Abstract
The Grid provides unique opportunities for high-performance computing through distributed applications that execute over multiple remote resources. Participating institutions can form a virtual organization to maximize the utilization of collective resources as well as to facilitate collaborative projects. However, there are two design aspects in distributed environments like the Grid that can easily clash: security and resource sharing. It may be that resources are secure but are not entirely conducive to resource sharing, or networks are wide open for resource sharing but sacrifice security as a result. We developed REMUS, a rerouting and multiplexing system that provides a compromise through connection rerouting and wrappers. REMUS reroutes connections using proxies, ports and protocols that are already authorized across firewalls, avoiding the need to make new openings through the firewalls. We also encapsulate applications within wrappers, transparently rerouting the connections among Grid applications without modifying their programs. In this paper, we describe REMUS and the tests we conducted across firewalls using two Grid middleware case studies: Globus Toolkit 2.4 and Nimrod/G 3.0.
Similar content being viewed by others
References
Abramson, D., Sosic, R., Giddy, J., Hall, B.: Nimrod: a tool for performing parametised simulations using distributed workstations. In: Proceedings of the 4th IEEE Symposium on High Performance Distributed Computing, Virginia, August 1995
Buyya, R., Abramson, D., Giddy, J.: Nimrod/G: an architecture of a resource management and scheduling system in a global computational Grid. In: Proceedings of HPC Asia 2000, Beijing, China, 14–17 May 2000
Comer, D., Stevens, D.: Internetworking with TCP/IP volume 3: client-server programming and applications. Prentice-Hall, Upper Saddle River (2001)
Inferno Nettverk A/S: Dante—a free SOCKS implementation (Online). http://www.inet.no/dante/. Accessed 2005
Denis, A., Aumage, O., Hofman, R., Verstoep, K., Kielmann, T., Bal, H.E.: Wide-area communication for grids: an integrated solution to connectivity, performance and security problems. In: Proceedings of the 13th IEEE International Symposium on High Performance Distributed Computing (HPDC-13 ‘04), pp. 97–106 (2004)
Dynamic Firewalls Configuration, Ver. 1.0, D-Grid Integrationsprojekt (DGI), Technical Report, (Online). https://www.d-grid.de/fileadmin/user_upload/documents/DGI-FG3–5/FG3–5_Dynamic_Firewalls.pdf. Accessed Feb. 2006
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational Grids. In: Proceedings of the 5th ACM Conference on Computer and Communications Security Conference, pp. 83–92 (1998)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: enabling scalable virtual organizations. Int. J. Supercomput. Appl. 15(3), 200–222 (2001)
Foster, I., Kesselman, C.: Globus: a metacomputing infrastructure toolkit. Int. J. Supercomput. Appl. High Perform. Comput. 11(2), 115–128 (1997), Summer
Ganguly, A., Agrawal, A., Boykin, P.O., Figueiredo, R.J.: WOW: self-organizing wide area overlay networks of virtual workstations. J. Grid Comput. 5(2), 151–172 (2007)
The Globus Alliance: Globus Toolkit. http://www.globus.org. Accessed 2008
Graupner, S., Reimann, C.: Globus grid and firewalls: issues and solutions in a utility data center environment, Technical report HPL-2002-278. Hewlett-Packard, Palo Alto, 2 October 2002
Green, M.L., Gallo, S.M., Miller, R.: Grid-enabled virtual organization based dynamic firewall. In: Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing (GRID’04), pp. 208–216 (2004)
Hutzelman, J., Salowey, J., Galbraith, J., Welch, V.: Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol, RFC document, IETF (Internet Engineering Task Force). http://www.ietf.org/rfc/rfc4462.txt. Accessed May 2006
Lee, Y.: SOCKS: a protocol for TCP proxy across firewalls, NEC Systems Laboratory (Online). http://archive.socks.permeo.com/protocol/socks4.protocol. Accessed 2005
Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D., Jones, L.: SOCKS protocol version 5. IETF RFC 1928. http://tools.ietf.org/html/rfc1928. Accessed March 1996
Mills, W.N. III, Krueger, L., Chiu, W., Halim, N., Hellerstein, J.L., Squillante, M.S.: Metrics for performance tuning of web-based applications. Computer Measurement Group, Turnersville (2000)
Neisse, R., Bosquiroli Almeida, M.J., Granville, L.Z., Rockenbach Tarouco, L.M.: Policies translation for integrated management of grids and networks. In: Liebrock, L.M. (ed.) Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 724–729, March 13–17, Santa Fe, New Mexico. SAC ’05. ACM, New York (2005)
Quittek, J., Stiemerling, M., Srisuresh, P.: Definitions of Managed Objects for Middlebox Communication, Internet-Draft, IETF (Internet Engineering Task Force), October 2006
Rosmanith, H., Kranzlmuller, D.: Glogin - a multifunctional, interactive tunnel into the grid. In: Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing (GRID’04), pp. 266–272 (2004)
Son, S., Allcock, B., Livny, M.: CODO: firewall traversal by cooperative on-demand opening. In: Proceedings of the 14th IEEE Symposium on High Performance Distributed Computing, July 2005
Son, S., Farrellee, M., Livny, M.: a generic proxy mechanism for secure middlebox traversal. In: Proceedings of the IEEE International Conference on Cluster Computing (Cluster 2005). Boston, Massachusetts, USA, 27–30 September 2005
Son, S., Livny, M.: Recovering internet symmetry in distributed computing. In: Proc. 3rd IEEE/ACM International Symposium Cluster Computing and the Grid (CCGrid 2003), pp. 542–549, 12–15 May 2003
Sudholt, W., Baldridge, K., Abramson, D., Enticott, C., Garic, S.: Application of Grid computing to parameter sweeps and optimizations in molecular modelling. In: Zomaya, A. (ed.) Parallel Computing for Bioinformatics, pp. 27–35. Wiley, Hoboken (2006). Also appeared in The International Conference on Computational Sciences (ICCS04), Krakow Poland, 6–9 June 2004
Tan, J., Abramson, D., Enticott, C.: Bridging organizational network boundaries on the Grid. In: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing (Grid 2005). Seattle, Washington, 13–14 November 2005
Tanaka, Y., Hirano, M., Nakada, H., Sekiguchi, S.: Performance evaluation of a firewall-compliant Globus-based wide-area cluster system. In: Proceedings of the IEEE International Symposium on High-Performance Distributed Computing 2000 (HPDC 2000), pp. 121–128, 1–4 August 2000
Thorpe, S.: Online, an email sent to the globus-discuss mailing list about running a GridFTP server behind a NAT firewall. http://www-unix.globus.org/mail_archive/discuss/2005/01/msg00216.html. Accessed January 2005
Welch, V.: Globus Toolkit Firewall Requirements, version 9. The Globus Alliance, (Online). http://www.globus.org/toolkit/security/firewalls/Globus-Firewall-Requirements-9.pdf. Accessed 31 October 2006
Welch, V., Foster, I., Kesselman, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 proxy certificates for dynamic delegation. In: Proceedings of the 3rd Annual PKI R&D Workshop (2004)
Ylonen, T.: SSH—Secure login connections over the internet. In: Proc. 6th USENIX Security Symposium, San Jose, CA, pp. 37–42, July 1996
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Tan, J., Abramson, D. & Enticott, C. REMUS: A Rerouting and Multiplexing System for Grid Connectivity Across Firewalls. J Grid Computing 7, 25–50 (2009). https://doi.org/10.1007/s10723-008-9104-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10723-008-9104-1