Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Federated Cloud siteconf"

From EGIWiki
Jump to navigation Jump to search
Line 168: Line 168:
== IN2P3-IRES ==
== IN2P3-IRES ==
* '''default network name''':  
* '''default network name''':  
* '''default network type''':  
* '''default network type''': private
* '''public network name''':  
* '''public network name''':  
* '''port default firewall policy''':  
* '''port default firewall policy''': all closed
* '''ports firewall configuration''':  
* '''ports firewall configuration''': 22/80/443/8080 open
* '''ports default CMF policy''':  
* '''ports default CMF policy''':  
* '''ports policy on CMF''':  
* '''ports policy on CMF''': security groups level: 22 open by default
* '''mandatory closed ports''':  
* '''mandatory closed ports''': 25
* '''port configuration requests method''':  
* '''port configuration requests method''': OpenStack for 80/443/8080, GGUS otherwise
* '''users requests''':  
* '''users requests''':  
* '''comments''':  
* '''comments''': user should not be able to create / modify / delete security groups (in particular in a catch-all VO). Therefore, we should have two procedures in the survey, one for the ports at the firewall level, the other one for security groups.
 
== INFN-CATANIA-STACK ==
== INFN-CATANIA-STACK ==
* '''default network name''':  
* '''default network name''':  

Revision as of 18:53, 18 July 2017

Overview For users For resource providers Infrastructure status Site-specific configuration Architecture




The main purpose of this page is to collect site-specific configuration parameters of the Federated Cloud sites, allowing comparison among them, identify differences, get parameters for a specific site.

If you have any comments on the content of this page, please contact operations @ egi.eu.

Site-specific configuration

Parameters provided by each site are:

  • default network name, as the name of the network assigned by default when firing up a VM to the site; at the moment, it might be that the network is private, public or not assigned at all; example: /network/PRIVATE
  • default network type, can be public, private, or N/A (not available)
  • public network name: name of the public network to be used; usually this is different from the default network, which is private in most of the cases; example: /network/PUBLIC
  • port default firewall policy: default policy available at infrastructure level (firewall); usually it's either "all open" or "all closed"
  • ports firewall configuration: port configuration on top of the default firewall policy; so you can specify i.e. which ports are open on the firewall if the default configuration is "all closed"; example: 22, ICMP open
  • ports default CMF policy: on OpenStack, it is possible to open/close ports using the OpenStack user interface; these "security groups" feature is an additional firewall feature, independent from the infrastructure (low level) firewall, and can be configured by the user (using the Horizon interface) or by API, or asking for support through the EGI Helpdesk. Example: "all open" or "all closed".
  • ports policy on CMF: if ports default CMF policy is "all closed", you may want to specify here if there are exceptions. Example: ssh.
  • mandatory closed ports: if there are ports that cannot be opened due to local rules or national regulations or infrastructure constraints. Example: 25 is usually not available for security reasons (used 587 instead).
  • port configuration requests method: how the site allows to fulfill port reconfiguration requests. Examples: GGUS, Horizon, other ways.
  • users requests: please mention here any special requests come from users in the past and that you have worked in order to make a specific use case run on your site.
  • comments: if you have any comments to report here that could help us in improving this page.

100IT

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

BEgrid-BELNET

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

BIFI

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

CESGA

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

CESNET-MetaCloud

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy: all open
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF: all open
  • mandatory closed ports:
  • port configuration requests method: GGUS
  • users requests: One request to provide a private network.
  • comments: As soon as security groups are implemented in OCCI, we will switch to a more restrictive mode where only TCP 22 is open by default. Users will have a self-service control over this via OCCI.

CLOUDIFIN

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

CYFRONET-CLOUD

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

FZJ

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

GoeGrid

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

HG-09-Okeanos-Cloud

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

IFCA-LCG2

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

IISAS-FedCloud

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy: all closed
  • ports firewall configuration: 22,ICMP open
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method: Openstack Horizon portal
  • users requests: port 8899 by enmr.eu
  • comments: network connections should be monitored, unusual activities (e.g. very high volumes/frequency connections) should raise alarms

IN2P3-IRES

  • default network name:
  • default network type: private
  • public network name:
  • port default firewall policy: all closed
  • ports firewall configuration: 22/80/443/8080 open
  • ports default CMF policy:
  • ports policy on CMF: security groups level: 22 open by default
  • mandatory closed ports: 25
  • port configuration requests method: OpenStack for 80/443/8080, GGUS otherwise
  • users requests:
  • comments: user should not be able to create / modify / delete security groups (in particular in a catch-all VO). Therefore, we should have two procedures in the survey, one for the ports at the firewall level, the other one for security groups.

INFN-CATANIA-STACK

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

INFN-PADOVA-STACK

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

RECAS-BARI

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

SCAI

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

TR-FC1-ULAKBIM

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:

UPV-GRyCAP

  • default network name:
  • default network type:
  • public network name:
  • port default firewall policy:
  • ports firewall configuration:
  • ports default CMF policy:
  • ports policy on CMF:
  • mandatory closed ports:
  • port configuration requests method:
  • users requests:
  • comments:
Retrieved from "https://wiki.egi.eu/w/index.php?title=Federated_Cloud_siteconf&oldid=96135"