A User-level Secure Grid File System

Size: px
Start display at page:

Download "A User-level Secure Grid File System"

Transcription

1 A User-level Secure Grid File System Ming Zhao, Renato J. Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer Engineering University of Florida {ming, Advanced Computing and Information Systems laboratory

2 Motivations Need for secure grid file systems Support for unmodified applications, fine-grained data sharing Support for strong, flexible and grid-compatible security Virtual machines Genome sequence alignment Public data no need for privacy Interactive development DOMAIN A Sparse file access Commercial application DOMAIN B WAN Limited mutual trust insecure network Fine-grained data sharing Genome sequence alignment DOMAIN C Highly confidential need strong encryption DOMAIN D 2 Ming Zhao, SC 07

3 Overview Goal Secure DFS-based grid data management Approach A user-level secure grid file system Contributions: Secure and efficient grid data access Secure services for management and configuration Support for unmodified applications and O/Ss Flexible configurations based on application needs Compatible with widely-accepted grid security infrastructure 3 Ming Zhao, SC 07

4 Outline Background Architecture Secure GFS-based data access Secure service-based management Implementation Secure Remote Procedure Calls GSI-based GFS Grid file access control GSI-based management services Performance Summary 4 Ming Zhao, SC 07

5 Background Grid File System (GFS, a.k.a. GVFS) User-level virtualization of distributed file systems via proxies Leverages widely deployed O/S clients and servers (NFS V3) Proxies control authentication, authorization, identity mapping Per session security configuration and enforcement Export /GFS/X to O/S client client GFS I server O/S server Map 1000:1000 <-> 100:100 C1 X s job UID 1000 GID 1000 WAN GFS II server user data Export /GFS/Y to Y@C2 Map 2000:2000 <-> 100:100 /GFS UID 100 GID 100 S O/S client client C2 Y s job UID 2000 GID 2000 R. Figueiredo, et al., Seamless Access to Decentralized Storage Services in Computational Grids via a Virtual File System, Cluster Computing, Ming Zhao, SC 07

6 Background Data Management Services Middleware for controlling the lifecycles and configurations of GFSs File System Service (FSS) Controls local proxies to establish and configure GFSs Data Scheduler Service (DSS) Schedules and customizes GFSs through interactions with FSSs C1 FSS Job $ GFS I FSS DSS data C2 FSS Job $ GFS II M. Zhao, et al., Supporting Application-Tailored Grid File System Sessions with WSRF-Based Services, HPDC, Ming Zhao, SC 07 S

7 Secure GFS-based Data Access Based on Transport Level Security (TLS) Efficient end-to-end secure channel for remote procedure calls (RPC) Grid user s () certificate is used for authentication and authorization Shared key is negotiated for encryption of GFS traffic Digital signature or MAC is used for integrity checking Grid-style ACL associates file access permissions with grid user identity Flexible and customizable security policies and mechanisms per GFS X s certificate RPC/TLS Access control C X s job WAN user data /GFS/X S 7 Ming Zhao, SC 07

8 Secure Service-based Management Based on Message Level Security (MLS) Protection of messages in service-level interactions (SOAP) Support for security cooperation with other middleware services Grid user or service authenticates with DSS using the user s certificate Authorization is done by checking an ACL or a dedicated service FSS controls client to use the user s certificate to set up GFS DSS FSS SOAP/WS-Security FSS X s certificate RPC/TLS Access control C X s job WAN user data /GFS/X S 8 Ming Zhao, SC 07

9 Secure RPC Based on Socket Layer Security (SSL/TLS) Efficient implementations and successful deployments Support for full-featured security and a wide range of algorithms Transparent protection of GFS traffic GFSs are set up on per-user/application basis SSL-enabled secure RPC library (SRPC) We have developed it based on TI-RPC and OpenSSL API examples clnt_tli_ssl_create(......, struct security_context) svc_tli_ssl_create(......, struct security_context) Security configurations are defined in the security_context struct Generic secure RPC support, no need for system-level changes 9 Ming Zhao, SC 07

