General design and security risk review for migrating XSEDE Information Services to the AWS platform.
Most important DSR feedback that was addressed in the design/security description:
- The document should also reference user and service provider facing information services use cases
- Provide more detailed XSEDE operational and security requirements information
- Move design details from E. Design Considerations to F. System Architecture and Design
- Need more detailed requirements in sections E.2.2, E.2.4, E.2.8, and E.2.7.
- Make sure services comply with XSEDE's two-factor authentication (2FA) requirements for administrative accounts and privilege escalation
- Try to make it possible for SysOps to apply emergency updates if necessary
- Name servers by role, and not based on the fact that XCI provisions or supports them (specifically rename xci-awsadmin to awsadmin.xsede.org)
- Remove references to Nagios monitoring data
- Mention Jetstream's role as a failover node
Review Output Documents (Final)
Review Input Documents
Please focus on these questions:
- Is administrator access to the AWS console, Ansible configurations, and individual AWS instances and services managed appropriately?
- Are application protocols and interfaces secured appropriately?
- Are configurations managed appropriately?
- Are there any important missing configuration items?
- Are relevant XSEDE security policies and best practices followed?
- Are the services operated in a secure way and are the procedures appropriate to deal with planned and unplanned outages and unplanned incidents?
ScheduleCurrent Date: 2019-01-18
Current Status: Closed (Design and Security Review)
|Target Date||Actual Date||Activity Milestone|
|2018-12-04||Review launch date|
|2018-12-13||Written feedback due (Reviewers)|
|2018-12-17||2018-12-21||Written response date (Review Material Developers)|
|2018-12-18||2018-12-21||Final approval due and completion date (Reviewers)|
Review Last Updated: 2019-01-10 10:55 am
If you are a reviewer, please login to sign or withdraw from this review.
- Gary Rogers
VIEWED: 2019-01-04 14:02
SIGNED: 2019-01-04 14:02
- Shava Smallen
VIEWED: 2019-01-10 10:56
SIGNED: 2018-12-21 14:31
- Jim Basney
- Victor Hazlewood
- Lee Liming
VIEWED: 2018-12-04 11:53
- Jim Marsteller
Review Material Developers