[AG-TECH] Access Grid 3.0 beta1 available !
Colin Perkins
csp at csperkins.org
Tue Jan 31 10:51:31 CST 2006
On 31 Jan 2006, at 16:28, Ivan R. Judson wrote:
> I think the interesting question from a user perspective is:
>
> Would you rather open one port and we tunnel all traffic through it
> (and
> you'll never know about all the types or kinds of traffic) or make
> it easy
> to have one tunnel per type of data/connection that's easier to
> open/close
> and audit based on actual use?
>
> I *think* the future is in the latter, because you can easily see a
> manageable system being built that allows programmatic (with
> authentication
> obviously) access for dynamically opening and closing tunnels based on
> specific "contracts" about usage, data, src/destination, duration,
> etc.
And, if you have well defined (narrow) port ranges for each media,
makes it easy to firewall off specific media, or to assign varying
QoS for each media.
> I can't see any good way to justify "opaque aggregate tunnels" that
> hide the
> fact a break-in occurred in a mess of other data.
Indeed.
Colin
More information about the ag-tech
mailing list