Shining a Light on Enterprise Grid Security

By By Derrick Harris, Editor

August 8, 2005

GRIDtoday editor Derrick Harris recently spoke with Glenn Brunette — vice chair of the EGA Grid Security Working Group and a distinguished engineer and chief security architect for the client solutions division at Sun Microsystems — about the Enterprise Grid Security Requirements document released by the EGA last month, including the working group’s conclusion that enterprise Grids might actually be more secure than standard computing environments.

GRIDtoday: After a year of relative silence, the EGA has really been making some noise with the working group deliverables. To what do you attribute this sudden increase in productivity? Was it assumed all the long that it would take about a year to produce deliverables, or were there setbacks that prolonged the releases of these documents?

GLENN BRUNETTE: When we launched the EGA in April 2004, we had a very aggressive charter. Before we could even begin to tackle our technical goals, it was important to build a solid foundation and establish a firm presence in the community, which we are pleased to say that we did. Over the past year, we have shown solid progress, increasing our membership by 45 percent, founding two regional steering committees in Europe and Japan and establishing five technical working groups. Once the groundwork was laid, we turned our focus on our technical deliverables, which include the Reference Model launched last May and the Security Requirements document, which we are discussing today.

It is not uncommon to see a delay between the launch of a consortium and the launch of its first deliverables. This is necessary to define and communicate a clear and consistent charter and set of goals for both the organization as a whole, and its working groups. With this foundation firmly in place, the working groups set about their work. Further, it is important for the working groups to be well aligned with each other. With the Reference Model completed, it did not take long for EGA to announce the completion and launch of the Grid Security Working Group deliverables which built upon the foundation provided by the Reference Model. We are clearly gaining momentum by building on our successes.

Gt: What are some of the major risks companies face when deploying Grids? How are they similar and/or different than risks associated with other infrastructures?

BRUNETTE: Interestingly enough, and contrary to popular opinion, our initial research indicates that enterprise Grids are actually more likely to be secure than traditional computing environments, particularly over their lifetimes.

Enterprise Grid architectures do face unique security challenges ranging from access control attacks (risks associated with unauthorized entities defeating the unified access control policy) to ensuring safe object reuse (how sensitive data could be disclosed as resource sharing becomes more common) to masquerading and hijacking attacks (where a valid Grid component can be fooled into communicating with another entity masquerading as a valid Grid component).

Fundamentally, however, enterprise Grid architectures inherit the security risks of their ancestors. Individual products and services must still be properly configured, patched, secured and maintained. Similarly, platform, network, storage and application architectures must still be constructed in ways that reinforce organizational security, privacy and regulatory compliance goals. The main difference with enterprise Grid architectures is in how these elements are managed. Enterprise Grid deployments, through the use of a Grid Management Entity, enable organizations to realize greater levels of consistency, compliance, automation and optimization as compared to more traditional infrastructures. Unique to enterprise Grid architectures is the ability to safely and consistently automate the secure provisioning, sharing, reuse, assessment and monitoring of IT assets from physical devices (e.g., disk drives and processors) to dynamically constructed application components (e.g., Web services).

Gt: How does the EGA Enterprise Grid Security Requirements document address these concerns? What are the requirements to limit or eliminate them?

BRUNETTE: The Grid Security Requirements document provides a detailed overview of enterprise Grid-specific threats, issues and requirements. With this information, organizations are armed to make better business and risk management decisions about how and where to deploy enterprise Grids within their specific environments.

Once we identified the security risks inherent in enterprise Grid computing, the Grid Security Working Group outlined ten security requirements designed to help organizations and vendors mitigate several of the threats and risks unique to enterprise Grid environments. By sharing our initial findings with vendors, consortia and end users alike, we have started a conversation that we hope will lead to improvements that help safeguard actual enterprise Grid deployments. As these initial requirements evolve and are refined, we can begin to make better decisions about what protocols, products, processes and services should be created or adjusted to help organizations better understand and manage risk associated with their enterprise Grid deployments.

Several of the requirements identified in the Security Requirements document are shared with traditional infrastructures such as Identification, Authentication and Authorization. While there are similarities to traditional deployments, these requirements take on new scope and meaning when they are applied to securing enterprise Grid architectures. Similarly, other requirements include the ability to fail security or to ensure secure isolation. These types of requirements are critical in cases such as ours where IT assets are shared, linked together and repurposed more often than in traditional environments. You can find a detailed description of each of the requirements in the final Security Requirements document available on the EGA Web site: www.gridalliance.org.

