Hi Bob,
ATLAS production is halted due to DQ2's inability to move data to sites.
Panda team and BNL are now proposing to move data around using a new
component of Panda, the PandaMover, as a complimentary (or replacement,
depend on your view).
PandaMover runs at BNL and needs write access to Tier 2 site's Local
Replica Catalog (LRC) database via web services. John Bartelt had
successfully tested a technique that uses a well maintained Apache
server as a front end proxy. The proxy:
1) only forwards a pre-defined set up URLs to the actual ATLAS LRC web
server (GET and POST)
2) only provides service to a pre-defined set of outside IP addresses.
Does this satisfy to security concern of opening ATLAS Tier 2
production web services to (pre-defined) outside IP addresses?
regards,
--
Wei Yang | [log in to unmask] | 650-926-3338(O)
|