PROC09 Resource Centre Registration and Certification
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Title | Resource Centre Registration and Certification |
Document link | https://wiki.egi.eu/wiki/PROC09 |
Last modified | 2.0 - 15 October 2012 |
Policy Group Acronym | OMB |
Policy Group Name | Operations Management Board |
Contact Group | operations at mailman.egi.eu |
Document Status | Approved |
Approved Date | 30.10.2012 |
Procedure Statement | A procedure for the steps involved to both register and certify new Resource Centres (sites) in the EGI infrastructure. The certification step can also be used to re-certify suspended Resource Centres (sites). |
Owner | Owner of procedure |
Overview
Certification is a verification process for a Resource Centre (aka site) to become part of a Resource Infrastructure such as a National Grid Initiative (NGI), an EIRO, or a multi-country Resource Infrastructure.
This document describes the steps required to
- register and certify a new Resource Centre,
- re-certify a Resource Centre which has been suspended.
A separate document provides the process for decommissioning a Resource Centre.
Through its parent Resource Infrastructure, a certified Resource Centre becomes a member of the EGI Resource Infrastructure to make resources available to international user communities.
The main difference between a certified Resource Centre and an uncertified or test Resource Centre is that a certified Resource Centre provides and guarantees a minimum quality of service of the resources (currently expressed in terms of monthly availability and reliability). All the requirements can be found in the Resource Centre OLA.
Definitions
- Resource Centre refers to the definition in the "Resource Centre OLA".
- In this document, the term "site" is deprecated, and Resource Centre has been used in its place.
Please refer to the EGI Glossary for the definitions of the terms used in this procedure.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
Entities involved in the procedure
Following entities are involved in the process described in the procedure:
- Resource Centre Operations Manager
- A person who is responsible for initiating the certification process by applying for membership to a Resource Infrastructure. e.g site administrator
- Resource Infrastructure Operations Manager
- A person who is responsible for approving the integration of a new Resource Centre into the respective Infrastructure. e.g. NGI manager.
- EGI Resource infrastructure Providers are listed on the EGI web site
- Operations Centre (Resource Infrastructure)
- An entity which is technically responsible for carrying out the Resource Centre certification part of the procedure, once the membership is approved.
- A list of EGI Operations Centres with their respective contact information is available from the GOCDB (access restricted - grid certificate needed)
- Response Team
- EGI entity which is technically responsible for carrying out the security certification.
- contact: egi-csirt-team (at) mailman.egi.eu
The Resource Infrastructure Operations Manager can determine with the Resource Centre Operations Manager the level of involvement of other actors.
Prerequisites and responsibilities
Resource Centre Operations Manager
Resource Center Operations Manager is:
- is responsible for all Resource Centres within its respective jurisdiction. For this reason, the Resource Centre Operations Manager is REQUIRED to
- contact the respective Operations Center if the Resource Centre is located in Europe,
- contact the respective Resource infrastructure Provider active in a relevant geographical area if the Resource Centre is outside Europe.
- If needed, EGI Operations can assist the Resource Centre Operations Manager to get in contact with the relevant partner.
- If needed, EGI Operations can assist the Resource Centre Operations Manager to get in contact with the relevant partner.
- REQUIRED to provide the necessary Resource Centre information needed to complete the registration process, and he/she is responsible for its accuracy and maintenance.
- responsible for reading, understanding and accepting o:
- the Resource Centre Operational Level Agreement (the obligations of a Resource Centre)
- the Grid Security Policy
- the Grid Resource Centre Operations Policy
- the Resource Centre Registration Security Policy
- all other policies for all EGI participants from the Security Policy Group
- the Resource Centre Operational Level Agreement (the obligations of a Resource Centre)
Resource Infrastructure Operations Manager
Resource Infrastructure Operations Manager:
- is REQUIRED to be responsible for all Resource Centres within its respective jurisdiction.
- MUST attend Resource Centre certification applications and MUST provide feedback to the requesting partners in a timely manner to accept or reject the requests received.
- is responsible for keeping records of the Resource Centre Operations Manager OLA agreement, as deemed suitable by the Resource infrastructure Provider
- for example, through a signed e-mail agreement, a collection of signatories on a paper copy of the OLA, or other means.
Operations Centre
The Operations Center:
- is responsible for registering (if applicable) and certifying the Resource Centre.
- (In the case of re-certification)MUST ensure that the issue that caused the suspension has been resolved
- (After suspension for security reason)MUST contact the EGI CSIRT to verify that all requested repair operations have been successfully applied to fix the issue.
Resource Center status Workflow
The general status flow that a Resource Centre is allowed to follow is illustrated by the following diagram.
Information on Resource Centre status and on how to manipulate it is available from GOCDB Documentation.
Timelines</u
A Resource Centre cannot be in
- Candidate state for more than two months
- Suspended state for more than four months
After this period the Resource Centre SHOULD be closed.
Resource Centre registration
Requirements
- A Resource Centre MUST be part of a Resource Infrastructure and gets operational services offered by a Operations Centre. If a provider is not yet available for your country, then an alternative existing Operations Centre can be contacted. A procedure exists for this, and it is documented in the Operations Centre creation procedure.
- To satisfy Grid security requirements during the registration procedure the following information must be collected. The comprehensive list of required information is available (here).
- The full name of the Resource Centre.
- An abbreviated name for the Resource Centre, which must be unique within the Grid, and preferably globally unique.
- The name, email address and telephone number of the Resource Centre Operations Manager and Resource Centre Security Contact in accordance with the requirements of the Resource Centre Operations Policy.
- The email address of a managed list for contact with Resource Centre Administrators at the Resource Centre.
- The email address of a managed list for contact with the Resource Centre security incident response team.
Notes:
- If a Resource Centre wishes to leave the Grid or the Grid decides to remove the Resource Centre, the registration information MUST be kept by GOCDB for at least the same period defined for logging in the Traceability and Logging Policy. Personal registration information of the Resource Centre Operations Manager and Security Contact of the Resource Centre leaving the Grid MUST NOT be retained for longer than one year.
- It is RECOMMENDED that email contacts for the Resource Centre Administrators and Security Officer(s) are mailing lists, and not individuals.The contacts information SHOULD be available at the moment of the Resource Centre registration in GOCDB.
Steps
The following steps are only applicable if the Resource Centre is not already registered in GOCDB. They describe the steps for a Resource Centre Operations Manager that is requesting the respective Resource Centre to join the EGI infrastructure.
- Actions tagged RC are the responsibility of the Resource Centre Operations Manager.
- Actions tagged RP are the responsibility of the Resource Infrastructure Operations Manager.
- Actions tagged OC are the responsibility of the Operations Centre
# | Responsible | Action |
---|---|---|
0 | RC |
|
1 | RP |
|
2 | OC |
|
3 | OC |
'Resource Centre Operations Manager' role. Approve it when done.
'Resource Centre Security Officer' role. Approve it when done. |
4 | RC |
|
5 | RC or OC |
|
6 | OC |
|
7 | OC |
|
8 | OC |
|
After the successful completion of all these steps, the registration phase is completed and the Resource Centre is ready for the start of the certification phase.
Resource Centre certification
Requirements
- The Resource Centre Certification procedure is only applicable for both Resource Centres in "Candidate" or "Suspended" status state.
- The following procedure is only applicable if the Resource Centre is already registered in GOCDB.
- In order to enter certification the Resource Centre Operations Managers SHALL accept the Resource Centre OLA.
- A Resource Centre can successfully pass certification only if the conditions required by the Resource Centre OLA are met.
Steps
The following is a detailed description of the steps required for the transition from the "Uncertified" to the "Certified" state of the Resource Centre.
- Actions tagged RC are the responsibility of the Resource Centre Operations Manager.
- Actions tagged RP are the responsibility of the Resource Infrastructure Operations Manager.
- Actions tagged OC are the responsibility of the Operations Centre
- Actions tagged CSIRT are the responsibility of the Computer Security
Incident Response Team
# | Responsible | Action |
---|---|---|
0 | RP |
|
1 | RC |
|
2 | RP |
|
3 | OC |
|
4 | OC |
|
5 | OC |
|
6 | OC |
Details for submitting manual tests can be found at Grid manual tests. |
7 | CSIRT |
The security assessment is performed by the NGI security officers using the tools provided by, and with assistance of the EGI CSIRT. NGI security officer should contact CSIRT via abuse@egi.eu |
8 | OC |
|
9 | OC |
|
10 | OC |
|
11 | OC |
|
After the successful completion of these steps, the Resource Centre is considered as "Certified".
Revision History
Version | Authors | Date | Comments |
---|---|---|---|
Malgorzata | 18.03 | RC Certification steps: Step 5 added part concerning QCG |