 |
 |
Hi Wei, Do you know if PandaMover was conceived/designed in conjunction with security input or is it a case of "here is something that may address security concerns"? Anything else about PandaMover that we should know about? Does data actually go through it or is it simply dealing with the catalog? Is it only for production or will user requested files go through it as well? Maybe it has been extensively tested and will just work transparently for everyone, but some of us are a bit paranoid. Cheers. Charlie -- Charles C. Young M.S. 43, Stanford Linear Accelerator Center P.O. Box 20450 Stanford, CA 94309 [log in to unmask] voice (650) 926 2669 fax (650) 926 2923 CERN GSM +41 76 487 2069 > -----Original Message----- > From: [log in to unmask] > [mailto:[log in to unmask]] On > Behalf Of Wei Yang > Sent: Tuesday, September 25, 2007 1:25 PM > To: atlas-sccs-planning-l; Cowles, Robert D. > Subject: security issues with ATLAS PandaMover > > Hi Bob, > > ATLAS production is halted due to DQ2's inability to move > data to sites. > > Panda team and BNL are now proposing to move data around > using a new component of Panda, the PandaMover, as a > complimentary (or replacement, depend on your view). > > PandaMover runs at BNL and needs write access to Tier 2 > site's Local Replica Catalog (LRC) database via web services. > John Bartelt had successfully tested a technique that uses a > well maintained Apache server as a front end proxy. The proxy: > > 1) only forwards a pre-defined set up URLs to the actual > ATLAS LRC web server (GET and POST) > 2) only provides service to a pre-defined set of outside IP addresses. > > Does this satisfy to security concern of opening ATLAS Tier > 2 production web services to (pre-defined) outside IP addresses? > > regards, > > -- > Wei Yang | [log in to unmask] | 650-926-3338(O) >