Difference between revisions of "Federated Cloud siteconf"
Jump to navigation
Jump to search
Line 3: | Line 3: | ||
The main purpose of this page is to collect site-specific configuration parameters of the Federated Cloud sites, allowing comparison among them, identify differences, get parameters for a specific site. | The main purpose of this page is to collect site-specific configuration parameters of the Federated Cloud sites, allowing comparison among them, identify differences, get parameters for a specific site. | ||
If you have any comments on the content of this page, please contact '''operations @ egi.eu'''. | If you have any comments on the content of this page, please contact '''operations @ egi.eu'''. | ||
Parameters provided by each site are: | Parameters provided by each site are: | ||
* '''default network name''', as the name of the network assigned by default when firing up a VM to the site; at the moment, it might be that the network is private, public or not assigned at all; example: ''/network/PRIVATE'' | |||
* '''default network type''', can be ''public'', ''private'', or ''N/A'' (not available) | *'''default network name''', as the name of the network assigned by default when firing up a VM to the site; at the moment, it might be that the network is private, public or not assigned at all; example: ''/network/PRIVATE'' | ||
* '''public network name''': name of the public network to be used; usually this is different from the default network, which is private in most of the cases; example: ''/network/PUBLIC'' | *'''default network type''', can be ''public'', ''private'', or ''N/A'' (not available) | ||
* '''port default firewall policy''': default policy available at infrastructure level (firewall); usually it's either "all open" or "all closed" | *'''public network name''': name of the public network to be used; usually this is different from the default network, which is private in most of the cases; example: ''/network/PUBLIC'' | ||
* '''ports firewall configuration''': port configuration on top of the default firewall policy; so you can specify i.e. which ports are open on the firewall if the default configuration is "all closed"; example: ''22, ICMP open'' | *'''port default firewall policy''': default policy available at infrastructure level (firewall); usually it's either "all open" or "all closed" | ||
* '''ports default CMF policy''': on OpenStack, it is possible to open/close ports using the OpenStack user interface; these "security groups" feature is an additional firewall feature, independent from the infrastructure (low level) firewall, and can be configured by the user (using the Horizon interface) or by API, or asking for support through the EGI Helpdesk. Example: "all open" or "all closed". | *'''ports firewall configuration''': port configuration on top of the default firewall policy; so you can specify i.e. which ports are open on the firewall if the default configuration is "all closed"; example: ''22, ICMP open'' | ||
* '''ports policy on CMF''': if ports default CMF policy is "all closed", you may want to specify here if there are exceptions. Example: ssh. | *'''ports default CMF policy''': on OpenStack, it is possible to open/close ports using the OpenStack user interface; these "security groups" feature is an additional firewall feature, independent from the infrastructure (low level) firewall, and can be configured by the user (using the Horizon interface) or by API, or asking for support through the EGI Helpdesk. Example: "all open" or "all closed". | ||
* '''mandatory closed ports''': if there are ports that cannot be opened due to local rules or national regulations or infrastructure constraints. Example: 25 is usually not available for security reasons (used 587 instead). | *'''ports policy on CMF''': if ports default CMF policy is "all closed", you may want to specify here if there are exceptions. Example: ssh. | ||
* '''port configuration requests method''': how the site allows to fulfill port reconfiguration requests. Examples: GGUS, Horizon, other ways. | *'''mandatory closed ports''': if there are ports that cannot be opened due to local rules or national regulations or infrastructure constraints. Example: 25 is usually not available for security reasons (used 587 instead). | ||
* '''users requests''': please mention here any special requests come from users in the past and that you have worked in order to make a specific use case run on your site. | *'''port configuration requests method''': how the site allows to fulfill port reconfiguration requests. Examples: GGUS, Horizon, other ways. | ||
* '''comments''': if you have any comments to report here that could help us in improving this page. | *'''users requests''': please mention here any special requests come from users in the past and that you have worked in order to make a specific use case run on your site. | ||
*'''comments''': if you have any comments to report here that could help us in improving this page. | |||
= Site-specific configuration = | = Site-specific configuration = | ||
