Shining a Light on Enterprise Grid Security

By By Derrick Harris, Editor

August 8, 2005

GRIDtoday editor Derrick Harris recently spoke with Glenn Brunette — vice chair of the EGA Grid Security Working Group and a distinguished engineer and chief security architect for the client solutions division at Sun Microsystems — about the Enterprise Grid Security Requirements document released by the EGA last month, including the working group’s conclusion that enterprise Grids might actually be more secure than standard computing environments.

GRIDtoday: After a year of relative silence, the EGA has really been making some noise with the working group deliverables. To what do you attribute this sudden increase in productivity? Was it assumed all the long that it would take about a year to produce deliverables, or were there setbacks that prolonged the releases of these documents?

GLENN BRUNETTE: When we launched the EGA in April 2004, we had a very aggressive charter. Before we could even begin to tackle our technical goals, it was important to build a solid foundation and establish a firm presence in the community, which we are pleased to say that we did. Over the past year, we have shown solid progress, increasing our membership by 45 percent, founding two regional steering committees in Europe and Japan and establishing five technical working groups. Once the groundwork was laid, we turned our focus on our technical deliverables, which include the Reference Model launched last May and the Security Requirements document, which we are discussing today.

It is not uncommon to see a delay between the launch of a consortium and the launch of its first deliverables. This is necessary to define and communicate a clear and consistent charter and set of goals for both the organization as a whole, and its working groups. With this foundation firmly in place, the working groups set about their work. Further, it is important for the working groups to be well aligned with each other. With the Reference Model completed, it did not take long for EGA to announce the completion and launch of the Grid Security Working Group deliverables which built upon the foundation provided by the Reference Model. We are clearly gaining momentum by building on our successes.

Gt: What are some of the major risks companies face when deploying Grids? How are they similar and/or different than risks associated with other infrastructures?

BRUNETTE: Interestingly enough, and contrary to popular opinion, our initial research indicates that enterprise Grids are actually more likely to be secure than traditional computing environments, particularly over their lifetimes.

Enterprise Grid architectures do face unique security challenges ranging from access control attacks (risks associated with unauthorized entities defeating the unified access control policy) to ensuring safe object reuse (how sensitive data could be disclosed as resource sharing becomes more common) to masquerading and hijacking attacks (where a valid Grid component can be fooled into communicating with another entity masquerading as a valid Grid component).

Fundamentally, however, enterprise Grid architectures inherit the security risks of their ancestors. Individual products and services must still be properly configured, patched, secured and maintained. Similarly, platform, network, storage and application architectures must still be constructed in ways that reinforce organizational security, privacy and regulatory compliance goals. The main difference with enterprise Grid architectures is in how these elements are managed. Enterprise Grid deployments, through the use of a Grid Management Entity, enable organizations to realize greater levels of consistency, compliance, automation and optimization as compared to more traditional infrastructures. Unique to enterprise Grid architectures is the ability to safely and consistently automate the secure provisioning, sharing, reuse, assessment and monitoring of IT assets from physical devices (e.g., disk drives and processors) to dynamically constructed application components (e.g., Web services).

Gt: How does the EGA Enterprise Grid Security Requirements document address these concerns? What are the requirements to limit or eliminate them?

BRUNETTE: The Grid Security Requirements document provides a detailed overview of enterprise Grid-specific threats, issues and requirements. With this information, organizations are armed to make better business and risk management decisions about how and where to deploy enterprise Grids within their specific environments.

Once we identified the security risks inherent in enterprise Grid computing, the Grid Security Working Group outlined ten security requirements designed to help organizations and vendors mitigate several of the threats and risks unique to enterprise Grid environments. By sharing our initial findings with vendors, consortia and end users alike, we have started a conversation that we hope will lead to improvements that help safeguard actual enterprise Grid deployments. As these initial requirements evolve and are refined, we can begin to make better decisions about what protocols, products, processes and services should be created or adjusted to help organizations better understand and manage risk associated with their enterprise Grid deployments.

Several of the requirements identified in the Security Requirements document are shared with traditional infrastructures such as Identification, Authentication and Authorization. While there are similarities to traditional deployments, these requirements take on new scope and meaning when they are applied to securing enterprise Grid architectures. Similarly, other requirements include the ability to fail security or to ensure secure isolation. These types of requirements are critical in cases such as ours where IT assets are shared, linked together and repurposed more often than in traditional environments. You can find a detailed description of each of the requirements in the final Security Requirements document available on the EGA Web site: www.gridalliance.org.

Gt: You said earlier that “enterprise Grids are actually more likely to be secure than traditional computing environments.” How is this possible, especially considering how often security concerns have been singled out as obstacles to Grid adoption?

BRUNETTE: Security has often been a concern for enterprise Grid adoption, specifically because the risks and threats were relatively unknown. The Grid Security Working Group set out to identify these unique threats so organizations will be better armed with information to make appropriate risk management decisions as they adopt enterprise Grids. Vendors can also leverage it to enhance their products and technologies to make them more competitive and more readily able to support their customers’ security needs.

