Presentation is loading. Please wait.

Presentation is loading. Please wait.

SLAs with Software Provider. Scope “…declare the rights and responsibilities between EGI.eu and the Software Provider for a particular component.” Which.

Published byAusten Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "SLAs with Software Provider. Scope “…declare the rights and responsibilities between EGI.eu and the Software Provider for a particular component.” Which."— Presentation transcript:

1 SLAs with Software Provider

2 Scope “…declare the rights and responsibilities between EGI.eu and the Software Provider for a particular component.” Which project/entity is the SLA with? Who are the SLA contacts? – Technical and Managerial contact points – Designated representation on the MCB What does it cover? – Agreed list of components (e.g. GridFTP Server/Client, GSISSH Server/Client, CREAM Server/Client, gLExec, …) and descriptions – ??? How will these components be delivered – meta-package? Multiple agreements may be in place between EGI.eu and the Software Provider at any one time. Duration – Expiry and review dates

3 EGI.eu Agrees to: Inform the Software Provider of issues reported to EGI.eu relating to the use of the software components in its production environment. – Access to GGUS Include the Software Provider in the triaging of issues reported through the use of their software in the infrastructure coordinated by EGI.eu. – Meeting linking MU (DMSU) and the Software Providers Provide requirements to the Software Provider for new features requested from their component and to indicate which features EGI.eu sees as a priority for its users. – Written (GGUS, document, …) set generated through the MCB Provide the Software Provider with generic acceptability criteria that relate to all the software components being contributed to EGI.eu. – Written specification (e.g. baseline set of RPMS, other issues) Provide the Software Provider with specific acceptability criteria that relate to their software component. – Written performance criteria, etc. Define for the Software Provider the environments that the software components need to be delivered to work in (e.g. SL5). – In writing as part of release requirements. Contact point for issues raised by the software provider – With expected response time – 2 wd?

4 Software Provider Agrees to General Software Issues Roadmap Acceptance Criteria Security Exceptions

5 General Define a technical and managerial contact point for a component who are both able to provide definitive useful answers to any issues raised or to respond to any documents circulated within 5 working days. – Email/phone, – Contact points may be defined per component or the same for all points. – TODO: Issue classification and response time Provide a security contact for each identified software component that will participate in the Software Vulnerability Group (following their processes) and other security related software activity (e.g. SVG Deputy Coordinator, Risk Assessment Team, security training, etc.) – Email/phone To notify the EGI MU when a release is available and where the relevant binary and source code packages can be obtained from. – Process defined using the software repository provided by EGI.eu

6 Software Issues Provide an issue tracker that is accessible by the EGI.eu MU – must use GGUS or an issue tracker integrated into the GGUS infrastructure. – To be defined by the software provider – TODO: Agree state mappings between software provider issue tracker and the GGUS state model. To respond to any assigned issues within the following timescales depending on the issue severity: – Critical / Emergency: 1 working day – Other: Move into the release schedule? – gLIte: Immediate (i.e. emergency), High (must be in the next revision release), – Who sets the priority? Need to put the priority within the context of other agreed work – EXPLORE FURTHER – NEEDS TO BE A LOT OF CLARIFICATION PARK THIS: Deliver a new version of an existing released component which just includes a provided patch within 1 working day – What if the provided patch does not work? – What is a reasonable response time (inc. review, build and test time) given the severity of the fix? – Would not bypass stage rollout

7 Roadmap Provide an updated roadmap to the EGI.eu MU every 3 months showing the major & minor software releases planned for the component(s) during the lifetime of the SLA including the new functionality they will contain and the communities it will benefit (linked back the previously described MCB requirements). To identify which releases will be incompatible with previous releases.

