The Enterprise Grid Alliance, which includes several top vendors trying to accelerate the use of grid computing by big businesses, has published its first paper on the unique security requirements of grids, it said last month.
The 37-page paper aims to help end users, vendors and standards groups identify the risks associated with enterprise grid computing. The group plans to discuss technologies and practices for mitigating the risks in a later version of the paper, it said.
The Alliance was formed in 2004 by Oracle Corp., EMC Corp., Hewlett-Packard Co. and several other vendors. Its overall goal is to hammer out technical standards, best practices and other guidelines to help businesses build computing grids. Membership is open to all, although at least two big industry players, IBM Corp. and Microsoft Corp., have not joined its ranks.
Some of the security requirements described in the paper apply also to traditional systems and simply become more prominent in grid setups. For example, a storage system might contain sensitive information that should only be accessible from one application, even though several applications link to that storage resource. Grid computing, by its nature, tends to increase the occurrences in which multiple applications access a single resource, making the security issues more prominent.
Others are unique to grids, and most of these have to do with what the paper calls the “grid management entity,” or GME, responsible for the grid’s operation. The GME provisions and configures grid components, such as servers and storage arrays, manages workloads and “decommissions” components when their work is done.
“Grid resources [or simply pools of networked resources] alone are not unique to a grid environment. What is unique is the way in which they are aggregated and managed. By introducing the GME with the ability to provision, manage and decommission pools of grid resources, we get to the heart of the unique threats and security requirements in a grid environment,” the paper says.
It goes on to describe various risks and how they can affect grid environments. They include access control attacks, in which unauthorized users or components join a grid; denial-of-service attacks (against the grid management entity, for example); and object reuse, in which an unauthorized user accesses a grid component that has not been properly decommissioned or “sanitized.”
The paper strikes a mostly positive tone — perhaps not surprisingly, coming from a group whose members sell products for building grids. It argues that grids can enhance security in some areas. It notes that grids still need the types of security controls used in more traditional environments, in areas such as identification, authentication and confidentiality.
The alliance defines a grid as a collection of components which are networked together and managed centrally. Grids allow organizations to move resources around quickly by providing extra processing power for a payroll application at the end of the month, for example.
The alliance has limited its focus to enterprise applications within a single data centre — far narrower than the definition used in academic and technical communities, which use grids to link computing centres that can be widely dispersed across different organizations.