REVIEW-88: XCI-783 Migrate CILogon web servers to AWS containers - Design/Security Review


The CILogon team plans to migrate the CILogon web servers from NCSA/NICS to the AWS US East (Ohio) Region data center using an AWS account that is managed by the University of Illinois and dedicated to CILogon services. The migration itself is a CILogon project activity, not using XSEDE staff time. Likewise, the AWS costs are covered by CILogon subscription fees, not using XSEDE funds. However, since XSEDE relies on CILogon and provides infrastructure for CILogon (e.g., the Hardware Security Module at NICS), this document provides input for an XSEDE-focused design review and test prior to the CILogon team making the change.
Goals for this migration include:

  1. Replace NCSA/NICS fail-over configuration with AWS Docker Swarm using multiple AWS availability zones.
  2. Migrate CILogon web apps from VMs to containers.
  3. Stop relying on CentOS 6 VMs at NCSA and NICS, which reached end-of-life in November 2020.
  4. Stop relying on the Hardware Security Module at NICS, which is no longer under support contract.
  5. Continue to use the Hardware Security Modules at NCSA, which are under support contract through 2024.

Review Input Documents

Review Criteria

  • Does the new implementation satisfy all XSEDE security service guidelines and standards
  • Does the design and transition plan mitigate risks appropriately
  • Are the user impacts of the change appropriate
  • Are the infrastructure, operations, and licensing costs addressed


Current Date: 2024-04-23
Current Status: Reviewer Feedback (Design and Security Review)
Target Date Actual Date Activity Milestone
  2022-02-16 Review launch date
2022-02-28 Written feedback due (Reviewers)
2022-03-11 Written response date (Review Material Developers)
2022-03-18 Final approval due and completion date (Reviewers)
Review Created: 2022-02-16 1:50 pm
Review Last Updated: 2022-02-16 5:09 pm



If you are a reviewer, please login to sign or withdraw from this review.


  • John-Paul Navarro
    VIEWED: 2022-03-21 18:45
  • Derek Simmel
    VIEWED: 2022-03-02 14:23


  • Lee Liming
  • Gary Rogers
    VIEWED: 2022-02-28 17:53
    SIGNED: 2022-02-28 17:53
  • Shava Smallen
    VIEWED: 2022-02-25 15:19
  • Alexander Withers

Review Material Developers

Jim Basney
Terrence Fleury

Review Facilitator

John-Paul Navarro


Please post your comments using the "New topic" or "Post reply" buttons in the forum below.