1 / 15

SiGNET CA Slovenian Grid Network CA*

SiGNET CA Slovenian Grid Network CA*. Jan Jona Javoršek Jožef Stefan Institute jona.javorsek@ijs.si SLING – Slovenian Initiative for National Grid. Jožef Stefan Institute. http://www.ijs.si/ http://www.sling.si/. … but also. prof. dr. Borut Paul Kerševan , IJS, ATLAS

rklinger
Download Presentation

SiGNET CA Slovenian Grid Network CA*

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SiGNET CASlovenian Grid Network CA* Jan Jona Javoršek Jožef Stefan Institute jona.javorsek@ijs.siSLING – Slovenian Initiative for National Grid Jožef Stefan Institute http://www.ijs.si/ http://www.sling.si/

  2. … but also • prof. dr. Borut Paul Kerševan,IJS, ATLAS • Janez Srakar, IJShttp://signet-ca.ijs.si/

  3. SiGNET CA after 10+ yrs From 2004, current from 2006 old OpenCA 0.96 heavily patched worked-around with scripts modified for modern OpenSSL / SHA2

  4. SiGNET CA after 10+ yrs Deployment: installation needs updating security of OS is lacking but SHA2 migration on-time Understaffed(NGI, Kerševan, IdP, Terena certs …)

  5. Aged...

  6. SiGNET CA stats Statistics: ~300 active local users 7 (8) + 3 sites Andrej Filipčič phenomenon(peaked in 2013) ARC inclined, server-client certs

  7. SLING PartnerCentres Arctur Arnes atos CIPKeBiP IJS SiGNET UNG krn • 8 centres • > 16.000 cores • > 8 PB disk • > 8 M jobs • ~ HPC, GPGPU, VM

  8. SiGNET CA recently Re-staffedJanez Srakar Scripts RA's:Arnes (NREN), Nova Gorica, Maribor, Novo mesto)

  9. SiGNET CA this month New hardware New facilities for Institute clusters Generally positive climate Translates to: Funding HSMdeployment

  10. Plans1: redeploy New backend installation New front-end(old + new CA + Terena certificates) Mojolicoius-based small frontend: Signed form based request JS based request Direct x509 (existing scripts) Connect to OpenCA + others OCSP responder, OCSP stapling support

  11. Plans2: MICS & TCS Member Integrated Credential Serviceswith HSM – a bit late: Tested with small solutionsGemalto USB device vs. Luna PCI-E Considering a network attached HSM(also deploying signed e-mail and DNS)→ suggestions welcome Faculties started working with certsand NGI → TCS e-Science personal certs

  12. Plans for locals Public servers moved to TCS SC (NREN) National grid users: usability More AAI integration,considered TCS e-Science (NREN) Provisionings at JSI (50% user-base), IdP, log-in boxes (VM farm) National VO's (CVMFS-based?)for RTE hosting, integrated VOMS Infrastructure: ELIXIR, CLARIN

  13. CA Nagios Current instance obsolete A new deployment required Requirements for new instance: Autoupdate Pre-release support Configurable e-mail notification Full access to own hosts and services OCSP support

  14. SiGNET CA & EU GRID PMA In 2015: Update CP & CPS CP & CPS for MICS profile Start of 2016: self-audit Hosting anothermeeting in Ljubljana(last: 24th in 2012)

  15. Questions? • http://signet-ca.ijs.si/ • info@sling.sihttp://www.sling.si/

More Related