 |
 |
Hi, Andy! I can't quite see how the setup with one master aviolates security. Yuo secure pool is still protected by a firewall from certian clients. Master only tell a client which pool to use. Absence of this setup, actually, forces people to make all their servers open to world where they may need only few. And, again, in dcache you have only one head node for all your needs, and site hapily deploy it. Artem. On Wed, 1 Feb 2006, Andrew Hanushevsky wrote: > Hi Artem, > > Convenient yes but it also violates the prime security directive here. If > the security need is to keep servers separate then allowing even one to be > shared destroys the whole structure (the weakest link phenomena). The > security team here doesn't like wall paper security. So if you're going to > violate the security policy then overtly do so. This, of course, is not to > say there may be non-security reasons for doing this. Anyway, no you will > need to run two redirectors to keep the server pools truly separate. > > Andy > > ----- Original Message ----- > From: "Artem Trunov" <[log in to unmask]> > To: <[log in to unmask]> > Sent: Wednesday, February 01, 2006 6:44 AM > Subject: xrootd redirection based on client's subnet > > > > Hi Andy et all, > > > > Does xrootd support it? The use case is when you want to have one > > redirector, but kee ptwo separate pools of servers - one for access from > > WNs (servers in IFZ), and another for out of site access (servers in DMZ). > > Then you'd specify selection rools in you olbd config. This is a feature > > of dCache, very convinient. > > > > Artem. > > > > > >