perfsonar development work

["Matthias K. Hamm" <>]

Hi Nicolas,

see comments inline regarding the L2 MP (developed by DFN, used for E2E 
Monitoring)

Best regards,

Matthias

Nicolas Simar schrieb:
> Hi,
>
> We have been asked to provide information about the port that should 
> be opened for different perfSONAR web-services and visualisation tools 
> when installed on a server being a firewall.
>
> a) could you please verify that I haven't forgotten anything?
> b) I haven't done the exercise for all the service. Could you please 
> add the same information for the service you are responsible of.
>
> If you could do that before next Tuesday, the 31st of October, I would 
> greatly appreciate it.
>
> Thank you very much in advance.
>
>
> 1. RRD MA
> - Open the Tomcat port 8080 (or the chosen port) to/from the 
> workstation to/from the rest of the world.
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
> - If the RRD is the operational one, then all the port required to 
> update the RRD must be open (e.g. SNMP, etc).
> - If the RRD is a replicated one, synchronised with rsync, this is 
> done over SSH, open port tcp/udp 22 to the IP where the operational 
> RRD is located.
>
>
> 2. SQL MA
> - Open the Tomcat port 8080 (or the chosen port) to/from the 
> workstation to/from the rest of the world.
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
> - If the SQL database is the operational one, ports allowing the 
> retrieval of the data to and from the network equipment must be opened 
> (e.g. SNMP, etc).
> - If the SQL is a replicated one (synchronised), ports allowing the 
> synchronisation xxx to/from the IP where the operational SQL DB is 
> located should be opened.
>
> 3. SNMP MP
>
> - Open the Tomcat port tcp 8080 (or another chosen port by the machine 
> administrator) to/from the workstation to/from the rest of the world.
> - Open SNMP (161/udp SNMP, potentially 162/udp SNMPTRAP ) to the 
> network equipment of the network (to/from)
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
>
> 4. SSH/Telnet MP
> - Open the Tomcat port tcp 8080 (or another chosen port by the machine 
> administrator) to/from the workstation to/from the rest of the world.
> - Open SSH (tcp/udp 22) or Telnet (tcp/udp 23) to the network 
> equipment to/from which the data must be coming from. SSH and/or 
> Telnet will be enabled depending on the access method on  the 
> different network equipment.
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
>
>
> 5. Lookup Service
> - Open the Tomcat port tcp 8080 (or another chosen port by the machine 
> administrator) to/from the workstation to/from the rest of the world. 
> It may be that several port may have to be opened.
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
>
> 6. Authentication Serv
> - Open the port for the web-service: which one? TBC
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
>
> 7. Authorisation Service
> - Open the port for the web-service: which one? TBC
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
>
> 8. Topology Service
> - Open the Tomcat port tcp 8080 (or another chosen port by the machine 
> administrator) to/from the workstation to/from the rest of the world.
> - Open some ports to/from the network equipment or to/from the an 
> operational DB to update the TopS.
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
>
> 9. cNIS
> - Open the Tomcat port tcp 8080 (or another chosen port by the machine 
> administrator) to/from the workstation to/from the rest of the world.
> - Open some ports to/from the network equipment or to/from the an 
> operational DB to update the TopS.
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
>
> 10. L2 status MP
> - Open the Tomcat port tcp 8080 (or another chosen port by the machine 
> administrator) to/from the workstation to/from the rest of the world.
OK
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
No such access supported by now
> - Open the port required to access the network equipment (NMS, SDH 
> switches, SNMP, etc), in order to update the L2 status MP.
Depends on the NREN configuration. The L2 status MP is fed with data by 
the NREN only. If the network equipment is located within the firewall, 
so probably no additional holes in an NREN's firewall is needed.
> 11. CNM
> - Open a list of port used by the various MA and MP to retrieve the 
> data to from the rest of the world. 8080, etc
> - Open SSH (tcp/udp 22) for the administrators/maintainers.
> - Open Corba orb ports (range to be specified) allowing the CNM client 
> to access the CNM server.
> - Open port 80 to download the client.
>
> 12. perfsonarUI
> - Open a list of port used by the various MA and MP to retrieve the 
> data to from the rest of the world. 8080, etc
>
>
> All the WS should also be reachable via ping (from the internet) and 
> possibly http request (smokeping from the monitoring station/the 
> internet).


--

Matthias Hamm

------------------------------------------------
Leibniz-Rechenzentrum / Leibniz Computing Centre
Raum I.2.107
Boltzmannstrasse 1, 85748 Garching, Germany
Telefon: +49 89 35831-8832
Fax:     +49 89 35831-9700
E-Mail:  

-------------------------------------------------