perfsonar-user - Re: [perfsonar-user] Security guidance and http(s)
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Andrew Lake <>
- To: Tim Chown <>, perfsonar-user <>
- Subject: Re: [perfsonar-user] Security guidance and http(s)
- Date: Thu, 23 May 2024 05:23:02 -0700
On May 23, 2024 at 4:31:33 AM, Tim Chown () wrote:
I don’t quite follow what you’re saying there. Port 443 is either open or closed, or do you mean controlled via the limits file configuration? Our most recent example of a question is a site that wishes to have the configuration (toolkit) UI only accessible internally (I think they may have a dedicated management interface on the system) and to have 443 closed externally. Hence the query as to whether if they do that, pull the test config from a remote config server, and archive results remotely, that they can then be in a test mesh and view the mesh results (including theirs) via the Grafana interface on the remote archive server.
Nothing above involves limits. I was suggesting they install a testpoint so they don’t have any UI on the hosts running tests. This allows them to keep 443 open and then have a separate host with Grafana. It sounds like the configuration UI is the main source of concern with keeping 443 open though and I was assuming that would get dropped entirely.
If they really want that toolkit configuration UI, but want to close 443 AND allow external sites to run throughput tests where their hosts are the destination (i.e. a reverse throughput test), then they need to run pscheduler on a non-standard port while keeping everything else on 443. Come to think of it, I am not sure we have a good example of a config that just moves pscheduler to a different port while leaving everything else under apache on 443, though it should be possible. Personally, I would think the added confusion of the non-standard port isn’t worth the value derived from having the Toolkit configuration UI, but that comes down to personal preference.
- [perfsonar-user] Security guidance and http(s), Tim Chown, 05/22/2024
- Re: [perfsonar-user] Security guidance and http(s), Andrew Lake, 05/22/2024
- Re: [perfsonar-user] Security guidance and http(s), Tim Chown, 05/23/2024
- Re: [perfsonar-user] Security guidance and http(s), Andrew Lake, 05/23/2024
- Re: [perfsonar-user] Security guidance and http(s), Tim Chown, 05/23/2024
- Re: [perfsonar-user] Security guidance and http(s), Andrew Lake, 05/22/2024
Archive powered by MHonArc 2.6.24.