10 GSI-based File System Proxy Enhancements Uses SRPC library for secure communications Parses and validates GSI (Grid Security Infrastructure) certificates for authentication and authorization Configurations Defined in a configuration file used by users or services Security policies, algorithms, and parameters Support for dynamic reconfigurations Change of security policies Reload of certificates Renegotiation of session keys 10 Ming Zhao, SC 07

11 Grid File Access Control Per-GFS gridmap file Per file system access control Maps grid user identities to local user accounts A grid users gains the same file access permissions as the mapped local user Per-file/directory ACL file Per file/directory access control Stored as a protected hidden file:.filename.acl Contains pairs of grid user identity and access permission bitmask Leverages NFS ACCESS RPCs for checking ACL files and returning access permission bitmasks 11 Ming Zhao, SC 07

12 GSI-based Management Services Based on Web service standards Services based on WSRF (Web Service Resource Framework) Managing GFS states as resources Service-level security based on WS-Security Signing and verifying SOAP messages Implemented with WSRF::Lite Interoperable with other middleware services Grid file access control Uses ACLs stored in database Creates gridmap or ACL files for proxies Leverages dedicated security services E.g. Community authorization service 12 Ming Zhao, SC 07

13 Experimental Setup File system clients and servers Virtual machines Hosted on cluster nodes (3.2GHz hyperthreaded Xeon CPUs, 4GB memory) Network LAN Gigabit Ethernet WAN Emulated with NIST Net Benchmarks File system benchmarks IOzone, Postmark Applications Software development, scientific computing 13 Ming Zhao, SC 07

14 IOzone Intensive sequential reads LAN No client-side caching, no server-side disk accesses Configurations NFS V3/V4 Native, unsecured NFS GFS Unsecured GFS GFS-SSH SSH tunneling of GFS SGFS sgfs-aes: AES-256bit, SHA1-HMAC sgfs-rc: RC4-128bit, SHA1-HMAC sgfs-sha: SHA1-HMAC Runtime (second) Performance LAN sgfs-rc nfs-v3 nfs-v4 gfs sgfssha sgfsaes gfsssh 2-fold overhead for user-level security Stronger security sacrifices more performance sgfs-aes is used for the following study 14 Ming Zhao, SC 07

15 Postmark Simulates workloads from s, news, Web commerce Creation, transaction, deletion Intensive small reads/writes and metadata updates Performance GFS outperforms native NFS (by using aggressive attributes caching) Speedup increases as network latency grows 60 creation transaction deletion 1200 nfs-v3 sgfs Runtime (second) Runtime (second) nfs-v3 nfs-v4 sgfs gfs-ssh Network RTT (ms) LAN WAN 15 Ming Zhao, SC 07

16 Modified Andrew Benchmark Models software development process Copy, stat, search, compile Uses a larger workload than the original Andrew benchmark Performance Very close to native NFS on LAN Significant speedups on WAN (by using disk caching for attributes and data) Runtime (second) copy stat search compile LAN WAN (40ms RTT) nfs-v3 sgfs nfs-v3 sgfs Ming Zhao, SC 07

17 Seismic Models computing and data intensive scientific applications Phase 1: generate a large output file Phase 2, 3, 4: process data Performance Very close to native NFS on LAN Significant speedups on WAN (by using disk caching with write-back) phase 1 phase 2 phase 3 phase 4 LAN WAN(40ms RTT) 1021 Runtime (second) nfs-v3 sgfs nfs-v3 sgfs 17 Ming Zhao, SC 07

18 Related Work Security in distributed file systems NFS (V2, V3) NFS (V4), GridNFS AFS (OpenAFS, Coda) SGFS supports unmodified O/Ss, strong security for grid data access, and flexible application-tailored configurations Security in grid data management Globus Legion Condor SGFS combines the advantages of TLS and MLS, and is compatible with existing grid systems based on GSI 18 Ming Zhao, SC 07

19 Summary Problem Secure DFSs for grid data management Solution A user-level secure grid file system Strong and compatible security for grid data access Seamless support and flexible customization for applications Convenient integration with grid resources and systems Future work User-level cryptographic functions for protection of data storage 19 Ming Zhao, SC 07

