Changes between Version 2 and Version 3 of SecurityTeam/Agenda/Agenda11.08.06


Ignore:
Timestamp:
09/08/06 12:00:01 (13 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SecurityTeam/Agenda/Agenda11.08.06

    v2 v3  
    1 == Meeting Agenda 11 August 2006 - NDG Security Configuration at the BODC == 
     1== Agenda 9.30 11 August 2006 @ BODC - NDG Security Configuration at the BODC == 
    22 
    33=== Aims === 
    4 Determine the system configuration for all the NDG Security components at the BODC:  To migrate from the current prototype configuration on livglue toward a more production like setup.  This takes into account the new arrangement of the Livgrid servers as follows: 
    5  
    6  * LIVGRID2 - NDG DEVELOPMENT SERVER 
    7  * LIVGRID1 - NDG PRODUCTION SERVER (http://grid.bodc.nerc.ac.uk). 
     4 * Determine the system configuration for all the NDG Security components at the BODC 
     5 * To migrate from the current prototype configuration on livglue to the Alpha version.   
     6 * Take into account the new arrangement of the Livgrid servers as follows: 
     7   * LIVGRID2 - NDG DEVELOPMENT SERVER 
     8   * LIVGRID1 - NDG PRODUCTION SERVER (http://grid.bodc.nerc.ac.uk). 
    89 
    910=== Agenda === 
    10  1. Review of NDG Security 
    11    * What are the Components and which of these do you need to deploy at the BODC? e.g. !MyProxy, Session Manager Web Service, Attribute Authority Web Service etc. See Use Case [wiki:SecurityTeam/UseCases/DataProviderDeployment] 
    12  1. !MyProxy Server 
    13    * suitable host 
    14    * Location of Certificates on host 
    15    * firewall considerations 
    16    * Requirement for minimal services running on that machine. 
    17    * User/group permissions for installation and configuration. 
    18    * Automated start up from boot: xinetd or SysV Init script 
    19    * Any other security issues or measures to be taken to secure host ... 
    20  1. Session Manager Web Service 
    21    * suitable host 
    22    * firewall considerations 
    23    * Interface to !MyProxy - considerations for this  
    24    * Interface to the Credential Repository 
    25  1. Attribute Authority Web Service 
    26    * suitable host 
    27    * firewall considerations 
    28    * User Roles Interface to Oracle Database  
    29  1. Migration from LIVGLUE TO LIVGRID2. 
    30    * Services running on LIVGLUE, Delete/uninstall NDG-Security s/w on LIVGLUE and build everything from scratch 
     11 1. '''Review of NDG Security''' 
     12 1. '''Data Provider Deployment Use Case''' [wiki:SecurityTeam/UseCases/DataProviderDeployment] 
     13 1. '''Components for Configuration''' 
     14   1. !MyProxy Server 
     15     * suitable host 
     16     * Location of Certificates on host 
     17     * firewall considerations 
     18     * Requirement for minimal services running on that machine. 
     19     * User/group permissions for installation and configuration. 
     20     * Automated start up from boot: xinetd or SysV Init script 
     21     * Any other security issues or measures to be taken to secure host ... 
     22   1. Session Manager Web Service 
     23     * suitable host 
     24     * firewall considerations 
     25     * Interface to !MyProxy - considerations for this  
     26     * Interface to the Credential Repository 
     27   1. Attribute Authority Web Service 
     28     * suitable host 
     29     * firewall considerations 
     30     * User Roles Interface to Oracle Database   
     31   1. Login CGI Service 
     32   1. [Logging Web Service] 
     33   1. [Gatekeeper Web Service]   
     34   1. Miscellaneous: 
     35     * Use of NTP to synchronise clocks of hosts running security services 
     36     * Web Server - https, cgi scripts and WSDL files 
     37 1. '''Migration from LIVGLUE TO LIVGRID2.''' 
     38   * Services running on LIVGLUE, Uninstall NDG-Security s/w on LIVGLUE and build everything from scratch on new target hosts 
    3139   * Installing NDG-Security Software on LIVGRID2. 
    3240   * User/group permissions for installation and configuration 
    33    * LIVGRID1 will be NDG-Production Server (http://grid.bodc.nerc.ac.uk).  All NDG requests will be routed to this Machine.    
    34  1. Migrating Credential Repository database from MySQL to Oracle. 
    35     * What is the Credential Repository and what does it do? 
    36     * Creation of Database tables under BODC Oracle Server.  Q. Before or after migrating to new Development Server? 
    37     * New custom Python class for BODC Oracle db interface to NDG Security Credential Wallet 
     41   * LIVGRID1 will be NDG-Production Server (http://grid.bodc.nerc.ac.uk).   
     42 1. '''Migrating Credential Repository database from MySQL to Oracle.''' 
     43   * What is the Credential Repository and what does it do? 
     44   * Creation of Database tables under BODC Oracle Server.  Q. Before or after migrating to new Development Server? 
     45   * New custom Python class for BODC Oracle db interface to NDG Security Credential Wallet