Availability and centralized security management are two vital security benefits that led us to the conclusion that enterprise Grid environments are better positioned to be more secure. By moving away from a “silo-ed” security management model, enterprise Grids enable organizations to more easily manage, automate, audit and optimize their security processes and configurations to more rapidly respond to business opportunities and security events.

Gt: How did the security working group utilize knowledge gained by any end-user participants (from their own Grid deployments) in creating the document?

BRUNETTE: The Grid Security Working Group included organizations and vendors from a variety of disciplines. This diversity enabled the group to develop a broad picture of the potential uses for and deployment scenarios of enterprise Grid-based solutions. The Grid Security Working Group did not work in isolation. Meeting with the other EGA working groups and discussing their points of view, in particular, helped to give us the bigger picture for how enterprise Grids will be used and consequently areas where they could be at risk.

To validate our initial findings, we then leveraged our individual relationships with customers and end users to obtain additional data to help refine the set of threats, risks and recommendations that were developed. It is likely that this material will continue to evolve as more use cases are defined and customer deployment scenarios are considered, but we believe that our outreach work has significantly contributed to the strength of our initial baseline.

Gt: How wide or narrow is the focus of the document? Does it focus on Grids deployed within a single data center, or does it cover multi-site Grid deployments, which would seem to have different and greater associated risks?

BRUNETTE: Overall, the initial focus of all EGA working groups is on commercial enterprise applications within a single data center, as they are considered the lifeblood of most organizations. We expect to extend the scope of these working groups into multi-data center models, as well as technical enterprise applications in the future.

Specifically, in terms of the Grid Security Working Group, the scope covers the unique security issues in an enterprise Grid environment where components are centrally managed and may be shared or rapidly repurposed. Version one of the Requirements document focuses on enterprise Grid security requirements. Later versions will address how these requirements can be satisfied using new and existing policy, processes and technology. As the EGA working groups extend their scope beyond the single data center use case, security topics such as federation, cross-organizational trust models and cooperative management, auditing and monitoring techniques will be addressed.

Gt: How did the working group address the role of Web services standards and security as they relate to Grid security?

BRUNETTE: The focus of the Security Requirements document was to better understand the problem space, identify enterprise Grid specific security challenges and to develop an initial set of security attributes that should be made available to customers deploying enterprise Grids within their environment. While the working group did not focus on specific products, technologies, protocols or standards, the working group did consider several typical enterprise Grid deployment and use scenarios including those supporting Web services.

The Grid Security Working Group continues to elaborate on its initial work by identifying new security gaps and requirements as appropriate, documenting more detailed architectural, procedural and technical solution strategies and recommendations, and cooperating with other standards bodies and working groups to better understand how their work can help support the deployment of secure enterprise Grids.

Gt: How will this document affect the work being done by various bodies (GGF, OASIS, etc.) to establish standards?

BRUNETTE: The EGA was not established to reinvent or relive discussions related to non-Grid or traditional enterprise security controls and best practices. The singular focus of the EGA’s working groups is to provide a basis for collaboration among organizations like OASIS, SNIA and DMTF to help eliminate redundant standards development activities to speed enterprise Grid adoption.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industry updates delivered to you every week!

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing power it brings to artificial intelligence.  Nvidia's DGX Read more…

Call for Participation in Workshop on Potential NSF CISE Quantum Initiative

March 26, 2024

Editor’s Note: Next month there will be a workshop to discuss what a quantum initiative led by NSF’s Computer, Information Science and Engineering (CISE) directorate could entail. The details are posted below in a Ca Read more…

Waseda U. Researchers Reports New Quantum Algorithm for Speeding Optimization

March 25, 2024

Optimization problems cover a wide range of applications and are often cited as good candidates for quantum computing. However, the execution time for constrained combinatorial optimization applications on quantum device Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at the network layer threatens to make bigger and brawnier pro Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HBM3E memory as well as the the ability to train 1 trillion pa Read more…

Nvidia Appoints Andy Grant as EMEA Director of Supercomputing, Higher Education, and AI

March 22, 2024

Nvidia recently appointed Andy Grant as Director, Supercomputing, Higher Education, and AI for Europe, the Middle East, and Africa (EMEA). With over 25 years of high-performance computing (HPC) experience, Grant brings a Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing po Read more…

NVLink: Faster Interconnects and Switches to Help Relieve Data Bottlenecks

March 25, 2024

Nvidia’s new Blackwell architecture may have stolen the show this week at the GPU Technology Conference in San Jose, California. But an emerging bottleneck at Read more…

Who is David Blackwell?

