Presentation is loading. Please wait.

Presentation is loading. Please wait.

ESnet PKI Developed for the DOE Science Grid and SciDAC.

Similar presentations


Presentation on theme: "ESnet PKI Developed for the DOE Science Grid and SciDAC."— Presentation transcript:

1 ESnet PKI Developed for the DOE Science Grid and SciDAC

2 Time line of Project October 2001 Project Approved Deployment Milestone – predates approval October ESnet Support team builds out 3 emergency servers for Project Quick survey of Potential user requirements No R&D could be done Deployment was needed immediately DOESG Subordinate Root CA on line November 2001 January 15, 2002 start issuing “Hand Minted” certificates to initial users February - First authenticated transatlantic transactions using DOESG certificates

3 PKI achievements Policy Management Authority Initial PMA, currently 14 members. Membership consists of RA agents and Project leads. DOESG Virtual Organizations and Sites supported PPDG Doug Olsen (LBL), Ruth Pordes (FNAL) NFC Mary Thompson (LBL) PNNL Scott Studham ORNL Kasidit Chanchio ANL John Volmer NERSC Steve Lau, Steve Chan PPDG setting the pace First Registration Authority Agent First Trans Atlantic use of certificates with European Data Grid member European Data Grid Broad acceptance by their PKI working group Actively working with them on: PKI requirements, Certificate Policies and Directory

4 PKI achievements 2 Community acceptance of Architecture Single Certificate Policy Global Certificate Authority Distributed Registration Managers Iplanet CMS was correct choice for our community. Other International efforts Grid Forum Security and Information services WGs. Our experience is refining the Globus’ Grid Security Infrastructure implementation.

5 European Data Grid Efforts DataGrid project funded by EU Next Generation Computing infrastructure… Test Beds are under Work Package 6 Test Bed 2 scheduled for summer DataGrid CA managers CERN, Czech Republic, France, Ireland, Italy, Netherlands, Nordic countries, Portugal, Russia, Spain, UK, and now DOESG

6 Architecture for 5/15/02 deployment ESnet Root CA Shadow Dir Public CM PPNL RM NERSC RM Community RM Shadow CA Dev RM Dev DirDev CM Public Dir Production ServersDevelopment Servers CM: Certificate Manager RM: Registration Manager Dir: LDAP based Directory

7 ESnet’s PKI Server security

8 Secure cabinets - NTSG design Monitoring Cabinet Status, Cabinet Access Power conditions Environmental NOC reporting 7/24 Access monitoring User pin codes Event times Web based management Relational DB logging and audit trail.


Download ppt "ESnet PKI Developed for the DOE Science Grid and SciDAC."

Similar presentations


Ads by Google