GD/JANET/TECH/010 (05/06)

Grid computing is a novel approach that uses computers and networks in new ways. This can present both technical and organisational challenges that need to be addressed if the deployment of Grid systems is to be successful. This document, approved by both UCISA (the Universities’ and Colleges’ Information Systems Association) and GSTF (the Grid Security Task Force ), discusses the issues for both network and Grid systems managers and describes a variety of tools and techniques that have proved successful in existing deployments. An Appendix to the document describes the particular issues raised by a number of different Grid software packages. Although printed editions of the document will be produced as required, the most up to date information will be found in the web version.

Local and wide area networks are usually designed to support the conventional client-server model of computing. In particular, the network will often include measures to control and manage traffic to protect the security of both clients and servers, and to ensure that the network paths critical to the organisation are protected. Grid systems also need security and traffic management measures implemented within the network, but the necessary controls may well differ from what already exists. Any changes to accommodate Grids must be discussed and agreed, with the risks assessed to ensure that both conventional and Grid applications can function, and that the security of both types of system continues to be protected.

It has also been normal to assume that all users of systems on an organisation’s network have some connection with the organisation, for example as staff, students or accredited visitors. However Grid systems will often used by groups of researchers from many different organisations and countries. Grid collaborations are usually associated with VOs (Virtual organisations), which may range from a formally established international project team to a group of researchers meeting at a conference. Granting use of resources to such VOs may challenge existing assumptions about licensing, accountability and privacy and may require both organisational agreements and technical measures to manage risk.

It is unlikely to ever be possible to produce a recipe that guarantees a successful Grid deployment, but success is more likely where the following characteristics are present:

• involvement of both network and Grid service managers in planning and deploying Grid systems
• grid systems clustered in areas of the physical and logical network where large traffic flows can be supported and managed without disrupting other traffic
• an agreed process for firewall/router configuration including risk assessment
• use of internal network controls to separate Grids from other systems (especially where dedicated external connections are used)
• an agreed process for maintenance of operating systems and applications software on Grid computers
• good practice in storage and use of Grid identity credentials
• agreed understanding of the licensing and accountability issues of cross-organisational virtual organisations.