Open mreekie opened 4 years ago
mreekie
commented
4 years ago Raminder Singh 7:13 AM Jun 30 We do setup split-tunnel VPN to let the through traffic so SS researchers will have access to internet while connected to VPN.
William Horka 9:47 AM Jun 30 Typically researchers who are performing automated data collection do it from server-side. Will they have the unrestricted outbound Internet access they require from jobs running on the cluster?
mreekie
commented
4 years ago Moving GAP discussion here: Marked these items in Gap Analysis as moved to Github for discussion in this issue.
| GAP-ID | Topic or User Story | Category | Deliverable | RCE | Cannon | GAP | Remarks from IQSS |
|---|---|---|---|---|---|---|---|
| GAP-107 | Network Access Controls | Security | DLVR40. L3 Storage and Compute (Hardware) | Inbound and outbound traffic are generally unfiltered. Firewalls are managed at host level. In rare cases where hosts cannot firewall, network firewalls are managed by requires to HUIT NOC. | Firewalls are generally managed at network level. | ||
| GAP-78 | Outbound network access | Security | DLVR40. L3 Storage and Compute (Hardware) | Unrestricted. |
The planning document for the multi-tenant L3 VLAN says that outbound network ACLs will be applied. What outbound access will be restricted? Social Science researchers often need unfiltered Internet access for fidelity of research data collection during web or other content scraping.