[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20000131: ADDE server issues



>From: "Guillory, Anthony" <address@hidden>
>Organization: NASA/MSFC
>Keywords: 200001311730.KAA02738 McIDAS ADDE accounting

Anthony and Gilbert,

I read through your interchange with great interest and pleasure.  Even
though there is a little snag right at the moment, I am very happy to see
a Unidata site actively trying to use ADDE.  I have been attempting to foster
this kind of interaction among sites in an ad hoc manner.  In the relatively
near future, I will be attempting to get all of my sites that are running
ADDE remote servers to agree to share their online data holdings via
ADDE.

>Your summary is quite accurate.  The one additional note to be added is that
>when Tom attempted to access geo, he was denied (whereas you are not).  (see
>log below)
>As for the firewall - not to my knowledge.  Yes, there is one - but we are
>outside of it.  It is a long story but since we are off-site of MSFC we are
>not within the firewall's domain for now.  Also, the firewall is configured
>(or will be) to treat everyone (yes, even govt. machines) outside of MSFC
>equal to NIU, so if there were a problem I would expect NASA/Langley to have
>noticed it.  And I've talked to them 3 or 4 times about data in the last
>week. I'm pretty clueless.

It is starting to sound like MSFC is running the McIDAS ADDE accounting
software.  This would account for not being stopped by a TCP wrapper.
One thing I do not like about the approach took is that this does not
allow one to tailor access to individual datasets.  We in the Unidata
community have a great need to be able to allow/deny access on a dataset
by dataset basis.  Two of the most glaring examples of the need for
this are the NLDN lightning and NIDS datafeeds.

>I'll have to do some digging and maybe call UW.
>Tom, if you have a suggestion - let me know.

From the listing below, I can understand why I would get a listing from
my DSINFO invocation, and I can sort ofunderstand why Gilbert would get the
error he originally reported:

>DSINFO IMAGE G8-GHCC DEV=CCC
>
>DSINFO* ***** REQ. CFILE-->ALA.G8-GHCC <--
>DSINFO* Read of server has failed. Wanted  4
>DSINFO*                               Did
>    No Datasets found of Type: IMAGE in Group: G8-GHCC
>DSINFO -- done

This seems to be saying that the file ALA.G8-GHCC was to be consulted
by the ADDE remote server processes in allowing access to Gilbert's
machine.  Apparently, either the allow file was not there or Gilbert's
machine was not allowed access.  I seem to remember that in McIDAS
7.5x the SSEC McIDAS accounting package forced one to individually
list machines that are to be allowed access.  Upon recommendation by
us (Unidata), SSEC has added the ability to specify IP masks for
access control.

If MSFC is using the SSEC McIDAS ADDE accounting, and if Gilbert's machine
is included in the list of machines to allow access, then I would check
if there is something funny about Gilbert's machine name/IP address.
What I am driving at is whether or not you can do a reverse name lookup
for his machine and get the expected name/IP number.

Anthony,

I have been meaning to contact you for months upon end regarding the
imagery holdings that one can anonymously FTP from cyclone.msfc.nasa.gov.
Since I now see that you are running the remote McIDAS ADDE server,
wouldn't you think that it would be a nice "community service" to allow
all Unidata sitesADDE access to the same data?  Granted the
McIDAS_areas are now compressed and are not named according to the time
(dis)honored McIDAS naming convention, but supposedly some of the new
development at SSEC could get around part of this (the non-McIDAS
naming).  A little additional work could also get around the fact that
the images are stored compressed.

In order to be provocative, I would encourage you to check out our
support of GINI imagery in Unidata McIDAS by:

DATALOC ADD RTGINI ADDE.UNIDATA.UCAR.EDU
DSINFO IMAGE RTGINI
IMGDISP RTGINI/CO1KM STA=KDEN EU=IMAGE SF=YES REFRESH='EG;MAP SAT 5 
COUNTY=ALL;MAP H 1 WID=2'

(better to do this test during daylight hours, of course ;-).

I plan on releasing my GINI ADDE server code (ADIR and AGET functionality)
pretty soon.  Also on my plate are creation of ADDE servers for:

o AVHRR Level 1B imagery
o DMSP imagery from NGDC
o Terascan (tm) imagery
o GRIB ADDE server (just in the consideration phase)

>(Unidata Denied messages from the system log - all times GMT)
>
>Jan 27 22:29:26 4C:geo.msfc.nasa.gov mcservsh[21115016]: refused connect
>from gale.unidata.ucar.edu 
>Jan 27 22:29:34 4C:geo.msfc.nasa.gov mcservsh[21167176]: refused connect 
>from gale.unidata.ucar.edu 
>Jan 27 22:31:53 4C:geo.msfc.nasa.gov mcservsh[21197301]: refused connect
>from zero.unidata.ucar.edu 
 ...

Tom

>From address@hidden  Mon Jan 31 11:26:08 2000
>To: "'Unidata Support'" <address@hidden>,
>        "Guillory, Anthony" <address@hidden>
>Cc: address@hidden,
>        "'Gilbert Sebenste'" <address@hidden>,
>        "David Cross (E-mail)" <address@hidden>,
>        "Edwards, Rita" <address@hidden>
>Subject: RE: 20000131: ADDE server issues
>Date: Mon, 31 Jan 2000 12:19:02 -0600

Tom,

I'm going to show my limited knowledge of the interworking of Unix/McIDAS
here.  But from what I remember we opted not to run the McIDAS accounting
s/w because of security concerns and that's why we opted for the approach
that we did (Unix Services deny/allow files - ok, I don't know the
"official" names but you know what I mean).  But you do have a point about
the reverse name lookup.  I've seen that problem appear before but for other
services - namely telnet and ftp.  Will check that one!!!! And to mention
another thing Tom brought out - once you have access to our server you have
access to everything within ADDE there are no limitations other than
read-only.  But I do understand Unidata concern about NLDN data, etc.  we
have similar datasets that are not accessible.

Tom, I agree we (MSFC and Unidata) should talk about data (we have processor
and disk limitations to consider on our end).  Unfortunately, I'll have to
take a look at things a little later in the week.  Stay on my case!  I have
to get a talk ready for a Rotary Club talk tomorrow, so I'm kinda rushed at
the moment.

Anthony
Anthony R. Guillory 
NASA/Marshall Space Flight Center
Global Hydrology and Climate Center
977 Explorer Blvd.
Huntsville, AL 35806-2807
(256) 922-5894
(256) 922-5723 FAX
address@hidden <mailto:address@hidden>   
Geostationary Satellite Data:  http://www.ghcc.msfc.nasa.gov/GOES
<http://www.ghcc.msfc.nasa.gov/GOES>