Difference between revisions of "Virtual Machine Image Endorsement"
Line 1: | Line 1: | ||
= Goal = | = Goal = | ||
Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is ''well-configured, secure and up-to-date''. | Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is ''well-configured, secure and up-to-date''. | ||
= Image types = | = Image types = | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |||
! Type | ! Type | ||
! Description | ! Description | ||
Line 16: | Line 17: | ||
| VO-specific | | VO-specific | ||
| VO specific images, available to a specific VO and customized for specific purposes | | VO specific images, available to a specific VO and customized for specific purposes | ||
| VO-expert | | VO-expert | ||
|} | |} | ||
= Activities = | |||
= Documents = | |||
Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents | Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents | ||
It is particularly relevant the [https://documents.egi.eu/document/771 Security Policy for the Endorsement and Operation of Virtual Machine Images] and a [https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy draft of a Virtualisation Policy]. | It is particularly relevant the [https://documents.egi.eu/document/771 Security Policy for the Endorsement and Operation of Virtual Machine Images] and a [https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy draft of a Virtualisation Policy]. | ||
[https://wiki.egi.eu/wiki/SPG:Drafts SPG Drafts under development] | |||
= = | |||
= Communication and contacts = | |||
= Procedures = | |||
EGI core VM endorsement | |||
Here the endorsement of the "core" EGI VM images is shown in detail. <br> | Here the endorsement of the "core" EGI VM images is shown in detail. <br> | ||
== Activity <br> == | == Activity <br> == | ||
<div>Enol Fernandéz will set up the workflow and establish the procedure; Vincenzo will take care of the endorsement and give feedback to the procedure.<br></div><div>A security expert is needed to suggest technical checks to be done on the VMs; they can be automated or not; they assure compliance of a given VM to EGI recommendations. Start here: https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy</div> | <div>Enol Fernandéz will set up the workflow and establish the procedure; Vincenzo will take care of the endorsement and give feedback to the procedure.<br></div><div>A security expert is needed to suggest technical checks to be done on the VMs; they can be automated or not; they assure compliance of a given VM to EGI recommendations. Start here: https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy</div> | ||
== Images to support as EGI.eu<br> == | == Images to support as EGI.eu<br> == | ||
<div>Ubuntu LTS, CentOS6, CentOS7. Update frequency at the moment is "monthly or triggered by security issues"</div> | <div>Ubuntu LTS, CentOS6, CentOS7. Update frequency at the moment is "monthly or triggered by security issues"</div> | ||
== Communication/documentation: <br> == | == Communication/documentation: <br> == | ||
<div>SSO group available: vm-image-endorsement. Also GDoc available with the "big discussion" (as Vincenzo).<br><br></div> | <div>SSO group available: vm-image-endorsement. Also GDoc available with the "big discussion" (as Vincenzo).<br><br></div> | ||
= VO VM endorsement (and pilot) = | |||
= VO VM endorsement (and pilot) = | |||
EGI will involve the VOs, inviting them to insert/update their images, following the new guidelines and accepting the relevant policies. EGI can give support especially in the first round of creation of the VO images. | EGI will involve the VOs, inviting them to insert/update their images, following the new guidelines and accepting the relevant policies. EGI can give support especially in the first round of creation of the VO images. | ||
Educating VM/VA preparators on how to prepare secure images. Documentation from the first step (preparation of the VM) is needed, and security advisories/recommendations/procedures. | Educating VM/VA preparators on how to prepare secure images. Documentation from the first step (preparation of the VM) is needed, and security advisories/recommendations/procedures. |
Revision as of 13:13, 9 June 2015
Goal
Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is well-configured, secure and up-to-date.
Image types
Type | Description | Managed by |
---|---|---|
EGI | General purpose images. Based on largely used Oses | EGI |
VO-specific | VO specific images, available to a specific VO and customized for specific purposes | VO-expert |
Activities
Documents
Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents
It is particularly relevant the Security Policy for the Endorsement and Operation of Virtual Machine Images and a draft of a Virtualisation Policy.
Communication and contacts
Procedures
EGI core VM endorsement
Here the endorsement of the "core" EGI VM images is shown in detail.
Activity
Images to support as EGI.eu
Communication/documentation:
VO VM endorsement (and pilot)
EGI will involve the VOs, inviting them to insert/update their images, following the new guidelines and accepting the relevant policies. EGI can give support especially in the first round of creation of the VO images.
Educating VM/VA preparators on how to prepare secure images. Documentation from the first step (preparation of the VM) is needed, and security advisories/recommendations/procedures.