March 22, 2024

During GTC24, co-founder and president of NVIDIA Jensen Huang unveiled the Blackwell GPU. This GPU itself is heavily optimized for AI work, boasting 192GB of HB Read more…

Nvidia Looks to Accelerate GenAI Adoption with NIM

March 19, 2024

Today at the GPU Technology Conference, Nvidia launched a new offering aimed at helping customers quickly deploy their generative AI applications in a secure, s Read more…

The Generative AI Future Is Now, Nvidia’s Huang Says

March 19, 2024

We are in the early days of a transformative shift in how business gets done thanks to the advent of generative AI, according to Nvidia CEO and cofounder Jensen Read more…

Nvidia’s New Blackwell GPU Can Train AI Models with Trillions of Parameters

March 18, 2024

Nvidia's latest and fastest GPU, codenamed Blackwell, is here and will underpin the company's AI plans this year. The chip offers performance improvements from Read more…

Nvidia Showcases Quantum Cloud, Expanding Quantum Portfolio at GTC24

March 18, 2024

Nvidia’s barrage of quantum news at GTC24 this week includes new products, signature collaborations, and a new Nvidia Quantum Cloud for quantum developers. Wh Read more…

Houston We Have a Solution: Addressing the HPC and Tech Talent Gap

March 15, 2024

Generations of Houstonian teachers, counselors, and parents have either worked in the aerospace industry or know people who do - the prospect of entering the fi Read more…

Alibaba Shuts Down its Quantum Computing Effort

November 30, 2023

In case you missed it, China’s e-commerce giant Alibaba has shut down its quantum computing research effort. It’s not entirely clear what drove the change. Read more…

Nvidia H100: Are 550,000 GPUs Enough for This Year?

August 17, 2023

The GPU Squeeze continues to place a premium on Nvidia H100 GPUs. In a recent Financial Times article, Nvidia reports that it expects to ship 550,000 of its lat Read more…

Shutterstock 1285747942

AMD’s Horsepower-packed MI300X GPU Beats Nvidia’s Upcoming H200

December 7, 2023

AMD and Nvidia are locked in an AI performance battle – much like the gaming GPU performance clash the companies have waged for decades. AMD has claimed it Read more…

DoD Takes a Long View of Quantum Computing

December 19, 2023

Given the large sums tied to expensive weapon systems – think $100-million-plus per F-35 fighter – it’s easy to forget the U.S. Department of Defense is a Read more…

Synopsys Eats Ansys: Does HPC Get Indigestion?

February 8, 2024

Recently, it was announced that Synopsys is buying HPC tool developer Ansys. Started in Pittsburgh, Pa., in 1970 as Swanson Analysis Systems, Inc. (SASI) by John Swanson (and eventually renamed), Ansys serves the CAE (Computer Aided Engineering)/multiphysics engineering simulation market. Read more…

Choosing the Right GPU for LLM Inference and Training

December 11, 2023

Accelerating the training and inference processes of deep learning models is crucial for unleashing their true potential and NVIDIA GPUs have emerged as a game- Read more…

Intel’s Server and PC Chip Development Will Blur After 2025

January 15, 2024

Intel's dealing with much more than chip rivals breathing down its neck; it is simultaneously integrating a bevy of new technologies such as chiplets, artificia Read more…

Baidu Exits Quantum, Closely Following Alibaba’s Earlier Move

January 5, 2024

Reuters reported this week that Baidu, China’s giant e-commerce and services provider, is exiting the quantum computing development arena. Reuters reported � Read more…

Leading Solution Providers

Contributors

Comparing NVIDIA A100 and NVIDIA L40S: Which GPU is Ideal for AI and Graphics-Intensive Workloads?

October 30, 2023

With long lead times for the NVIDIA H100 and A100 GPUs, many organizations are looking at the new NVIDIA L40S GPU, which it’s a new GPU optimized for AI and g Read more…

Shutterstock 1179408610

Google Addresses the Mysteries of Its Hypercomputer 

December 28, 2023

When Google launched its Hypercomputer earlier this month (December 2023), the first reaction was, "Say what?" It turns out that the Hypercomputer is Google's t Read more…

AMD MI3000A

How AMD May Get Across the CUDA Moat

October 5, 2023

When discussing GenAI, the term "GPU" almost always enters the conversation and the topic often moves toward performance and access. Interestingly, the word "GPU" is assumed to mean "Nvidia" products. (As an aside, the popular Nvidia hardware used in GenAI are not technically... Read more…

Shutterstock 1606064203

Meta’s Zuckerberg Puts Its AI Future in the Hands of 600,000 GPUs

January 25, 2024

In under two minutes, Meta's CEO, Mark Zuckerberg, laid out the company's AI plans, which included a plan to build an artificial intelligence system with the eq Read more…

Google Introduces ‘Hypercomputer’ to Its AI Infrastructure

December 11, 2023

Google ran out of monikers to describe its new AI system released on December 7. Supercomputer perhaps wasn't an apt description, so it settled on Hypercomputer Read more…

China Is All In on a RISC-V Future

January 8, 2024

The state of RISC-V in China was discussed in a recent report released by the Jamestown Foundation, a Washington, D.C.-based think tank. The report, entitled "E Read more…

Intel Won’t Have a Xeon Max Chip with New Emerald Rapids CPU

December 14, 2023

As expected, Intel officially announced its 5th generation Xeon server chips codenamed Emerald Rapids at an event in New York City, where the focus was really o Read more…

IBM Quantum Summit: Two New QPUs, Upgraded Qiskit, 10-year Roadmap and More

December 4, 2023

IBM kicks off its annual Quantum Summit today and will announce a broad range of advances including its much-anticipated 1121-qubit Condor QPU, a smaller 133-qu Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire