Difference between revisions of "PROC16 Decommissioning of unsupported software"
(→TODO) |
(→TODO) |
||
Line 60: | Line 60: | ||
# In case of no reply from site administrators, the NGI operations management (NGI manager or deputy, security officer) will be requested to put the affected service end-point in downtime, DEADLINE MON 19/11 | # In case of no reply from site administrators, the NGI operations management (NGI manager or deputy, security officer) will be requested to put the affected service end-point in downtime, DEADLINE MON 19/11 | ||
# In case of no action by NGI, EGI CSIRT will suspend the site (after MON 19/11) | # In case of no action by NGI, EGI CSIRT will suspend the site (after MON 19/11) | ||
I would suggest the following procedure for EGI-CSIRT Security Officer on Duty | |||
(SOOD), handling sites that qualified for suspension: | |||
# Open ticket in RT ask COO to suspend site X (CCing Site/NGI-Manager, | |||
Site/NGI-Security-Contact) | |||
# Site/NGI can give a comment here, if we see suddenly some activity from the | |||
site we can offer that the site goes immediately in Downtime. | |||
# within 24 hours COO gives the green/red light for Suspension in the ticket | |||
# After having received an OK from COO, SOOD changes the sites "certification | |||
status" to "Suspended" | |||
This is in EGI-CSIRT Critical Vulnerability Operational Procedure: | |||
https://documents.egi.eu/secure/RetrieveFile?docid=283&version=9&filename=EGI- | |||
CSIRT-Procedure-CriticalSecurity-V8.pdf | |||
Skipping the extensive communication part which has for these sites already | |||
proven to not work, thus we might want to jump directly to | |||
== | |||
4.5 Carry out Site suspension | |||
Site suspension WILL be carried out by the EGI CSIRT co-ordinator or deputy. | |||
Site suspension is carried out by changing the status of the site in the GOCDB | |||
to ‘suspended’. | |||
== | |||
= Revision history = | = Revision history = |
Revision as of 15:45, 6 November 2012
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Title | Service type decommission procedure |
Document link | https://wiki.egi.eu/wiki/PROC16 |
Last modified | 1.0 |
Policy Group Acronym | OMB |
Policy Group Name | Operations Management Board |
Contact Group | operational-documentation@mailman.egi.eu |
Document Status | Draft |
Approved Date | |
Procedure Statement | A procedure for removal of service type from production infrastructure. |
Owner | Owner of procedure |
Overview
The Service type decommission procedure was created to define steps which have to be taken to remove service type from prodcution infrastructure.
Terminology
Support deadline
- from this day service type is unsupported
- sites should not register retired services in production infrastructure
- NGIs and sites should start action to move their services to supported versions
Decommission deadline
- from this day no services for the retired service type can be present in production infrastructure
- in case of violation security team can remove the site from production infrastructure
- service type is removed from operations tools
Steps
Following steps are taken since support deadline is known for COO
- COO on OMB announce decommission deadline for service migration
- The broadcast is send to NGi managers and Site administrators
- NGI managers announce the information to the sites
- Documentation about service X should re-classified as obsoleted (I would not remove it from our wiki, but I would just reclassify it)
- Security probe is developed for the security nagios that extracts hostnames from GOCDB and BDII associated to type X and raises critical alarm in the security dashboard
- ROD teams followup the service migration till the decommission deadline - site admins should provide migration or decommission plan
After Decommision deadline
- Probes for the service are removed from profiles:
- ROC
- ROC_OPERATORS
- ROC_CRITICAL
- the SAM probes at the earliest convenience are removed from the SAM release
- CSIRT team followup the migration and if needed suspend sites which didn't migrate
- If a service specific SU in GGUS exists, the SU should be removed from GGUS
- The service type should be disabled in GOCDB (i.e. service entries can no more declared to be of service type X), but existing instances associated to type X continue to exist
- Security probe can be removed (should we do that?)
TODO
- involve quattor WG
unresponsive sites handling process
- NGI will be requested by EGI.eu operations to contact site administrators to provide upgrade plans in the site ticket, DEADLINE MON 12/11
- EGI.eu operations will send a VO broadcast warning VO managers about sites risking suspension
- In case of no reply from site administrators, the NGI operations management (NGI manager or deputy, security officer) will be requested to put the affected service end-point in downtime, DEADLINE MON 19/11
- In case of no action by NGI, EGI CSIRT will suspend the site (after MON 19/11)
I would suggest the following procedure for EGI-CSIRT Security Officer on Duty (SOOD), handling sites that qualified for suspension:
- Open ticket in RT ask COO to suspend site X (CCing Site/NGI-Manager,
Site/NGI-Security-Contact)
- Site/NGI can give a comment here, if we see suddenly some activity from the
site we can offer that the site goes immediately in Downtime.
- within 24 hours COO gives the green/red light for Suspension in the ticket
- After having received an OK from COO, SOOD changes the sites "certification
status" to "Suspended"
This is in EGI-CSIRT Critical Vulnerability Operational Procedure: https://documents.egi.eu/secure/RetrieveFile?docid=283&version=9&filename=EGI- CSIRT-Procedure-CriticalSecurity-V8.pdf Skipping the extensive communication part which has for these sites already proven to not work, thus we might want to jump directly to == 4.5 Carry out Site suspension
Site suspension WILL be carried out by the EGI CSIRT co-ordinator or deputy. Site suspension is carried out by changing the status of the site in the GOCDB to ‘suspended’. ==
Revision history
Version | Authors | Date | Comments |
---|---|---|---|