Skip to main content
SpringerLink
Log in

REMUS: A Rerouting and Multiplexing System for Grid Connectivity Across Firewalls

  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

The Grid provides unique opportunities for high-performance computing through distributed applications that execute over multiple remote resources. Participating institutions can form a virtual organization to maximize the utilization of collective resources as well as to facilitate collaborative projects. However, there are two design aspects in distributed environments like the Grid that can easily clash: security and resource sharing. It may be that resources are secure but are not entirely conducive to resource sharing, or networks are wide open for resource sharing but sacrifice security as a result. We developed REMUS, a rerouting and multiplexing system that provides a compromise through connection rerouting and wrappers. REMUS reroutes connections using proxies, ports and protocols that are already authorized across firewalls, avoiding the need to make new openings through the firewalls. We also encapsulate applications within wrappers, transparently rerouting the connections among Grid applications without modifying their programs. In this paper, we describe REMUS and the tests we conducted across firewalls using two Grid middleware case studies: Globus Toolkit 2.4 and Nimrod/G 3.0.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abramson, D., Sosic, R., Giddy, J., Hall, B.: Nimrod: a tool for performing parametised simulations using distributed workstations. In: Proceedings of the 4th IEEE Symposium on High Performance Distributed Computing, Virginia, August 1995

  2. Buyya, R., Abramson, D., Giddy, J.: Nimrod/G: an architecture of a resource management and scheduling system in a global computational Grid. In: Proceedings of HPC Asia 2000, Beijing, China, 14–17 May 2000

  3. Comer, D., Stevens, D.: Internetworking with TCP/IP volume 3: client-server programming and applications. Prentice-Hall, Upper Saddle River (2001)

    Google Scholar 

  4. Inferno Nettverk A/S: Dante—a free SOCKS implementation (Online). http://www.inet.no/dante/. Accessed 2005

  5. Denis, A., Aumage, O., Hofman, R., Verstoep, K., Kielmann, T., Bal, H.E.: Wide-area communication for grids: an integrated solution to connectivity, performance and security problems. In: Proceedings of the 13th IEEE International Symposium on High Performance Distributed Computing (HPDC-13 ‘04), pp. 97–106 (2004)

  6. Dynamic Firewalls Configuration, Ver. 1.0, D-Grid Integrationsprojekt (DGI), Technical Report, (Online). https://www.d-grid.de/fileadmin/user_upload/documents/DGI-FG3–5/FG3–5_Dynamic_Firewalls.pdf. Accessed Feb. 2006

  7. Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational Grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security Conference, pp. 83–92 (1998)

  8. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: enabling scalable virtual organizations. Int. J. Supercomput. Appl. 15(3), 200–222 (2001)

    Article  Google Scholar 

  9. Foster, I., Kesselman, C.: Globus: a metacomputing infrastructure toolkit. Int. J. Supercomput. Appl. High Perform. Comput. 11(2), 115–128 (1997), Summer

    Article  Google Scholar 

  10. Ganguly, A., Agrawal, A., Boykin, P.O., Figueiredo, R.J.: WOW: self-organizing wide area overlay networks of virtual workstations. J. Grid Comput. 5(2), 151–172 (2007)

    Article  Google Scholar 

  11. The Globus Alliance: Globus Toolkit. http://www.globus.org. Accessed 2008

  12. Graupner, S., Reimann, C.: Globus grid and firewalls: issues and solutions in a utility data center environment, Technical report HPL-2002-278. Hewlett-Packard, Palo Alto, 2 October 2002

  13. Green, M.L., Gallo, S.M., Miller, R.: Grid-enabled virtual organization based dynamic firewall. In: Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing (GRID’04), pp. 208–216 (2004)

  14. Hutzelman, J., Salowey, J., Galbraith, J., Welch, V.: Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol, RFC document, IETF (Internet Engineering Task Force). http://www.ietf.org/rfc/rfc4462.txt. Accessed May 2006

  15. Lee, Y.: SOCKS: a protocol for TCP proxy across firewalls, NEC Systems Laboratory (Online). http://archive.socks.permeo.com/protocol/socks4.protocol. Accessed 2005