Gt: You said earlier that “enterprise Grids are actually more likely to be secure than traditional computing environments.” How is this possible, especially considering how often security concerns have been singled out as obstacles to Grid adoption?

BRUNETTE: Security has often been a concern for enterprise Grid adoption, specifically because the risks and threats were relatively unknown. The Grid Security Working Group set out to identify these unique threats so organizations will be better armed with information to make appropriate risk management decisions as they adopt enterprise Grids. Vendors can also leverage it to enhance their products and technologies to make them more competitive and more readily able to support their customers’ security needs.

Availability and centralized security management are two vital security benefits that led us to the conclusion that enterprise Grid environments are better positioned to be more secure. By moving away from a “silo-ed” security management model, enterprise Grids enable organizations to more easily manage, automate, audit and optimize their security processes and configurations to more rapidly respond to business opportunities and security events.

Gt: How did the security working group utilize knowledge gained by any end-user participants (from their own Grid deployments) in creating the document?

BRUNETTE: The Grid Security Working Group included organizations and vendors from a variety of disciplines. This diversity enabled the group to develop a broad picture of the potential uses for and deployment scenarios of enterprise Grid-based solutions. The Grid Security Working Group did not work in isolation. Meeting with the other EGA working groups and discussing their points of view, in particular, helped to give us the bigger picture for how enterprise Grids will be used and consequently areas where they could be at risk.

To validate our initial findings, we then leveraged our individual relationships with customers and end users to obtain additional data to help refine the set of threats, risks and recommendations that were developed. It is likely that this material will continue to evolve as more use cases are defined and customer deployment scenarios are considered, but we believe that our outreach work has significantly contributed to the strength of our initial baseline.

Gt: How wide or narrow is the focus of the document? Does it focus on Grids deployed within a single data center, or does it cover multi-site Grid deployments, which would seem to have different and greater associated risks?

BRUNETTE: Overall, the initial focus of all EGA working groups is on commercial enterprise applications within a single data center, as they are considered the lifeblood of most organizations. We expect to extend the scope of these working groups into multi-data center models, as well as technical enterprise applications in the future.

Specifically, in terms of the Grid Security Working Group, the scope covers the unique security issues in an enterprise Grid environment where components are centrally managed and may be shared or rapidly repurposed. Version one of the Requirements document focuses on enterprise Grid security requirements. Later versions will address how these requirements can be satisfied using new and existing policy, processes and technology. As the EGA working groups extend their scope beyond the single data center use case, security topics such as federation, cross-organizational trust models and cooperative management, auditing and monitoring techniques will be addressed.

Gt: How did the working group address the role of Web services standards and security as they relate to Grid security?

BRUNETTE: The focus of the Security Requirements document was to better understand the problem space, identify enterprise Grid specific security challenges and to develop an initial set of security attributes that should be made available to customers deploying enterprise Grids within their environment. While the working group did not focus on specific products, technologies, protocols or standards, the working group did consider several typical enterprise Grid deployment and use scenarios including those supporting Web services.

The Grid Security Working Group continues to elaborate on its initial work by identifying new security gaps and requirements as appropriate, documenting more detailed architectural, procedural and technical solution strategies and recommendations, and cooperating with other standards bodies and working groups to better understand how their work can help support the deployment of secure enterprise Grids.

Gt: How will this document affect the work being done by various bodies (GGF, OASIS, etc.) to establish standards?

BRUNETTE: The EGA was not established to reinvent or relive discussions related to non-Grid or traditional enterprise security controls and best practices. The singular focus of the EGA’s working groups is to provide a basis for collaboration among organizations like OASIS, SNIA and DMTF to help eliminate redundant standards development activities to speed enterprise Grid adoption.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Intel Debuts New GPU – Ponte Vecchio – and Outlines Aspirations for oneAPI

November 17, 2019

Intel today revealed a few more details about its forthcoming Xe line of GPUs – the top SKU is named Ponte Vecchio and will be used in Aurora, the first planned U.S. exascale computer. Intel also provided a glimpse of Read more…

By John Russell

SC19: Welcome to Denver

November 17, 2019

A significant swath of the HPC community has come to Denver for SC19, which began today (Sunday) with a rich technical program. As is customary, the ribbon cutting for the Expo Hall opening is Monday at 6:45pm, with the Read more…

By Tiffany Trader

SC19’s HPC Impact Showcase Chair: AI + HPC a ‘Speed Train’

November 16, 2019

This year’s chair of the HPC Impact Showcase at the SC19 conference in Denver is Lori Diachin, who has spent her career at the spearhead of HPC. Currently deputy director for the U.S. Department of Energy’s (DOE) Read more…

By Doug Black

Microsoft Azure Adds Graphcore’s IPU

November 15, 2019

Graphcore, the U.K. AI chip developer, is expanding collaboration with Microsoft to offer its intelligent processing units on the Azure cloud, making Microsoft the first large public cloud vendor to offer the IPU designe Read more…

By George Leopold

At SC19: What Is UrgentHPC and Why Is It Needed?

