Hello!
We in Vienna are planning a new EOS setup in a HPC facility shared with Biologists. It would be a significant advantage, if we could put the EOS FST and MGM nodes into the internal network and expose only a minimal interface to the external world. We are a relatively small site and have only a 10 Gbit WAN interface. Due to
this considerations I would like to study a scenario for deployment using a geteway connecting the
HPC low latency network with several gateways.
-
Is it possible to implement a gateway with dual homed nodes ? As out connectivity to the outside world is limited, it should not be important that this limits the IO capacity.
-
For the SRM and gridftp this looks straight forward. A dual homed host could address on the one side SRM and gridftp and on the other side accesses the date with FUSE plugin.
-
For xrootd I see some documentation of the possibility to run a proxy service or to have so-called firewall entry points. It is not fully clear to me, it this is the feature I am looking for - and if my idea on how to use it is correct.
-
It one can do it for xrootd, it should be possible also with https (one would assume).
-
For the nodes on the internal network, it would be difficult to get certificates from our Grid CA. I would assume that I would have to establish my own CA and distribute it to servers and my workers nodes in the batch system. While it looks straight forward, it would be interesting to hear if somebody has tried that already.
In any case I am attaching a trivial sketch of the site as I have it in mind.
I would be grateful for feedback on this scenario.
Cheers, Dietrich Liko
HEPHY Vienna
