|
| | | |
Optimizing Tunneled Grid Connectivity across Firewalls
Tan, J., Abramson, D. and Enticott, C.
Grids today generally assume that concurrent network
connections are possible among many processors attached
to high-capacity networks. However, inter-network
boundaries dividing independent institutions often have
firewalls, typically to restrict how many and which ports
are accessible. In some cases, ports are opened
indefinitely for Grid applications, but this compromises
security significantly. On the other hand, solutions that
manage port openings in an ad-hoc manner for
applications are non-trivial to implement. An alternative
firewall traversal technique is required that will provide
manageable openings with less complexity involved. This
is possible through proxies and managed tunnels using
ports already authorized across the firewalls. We have
developed a transparent connectivity mechanism for this,
called Remus, which reroutes Grid connections through a
tunnel on ports allowed across firewalls. However, a
single tunnel presents a performance bottleneck. In this
paper, we present the method by which Remus distributes
several connections over multiple tunnels, improving
throughput as a result. Rerouting wrappers hide the
tunneling from applications, intercepting outgoing
connections and rerouting them transparently. Wellknown
and mature tools and protocols, such as SSH
and/or SOCKS, are utilized, instead of imposing
customized, non-standard mechanisms. Results of our
experiments are also presented for large file transfers over
a Globus-based Grid that uses Remus. |
Cite as: Tan, J., Abramson, D. and Enticott, C. (2009). Optimizing Tunneled Grid Connectivity across Firewalls. In Proc. Seventh Australasian Symposium on Grid Computing and e-Research (AusGrid 2009), Wellington, New Zealand. CRPIT, 99. Roe, P. and Kelly, W., Eds. ACS. 21-27. |
(from crpit.com)
(local if available)
|
|