November 14, 2019

The UrgentHPC workshop, taking place Sunday (Nov. 17) at SC19, is focused on using HPC and real-time data for urgent decision making in response to disasters such as wildfires, flooding, health emergencies, and accidents. We chat with organizer Nick Brown, research fellow at EPCC, University of Edinburgh, to learn more. Read more…

By Tiffany Trader

AWS Solution Channel

Making High Performance Computing Affordable and Accessible for Small and Medium Businesses with HPC on AWS

High performance computing (HPC) brings a powerful set of tools to a broad range of industries, helping to drive innovation and boost revenue in finance, genomics, oil and gas extraction, and other fields. Read more…

IBM Accelerated Insights

Data Management – The Key to a Successful AI Project

 

Five characteristics of an awesome AI data infrastructure

[Attend the IBM LSF & HPC User Group Meeting at SC19 in Denver on November 19!]

AI is powered by data

While neural networks seem to get all the glory, data is the unsung hero of AI projects – data lies at the heart of everything from model training to tuning to selection to validation. Read more…

China’s Tencent Server Design Will Use AMD Rome

November 13, 2019

Tencent, the Chinese cloud giant, said it would use AMD’s newest Epyc processor in its internally-designed server. The design win adds further momentum to AMD’s bid to erode rival Intel Corp.’s dominance of the glo Read more…

By George Leopold

Intel Debuts New GPU – Ponte Vecchio – and Outlines Aspirations for oneAPI

November 17, 2019

Intel today revealed a few more details about its forthcoming Xe line of GPUs – the top SKU is named Ponte Vecchio and will be used in Aurora, the first plann Read more…

By John Russell

SC19: Welcome to Denver

November 17, 2019

A significant swath of the HPC community has come to Denver for SC19, which began today (Sunday) with a rich technical program. As is customary, the ribbon cutt Read more…

By Tiffany Trader

SC19’s HPC Impact Showcase Chair: AI + HPC a ‘Speed Train’

November 16, 2019

This year’s chair of the HPC Impact Showcase at the SC19 conference in Denver is Lori Diachin, who has spent her career at the spearhead of HPC. Currently Read more…

By Doug Black

Cray, Fujitsu Both Bringing Fujitsu A64FX-based Supercomputers to Market in 2020

November 12, 2019

The number of top-tier HPC systems makers has shrunk due to a steady march of M&A activity, but there is increased diversity and choice of processing compon Read more…

By Tiffany Trader

Intel AI Summit: New ‘Keem Bay’ Edge VPU, AI Product Roadmap

November 12, 2019

At its AI Summit today in San Francisco, Intel touted a raft of AI training and inference hardware for deployments ranging from cloud to edge and designed to support organizations at various points of their AI journeys. The company revealed its Movidius Myriad Vision Processing Unit (VPU)... Read more…

By Doug Black

IBM Adds Support for Ion Trap Quantum Technology to Qiskit

November 11, 2019

After years of percolating in the shadow of quantum computing research based on superconducting semiconductors – think IBM, Rigetti, Google, and D-Wave (quant Read more…

By John Russell

Tackling HPC’s Memory and I/O Bottlenecks with On-Node, Non-Volatile RAM

November 8, 2019

On-node, non-volatile memory (NVRAM) is a game-changing technology that can remove many I/O and memory bottlenecks and provide a key enabler for exascale. That’s the conclusion drawn by the scientists and researchers of Europe’s NEXTGenIO project, an initiative funded by the European Commission’s Horizon 2020 program to explore this new... Read more…

By Jan Rowell

MLPerf Releases First Inference Benchmark Results; Nvidia Touts its Showing

November 6, 2019

MLPerf.org, the young AI-benchmarking consortium, today issued the first round of results for its inference test suite. Among organizations with submissions wer Read more…

By John Russell

Supercomputer-Powered AI Tackles a Key Fusion Energy Challenge

August 7, 2019

Fusion energy is the Holy Grail of the energy world: low-radioactivity, low-waste, zero-carbon, high-output nuclear power that can run on hydrogen or lithium. T Read more…