20 Acknowledgments In-VIGO team Sponsors NSF IBM SUR DURIP Questions? 20 Ming Zhao, SC 07

Supporting Application- Tailored Grid File System Sessions with WSRF-Based Services

Supporting Application- Tailored Grid File System Sessions with WSRF-Based Services Supporting Application- Tailored Grid File System Sessions with WSRF-Based Services Ming Zhao, Vineet Chadha, Renato Figueiredo Advanced Computing and Information Systems Electrical and Computer Engineering

More information

Distributed File System Support for Virtual Machines in Grid Computing

Distributed File System Support for Virtual Machines in Grid Computing Distributed File System Support for Virtual Machines in Grid Computing Ming Zhao, Jian Zhang, Renato Figueiredo Advanced Computing and Information Systems Electrical and Computer Engineering University

More information

FILE SYSTEM VIRTUALIZATION AND SERVICE FOR GRID DATA MANAGEMENT

FILE SYSTEM VIRTUALIZATION AND SERVICE FOR GRID DATA MANAGEMENT FILE SYSTEM VIRTUALIZATION AND SERVICE FOR GRID DATA MANAGEMENT By MING ZHAO A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR

More information

Distributed File System Virtualization Techniques Supporting On-Demand Virtual Machine Environments for Grid Computing

Distributed File System Virtualization Techniques Supporting On-Demand Virtual Machine Environments for Grid Computing Cluster Computing 9, 45 56, 2006 C 2006 Springer Science + Business Media, Inc. Manufactured in The United States. Distributed File System Virtualization Techniques Supporting On-Demand Virtual Machine

More information

Experimental Study of Virtual Machine Migration in Support of Reservation of Cluster Resources

Experimental Study of Virtual Machine Migration in Support of Reservation of Cluster Resources Experimental Study of Virtual Machine Migration in Support of Reservation of Cluster Resources Ming Zhao, Renato J. Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer

More information

Jithendar Paladugula, Ming Zhao, Renato Figueiredo

Jithendar Paladugula, Ming Zhao, Renato Figueiredo Support for Data-Intensive, Variable- Granularity Grid Applications via Distributed File System Virtualization: A Case Study of Light Scattering Spectroscopy Jithendar Paladugula, Ming Zhao, Renato Figueiredo

More information

Supporting Application-Tailored Grid File System Sessions with WSRF-Based Services

Supporting Application-Tailored Grid File System Sessions with WSRF-Based Services Supporting Application-Tailored Grid File System Sessions with WSRF-Based Services Ming Zhao Vineet Chadha Renato J. Figueiredo Advanced Computing and Information Systems Laboratory (ACIS) Electrical and

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure

More information

Science gateways made easy: the In-VIGO approach

Science gateways made easy: the In-VIGO approach Science gateways made easy: the In-VIGO approach A. Matsunaga, M. Tsugawa, S. Adabala, R. Figueiredo, H. Lam and J. Fortes Advanced Computing and Information Systems Laboratory University of Florida June

More information

Deploying the TeraGrid PKI

Deploying the TeraGrid PKI Deploying the TeraGrid PKI Grid Forum Korea Winter Workshop December 1, 2003 Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu

More information

Service Mesh and Microservices Networking

Service Mesh and Microservices Networking Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards

More information

Virtual Machine Systems

Virtual Machine Systems Virtual Machine Systems Question Can a small operating system simulate the hardware of some machine so that Another operating system can run in that simulated hardware? More than one instance of that operating

More information

GLOBUS TOOLKIT SECURITY

GLOBUS TOOLKIT SECURITY GLOBUS TOOLKIT SECURITY Plamen Alexandrov, ISI Masters Student Softwarepark Hagenberg, January 24, 2009 TABLE OF CONTENTS Introduction (3-5) Grid Security Infrastructure (6-15) Transport & Message-level

More information

StorageCraft OneXafe and Veeam 9.5

StorageCraft OneXafe and Veeam 9.5 TECHNICAL DEPLOYMENT GUIDE NOV 2018 StorageCraft OneXafe and Veeam 9.5 Expert Deployment Guide Overview StorageCraft, with its scale-out storage solution OneXafe, compliments Veeam to create a differentiated

