Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Progress of SAGrid CA Presenter: Tarirai Chani.

Published byEsther Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Progress of SAGrid CA Presenter: Tarirai Chani."— Presentation transcript:

1 1 Progress of SAGrid CA Presenter: Tarirai Chani

2 2 Table of Contents Background The South African Grid (SAGrid) Initiative The Plan to Establishing a CA Progress to date Near future goals Conclusion

3 3 First, some background on the context : Council for Scientific and Industrial Research – (CSIR) http://www.csir.co.za http://www.csir.co.za Tarirai Chani Zimbabwean BSc. Hons & Msc. Computer Science Joined CSIR Jan 2009 Research interests: Grid SLAs, web services, PKI CSIR in South Africa is one of the leading scientific and technology research, development and implementation organizations in Africa It undertakes directed research and development for socio- economic growth CSIR has within it, different operational centers e.g. Laser Technology, Defense Peace Safety & Security (DPSS), Build Environment, Meraka etc Each of these centers of CSIR has its competency area

4 4 Who We Are – The Meraka Institute http://www.meraka.org.za http://www.meraka.org.za The Meraka Institute is a unit of the CSIR National strategic initiative that addresses three critical areas in information and communication technology (ICT):  Human capital development (HCD) in ICT forms a critical thread throughout the Institute’s activities and ensures continued development, growth and sustainability  Innovation in ICT that leads to applications able to address development challenges facing South Africa, the continent and the developing world  Advanced technology research that enables indigenous ICT leadership, through critical mass and focus on ICT research and development. Location: Pretoria, South Africa

5 5 PRETORIA, SOUTH AFRICA

6 6 “interested/under discussion”” Core services CERN/GILDA WISDOM SAGrid Network Topology

7 7 South Africa Embarks on a National Grid www.sagrid.ac.za www.sagrid.ac.za Providers of computing resources have organized themselves into a federation and have agreed to collaborate based on a joint research unit (JRU) The South African National Compute Grid (SAGrid) is to be set along the lines of EGEE/EGI This single infrastructure will be secured and managed by a single CA The SAGrid CA needs to be accredited by the PMA to gain: International projects and collaboration International trust amongst users and resource providers

8 8 SAGrid Website

9 9 INDICO Website (Events Manager)

10 10 Screenshot SAGrid Wiki

11 11 Choice of PMA Africa is not in the IGTF constituency We chose EUGridPMA accreditation

12 12 Then Need for a Relevant CA in South Africa South Africa harbors CAs, that have been established based on South Africa’s Electronic Communications and Transactions Act, 2002, The scientific research community lacks a single CA  However this CA would not subject to SA’s ECT Act, 2002 The lack of a CA for the scientific research community prompted Meraka to establish one  Meraka initiating the establishment of a CA since the SAGrid is coordinated from Meraka  Meraka working in close collaboration with the Information Security Group of CSIR. Meraka is undertaking to implement the cyber-infrastructure program which includes managing:  The Centre for High Performance Computing – www.chpc.co.za  South African National Research Network (SANReN) - the national backbone network  South African Center for Very Large Datasets Initiative (by CHPC) SAGrid is a key component in the integration of these initiatives, together with similar resources from the rest of the federation

13 13 Status Quo Activities started June 2008 Currently in South Africa, grid resource usage/access is based on certificates issued by the Italian National Institute of Nuclear Physics (INFN) CA South Africa has an agreement with INFN hence current certificate issuance, renewal, revocation etc is based on the INFN policy Few RAs have been instated at designated sites to service the nearby users  https://security.fi.infn.it/CA/en/RA/

14 14 Road to Accreditation Registering with EUGridPMA  Requesting membership to EUGridPMA  Joining mailing list Drafting and presenting acceptable CP/CPS  Choice of CA Software  Releasing CP/CPS to public for comments  Detailed review of CP/CPS by appointed PMA reviewers  Face-to-face presentation of CP/CPS to EUGridPMA Registration Process Acceptance Modifications A timeline was set as a road map towards accreditationtimeline

15 15 Road to Accreditation Registering with EUGridPMA  Requesting membership to EUGridPMA  Joining mailing list Drafting and presenting acceptable CP/CPS  Choice of CA Software  Releasing CP/CPS to public for comments  Detailed review of CP/CPS by appointed PMA reviewers  Face-to-face presentation of CP/CPS to EUGridPMA Registration Process Acceptance Modifications A timeline was set as a road map towards accreditationtimeline

16 16 Progress to Date – CP/CPS The drafting of the CP/CPS currently underway Under active collaboration with Information Security group of Meraka. Achieved tasks of drafting CP/CPS  Get OID – The OID has already been obtained  Get Reviewers – Reviewers have been allocated Jens Jensen – Uk e-Science Grid CA Willy Weisz – AustrianGrid CA Roberto Cecchini – INFN CA  Write a CP/CPS – A draft has been compiled which is under initial review stages Our CP/CPS has been inspired by CA CP/CPSs from INFN, UK e-Science Grid, AustrianGrid, CNRS GRID2- FR, DucthGrid and NIKHEF and BYGCA Pending tasks of drafting CP/CPS

17 17 Road to Accreditation Registering with EUGridPMA  Requesting membership to EUGridPMA  Joining mailing list Drafting and presenting acceptable CP/CPS  Choice of CA Software  Releasing CP/CPS to public for comments  Detailed review of CP/CPS by appointed PMA reviewers  Face-to-face presentation of CP/CPS to EUGridPMA Registration Process Acceptance Modifications A timeline was set as a road map towards accreditationtimeline

