Changes between Version 7 and Version 8 of GENIRacksHome/Security
- Timestamp:
- 06/20/16 11:45:15 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIRacksHome/Security
v7 v8 17 17 * '''Configuration on the dataplane switch itself.''' The dataplane switch should not generally be configured by site admins to enforce local security policies proactively, but simple configuration changes in response to an incident (like configuring ports on the switch to be administratively down) may be useful at times. 18 18 19 * '''Configuration of resource approval.''' The rack software stack includes GENI aggregate managers that grant experimenters access to the rack's resources, including the dataplane switch. In general, requests from experimenters for rack resources are automatically granted (if resources are available) , but the rack's !OpenFlow aggregate manager (FOAM) can be configured to hold experimenter requests by default, and only approve them if an admin manually authorizes the request. This makes the !OpenFlow resources on the rack much harder for experimenters to use, but it is an available configuration if a site admin deems it necessary. This isn't an option for the non-!OpenFlow resources in the rack, so the scope of this approach is also fairly limited.19 * '''Configuration of resource approval.''' The rack software stack includes GENI aggregate managers that grant experimenters access to the rack's resources, including the dataplane switch. In general, requests from experimenters for rack resources are automatically granted (if resources are available). Furthermore, mechanisms inherent in the [GENI account approval process https://portal.geni.net/] and the [GENI monitoring interface https://genimon.uky.edu] provide the ability to determine the identity of experimenters who own GENI resources. These can be used to determine the source of security issues. 20 20 21 21 If you have any questions or concerns, don't hesitate to contact help@geni.net.