  16. Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., Jones, L.: SOCKS protocol version 5. IETF RFC 1928. http://tools.ietf.org/html/rfc1928. Accessed March 1996

  17. Mills, W.N. III, Krueger, L., Chiu, W., Halim, N., Hellerstein, J.L., Squillante, M.S.: Metrics for performance tuning of web-based applications. Computer Measurement Group, Turnersville (2000)

    Google Scholar 

  18. Neisse, R., Bosquiroli Almeida, M.J., Granville, L.Z., Rockenbach Tarouco, L.M.: Policies translation for integrated management of grids and networks. In: Liebrock, L.M. (ed.) Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 724–729, March 13–17, Santa Fe, New Mexico. SAC ’05. ACM, New York (2005)

  19. Quittek, J., Stiemerling, M., Srisuresh, P.: Definitions of Managed Objects for Middlebox Communication, Internet-Draft, IETF (Internet Engineering Task Force), October 2006

  20. Rosmanith, H., Kranzlmuller, D.: Glogin - a multifunctional, interactive tunnel into the grid. In: Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing (GRID’04), pp. 266–272 (2004)

  21. Son, S., Allcock, B., Livny, M.: CODO: firewall traversal by cooperative on-demand opening. In: Proceedings of the 14th IEEE Symposium on High Performance Distributed Computing, July 2005

  22. Son, S., Farrellee, M., Livny, M.: a generic proxy mechanism for secure middlebox traversal. In: Proceedings of the IEEE International Conference on Cluster Computing (Cluster 2005). Boston, Massachusetts, USA, 27–30 September 2005

  23. Son, S., Livny, M.: Recovering internet symmetry in distributed computing. In: Proc. 3rd IEEE/ACM International Symposium Cluster Computing and the Grid (CCGrid 2003), pp. 542–549, 12–15 May 2003

  24. Sudholt, W., Baldridge, K., Abramson, D., Enticott, C., Garic, S.: Application of Grid computing to parameter sweeps and optimizations in molecular modelling. In: Zomaya, A. (ed.) Parallel Computing for Bioinformatics, pp. 27–35. Wiley, Hoboken (2006). Also appeared in The International Conference on Computational Sciences (ICCS04), Krakow Poland, 6–9 June 2004

  25. Tan, J., Abramson, D., Enticott, C.: Bridging organizational network boundaries on the Grid. In: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing (Grid 2005). Seattle, Washington, 13–14 November 2005

  26. Tanaka, Y., Hirano, M., Nakada, H., Sekiguchi, S.: Performance evaluation of a firewall-compliant Globus-based wide-area cluster system. In: Proceedings of the IEEE International Symposium on High-Performance Distributed Computing 2000 (HPDC 2000), pp. 121–128, 1–4 August 2000

  27. Thorpe, S.: Online, an email sent to the globus-discuss mailing list about running a GridFTP server behind a NAT firewall. http://www-unix.globus.org/mail_archive/discuss/2005/01/msg00216.html. Accessed January 2005

  28. Welch, V.: Globus Toolkit Firewall Requirements, version 9. The Globus Alliance, (Online). http://www.globus.org/toolkit/security/firewalls/Globus-Firewall-Requirements-9.pdf. Accessed 31 October 2006

  29. Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 proxy certificates for dynamic delegation. In: Proceedings of the 3rd Annual PKI R&D Workshop (2004)

  30. Ylonen, T.: SSH—Secure login connections over the internet. In: Proc. 6th USENIX Security Symposium, San Jose, CA, pp. 37–42, July 1996

Download references

Author information

Authors and Affiliations

  1. Faculty of Information Technology, Monash University, 900 Dandenong Road, Caulfield East, VIC 3145, Australia

    Jefferson Tan, David Abramson & Colin Enticott

Authors
  1. Jefferson Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Abramson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Colin Enticott
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jefferson Tan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Tan, J., Abramson, D. & Enticott, C. REMUS: A Rerouting and Multiplexing System for Grid Connectivity Across Firewalls. J Grid Computing 7, 25–50 (2009). https://doi.org/10.1007/s10723-008-9104-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10723-008-9104-1

Keywords

Search

Navigation