1. Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable

2. UK ISP based in Berkshire ISO 27001 Certified OpenStack Developers (started on the Bexar release) Developing Certification Process for Commercial Resource Centres with EGI Who are 100 Percent IT?

3. Why 100 Percent IT joined the EGI A commercial perspective on the EGI Federation The certification process Why a Commercial Provider should Join the Academic Cloud Federation

4. Rigorous testing Certification process Long term commercial benefit Why 100 Percent IT Joined the EGI

5. Ultra reliable, high availability design Persistent storage Independent, scalable resources Secure Automatic back up and DR The 100 Percent IT Cloud

6. Transparent Market Place Improved Service and SLAs A Commercial Perspective on the EGI

7. Operations Legal Technical The Certification Process

8. The Resource Centre needs to agree to: 1.Resource Centre Operational Level Agreement - the minimum set of operational services and the respective quality parameters that a Resource Centre is required to provide in EGI (12 pages) 2.Grid Security Policy - Policy regulating those activities of Grid participants related to the security of Grid services and resources (11 pages) 3.Grid Acceptable Use Policy (5 pages) 4.Service Operations Security Policy - the conditions that apply to anyone running a Service on the Infrastructure, or to anyone providing a Service that is part of the Infrastructure (8 pages) 5.Security Policy for the Endorsement and Operation of Virtual Machine Images (10 pages) 6.Grid Security Traceability and Logging Policy (5 pages) 7.Security Incident Response Policy - policy and responsibilities for handling security incidents affecting the Grid (5 pages) 8.Policy on Grid Multi-User Pilot Jobs (6 pages) 9.Grid Policy on the Handling of User-Level Job Accounting Data - the minimum requirements and policy framework for the handling of user-level accounting data created, stored, transmitted, processed and analysed as a result of the execution of jobs on the Grid (8 pages) 10.Approval of Certification Authorities - the procedure by which the list of trusted Certification Authorities for use in EGI should be created and maintained (5 pages) 11.EGI Security Incident Handling Procedure (17 pages) 12.EGI Software Vulnerability Issue Handling Procedure (30 pages) 13.EGI-CSIRT Critical Vulnerability Operational Procedure (17 pages) 14.Grid Site Operations Policy - conditions that have to be agreed during registration and participation of a Site in the Grid (5 pages) 15.Site Registration Security Policy - set of security-related responsibilities placed on the Grid implementing a procedure to register a Site with the Grid, and on the Site and its managers (5 pages) The Resource Centre then needs to: 1.Assign a Site Administrator – they are responsible for keeping the site operational. In the scope of Operations, site administrators primarily receive and react on notification of one or more incidents at their site. They will also need to react to security issues that are at a global level, but affect their site. 2.Assign a Site Operations Manager – they are responsible for the site at the political and legal level. 3.Assign a Site Security Officer – they are responsible for keeping the site compliant with the Security policies plus act as the primary contact for the NGI Security officer and EGI CSIRT. 4.Obtain a Grid Certificate and a number of Host Certificates. This involves taking your passport to the nearest Certificate signing centre. 5.Install the X509 certificate in a browser to perform the next steps. 6.Join the DTEAM Virtual Organisation 7.Request GOCDB access 8.Request the appropriate roles for the GOCDB account Setup GOCDB account with site details Register with GGUS to enable support requests to be tracked Subscribe to the appropriate mailing lists The Process To Register new Resource Centre

9. The Technical Steps to Certification 1.Setup the EGI Cloud Information BDII 2.Setup the OCCI-API 3.Update the OCCI-API 4.Package the OCCI-API 5.Update EGI’s Nagios 6.Set up the EGI Cloud Accounting system 7.Set up cryptographic signing 8.Set up detailed logging 9.Penetration testing

10. The End Result

11. Setting up a virtual server in the 100 Percent IT EGI Platform - Video

12. Why 100 Percent IT joined the EGI A commercial perspective on the EGI Federation The certification process Why a Commercial Provider should Join the Academic Cloud Federation

13. David Blundell 100 Percent IT Ltd Simple, Flexible, Reliable www.100percentit.com +44 1635 881881 david@100percentit.com http://www.linkedin.com/pub/david-blundell/15/7b9/2b0