Glenna/WeeklyMeet-2016-03-03

From neicext
Jump to navigation Jump to search

Agenda & Minutes

Meeting 03rd of March at 12:00-13:00CET

Present: Dan, Daniel, Uwe Absent:

Channels: Google Hangouts: https://plus.google.com/hangouts/_/g4g5nyl5glc66wqgbqk4yjvb4ua

Live minutes at: https://docs.google.com/document/d/1Bj6I7osw0P_I14GiNlesqBA2ARIRXMOytBxLPmAsFJY/edit

1. Review of last meeting

2. Action points - progress & issues

  • AP: Dan to send out cloud security questionnaire to centers (Daniel toi send out UH Sky questions)
  • AP: Daniel consider Glenna architecture
  • AP: Dan & Uwe image repositories
  • AP: Dan investigate Pouta Blueprints inclusion into Glenna
  • AP: Daniel: Cloud Controls Matrix v3.0.1 EGI

3. Todays topics - issues to discuss:


  • Daniel to start working on T3.5.

T3.5 - Security Analysis, Test and Evaluation. This task will carry out the necessary analysis, testing and evaluation of the security mechanisms for Glenna.

Daniel: Evaluation of the services. Daniel: data.deic.dk what mechanism are they using to protect the data. Federated access, each user authenticates through Kalmar2. Evaluate if that line of communication is secure or not. Identify state of the art of federated authentication. For the data what type of encryption.

T3.5. document 1) to contain general discussion on federated access. 2) the list of measures needed for Glenna services to be connected to Kalmar2 3) Q: how are users blacklisted in Kalmar2? Q: should "everyone" have access to all resources, and if not how do we limit access in the current architecture? acceptable user policy policy document from EGI FEDCLOUD: Daniel to adapt that for Glenna

Adapt questionnaire for 1) IaaS and 2) datacloud and send out to 1) Finland (CSC) and Sweden (Uppsala) Norway (UH Sky) 2) Denmark (DeIC) and Iceland (UI)

Daniel has made a Google forms doc at: https://docs.google.com/forms/d/1ImwkmZhGfOyId2-SlXPbLJIAyt2CCfkCRrkMcPiiiFY/viewform?edit_requested=true

Dan to send out questionnaire


AP Daniel will make a new picture indicating that identification will be user centered and not portal centered.

T3.3 - Controlling Access in Virtual Infrastructures. access control for the core Glenna infrastructure. It includes secure access to virtual machines and technologies for securing hypervisor and guest OS:s.

AP on Dan: remove "access control for the core Glenna infrastructure." from task 3.3. headline

AP on Daniel: Consult https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwib7anQyuDKAhXMBywKHaORA54QFggcMAA&url=http%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fnistpubs%2F800-125%2FSP800-125-final.pdf&usg=AFQjCNHTZ_FdjjypG3mn3-7Aez4X17oUjQ&bvm=bv.113370389,d.bGg&cad=rja

Cut down version at: https://wiki.neic.no/w/int/img_auth.php/a/ac/WP3_Subtask_3.3.doc

and see how we could adapt to Task3.3 and the infrastructures in Glenna

Discussion on project vs groups in OpenStack. Define mechanism how resources within that group will be accessed.


Daniels table of contents

https://drive.google.com/file/d/0B8xY37few2BZaGFpcW4tbVlRS1E/view?usp=drive_web

Redhat Enterprise Linux 7 Virtualization Security Guide ENISA: Cloud Security Guide for SMEs CSA: Security Guidance for Critical Areas of Focus in Cloud Computing

  • Uwe on image bakery: snapshots can be converted to loadable images (need to be cleaned up)
  • include OpenFoam, Chipster image


Daniel attended CSA Congress EMEA 2015 Nov 17-19

  • safe harbor agreement ends December last 2015
  • iso 27018 AWS and Azure, Dropbox are certified, fits for cloud security but very difficult to get certified.

one of the requirements is that the physical location of the datacenter must be disclosed to the client


4. Any other business



5. Next meeting