General design and security risk review for transitioning XSEDE JIRA to an upgraded version for expanded use in XSEDE 2.
- (Jay) Staff members should be able to create issues
- Changed text to "Each XSEDE staff member will be able to create, view, and manage their assigned activities in all of their funded project areas using JIRA."
- (Jay) ESTEO and Training can help develop training materials.
- Changed text to "This training module will be developed by XSEDE project management with help from ESTEO and Training."
- (Karla) Suggested changing PM requirement to "Each XSEDE PM will have the ability to create and manage activities for their area."
- Consolidated requirements and distinguished difference from staff members to "Each XSEDE L2 manager, L3 manager, and project manager will have administrative access for the projects in their area."
- (Dave) What about Confluence?
- Added sentence "This document specifically precludes inclusion of Atlassian Confluence for the XSEDE 2 Staff Wiki, which will be addressed in a separate activity and design document. "
- (JP) Provide details on MySQL replication/failover
- Revised text in F.1 to "A script will be developed to detect when the primary JIRA service has been unavailable at least 15 minutes. At that point, replication will be shut off (to prevent further updates from the primary if it is partially available) and the backup JIRA server will be started up using the latest database replica. When the backup server is up, the DNS server will be automatically updated to point the jira.dyn.xsede.org name to the backup server (using Shava Smallen’s key provided by XSEDE networking). This script will be based on one used to manage Inca’s primary and backup servers."
- (JP) Add requirement of MySQL ports need to be accessible from software.xsede.org and software2.xsede.org
- Added sentence "MySQL ports need to be open to software.xsede.org and its replacement software2.xsede.org" to F.1 and F.2 Also added sentence to E.2.7, "The MySQL ports need to be accessible from software.xsede.org and software2.xsede.org (for SD&I read-only views)."
Review Output Documents (Final)
Review Input Documents
- Does the described user behavior address known user requirements?
- Is ownership of administrative and support responsibilities spelled out so that they satisfy service availability and support needs?
- Are administrative procedures secure and mitigate risk appropriately?
- Are the service interfaces secure enough?
ScheduleCurrent Date: 2019-06-26
Current Status: Closed (Design and Security Review)
|Target Date||Actual Date||Activity Milestone|
|2016-05-03||Review launch date|
|2016-05-13||2016-05-17||Written feedback due (Reviewers)|
|2016-05-18||2016-05-17||Written response date (Review Material Developers)|
|2016-05-20||2016-05-17||Final approval due and completion date (Reviewers)|
Review Last Updated: 2016-05-17 12:37 pm
If you are a reviewer, please login to sign or withdraw from this review.
- Jay Alameda
SIGNED: 2016-05-11 13:37
- Karla Gendler
SIGNED: 2016-05-16 14:39
- JP Navarro
SIGNED: 2016-05-16 14:20
- Maytal Dahan
- David Hart
SIGNED: 2016-05-11 11:01
- Victor Hazlewood
- David Lifka
SIGNED: 2016-05-11 10:33
- Marlon Pierce
- Tabitha Samuel
- Amy Schuele
Review Material Developers