNICORE Summit, Toruń Slide 3

Data flows using the BFT data transfer BFT import/export requires three socket connections Other clients commandline client Eclipsebased client BFT staging requires four socket connections scientific clients and applications Gateway authentication, firewall transversal UNICORE basic services UNICORE basic services UNICORE services Target System Interface Target System Interface Local RMS (e.g. Torque, LL, LSF, etc.) Local RMS (e.g. Torque, LL, LSF, etc.) access to data and management of computational jobs July 8, 2011, UNICORE Summit, Toruń

Ideal data flow Import/export without extra socket connections Other clients commandline client Eclipsebased client scientific clients and applications staging without extra socket connections Target System Interface Target System Interface Local RMS (e.g. Torque, LL, LSF, etc.) Local RMS (e.g. Torque, LL, LSF, etc.) access to data and management of computational jobs July 8, 2011, UNICORE Summit, Toruń

Issues with direct data transfer Firewall! Direct connections from the outside to the TSI login node are usually not allowed Statically opening ports (or worse, port ranges) is a security risk Port opening technique is required UDP based hole punching (like Skype), but UDP is not directly suited for file transfer TCP based: passive FTP is widely understood, but considered insecure July 8, 2011, UNICORE Summit, Toruń Slide 6

Basic idea: use passive FTP to open ports Client 1. PASV Firewall 5432 2. open 5432 for Client 3. connect to port 5432 Server FTP port data port 5432 4. close control connection 5. close 5432 July 8, 2011, UNICORE Summit, Toruń Slide 7

UFTP: combining passive FTP and UNICORE FTP by itself is insecure: Users log in using username/password UNICORE provides a highly secure channel from client to server which is used for additional security measures: File transfers are always initiated via UNICORE Client must authenticate using a secret that is exchanged via UNICORE Requires an secure command port in addition to the FTP port July 8, 2011, UNICORE Summit, Toruń Slide 8

UFTP deployment other UNICORE servers commandline client Eclipsebased client UFTP support since version 6.4.1 pseudo FTP listen UNICORE/X commands CMD UFTPD UNICORE/X server UFTP support since version 6.4.1 TSI Cluster login node Local RMS (e.g. Torque, LL, LSF, etc.) July 8, 2011, UNICORE Summit, Toruń

File transfer using UFTP Client uftp-client 1. Create transfer 3. get filetransfer properties (uftp host and port, # of streams) 4. Upload/download Firewall UNICORE/X 2. init uftpd Init information sent via command channel includes: - client IP - file name - authn secret - optional encryption key File system Slide 10

Security challenges and their resolution uftpd server runs with root privileges (because it needs to access files from all users) Switch effective user/group ID before file access Sending commands via the Command channel allows local users to read/write files under any user ID Command port not accessible outside the firewall Protect it using client authenticated SSL and ACL file Attacker might connect to the newly opened sockets on the uftpd server Client IP is checked, and a secret key is required for authentication Data channels might be sniffed Optional symmetric encryption (64 bit key, blowfish algorithm) July 8, 2011, UNICORE Summit, Toruń Slide 11

Using UFTP from UCC optionally add UFTP related preferences uftp.client.host=localhost uftp.streams=2 uftp.encryption=false Specify the protocol in file operations >ucc put file s /home/... t https://... P UFTP Specify the protocol in your UCC job { Imports: [ { From: u6://...?protocol=uftp, To: }, ], } July 8, 2011, UNICORE Summit, Toruń Slide 12

140 UFTP performance: example 120 Transfer rate (MB/sec) 100 80 60 40 20 UFTP UFTP encrypted BFT 0 0 50 100 150 200 250 300 350 400 File size (MB) Localhost system, Core 2, 4GB memory UNICORE 6.4.1 with Perl TSI UFTP 1.0.0, 2 streams > ucc put file s /home/... t https://... P UFTP y July 8, 2011, UNICORE Summit, Toruń Slide 13

UFTP: a high-performance data transfer for UNICORE UNICORE FTP (yes, think of "Grid- (rather Globus-)FTP ) Multiple parallel TCP connections per data transfer Client-Server, Server-Server Secure, simple, easy to deploy and operate Dynamically open ports in the firewall using the FTP protocol Platform independent (Java) Widely available with UNICORE version 6.4.1 as rpm, deb, tar.gz thanks to pac(k)man July 8, 2011, UNICORE Summit, Toruń Slide 14

Outlook Deployment in realistic environments (DEISA/PRACE and others) URC support (coming soon!) Workflow system support (current version is still 6.3.x) Performance testing Enhancements Support multi-homed servers Experiment with buffer sizes Other uses of the FTP trick not related to data transfer? E.g. when setting up (cloudy, virtual, ) systems dynamically? July 8, 2011, UNICORE Summit, Toruń Slide 15

Thanks for early testing and feedback on UFTP Krzysztof Benedyczak Michael Rambadt, Michael Stephan, Björn Hagemeier and thank you for your attention! July 8, 2011, UNICORE Summit, Toruń Slide 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information