Attendees: Oliver, Patricia, Massimo, Nick (minutes), Francesco --------- Minutes of last meeting and action list --------------------------------------- Minutes accepted. * Task: 6901. Working on documenting existing use cases. Jeff: Need to be aware that the HEP community is thinking about whether SRM is the right storage interface. Therefore it would be nice to have these use cases in time for that. * Task: 8164 Need the security activity to say whether they accept this. Francesco to update and close the ticket. Firewall Configuration Issue (Vangelis) ---------------------------- Extract from agenda: > You probably remember that in DNA4.4.1 I wrote about the following > firewall-related issue concerning the production infrastructure: > > > The configuration of firewalls of CE and SE services are neither > unified nor specified in EGEE, resulting unpredictable accessibility > for users and their jobs. It is a fact that only a subset of SEs can > be seen and reached from the CEs of the same VO, moreover this > accessibility matrix changes over time without users getting notified. > As a consequence, the users’ jobs can very often use EGEE VOs as sets > of independent clusters, within which a cluster can access only its > "close SE" and no data transfer is possible from one site to the > other. As this limitation degrades EGEE VOs to "set of clusters", some > users decide to return to their local clusters instead. EGEE-III (or > the VOs?) should develop and force firewall policies to the sites, and > should develop test suits for users that could use to check the > accessibility relationships of CEs and SEs. Nick: SAM tests for copying from a site to remote a SE. It's a critical test so if it fails anywhere, alarms would be raised. Maybe it's a difference between single v multiple stream gridFTP? Also, rfio and dcap generally only have local access. [ACTION] NA4 to come back with more details on the issue: use case; protocols being used; etc. Review of JSPG Updated Policies ------------------------------- * Virtual Organisation Registration Security Policy - V2.5, dated 18 May 2009. https://edms.cern.ch/document/573348/9 http://www.jspg.org/wiki/Virtual_Organisation_Registration_Security_Policy Oliver: Are DNS style names to be applied retro-actively? Question to be raised with the document authors. * Virtual Organisation Membership Management Policy - V3.6, dated 18 May 2009. https://edms.cern.ch/document/428034/4 http://www.jspg.org/wiki/Virtual_Organisation_Membership_Management_Policy The memebers of the meeting had no comments to pass on. AOB --- * Reporting that gLite 3.0 will be declared obsolete at the end of April. There was a general consensus that sites still running gLite 3.0 should be removed from production. Nick to follow this up. * Auto publishing of Space reservations - problem because anynoe can make space reservations. SRM spec says make space reservation; put file; delete reservation. If a user submits several thousand jobs but the clean up doesn't work then can bring down the IS. This has already been raised with the DPM team but they haven't responded. [ACTION] Nick to speak to Steve. Need to find origin of the request. Is it crucial or nice to have? Can info provider provide protection against doomsday case? * Next meeting 10 June (09:00-11:30), 1 July (this meeting may need to be moved due to SSC meeting and UMD meeting). 8 July (09:00-10:30)?