More information

Single Sign-On in In-VIGO: Role-based Access via Delegation Mechanisms Using Short-lived User Identities

Single Sign-On in In-VIGO: Role-based Access via Delegation Mechanisms Using Short-lived User Identities Single Sign-On in In-VIGO: Role-based Access via Delegation Mechanisms Using Short-lived User Identities Sumalatha Adabala, Andréa Matsunaga, Maurício Tsugawa, Renato Figueiredo, José A. B. Fortes ACIS

More information

Grid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007

Grid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007 Grid Programming: Concepts and Challenges Michael Rokitka SUNY@Buffalo CSE510B 10/2007 Issues Due to Heterogeneous Hardware level Environment Different architectures, chipsets, execution speeds Software

More information

Internet2 Meeting September 2005

Internet2 Meeting September 2005 End User Agents: extending the "intelligence" to the edge in Distributed Systems Internet2 Meeting California Institute of Technology 1 OUTLINE (Monitoring Agents using a Large, Integrated s Architecture)

More information

Advanced iscsi Management April, 2008

Advanced iscsi Management April, 2008 April, 2008 Gene Nagle, istor Networks SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and

More information

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy Why the Grid? Science is becoming increasingly digital and needs to deal with increasing amounts of

More information

StorageCraft OneBlox and Veeam 9.5 Expert Deployment Guide

StorageCraft OneBlox and Veeam 9.5 Expert Deployment Guide TECHNICAL DEPLOYMENT GUIDE StorageCraft OneBlox and Veeam 9.5 Expert Deployment Guide Overview StorageCraft, with its scale-out storage solution OneBlox, compliments Veeam to create a differentiated diskbased

More information

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following: CS 470 Spring 2018 Mike Lam, Professor Distributed Web and File Systems Content taken from the following: "Distributed Systems: Principles and Paradigms" by Andrew S. Tanenbaum and Maarten Van Steen (Chapters

More information

Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef

Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef Outline Introduction Approach Research Results Conclusion

More information

System Requirements. Network Administrator Guide

System Requirements. Network Administrator Guide System Requirements Network Administrator Guide 1 Beam Network Administrator Guide Suitable Technologies, Inc. May 2018 Beam is a comprehensive Presence System that couples high-end video, high-end audio,

More information

Alliance Key Manager A Solution Brief for Partners & Integrators

Alliance Key Manager A Solution Brief for Partners & Integrators Alliance Key Manager A Solution Brief for Partners & Integrators Key Management Enterprise Encryption Key Management This paper is designed to help technical managers, product managers, and developers

More information

Distributed File Systems

Distributed File Systems Distributed File Systems Today l Basic distributed file systems l Two classical examples Next time l Naming things xkdc Distributed File Systems " A DFS supports network-wide sharing of files and devices

More information

Delegated Access for Hadoop Clusters in the Cloud

Delegated Access for Hadoop Clusters in the Cloud Delegated Access for Hadoop Clusters in the Cloud David Nuñez, Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab) Universidad de Málaga, Spain Email: dnunez@lcc.uma.es

More information

University of Wisconsin-Madison

University of Wisconsin-Madison Evolving RPC for Active Storage Muthian Sivathanu Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau University of Wisconsin-Madison Architecture of the future Everything is active Cheaper, faster processing

More information

Securing the Frisbee Multicast Disk Loader

Securing the Frisbee Multicast Disk Loader Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah 1 What is Frisbee? 2 Frisbee is Emulab s tool to install whole disk images from a server to many clients using

More information

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:

CS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following: CS 470 Spring 2017 Mike Lam, Professor Distributed Web and File Systems Content taken from the following: "Distributed Systems: Principles and Paradigms" by Andrew S. Tanenbaum and Maarten Van Steen (Chapters

More information

Distributed Systems. Hajussüsteemid MTAT Distributed File Systems. (slides: adopted from Meelis Roos DS12 course) 1/25

Distributed Systems. Hajussüsteemid MTAT Distributed File Systems. (slides: adopted from Meelis Roos DS12 course) 1/25 Hajussüsteemid MTAT.08.024 Distributed Systems Distributed File Systems (slides: adopted from Meelis Roos DS12 course) 1/25 Examples AFS NFS SMB/CIFS Coda Intermezzo HDFS WebDAV 9P 2/25 Andrew File System

More information

Michigan Grid Research and Infrastructure Development (MGRID)

Michigan Grid Research and Infrastructure Development (MGRID) Michigan Grid Research and Infrastructure Development (MGRID) Abhijit Bose MGRID and Dept. of Electrical Engineering and Computer Science The University of Michigan Ann Arbor, MI 48109 abose@umich.edu

More information

An Architecture For Computational Grids Based On Proxy Servers

An Architecture For Computational Grids Based On Proxy Servers An Architecture For Computational Grids Based On Proxy Servers P. V. C. Costa, S. D. Zorzo, H. C. Guardia {paulocosta,zorzo,helio}@dc.ufscar.br UFSCar Federal University of São Carlos, Brazil Abstract

More information

Performance Analysis of iscsi Middleware Optimized for Encryption Processing in a Long-Latency Environment

Performance Analysis of iscsi Middleware Optimized for Encryption Processing in a Long-Latency Environment Performance Analysis of iscsi Middleware Optimized for Encryption Processing in a Long-Latency Environment Kikuko Kamisaka Graduate School of Humanities and Sciences Ochanomizu University -1-1, Otsuka,

More information

Network Administrator s Guide

Network Administrator s Guide Overview Network Administrator s Guide Beam is a comprehensive Smart Presence system that couples high-end video, high-end audio, and the freedom of mobility for a crisp and immersive, video experience

More information

Network Device Provisioning

Network Device Provisioning Network Device Provisioning Spring Internet2 Meeting April 23, 2013 Jim Jokl University of Virginia 1 The Problem Set Enable the use of strong authentication Passwords are painful and phishing is easy

More information

The case for ubiquitous transport-level encryption

The case for ubiquitous transport-level encryption 1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt

More information

Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat

Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are

More information

Security context. Technology. Solution highlights

Security context. Technology. Solution highlights Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for

More information

Storage and File Hierarchy

Storage and File Hierarchy COS 318: Operating Systems Storage and File Hierarchy Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Storage hierarchy File system

More information

COS 318: Operating Systems

COS 318: Operating Systems COS 318: Operating Systems File Systems: Abstractions and Protection Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics What s behind

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below

More information

Cloud Computing CS

Cloud Computing CS Cloud Computing CS 15-319 Distributed File Systems and Cloud Storage Part I Lecture 12, Feb 22, 2012 Majd F. Sakr, Mohammad Hammoud and Suhail Rehman 1 Today Last two sessions Pregel, Dryad and GraphLab

More information

Understanding StoRM: from introduction to internals

Understanding StoRM: from introduction to internals Understanding StoRM: from introduction to internals 13 November 2007 Outline Storage Resource Manager The StoRM service StoRM components and internals Deployment configuration Authorization and ACLs Conclusions.

More information

Enabling Efficient and Scalable Zero-Trust Security

Enabling Efficient and Scalable Zero-Trust Security WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support

More information

Course : Planning and Administering SharePoint 2016

Course : Planning and Administering SharePoint 2016 Course Outline Course 20339-1: Planning and Administering SharePoint 2016 Duration: 5 days About this course This five-day course will provide you with the knowledge and skills to plan and administer a

More information

PCI DSS Compliance. White Paper Parallels Remote Application Server

PCI DSS Compliance. White Paper Parallels Remote Application Server PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3

More information

GSI-based Security for Web Services

GSI-based Security for Web Services GSI-based Security for Web Services Sriram Krishnan, Ph.D. sriram@sdsc.edu Topics Covered High-level Overview Message and Transport Level Security Authentication and Authorization Implementation details

More information

Science Computing Clouds.

