Skip to content Skip to navigation

REVIEW-66: XCI-73 Upgrade information services to leverage the AWS platform

Overview

General design and security risk review for migrating XSEDE Information Services to the AWS platform.

Review Summary

Most important DSR feedback that was addressed in the design/security description:

  • The document should also reference user and service provider facing information services use cases
  • Provide more detailed XSEDE operational and security requirements information
  • Move design details from E. Design Considerations to F. System Architecture and Design
  • Need more detailed requirements in sections E.2.2, E.2.4, E.2.8, and E.2.7.
  • Make sure services comply with XSEDE's two-factor authentication (2FA) requirements for administrative accounts and privilege escalation
  • Try to  make it possible for SysOps to apply emergency updates if necessary
  • Name servers by role, and not based on the fact that XCI provisions or supports them (specifically rename xci-awsadmin to awsadmin.xsede.org)
  • Remove references to Nagios monitoring data
  • Mention Jetstream's role as a failover node

Review Output Documents (Final)

XCI-073_AWS_Information_Services_Design-v0.3.pdf

Review Input Documents

XCI-073_AWS_Information_Services_Design-v0.2.pdf

Review Criteria

Please focus on these questions:

  1. Is administrator access to the AWS console, Ansible configurations, and individual AWS instances and services managed appropriately?
  2. Are application protocols and interfaces secured appropriately?
  3. Are configurations managed appropriately?
  4. Are there any important missing configuration items?
  5. Are relevant XSEDE security policies and best practices followed?
  6. Are the services operated in a secure way and are the procedures appropriate to deal with planned and unplanned outages and unplanned incidents?

Schedule

Current Date: 2019-03-18
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2018-12-04 Review launch date
2018-12-13 Written feedback due (Reviewers)
2018-12-17 2018-12-21 Written response date (Review Material Developers)
2018-12-18 2018-12-21 Final approval due and completion date (Reviewers)
Review Created: 2018-12-03 3:19 pm
Review Last Updated: 2019-01-10 10:55 am

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • Gary Rogers
    VIEWED: 2019-01-04 14:02
    SIGNED: 2019-01-04 14:02
  • Shava Smallen
    VIEWED: 2019-01-10 10:56
    SIGNED: 2018-12-21 14:31

Optional

  • Jim Basney
  • Victor Hazlewood
  • Lee Liming
    VIEWED: 2018-12-04 11:53
  • Jim Marsteller

Review Material Developers

Eric Blau
JP Navarro

Review Facilitator

Shava Smallen

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.