Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.

Slides:



Advertisements
Similar presentations
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Advertisements

Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:
Roles and Responsibilities
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
EGI – Security Training and Dissemination Mingchao Ma STFC – RAL, UK.
RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks SA1: Grid Operations Maite Barroso (CERN)
Next Steps.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
European Middleware Initiative (EMI) The Software Engineering Model Alberto Di Meglio (CERN) Interim Project Director.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
State of Georgia Release Management Training
EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
AEGIS Academic and Educational Grid Initiative of Serbia Antun Balaz (NGI_AEGIS Technical Manager) Dusan Vudragovic (NGI_AEGIS Deputy.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Grid Oversight in Service Level Agreement environment Małgorzata Krakowian,
3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud and Software Vulnerabilities Linda Cornwall, STFC 20.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
EGI Process Assessment and Improvement Plan – EGI core services – Tiziana Ferrari FedSM project 1EGI Process Assessment and Improvement Plan (Core Services)
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Questionnaires to Cloud technology providers and sites Linda Cornwall, STFC,
Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Security Policy Update WLCG GDB CERN, 11 June 2008 David Kelsey STFC/RAL
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SVG F2F Virtual Machines VM images, software run on VMS. 3 rd March 2015.
Clouding with Microsoft Azure
Bob Jones EGEE Technical Director
WLCG Update Hannah Short, CERN Computer Security.
Next Steps.
Ian Bird GDB Meeting CERN 9 September 2003
Tweaking the Certificate Lifecycle for the UK eScience CA
THE STEPS TO MANAGE THE GRID
Solutions for federated services management EGI
Cloud Computing Dr. Sharad Saxena.
Update - Security Policies
David Kelsey (STFC-RAL)
EGI support services Science gateway developers
Presentation transcript:

Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable

UK ISP based in Berkshire ISO Certified OpenStack Developers (started on the Bexar release) Developing Certification Process for Commercial Resource Centres with EGI Who are 100 Percent IT?

Why 100 Percent IT joined the EGI A commercial perspective on the EGI Federation The certification process Why a Commercial Provider should Join the Academic Cloud Federation

Rigorous testing Certification process Long term commercial benefit Why 100 Percent IT Joined the EGI

Ultra reliable, high availability design Persistent storage Independent, scalable resources Secure Automatic back up and DR The 100 Percent IT Cloud

Transparent Market Place Improved Service and SLAs A Commercial Perspective on the EGI

Operations Legal Technical The Certification Process

The Resource Centre needs to agree to: 1.Resource Centre Operational Level Agreement - the minimum set of operational services and the respective quality parameters that a Resource Centre is required to provide in EGI (12 pages) 2.Grid Security Policy - Policy regulating those activities of Grid participants related to the security of Grid services and resources (11 pages) 3.Grid Acceptable Use Policy (5 pages) 4.Service Operations Security Policy - the conditions that apply to anyone running a Service on the Infrastructure, or to anyone providing a Service that is part of the Infrastructure (8 pages) 5.Security Policy for the Endorsement and Operation of Virtual Machine Images (10 pages) 6.Grid Security Traceability and Logging Policy (5 pages) 7.Security Incident Response Policy - policy and responsibilities for handling security incidents affecting the Grid (5 pages) 8.Policy on Grid Multi-User Pilot Jobs (6 pages) 9.Grid Policy on the Handling of User-Level Job Accounting Data - the minimum requirements and policy framework for the handling of user-level accounting data created, stored, transmitted, processed and analysed as a result of the execution of jobs on the Grid (8 pages) 10.Approval of Certification Authorities - the procedure by which the list of trusted Certification Authorities for use in EGI should be created and maintained (5 pages) 11.EGI Security Incident Handling Procedure (17 pages) 12.EGI Software Vulnerability Issue Handling Procedure (30 pages) 13.EGI-CSIRT Critical Vulnerability Operational Procedure (17 pages) 14.Grid Site Operations Policy - conditions that have to be agreed during registration and participation of a Site in the Grid (5 pages) 15.Site Registration Security Policy - set of security-related responsibilities placed on the Grid implementing a procedure to register a Site with the Grid, and on the Site and its managers (5 pages) The Resource Centre then needs to: 1.Assign a Site Administrator – they are responsible for keeping the site operational. In the scope of Operations, site administrators primarily receive and react on notification of one or more incidents at their site. They will also need to react to security issues that are at a global level, but affect their site. 2.Assign a Site Operations Manager – they are responsible for the site at the political and legal level. 3.Assign a Site Security Officer – they are responsible for keeping the site compliant with the Security policies plus act as the primary contact for the NGI Security officer and EGI CSIRT. 4.Obtain a Grid Certificate and a number of Host Certificates. This involves taking your passport to the nearest Certificate signing centre. 5.Install the X509 certificate in a browser to perform the next steps. 6.Join the DTEAM Virtual Organisation 7.Request GOCDB access 8.Request the appropriate roles for the GOCDB account Setup GOCDB account with site details Register with GGUS to enable support requests to be tracked Subscribe to the appropriate mailing lists The Process To Register new Resource Centre

The Technical Steps to Certification 1.Setup the EGI Cloud Information BDII 2.Setup the OCCI-API 3.Update the OCCI-API 4.Package the OCCI-API 5.Update EGI’s Nagios 6.Set up the EGI Cloud Accounting system 7.Set up cryptographic signing 8.Set up detailed logging 9.Penetration testing

The End Result

Setting up a virtual server in the 100 Percent IT EGI Platform - Video

Why 100 Percent IT joined the EGI A commercial perspective on the EGI Federation The certification process Why a Commercial Provider should Join the Academic Cloud Federation

David Blundell 100 Percent IT Ltd Simple, Flexible, Reliable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.