Science Computing Clouds. Science Computing Clouds. December 9, 2008 Chan-Hyun Youn School of Engineering/ Grid Middleware Research Center Information and Communications University COPYRIGHT@LANS Lab, Information and Communication

More information

Oracle Developer Day

Oracle Developer Day Oracle Developer Day Sponsored by: Track # 1: Session #2 Web Services Speaker 1 Agenda Developing Web services Architecture, development and interoperability Quality of service Security, reliability, management

More information

Advanced RDMA-based Admission Control for Modern Data-Centers

Advanced RDMA-based Admission Control for Modern Data-Centers Advanced RDMA-based Admission Control for Modern Data-Centers Ping Lai Sundeep Narravula Karthikeyan Vaidyanathan Dhabaleswar. K. Panda Computer Science & Engineering Department Ohio State University Outline

More information

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:

CIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know: CIS 21 Final Study Guide Final covers ch. 1-20, except for 17. Need to know: I. Amdahl's Law II. Moore s Law III. Processes and Threading A. What is a process? B. What is a thread? C. Modes (kernel mode,

More information

tcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.

tcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. tcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt the vast majority of TCP traffic? Performance

More information

Kerberos & HPC Batch systems. Matthieu Hautreux (CEA/DAM/DIF)

Kerberos & HPC Batch systems. Matthieu Hautreux (CEA/DAM/DIF) Kerberos & HPC Batch systems Matthieu Hautreux (CEA/DAM/DIF) matthieu.hautreux@cea.fr Outline Kerberos authentication HPC site environment Kerberos & HPC systems AUKS From HPC site to HPC Grid environment

More information

Cisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant

Cisco AnyConnect Secure Mobility Solution. György Ács Regional Security Consultant Cisco AnyConnect Secure Mobility Solution György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security Deployment Methods Live Q&A 2011 Cisco and/or its affiliates.

More information

Cisco VPN Internal Service Module for Cisco ISR G2

Cisco VPN Internal Service Module for Cisco ISR G2 Data Sheet Cisco VPN Internal Service Module for Cisco ISR G2 Compact Versatile High-Performance VPN Module The Cisco VPN Internal Service Module (VPN ISM) is a module for the Cisco Integrated Services

More information

Performance Implications of Security Protocols

Performance Implications of Security Protocols Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, Joint Work with Paul Reeser 5th INFORMS Telecom Conference

More information

Overview SENTINET 3.1

Overview SENTINET 3.1 Overview SENTINET 3.1 Overview 1 Contents Introduction... 2 Customer Benefits... 3 Development and Test... 3 Production and Operations... 4 Architecture... 5 Technology Stack... 7 Features Summary... 7

More information

XenApp 5 Security Standards and Deployment Scenarios

XenApp 5 Security Standards and Deployment Scenarios XenApp 5 Security Standards and Deployment Scenarios 2015-03-04 20:22:07 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents XenApp 5 Security Standards

More information

Microsoft Architecting Microsoft Azure Solutions.

Microsoft Architecting Microsoft Azure Solutions. Microsoft 70-535 Architecting Microsoft Azure Solutions https://killexams.com/pass4sure/exam-detail/70-535 QUESTION: 106 Your organization has developed and deployed several Azure App Service Web and API

More information

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros

More information

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University. Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using

More information

Safeguarding Cardholder Account Data

Safeguarding Cardholder Account Data Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection

More information

CS 416: Operating Systems Design April 22, 2015

CS 416: Operating Systems Design April 22, 2015 Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review

More information

Scaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel QuickAssist Technology

Scaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel QuickAssist Technology SOLUTION BRIEF Intel QuickAssist Technology Scaling Acceleration Capacity from 5 to 5 Gbps and Beyond with Intel QuickAssist Technology Equipment manufacturers can dial in the right capacity by choosing

More information

vedge Cloud Datasheet PRODUCT OVERVIEW DEPLOYMENT USE CASES EXTEND VIPTELA OVERLAY INTO PUBLIC CLOUD ENVIRONMENTS

vedge Cloud Datasheet PRODUCT OVERVIEW DEPLOYMENT USE CASES EXTEND VIPTELA OVERLAY INTO PUBLIC CLOUD ENVIRONMENTS vedge Cloud Datasheet PRODUCT OVERVIEW Viptela vedge Cloud is a software router platform that supports entire range of capabilities available on the physical vedge-100, vedge-1000 and vedge-2000 router

More information

Using the MyProxy Online Credential Repository

Using the MyProxy Online Credential Repository Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu What is MyProxy? Independent Globus Toolkit add-on

