Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.

Published byProsper Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations."— Presentation transcript:

1 Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University

2 OSG Council Aug 18 th 2010 Major Topics CA Transition SHA-2 Future Services 2

3 OSG Council Aug 18 th 2010 DOEGrids CA Near the beginning of the calendar year DOEGrids announced to OSG they would be ending the service that supplied OSG users and resources with x509 certificates Initial timescale 2012 year end Revised timescale ~March 2013 (LS1) 3

4 OSG Council Aug 18 th 2010 OSG Solution Found commercial CA to provide signing services  IGTF Certified  Default CA in Major Browser Releases  Limited Number of Certificates Developed an OSG PKI Front End  Allows changes to signing without changes to OSG Operations infrastructure  Integrated Certificate Requests with OSG Registration and User Management Tools  Integrated Certificate Requests and Issuing with OSG Ticketing System 4

5 OSG Council Aug 18 th 2010 Integrating with OSG Operations OSG Web Based Operational Services moved to InCommon (COMODO) certificates ~2 years ago  No need to change host certificates again ITB Testing with OSG Software Stack and OSG Services has been done with no major issues  User Management in OIM  Ticket and MyOSG Access Control  TWiki Editing 5

6 OSG Council Aug 18 th 2010 Contingency Planning Considered Four Cases  Compromise or Service Outage  Front End (OIM) or Back End (DigiCert) Created recovery plan for each case  Full report at https://www.opensciencegrid.org/twiki/pub/Council /Agenda2012Aug22-23/ContingencyCouncil.pptx https://www.opensciencegrid.org/twiki/pub/Council /Agenda2012Aug22-23/ContingencyCouncil.pptx 6

7 OSG Council Aug 18 th 2010 Development and Deployment Timeline Testing of New DigiCert Certificates with OSG Software began early in the year Development of the PKI Front End began in April  Along with command line request tools ITB Release of OIM based Front End – July Limited Deployment – Late August Some OSG Staff using DigiCert Certificates Full Deployment – End of October  At this point most OSG Certificates issued will be from the DigiCert CA March 2013 (LS1) – No more DOEGrids Certs will be issued 7

8 OSG Council Aug 18 th 2010 Concerns with Transition Increased effort for serving as two RAs Development effort has been heavier than anticipated vomses file  Contains VOMS service DN The dependency we didn’t consider 8

9 OSG Council Aug 18 th 2010 SHA2 Testing with SHA2 Certificates in the ITB has begun All Operations Services are running on SHA2 host certificates as of September 4 th  No ops service issues to report thus far  These will stay in place until near year end to see if any issues are encountered Production services will transition as normal at the end of their current cert expiration 9

10 OSG Council Aug 18 th 2010 OSG Software – Non Issues OpenSSL  OpenSSL added support for SHA-2 starting in version 0.9.8. (RH 5+) Sun Java  Sun Java supports SHA256withRSA, SHA384withRSA and SHA512withRSA but not SHA224. BouncyCastle  BouncyCastle has supported the SHA-2 algorithms since version 1.27. PureTLS  CoG jGlobus 2.0 development was announced, dropping the use of PureTLS and instead using the standard Java JCE which supports SHA-2 Globus Toolkit  Later Globus Toolkit versions (such as 4.0.9, 4.2, and 5.x) use the OpenSSL version provided by the operating system. Scientific Linux  Scientific Linux 4 contains OpenSSL 0.9.7 (which does not support SHA-2). Scientific Linux 5 contains OpenSSL 0.9.8 (which supports SHA-2). 10

11 OSG Council Aug 18 th 2010 OSG Software - Issues jGlobus  1.x does not support SHA2 dCache  still using JGlobus 1.x, which does not support SHA-2. JGlobus 2.x does support SHA-2, but does not support legacy proxy certificates (in contrast to RFC 3820 proxy certificates), which are still in use in WLCG. BeStMan  still using JGlobus 1.x, which does not support SHA-2. MyProxy  By default the MyProxy CA issues certificates using SHA-1, but SHA-2 algorithms can be used instead by setting the myproxy-server.config certificate_issuer_hashalg optionMyProxy CA 11

12 OSG Council Aug 18 th 2010 Software – Possible Issues EMI Trustmanager  Used by VOMS and GUMS  Ticket Opened – but OSG need to talk to the developers of this software 12

13 OSG Council Aug 18 th 2010 New Services CVMFS Instance for OSG VOs Realtime Operations Notification Environment 13

14 OSG Council Aug 18 th 2010 Questions 14

Download ppt "Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Security Q&A OSG Site Administrators workshop Indianapolis August 6-7 2009 Doug Olson LBNL.

Security Q&A OSG Site Administrators workshop Indianapolis August Doug Olson LBNL.
OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.

OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
New VOMS servers campaign GDB, 8 th Oct 2014 Maarten Litmaath IT/SDC.

New VOMS servers campaign GDB, 8 th Oct 2014 Maarten Litmaath IT/SDC.
Key Accomplishments and Work Plans OSG Security Team July 11, 2012.

Key Accomplishments and Work Plans OSG Security Team July 11, 2012.
CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept. 2013.

CA Stuff Jens Jensen Dave Meredith John Kewley GridPP31, Imperial, London Sept
OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.
OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.

OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.
Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG www.opensciencegrid.org International.

Open Science Grid Software Stack, Virtual Data Toolkit and Interoperability Activities D. Olson, LBNL for the OSG International.
Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file www.gridpp.ac.uk grid “ping”

Andrew McNab - Manchester HEP - 26 June 2001 WG-H / Support status Packaging / RPM’s UK + EU DG CA’s central grid-users file grid “ping”
OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.

OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.

OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.
OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.

OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.
OSG Operations Rob Quick July 10th, 2012 OSG Staff Retreat.

OSG Operations Rob Quick July 10th, 2012 OSG Staff Retreat.
OSG Security Review Mine Altunay June 19, 2008. June 19, 2008 2 Security Overview Current Initiatives  Incident response procedure – top priority (WBS.

OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.

Similar presentations

Ads by Google