18 18 Progress to date - Implementation Location for installing production quality implementation identified We chose OpenCA after short investigation because:  OpenCA is open source - Security, Modularity, Stand-alone, Easy to extend, Many add-ons, supportive mailing list Currently we have successfully installed a test implementation of OpenCA on a virtual environment  To identify gaps in our knowledge and to find out if our CA practice mirrors what we have in CP/CPS Completed Tasks - what has been achieved with regards to implementation  Test Installation of OpenCA on virtual machine complete for the CA testing  Simulation RAs appointed  Simulation of certificate issuance practice to commence Pending Tasks – what is yet to be achieved with regards to implementation

19 19 Open Issues – CA Implementation Integration of OpenCA with Public-facing SAGrid CA website Documentation of CA Procedures Certificate lifecycle Exhaustive list of requirements of the production version of PKI Infrastructure Detailed plans for migration from INFN CA Certs to SAGrid CA certs.

20 20 Road to Accreditation Registering with EUGridPMA  Requesting membership to EUGridPMA  Joining mailing list Drafting and presenting acceptable CP/CPS  Choice of CA Software  Releasing CP/CPS to public for comments  Detailed review of CP/CPS by appointed PMA reviewers  Face-to-face presentation of CP/CPS to EUGridPMA Registration Process Acceptance Modifications A timeline was set as a road map towards accreditation

21 21 Road to Accreditation Registering with EUGridPMA  Requesting membership to EUGridPMA  Joining mailing list Drafting and presenting acceptable CP/CPSCP/CPS  Choice of CA SoftwareCA Software  Releasing CP/CPS to public for comments  Detailed review of CP/CPS by appointed PMA reviewers  Face-to-face presentation of CP/CPS to EUGridPMA Registration Process Acceptance Modifications A timeline was set as a road map towards accreditation

22 22 Timeline

23 23 TO DO Clear and detailed definition of certificate lifecycle  Completion dependent on test implementation and simulations to be conducted on it fine-tuning the CP/CPS to reflect actual CA practices Actual implementation of the production CA  Discussions underway with management of host site at CSIR computing centre. In parallel implementations of OpenCA on virtual infrastructure  Physical setup of the site, to respect security issues of CP/CPS to be clarified in concert with site administrators.

24 24 Placement of Production SAGrid CA

25 25 Conclusion SA needs a CA for scientific research community Meraka taken up the task to establish CA and is following IGTF guidelines to being accredited by EUGridPMA Some of the EUGridPMA minimum requirements for accreditation are underway while others still need to be worked on. Steps to accreditation being taken Accreditation of SAGrid CA now targeted for next PMA meeting.

26 26 THANK YOU

Download ppt "1 Progress of SAGrid CA Presenter: Tarirai Chani."

Similar presentations

Intisar O. Hussien Faculty of Computer Studies Arab Open University

Intisar O. Hussien Faculty of Computer Studies Arab Open University
Steps towards E-Government in Syria

Steps towards E-Government in Syria
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Standardization Framework (Myanmar) Ye Yint Win President Myanmar Computer Professionals Association Chair-Standardization Committee, Myanmar Computer.

Standardization Framework (Myanmar) Ye Yint Win President Myanmar Computer Professionals Association Chair-Standardization Committee, Myanmar Computer.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
23 June 20081 Strategy Proposal Heinz Stockinger on behalf of the Executive Board SwiNG Assembly Meeting Berne, 23 June 2008.

23 June Strategy Proposal Heinz Stockinger on behalf of the Executive Board SwiNG Assembly Meeting Berne, 23 June 2008.
College Strategic Plan by Strategic Planning and Quality Assurance Committee.

College Strategic Plan by Strategic Planning and Quality Assurance Committee.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE-III Program of Work Erwin Laure EGEE-II / EGEE-III Transition Meeting CERN,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE-III Program of Work Erwin Laure EGEE-II / EGEE-III Transition Meeting CERN,
TTBIZLINK PROJECT MINISTRY OF TRADE, INDUSTRY, INVESTMENT & COMMUNICATIONS.

TTBIZLINK PROJECT MINISTRY OF TRADE, INDUSTRY, INVESTMENT & COMMUNICATIONS.
© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working Vale of Glamorgan Council Final Report- July 2008.

© Grant Thornton UK LLP. All rights reserved. Review of Partnership Working Vale of Glamorgan Council Final Report- July 2008.
Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA

Tweaking the Certificate Lifecycle for the UK eScience CA John Kewley NGS Support Centre Manager & Service Manager for the UK e-Science CA
1 European policies for e- Infrastructures Belarus-Poland NREN cross-border link inauguration event Minsk, 9 November 2010 Jean-Luc Dorel European Commission.

1 European policies for e- Infrastructures Belarus-Poland NREN cross-border link inauguration event Minsk, 9 November 2010 Jean-Luc Dorel European Commission.
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, 15 2006 Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks C. Loomis (CNRS/LAL) M.-E. Bégin (SixSq.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks C. Loomis (CNRS/LAL) M.-E. Bégin (SixSq.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Steven Newhouse EGEE’s plans for transition.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Steven Newhouse EGEE’s plans for transition.
HEPKI-PAG Policy Activities Group David L. Wasley University of California.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.
Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.

Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.
E-Learning Africa 2010 3 rd Ministerial Round Table Leadership for Creating Inclusive Education Systems: The Role of ICTs Mulungushi International Conference.

E-Learning Africa rd Ministerial Round Table Leadership for Creating Inclusive Education Systems: The Role of ICTs Mulungushi International Conference.

Similar presentations

Ads by Google