Grid computing hits security gridlock

Doubts about the security of grid computing – serious enough to stifle adoption – are being addressed head-on by Sun Microsystems Inc. and the Global Grid Forum.

Sun last week introduced Grid Engine, Enterprise Edition 5.3, software that lets IT managers build grid nets within an organization and control policies and service-level agreements (SLA).

GGF, a standards-setting body, recently made proposals that extend the X.509 public-key infrastructure and attempt to resolve problems between companies that use separate authentication mechanisms and policies.

Sun says adoption of global grids, where companies share hardware and software resources to accomplish a computational goal, has been slowed because of security concerns and a lack of standards.

“It can be illustrated by one question: If you were the CEO of a big company, would you be comfortable sending your intellectual property across the Internet to a third party who might be working with your competition?” asks Peter Jeffcock, a Sun product manager. “Right now, the security and bandwidth issues . . . are not in place to the extent that most organizations are prepared to do that on a production basis.”

At least one user involved in grid development understands the problem of intercompany and private grids.

“We’ve been using Sun’s Grid Engine within the Supercomputer Center, so a lot of our systems have had the luxury of having common name spaces,” says Eric Stahlberg, senior systems manager at the Ohio Supercomputing Center in Columbus. “When we have had to work with other organizations, we have been in an exploratory research level.”

Stahlberg says that although he used tools from the Globus Project, a research and development effort focused on grid computing, other tools that map a company’s security or policy-setting means to another’s aren’t there. “As far as heterogeneous grid computing goes, it is a gray area where things are ill-defined,” he says.

Sun introduced its Grid Engine software nearly two years ago when it acquired GridWare. Grid Engine is used for building intercompany, and internal, private grids.

With Grid Engine, Enterprise Edition, Sun avoids the security issues associated with external grids. The company has added a policy manager that can control SLAs. Sun says the software is for use within corporate firewalls, where departments likely use the same security, policies and SLAs.

“We set up a policy within the Sun software that says this [department] has access to the machines for this amount of time during the day or calendar period,” says Tom Kerr, a software development director at Synopsys Inc. in Mountain View, Calif.

Synopsys has grids running Unix and Linux, the largest of which consists of 200 Linux servers and workstations.

Meanwhile, members of the GGF Security Working Group (GGFSWG) are attacking the problem of interorganization security that Sun says concern its customers.

Steve Tuecke, software architect at Argonne National Laboratories in Darien, Ill., and co-chair on the GGFSWG, says that some organizations might use Kerberos, while others might have Unix logons, home-grown policies or scheduling systems from Platform Computing Inc. or Sun.

Tuecke, along with others involved in the GGF, have submitted drafts to the Internet Engineering Task Force (IETF) and GGF in an attempt to solve these problems.

Standardization of some of the GGF proposals is expected in as little as six months.

“We are identifying and modifying existing security solutions, such as Kerberos, to better facilitate cross-organization operation,” says Marty Humphrey, research professor at the University of Virginia in Charlottesville, and co-chair of the GGFSWG. “We are also creating new technologies such as [Globus’] Global Security Infrastructure [GSI] within the GGF that build on and define new, standardized approaches for security.”

GSI provides for secure communication and single-sign on between grid participants, but avoids a centrally managed security system.

The GGF points to policies and SLAs as sticking points for building grids between organizations.

“The harder issue is how one deals with policy – organizations might want to impose different policies on who can access their resources,” says Clifford Neuman, senior research architect at the University of Southern California and co-author of a grid security draft to the IETF. “Ultimately, it is the owner of the resource that has to make such a decision, but this means you might have a computation running across machines in different domains, enforcing different policies.”

Sun Grid Engine, Enterprise Edition costs from $20,000 for up to 50 CPUs to $80,000 for up to 2,000 CPUs.

Sun is online at