Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Draft Security Virtualisation Policy (for Romain Wartel – CERN) EGI Technical.

Published byDebra Ryan Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Draft Security Virtualisation Policy (for Romain Wartel – CERN) EGI Technical."— Presentation transcript:

1 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Draft Security Virtualisation Policy (for Romain Wartel – CERN) EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL

2 www.egi.eu EGI-InSPIRE RI-261323 New policy Draft Security Policy for the Endorsement and Operation of Virtual Machine Images SPG editorial team leader: Romain Wartel, CERN https://documents.egi.eu/document/771 Now under external review –Comments invited by 28 Sep 2011 –spg-discuss AT mailman DOT egi DOT eu 21 Sep 2010 Kelsey/ SPG Virtualisation2

3 www.egi.eu EGI-InSPIRE RI-261323 Aims of policy Growing demand for EGI to use Virtual services, e.g. VRCs running their services Several different roles re VM images –Producer –Endorser –Operator How do we build trust such that Resource Centres will allow VM images to be instantiated? 21 Sep 2010 Kelsey/ SPG Virtualisation3

4 www.egi.eu EGI-InSPIRE RI-261323 HEPiX Virtualisation Working Group Virtual Grid worker nodes Transparent to end user –Same as payload running on real WN –Same access to local trusted services Producer and Endorser do not have root access to running VM images Endorser maintains signed list of endorsed images Draft security policy https://edms.cern.ch/document/1080777 21 Sep 2010 Kelsey/ SPG Virtualisation4

5 www.egi.eu EGI-InSPIRE RI-261323 EGI security policy Build on the earlier work of HEPiX Include more use cases Place responsibilities on the VM operator as well as the VM endorser Policy which also works with the StratusLab VM Marketplace –registry of images 21 Sep 2010 Kelsey/ SPG Virtualisation5

6 www.egi.eu EGI-InSPIRE RI-261323 Use cases VM endorserVM operator Use case 1Local resource centre Use case 2External 3 rd partyLocal resource centre Use case 3External 3 rd party 21 Sep 2010 Kelsey/ SPG Virtualisation6 Use case 1: Users do not see virtualisation – no extra policy requirements Use case 2: Trust relationship between RC and Endorser Use case 3: Trust relationships between RC and VM Operator and between VM Operator and Endorser Note – this policy does not address the Cloud Provider model – end users able to submit their own images which then run inside a tightly controlled and sandboxed environment

7 www.egi.eu EGI-InSPIRE RI-261323 Show actual text https://documents.egi.eu/document/771 21 Sep 2010 Kelsey/ SPG Virtualisation7

8 www.egi.eu EGI-InSPIRE RI-261323 Discussion? 21 Sep 2010 Kelsey/ SPG Virtualisation8

Download ppt "Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Draft Security Virtualisation Policy (for Romain Wartel – CERN) EGI Technical."

Similar presentations

HEPiX Virtualisation Working Group Status, July 9 th 2010

HEPiX Virtualisation Working Group Status, July 9 th 2010
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Security Policy Group Summary EGI TF David Kelsey 6/28/2015 1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group EGI Technical Forum Sep 2010 David Kelsey.
Www.egi.eu EGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.
David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.

David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.

Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Future Plans T. Ferrari/EGI.eu 1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Future Plans T. Ferrari/EGI.eu 1.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Vision for European DCIs Steven Newhouse Project Director, EGI-InSPIRE 15/09/2010.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Vision for European DCIs Steven Newhouse Project Director, EGI-InSPIRE 15/09/2010.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
WLCG Cloud Traceability Working Group face to face report Ian Collier 11 February 2015.

WLCG Cloud Traceability Working Group face to face report Ian Collier 11 February 2015.
Virtualised Worker Nodes Where are we? What next? Tony Cass GDB 2012 12/12/12.

Virtualised Worker Nodes Where are we? What next? Tony Cass GDB /12/12.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.
Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.

Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Similar presentations

Ads by Google