The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "Virtual Machine Image Endorsement"
Jump to navigation
Jump to search
Activity
Images to support as EGI.eu
Communication/documentation:
| Line 1: | Line 1: | ||
= Goal = | = Goal = | ||
Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is ''well-configured, secure and up-to-date''. | Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is ''well-configured, secure and up-to-date''. | ||
= Image types = | = Image types = | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |||
! Type | ! Type | ||
! Description | ! Description | ||
| Line 16: | Line 17: | ||
| VO-specific | | VO-specific | ||
| VO specific images, available to a specific VO and customized for specific purposes | | VO specific images, available to a specific VO and customized for specific purposes | ||
| VO-expert | | VO-expert | ||
|} | |} | ||
= Activities = | |||
= Documents = | |||
Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents | Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents | ||
It is particularly relevant the [https://documents.egi.eu/document/771 Security Policy for the Endorsement and Operation of Virtual Machine Images] and a [https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy draft of a Virtualisation Policy]. | It is particularly relevant the [https://documents.egi.eu/document/771 Security Policy for the Endorsement and Operation of Virtual Machine Images] and a [https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy draft of a Virtualisation Policy]. | ||
[https://wiki.egi.eu/wiki/SPG:Drafts SPG Drafts under development] | |||
= = | |||
= Communication and contacts = | |||
= Procedures = | |||
EGI core VM endorsement | |||
Here the endorsement of the "core" EGI VM images is shown in detail. <br> | Here the endorsement of the "core" EGI VM images is shown in detail. <br> | ||
== Activity <br> == | == Activity <br> == | ||
<div>Enol Fernandéz will set up the workflow and establish the procedure; Vincenzo will take care of the endorsement and give feedback to the procedure.<br></div><div>A security expert is needed to suggest technical checks to be done on the VMs; they can be automated or not; they assure compliance of a given VM to EGI recommendations. Start here: https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy</div> | <div>Enol Fernandéz will set up the workflow and establish the procedure; Vincenzo will take care of the endorsement and give feedback to the procedure.<br></div><div>A security expert is needed to suggest technical checks to be done on the VMs; they can be automated or not; they assure compliance of a given VM to EGI recommendations. Start here: https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy</div> | ||
== Images to support as EGI.eu<br> == | == Images to support as EGI.eu<br> == | ||
<div>Ubuntu LTS, CentOS6, CentOS7. Update frequency at the moment is "monthly or triggered by security issues"</div> | <div>Ubuntu LTS, CentOS6, CentOS7. Update frequency at the moment is "monthly or triggered by security issues"</div> | ||
== Communication/documentation: <br> == | == Communication/documentation: <br> == | ||
<div>SSO group available: vm-image-endorsement. Also GDoc available with the "big discussion" (as Vincenzo).<br><br></div> | <div>SSO group available: vm-image-endorsement. Also GDoc available with the "big discussion" (as Vincenzo).<br><br></div> | ||
= VO VM endorsement (and pilot) = | |||
= VO VM endorsement (and pilot) = | |||
EGI will involve the VOs, inviting them to insert/update their images, following the new guidelines and accepting the relevant policies. EGI can give support especially in the first round of creation of the VO images. | EGI will involve the VOs, inviting them to insert/update their images, following the new guidelines and accepting the relevant policies. EGI can give support especially in the first round of creation of the VO images. | ||
Educating VM/VA preparators on how to prepare secure images. Documentation from the first step (preparation of the VM) is needed, and security advisories/recommendations/procedures. | Educating VM/VA preparators on how to prepare secure images. Documentation from the first step (preparation of the VM) is needed, and security advisories/recommendations/procedures. | ||
Revision as of 13:13, 9 June 2015
Goal
Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is well-configured, secure and up-to-date.
Image types
| Type | Description | Managed by |
|---|---|---|
| EGI | General purpose images. Based on largely used Oses | EGI |
| VO-specific | VO specific images, available to a specific VO and customized for specific purposes | VO-expert |
Activities
Documents
Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents
It is particularly relevant the Security Policy for the Endorsement and Operation of Virtual Machine Images and a draft of a Virtualisation Policy.
Communication and contacts
Procedures
EGI core VM endorsement
Here the endorsement of the "core" EGI VM images is shown in detail.
Activity
Enol Fernandéz will set up the workflow and establish the procedure; Vincenzo will take care of the endorsement and give feedback to the procedure.
A security expert is needed to suggest technical checks to be done on the VMs; they can be automated or not; they assure compliance of a given VM to EGI recommendations. Start here: https://wiki.egi.eu/wiki/SPG:Drafts:Virtualisation_Policy
Images to support as EGI.eu
Ubuntu LTS, CentOS6, CentOS7. Update frequency at the moment is "monthly or triggered by security issues"
Communication/documentation:
SSO group available: vm-image-endorsement. Also GDoc available with the "big discussion" (as Vincenzo).
VO VM endorsement (and pilot)
EGI will involve the VOs, inviting them to insert/update their images, following the new guidelines and accepting the relevant policies. EGI can give support especially in the first round of creation of the VO images.
Educating VM/VA preparators on how to prepare secure images. Documentation from the first step (preparation of the VM) is needed, and security advisories/recommendations/procedures.