Secure Wide Area Network Access to CMS Analysis Data Using the Lustre Filesystem
This paper reports the design and implementation of a secure, wide area network, distributed filesystem by the ExTENCI project, based on the lustre filesystem. The system is used for remote access to analysis data from the CMS experiment at the large hadron collider, and from the Lattice Quantum Chromo-Dynamics (LQCD) project. Security is provided by Kerberos authentication and authorization with additional fine grained control based on lustre ACLs (Access Control List) and quotas. The authors investigate the impact of using various Kerberos security flavors on the I/O rates of CMS applications on client nodes reading and writing data to the lustre filesystem, and on LQCD benchmarks. The clients can be real or virtual nodes.