Presentation is loading. Please wait.

Presentation is loading. Please wait.

OPeNDAP at the National Oceanographic Data Center Status Lessons Learned Recommendations.

Similar presentations


Presentation on theme: "OPeNDAP at the National Oceanographic Data Center Status Lessons Learned Recommendations."— Presentation transcript:

1 OPeNDAP at the National Oceanographic Data Center Status Lessons Learned Recommendations

2

3 NODC Service Components  An Operational Component of the “Federal Backbone”  Data Archive and Metadata Management  Identity tracking  Version tracking  Integrity tracking  Ocean Climate Data Record Development  Peer reviewed quality assessment  Physical, Chemical Biological Observations  Data archeology, Ocean heat and productivity climate records  Coastal Data Access Support  Data documentation, discovery, retrieval, exchange  Coastal resource management target  NOAA Central Library  Information services  Data

4 NODC Transitioning to an Open Archival Information System Reference Model (OAIS) – ISO 14721:2002 Goal  Preserve data/information over the long term Changing technologies Changing support media and formats Changing user communities and expectations Basic Precept – Must preserve combination of data and its representation information

5 The NODC Operational Environment Committed to Online Accession and Delivery of Data, Products & Metadata Approximately 400 Major IT Systems Supporting ~1 TB Data, ocean satellite data a recent entry 15 IT Staff equally split between Federals and Contractors Mandated Federal IT Security Requirements & Oversight NOAA Department of Commerce Office of Management and Budget Office of Inspector General In this Environment, Enterprise-level Management Essential

6

7 OPeNDAP Installation at NODC Default installation in open environment seems to work “right out of the box” Installation within structured, secure environment is a different story

8 NODC Secure Operational Environment – Normal Precautions … and then Some Network firewall Multiple zones with separate firewall policies IP Filtering & access controls on exposed hosts Aggressive patching schedule Credentials for remote access require “strong encryption” Public server code reviewed “line by line” Public web & FTP servers chrooted, limiting access Public web content is “Read Only” All CGI scripts reside on “Read Only” file systems CGI Privilege escalation disabled “Hot Backup” systems, hardware and content in place

9 NODC Operations Summary

10 Data Transport Protocols Supported HTTP FTP JDBC (SQL Database access) DODS / OPeNDAP Command Line (NRL TOWAN access) ArcSDE (Java API) oHTTPS oTEDS (Navy's Tactical Environmental Data Server) oOpenGIS oJava and C++ programs enabled protocols In place o In progress

11 Overview of NODC Secure Operational Environment (RED identifies OPeNDAP installation challenges) Network firewall Multiple zones & firewall policies IP Filtering & access controls on exposed hosts Aggressive patching schedule Credentials for remote access require “strong encryption” Public server code reviewed “line by line” Public web & FTP servers chrooted, limiting access Public web content is “Read Only” All CGI scripts reside on “Read Only” file systems CGI Privilege escalation disabled “Hot Backup” systems and content in place

12 Lessons Learned - OPeNDAP Installation In Operational Secure Environment Default installation & existing documentation not yet adequate to secure installations  Challenges enterprise approach to system management  Command line and Perl modules installed by default in the CGI-Bin, allowing remote user to invoke and compromise system  Multiple interdependencies found among PERL modules, configuration files, and scripts Elected detailed review of voluminous code due to lack of familiarity and availability of security information resource base Level of documentation hindered trouble shooting Many issues resolved after “tech assist” visit, some still remain

13 Observations & Recommendations OPeNDAP offers a powerful data transport capability, particularly suited for aggregated data transport into applications (e.g., models) In its present form OPeNDAP required expert levels of support (Operationally ready and sustainable?) Independent security testing and evaluation needed Life cycle (and reduced costs) support will be needed in similar operational environment implementations Data discovery (metadata enabled) and aggregation are challenges and critical IOOS requirements From a practical point of view, some decisions have been made based on resource allocation tradeoffs with respect to “return on investment” in comparison to existing, alternative data transport protocols already in use (e.g., FTP, HTTP, emerging OpenGIS protocols, etc.) IOOS DMAC needs to address these and other user identified issues in its next phase

14 Looking Ahead NODC OPeNDP Server awaiting final validation Early data sets identified and groomed ( ) for OPeNDAP publication WOCE Ver 3 NOAA AVHRR reprocessed Pathfinder SST record  World Ocean Atlas  Global Temperature Salinity Profiling Program (GTSPP)  NOAA Shipboard Environmental Data Acquisiton (SEAS) data OPeNDAP will be one of several data transport protocols used by NODC


Download ppt "OPeNDAP at the National Oceanographic Data Center Status Lessons Learned Recommendations."

Similar presentations


Ads by Google