More information

Securing VMware NSX-T J U N E 2018

Securing VMware NSX-T J U N E 2018 Securing VMware NSX-T J U N E 2018 Securing VMware NSX Table of Contents Executive Summary...2 NSX-T Traffic [Control, Management, and Data]...3 NSX Manager:...7 NSX Controllers:...9 NSX Edge:...10 NSX-T

More information

Chapter 18 Distributed Systems and Web Services

Chapter 18 Distributed Systems and Web Services Chapter 18 Distributed Systems and Web Services Outline 18.1 Introduction 18.2 Distributed File Systems 18.2.1 Distributed File System Concepts 18.2.2 Network File System (NFS) 18.2.3 Andrew File System

More information

Sentinet for BizTalk Server VERSION 2.2

Sentinet for BizTalk Server VERSION 2.2 for BizTalk Server VERSION 2.2 for BizTalk Server 1 Contents Introduction... 2 SOA Repository... 2 Security... 3 Mediation and Virtualization... 3 Authentication and Authorization... 4 Monitoring, Recording

More information

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist VPN World MENOG 16 Istanbul-Turkey By Ziad Zubidah Network Security Specialist What is this Van used for?! Armed Van It used in secure transporting for valuable goods from one place to another. It is bullet

More information

Security Overview of the BGI Online Platform

Security Overview of the BGI Online Platform WHITEPAPER 2015 BGI Online All rights reserved Version: Draft v3, April 2015 Security Overview of the BGI Online Platform Data security is, in general, a very important aspect in computing. We put extra

More information

End-to-End Java Security Performance Enhancements for Oracle SPARC Servers Performance engineering for a revenue product

End-to-End Java Security Performance Enhancements for Oracle SPARC Servers Performance engineering for a revenue product End-to-End Java Security Performance Enhancements for Oracle SPARC Servers Performance engineering for a revenue product Luyang Wang, Pallab Bhattacharya, Yao-Min Chen, Shrinivas Joshi and James Cheng

More information

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 Cisco AnyConnect as a Service György Ács Regional Security Consultant Mobile User Challenges Mobile and Security Services Web Security

More information

Shared Parallel Filesystems in Heterogeneous Linux Multi-Cluster Environments

Shared Parallel Filesystems in Heterogeneous Linux Multi-Cluster Environments LCI HPC Revolution 2005 26 April 2005 Shared Parallel Filesystems in Heterogeneous Linux Multi-Cluster Environments Matthew Woitaszek matthew.woitaszek@colorado.edu Collaborators Organizations National

More information

iscsi Technology: A Convergence of Networking and Storage

iscsi Technology: A Convergence of Networking and Storage HP Industry Standard Servers April 2003 iscsi Technology: A Convergence of Networking and Storage technology brief TC030402TB Table of Contents Abstract... 2 Introduction... 2 The Changing Storage Environment...

More information

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National

More information

Juliusz Pukacki OGF25 - Grid technologies in e-health Catania, 2-6 March 2009

Juliusz Pukacki OGF25 - Grid technologies in e-health Catania, 2-6 March 2009 Grid Technologies for Cancer Research in the ACGT Project Juliusz Pukacki (pukacki@man.poznan.pl) OGF25 - Grid technologies in e-health Catania, 2-6 March 2009 Outline ACGT project ACGT architecture Layers

More information

Corente Cloud Services Exchange

Corente Cloud Services Exchange Corente Cloud Services Exchange Oracle s Corente Cloud Services Exchange (Corente CSX) is a cloud-based service that enables distributed enterprises to deliver trusted IPSec VPN connectivity services to

More information

Layered Architecture

Layered Architecture The Globus Toolkit : Introdution Dr Simon See Sun APSTC 09 June 2003 Jie Song, Grid Computing Specialist, Sun APSTC 2 Globus Toolkit TM An open source software toolkit addressing key technical problems

More information

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide

Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3. INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for

More information

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model

More information

Securing Enterprise Extender

Securing Enterprise Extender Securing Enterprise Extender Sam Reynolds IBM z/os Communications Server Design samr@us.ibm.com Ray Romney Cisco Systems romney@cisco.com Tony Amies William Data Systems Product Architect tony.amies@willdata.com