8 Acceptance Criteria Acceptance criteria defined by MU and approved by MCB – N/A to emergency releases To advise EGI.eu on the effort and time required to implement any changes to the generic or specific acceptance criteria. To provide to EGI.eu documentation of the test plan and the results of running the test plan for each release of a software component. Any software that forms part of the test plan around a release must also be made available. The test plan relating to an upcoming release must be delivered to EGI.eu MU at least 20 working days before the planned release for review. – EGI.eu to give feedback within N days. – Minor releases with new functionality need to provide testplan Days mentioned in the template Actual figures in the SLA

9 Security Issues (Put into Acceptance Criteria?) To document threat assessments and security reviews in the design process and provide this documentation to EGI.eu. – Limited disclosure. More discussion on how to implement and ramp this up. To document in the design process the tradeoffs that are made between security and performance/usability and passed back to EGI. – Disclosure limits? To co-operate with the investigation of potential vulnerability issues in their software. Responding within at most 1 working day. Part of SVG. – Confidentiality. Link into SVG process. To report any security vulnerabilities in software already released to EGI within 1 working day of it being found by the software provider or if they are informed of it through sources other than EGI. – Disclosure Limits. Report into SVG. All security vulnerabilities will be treated as a ‘critical issue’ (see earlier for response time and process) however disclosure of the issue will be restricted until a patch is available. – By following the SVG process.

10 Escalation Perceived failures to comply with the provision of this agreement must be reported to the EGI.eu CTO and the >. Failures of this agreement must be reported to the EGI.eu Director & >. Further escalation to the EGI.eu EB. Failure of the software provider to comply with aspects relating to technical issues and the provision of patches in the stated times will, if time critical, remove the obligation for EGI.eu to consult with the software provider and vice versa.

11 Deleted To ensure only adequately qualified and experienced developers able to write secure, efficient, reliable software are working on the software and that they remain trained in current best practices (e.g. secure coding).

Download ppt "SLAs with Software Provider. Scope “…declare the rights and responsibilities between EGI.eu and the Software Provider for a particular component.” Which."

Similar presentations

Develop an Information Strategy Plan

Develop an Information Strategy Plan
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
ITIL: Service Transition

ITIL: Service Transition
Rational Unified Process

Rational Unified Process
SE 555 Software Requirements & Specification Requirements Management.

SE 555 Software Requirements & Specification Requirements Management.
Iterative development and The Unified process

Iterative development and The Unified process
Capability Maturity Model

Capability Maturity Model
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
RoadTek Business Systems Ownership Briefing Session July 2003.

RoadTek Business Systems Ownership Briefing Session July 2003.
Introduction to RUP Spring 2006. Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.

Introduction to RUP Spring Sharif Univ. of Tech.2 Outlines What is RUP? RUP Phases –Inception –Elaboration –Construction –Transition.
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
N By: Md Rezaul Huda Reza n

N By: Md Rezaul Huda Reza n
BSBPMG503A Manage Project Time Manage Project Time Unit Guide Diploma of Project Management 17872 Qualification Code BSB51507 Unit Code BSBPMG503A.

BSBPMG503A Manage Project Time Manage Project Time Unit Guide Diploma of Project Management Qualification Code BSB51507 Unit Code BSBPMG503A.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.
CS 360 Lecture 3.  The software process is a structured set of activities required to develop a software system.  Fundamental Assumption:  Good software.

CS 360 Lecture 3.  The software process is a structured set of activities required to develop a software system.  Fundamental Assumption:  Good software.
Installation and Maintenance of Health IT Systems

Installation and Maintenance of Health IT Systems
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 SA2 services evolution (after the end of EGI-InSPIRE) Peter Solagna, Michel.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI SA2 services evolution (after the end of EGI-InSPIRE) Peter Solagna, Michel.
ISM 5316 Week 3 Learning Objectives You should be able to: u Define and list issues and steps in Project Integration u List and describe the components.

ISM 5316 Week 3 Learning Objectives You should be able to: u Define and list issues and steps in Project Integration u List and describe the components.
European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.

European Middleware Initiative (EMI) – Release Process Doina Cristina Aiftimiei (INFN) EGI Technical Forum, Amsterdam 17. Sept.2010.
Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.

Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.

Similar presentations

Ads by Google