 |
 |
Great, thank you Andy/Wei. The doc is what I needed. Overlooked it (I see it's rather recent, from last June)... Al ________________________________________________ Albert L. Rossi Senior Software Developer Scientific Computing Division, Scientific Data Services, Distributed Data Development FCC 229A Mail Station 369 (FCC 2W) Fermi National Accelerator Laboratory Batavia, IL 60510 (630) 840-3023 ________________________________ From: [log in to unmask] via RT <[log in to unmask]> Sent: Monday, April 11, 2022 2:36 PM To: [log in to unmask] <[log in to unmask]> Cc: [log in to unmask] <[log in to unmask]>; [log in to unmask] <[log in to unmask]>; Dmitry O Litvintsev <[log in to unmask]>; [log in to unmask] <[log in to unmask]> Subject: [www.dcache.org #10314] Re: data server behind firewall ********************************************************************************* This is an automated mail to inform you about a ticket update. When replying do not change the squared brackets part in the subject line. Type your text above this box and S T R I P P R E V I O U S M A I L S please!! ********************************************************************************* We also have a doc on how to setup (mostly for experienced folks like you:-) at https://urldefense.proofpoint.com/v2/url?u=https-3A__xrootd-2Dhowto.readthedocs.io&d=DwIDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=EbyrBviScQRrxk58MJGeDGS2oDjpLa-O0RiJo3PqmdjngZXJIrtEwKf_j96GDF2N&s=ORB_eU8SIo5aevLN_nBfre0FWYjEDPO4enEaxNQsmcw&e= -- Wei ________________________________________ From: [log in to unmask] <[log in to unmask]> on behalf of Andrew Hanushevsky <[log in to unmask]> Sent: Monday, April 11, 2022 12:21 PM To: Albert Rossi Cc: xrootd-dev; Dmitry O Litvintsev; Tigran Mkrtchyan via RT Subject: Re: data server behind firewall Hi Albert, Indeed, only a proxy server would work here. The only other option is to open up the xroot port in the firewall. Some, sites prefer that option since xroot protocol is rarely if ever exploited unlike other protocols. The particular reference is: https://urldefense.proofpoint.com/v2/url?u=https-3A__xrootd.slac.stanford.edu_doc_dev53_pss-5Fconfig.htm&d=DwIDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=EbyrBviScQRrxk58MJGeDGS2oDjpLa-O0RiJo3PqmdjngZXJIrtEwKf_j96GDF2N&s=e2Pc0i3ch1V8V5fuhcJpSrOIHSQzYyHm066QicpTDww&e= Andy On Mon, 11 Apr 2022, Albert Rossi wrote: > Hi Andy (et al.), > > A quick question. > > What are the options offered by xrootd for deployment or configuration when all data servers are behind a firewall which blocks all direct access by clients on an external network? > > Section 4.2 of the configuration documentation<https://urldefense.proofpoint.com/v2/url?u=https-3A__xrootd.slac.stanford.edu_doc_dev55_xrd-5Fconfig.htm-23-5FToc88513970&d=DwIDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=EbyrBviScQRrxk58MJGeDGS2oDjpLa-O0RiJo3PqmdjngZXJIrtEwKf_j96GDF2N&s=YJUFg9-cGEWzw_2eCGuy8-CoeTvGiBBYKaJ082Hn_Mk&e= > seems to suggest a proxy server would be necessary in this case. Is that correct? > > If so, what exactly does this proxy server do, and how is it set up? > > Thanks, > > Al > > ________________________________________________ > Albert L. Rossi > Senior Software Developer > Scientific Computing Division, Scientific Data Services, Distributed Data Development > FCC 229A > Mail Station 369 (FCC 2W) > Fermi National Accelerator Laboratory > Batavia, IL 60510 > (630) 840-3023 > > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-DEV list, click the following link: > https://urldefense.proofpoint.com/v2/url?u=https-3A__listserv.slac.stanford.edu_cgi-2Dbin_wa-3FSUBED1-3DXROOTD-2DDEV-26A-3D1&d=DwIDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=EbyrBviScQRrxk58MJGeDGS2oDjpLa-O0RiJo3PqmdjngZXJIrtEwKf_j96GDF2N&s=PWVv2eund4EaBEICaj6d_FQc8uw8Bzp4gBGGUXCAtAQ&e= > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://urldefense.proofpoint.com/v2/url?u=https-3A__listserv.slac.stanford.edu_cgi-2Dbin_wa-3FSUBED1-3DXROOTD-2DDEV-26A-3D1&d=DwIDaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=60rQ0HHqHmEY1P6VSdyuTQ&m=EbyrBviScQRrxk58MJGeDGS2oDjpLa-O0RiJo3PqmdjngZXJIrtEwKf_j96GDF2N&s=PWVv2eund4EaBEICaj6d_FQc8uw8Bzp4gBGGUXCAtAQ&e= ********************************************************************************* The Provider of this service, in the legal sense, the Deutsche Elektronen- Synchrotron DESY. Handling personal information: DESY takes the protection of personal information seriously. DESY undertakes to protect the private sphere of all persons using its services and to treat any personal information provided in strictest confidence. The information is solely used for the respective purposes given and will not be passed on to third parties. It will be deleted as soon as it has served the given purpose. More info: https://www.desy.de/data_privacy_policy/index_eng.html ********************************************************************************* ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1