More information

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing Citrix XenDesktop 7.6 Solutions. Version: Demo

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing Citrix XenDesktop 7.6 Solutions. Version: Demo Vendor: Citrix Exam Code: 1Y0-401 Exam Name: Designing Citrix XenDesktop 7.6 Solutions Version: Demo DEMO QUESTION 1 Which option requires the fewest components to implement a fault-tolerant, load-balanced

More information

Grid Computing Fall 2005 Lecture 16: Grid Security. Gabrielle Allen

Grid Computing Fall 2005 Lecture 16: Grid Security. Gabrielle Allen Grid Computing 7700 Fall 2005 Lecture 16: Grid Security Gabrielle Allen allen@bit.csc.lsu.edu http://www.cct.lsu.edu/~gallen Required Reading Chapter 16 of The Grid (version 1), freely available for download

More information

EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture)

EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture) EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture) Dept. of Computer Science & Engineering Chentao Wu wuct@cs.sjtu.edu.cn Download lectures ftp://public.sjtu.edu.cn User:

More information

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.

More information

Configuring Tunnel Interfaces on Cisco IOS XR Software

Configuring Tunnel Interfaces on Cisco IOS XR Software Configuring Tunnel Interfaces on Cisco IOS XR Software This module describes the configuration of Tunnel-IPSec interfaces on the Cisco CRS Router. Tunnel interfaces are virtual interfaces that provide

More information

Application of Monitoring Standards for enhancing Energy System Security

Application of Monitoring Standards for enhancing Energy System Security Application of Monitoring Standards for enhancing Energy System Security G. DONDOSSOLA*, R. TERRUGGIA*, P. WYLACH*, G. PUGNI**, F. BELLIO*** RSE SpA*, Enel SpA**, Enel Produzione SpA*** Italy About RSE

More information

A High-Performance Storage and Ultra- High-Speed File Transfer Solution for Collaborative Life Sciences Research

A High-Performance Storage and Ultra- High-Speed File Transfer Solution for Collaborative Life Sciences Research A High-Performance Storage and Ultra- High-Speed File Transfer Solution for Collaborative Life Sciences Research Storage Platforms with Aspera Overview A growing number of organizations with data-intensive

More information

Crossing the Chasm: Sneaking a parallel file system into Hadoop

Crossing the Chasm: Sneaking a parallel file system into Hadoop Crossing the Chasm: Sneaking a parallel file system into Hadoop Wittawat Tantisiriroj Swapnil Patil, Garth Gibson PARALLEL DATA LABORATORY Carnegie Mellon University In this work Compare and contrast large

More information

A: PLANNING AND ADMINISTERING SHAREPOINT 2016

A: PLANNING AND ADMINISTERING SHAREPOINT 2016 ABOUT THIS COURSE This five-day course will provide you with the knowledge and skills to plan and administer a Microsoft SharePoint 2016 environment. The course teaches you how to deploy, administer, and

More information

S.No QUESTIONS COMPETENCE LEVEL UNIT -1 PART A 1. Illustrate the evolutionary trend towards parallel distributed and cloud computing.

S.No QUESTIONS COMPETENCE LEVEL UNIT -1 PART A 1. Illustrate the evolutionary trend towards parallel distributed and cloud computing. VALLIAMMAI ENGNIEERING COLLEGE SRM Nagar, Kattankulathur 603203. DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year & Semester : IV & VII Section : CSE -1& 2 Subject Code : CS6703 Subject Name : Grid

More information

Delivers cost savings, high definition display, and supercharged sharing

Delivers cost savings, high definition display, and supercharged sharing TM OpenText TM Exceed TurboX Delivers cost savings, high definition display, and supercharged sharing OpenText Exceed TurboX is an advanced solution for desktop virtualization and remote access to enterprise

More information

CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks

CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks The material in these slides mainly comes from the paper CloudSky: A Controllable Data Self-Destruction System

More information

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise System z Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise SC28-6880-00 System z Integrating the Hardware Management Console s Broadband Remote Support

More information