Glenna/WeeklyMeet-2016-03-03
Agenda & Minutes
Meeting 03rd of March at 12:00-13:00CET
Present: Dan, Daniel, Uwe Absent:
Channels: Google Hangouts: https://plus.google.com/hangouts/_/g4g5nyl5glc66wqgbqk4yjvb4ua
Live minutes at: https://docs.google.com/document/d/1Bj6I7osw0P_I14GiNlesqBA2ARIRXMOytBxLPmAsFJY/edit
1. Review of last meeting
2. Action points - progress & issues
- AP: Dan to send out cloud security questionnaire to centers (Daniel toi send out UH Sky questions)
- AP: Daniel consider Glenna architecture
- AP: Dan & Uwe image repositories
- AP: Dan investigate Pouta Blueprints inclusion into Glenna
- AP: Daniel: Cloud Controls Matrix v3.0.1 EGI
3. Todays topics - issues to discuss:
- Daniel to start working on T3.5.
T3.5 - Security Analysis, Test and Evaluation. This task will carry out the necessary analysis, testing and evaluation of the security mechanisms for Glenna.
Daniel: Evaluation of the services. Daniel: data.deic.dk what mechanism are they using to protect the data. Federated access, each user authenticates through Kalmar2. Evaluate if that line of communication is secure or not. Identify state of the art of federated authentication. For the data what type of encryption.
T3.5. document 1) to contain general discussion on federated access. 2) the list of measures needed for Glenna services to be connected to Kalmar2 3) Q: how are users blacklisted in Kalmar2? Q: should "everyone" have access to all resources, and if not how do we limit access in the current architecture? acceptable user policy policy document from EGI FEDCLOUD: Daniel to adapt that for Glenna
Adapt questionnaire for 1) IaaS and 2) datacloud and send out to 1) Finland (CSC) and Sweden (Uppsala) Norway (UH Sky) 2) Denmark (DeIC) and Iceland (UI)
Daniel has made a Google forms doc at: https://docs.google.com/forms/d/1ImwkmZhGfOyId2-SlXPbLJIAyt2CCfkCRrkMcPiiiFY/viewform?edit_requested=true
Dan to send out questionnaire
AP Daniel will make a new picture indicating that identification will be user centered and not portal centered.
T3.3 - Controlling Access in Virtual Infrastructures. access control for the core Glenna infrastructure. It includes secure access to virtual machines and technologies for securing hypervisor and guest OS:s.
AP on Dan: remove "access control for the core Glenna infrastructure." from task 3.3. headline
Cut down version at: https://wiki.neic.no/w/int/img_auth.php/a/ac/WP3_Subtask_3.3.doc
and see how we could adapt to Task3.3 and the infrastructures in Glenna
Discussion on project vs groups in OpenStack. Define mechanism how resources within that group will be accessed.
Daniels table of contents
https://drive.google.com/file/d/0B8xY37few2BZaGFpcW4tbVlRS1E/view?usp=drive_web
Redhat Enterprise Linux 7 Virtualization Security Guide ENISA: Cloud Security Guide for SMEs CSA: Security Guidance for Critical Areas of Focus in Cloud Computing
- Uwe on image bakery: snapshots can be converted to loadable images (need to be cleaned up)
- include OpenFoam, Chipster image
Daniel attended CSA Congress EMEA 2015 Nov 17-19
- safe harbor agreement ends December last 2015
- iso 27018 AWS and Azure, Dropbox are certified, fits for cloud security but very difficult to get certified.
one of the requirements is that the physical location of the datacenter must be disclosed to the client
4. Any other business
5. Next meeting