By Oliver Peckham

Using AI to Solve One of the Most Prevailing Problems in CFD

October 17, 2019

How can artificial intelligence (AI) and high-performance computing (HPC) solve mesh generation, one of the most commonly referenced problems in computational engineering? A new study has set out to answer this question and create an industry-first AI-mesh application... Read more…

By James Sharpe

Cray Wins NNSA-Livermore ‘El Capitan’ Exascale Contract

August 13, 2019

Cray has won the bid to build the first exascale supercomputer for the National Nuclear Security Administration (NNSA) and Lawrence Livermore National Laborator Read more…

By Tiffany Trader

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

AMD Launches Epyc Rome, First 7nm CPU

August 8, 2019

From a gala event at the Palace of Fine Arts in San Francisco yesterday (Aug. 7), AMD launched its second-generation Epyc Rome x86 chips, based on its 7nm proce Read more…

By Tiffany Trader

D-Wave’s Path to 5000 Qubits; Google’s Quantum Supremacy Claim

September 24, 2019

On the heels of IBM’s quantum news last week come two more quantum items. D-Wave Systems today announced the name of its forthcoming 5000-qubit system, Advantage (yes the name choice isn’t serendipity), at its user conference being held this week in Newport, RI. Read more…

By John Russell

Ayar Labs to Demo Photonics Chiplet in FPGA Package at Hot Chips

August 19, 2019

Silicon startup Ayar Labs continues to gain momentum with its DARPA-backed optical chiplet technology that puts advanced electronics and optics on the same chip Read more…

By Tiffany Trader

Crystal Ball Gazing: IBM’s Vision for the Future of Computing

October 14, 2019

Dario Gil, IBM’s relatively new director of research, painted a intriguing portrait of the future of computing along with a rough idea of how IBM thinks we’ Read more…

By John Russell

Leading Solution Providers

ISC 2019 Virtual Booth Video Tour

CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
GOOGLE
GOOGLE
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
VERNE GLOBAL
VERNE GLOBAL

Intel Confirms Retreat on Omni-Path

August 1, 2019

Intel Corp.’s plans to make a big splash in the network fabric market for linking HPC and other workloads has apparently belly-flopped. The chipmaker confirmed to us the outlines of an earlier report by the website CRN that it has jettisoned plans for a second-generation version of its Omni-Path interconnect... Read more…

By Staff report

Kubernetes, Containers and HPC

September 19, 2019

Software containers and Kubernetes are important tools for building, deploying, running and managing modern enterprise applications at scale and delivering enterprise software faster and more reliably to the end user — while using resources more efficiently and reducing costs. Read more…

By Daniel Gruber, Burak Yenier and Wolfgang Gentzsch, UberCloud

Dell Ramps Up HPC Testing of AMD Rome Processors

October 21, 2019

Dell Technologies is wading deeper into the AMD-based systems market with a growing evaluation program for the latest Epyc (Rome) microprocessors from AMD. In a Read more…

By John Russell

Rise of NIH’s Biowulf Mirrors the Rise of Computational Biology

July 29, 2019

The story of NIH’s supercomputer Biowulf is fascinating, important, and in many ways representative of the transformation of life sciences and biomedical res Read more…

By John Russell

Xilinx vs. Intel: FPGA Market Leaders Launch Server Accelerator Cards

August 6, 2019

The two FPGA market leaders, Intel and Xilinx, both announced new accelerator cards this week designed to handle specialized, compute-intensive workloads and un Read more…

By Doug Black

When Dense Matrix Representations Beat Sparse

September 9, 2019

In our world filled with unintended consequences, it turns out that saving memory space to help deal with GPU limitations, knowing it introduces performance pen Read more…

By James Reinders

With the Help of HPC, Astronomers Prepare to Deflect a Real Asteroid

September 26, 2019

For years, NASA has been running simulations of asteroid impacts to understand the risks (and likelihoods) of asteroids colliding with Earth. Now, NASA and the European Space Agency (ESA) are preparing for the next, crucial step in planetary defense against asteroid impacts: physically deflecting a real asteroid. Read more…

By Oliver Peckham

Cray, Fujitsu Both Bringing Fujitsu A64FX-based Supercomputers to Market in 2020

November 12, 2019

The number of top-tier HPC systems makers has shrunk due to a steady march of M&A activity, but there is increased diversity and choice of processing compon Read more…

By Tiffany Trader

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This