Line 36: | Line 37: | ||
|- | |- | ||
| style="border-bottom:1px dotted silver;" | 100IT | | style="border-bottom:1px dotted silver;" | 100IT | ||
| style="border-bottom:1px dotted silver;" | private | | style="border-bottom:1px dotted silver;" | private | ||
| style="border-bottom:1px dotted silver;" | private | | style="border-bottom:1px dotted silver;" | private | ||
| style="border-bottom:1px dotted silver;" | public | | style="border-bottom:1px dotted silver;" | public | ||
| style="border-bottom:1px dotted silver;" | all open | | style="border-bottom:1px dotted silver;" | all open | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | all closed | | style="border-bottom:1px dotted silver;" | all closed | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | none | | style="border-bottom:1px dotted silver;" | none | ||
| style="border-bottom:1px dotted silver;" | OpenStack Horizon, GGUS | | style="border-bottom:1px dotted silver;" | OpenStack Horizon, GGUS | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
|- | |- | ||
| style="border-bottom:1px dotted silver;" | BEgrid-BELNET | | style="border-bottom:1px dotted silver;" | BEgrid-BELNET | ||
| style="border-bottom:1px dotted silver;" | /network/1 | | style="border-bottom:1px dotted silver;" | /network/1 | ||
| style="border-bottom:1px dotted silver;" | public | | style="border-bottom:1px dotted silver;" | public | ||
| style="border-bottom:1px dotted silver;" | /network/1 | | style="border-bottom:1px dotted silver;" | /network/1 | ||
| style="border-bottom:1px dotted silver;" | all closed | | style="border-bottom:1px dotted silver;" | all closed | ||
| style="border-bottom:1px dotted silver;" | 22, ICMP | | style="border-bottom:1px dotted silver;" | 22, ICMP | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | GGUS ticket | | style="border-bottom:1px dotted silver;" | GGUS ticket | ||
| style="border-bottom:1px dotted silver;" | 80, 8080, 443 | | style="border-bottom:1px dotted silver;" | 80, 8080, 443 | ||
| style="border-bottom:1px dotted silver;" | some users have requested to limit access to their VMs to a given list of source IPs | | style="border-bottom:1px dotted silver;" | some users have requested to limit access to their VMs to a given list of source IPs | ||
|- | |- | ||
Line 65: | Line 66: | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | all closed | | style="border-bottom:1px dotted silver;" | all closed | ||
| style="border-bottom:1px dotted silver;" | 22,ICMP open | | style="border-bottom:1px dotted silver;" | 22,ICMP open | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
| style="border-bottom:1px dotted silver;" | GGUS,email | | style="border-bottom:1px dotted silver;" | GGUS,email | ||
| style="border-bottom:1px dotted silver;" | 8080, 8081 8888, 9443, 61616 (Training VO) to be opened | | style="border-bottom:1px dotted silver;" | 8080, 8081 8888, 9443, 61616 (Training VO) to be opened | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
|- | |- | ||
Line 321: | Line 322: | ||
| style="border-bottom:1px dotted silver;" | | | style="border-bottom:1px dotted silver;" | | ||
|} | |} | ||
Revision as of 16:06, 25 July 2017
Overview | For users | For resource providers | Infrastructure status | Site-specific configuration | Architecture |
The main purpose of this page is to collect site-specific configuration parameters of the Federated Cloud sites, allowing comparison among them, identify differences, get parameters for a specific site.
If you have any comments on the content of this page, please contact operations @ egi.eu.
Parameters provided by each site are:
- default network name, as the name of the network assigned by default when firing up a VM to the site; at the moment, it might be that the network is private, public or not assigned at all; example: /network/PRIVATE
- default network type, can be public, private, or N/A (not available)
- public network name: name of the public network to be used; usually this is different from the default network, which is private in most of the cases; example: /network/PUBLIC
- port default firewall policy: default policy available at infrastructure level (firewall); usually it's either "all open" or "all closed"
- ports firewall configuration: port configuration on top of the default firewall policy; so you can specify i.e. which ports are open on the firewall if the default configuration is "all closed"; example: 22, ICMP open
- ports default CMF policy: on OpenStack, it is possible to open/close ports using the OpenStack user interface; these "security groups" feature is an additional firewall feature, independent from the infrastructure (low level) firewall, and can be configured by the user (using the Horizon interface) or by API, or asking for support through the EGI Helpdesk. Example: "all open" or "all closed".
- ports policy on CMF: if ports default CMF policy is "all closed", you may want to specify here if there are exceptions. Example: ssh.
- mandatory closed ports: if there are ports that cannot be opened due to local rules or national regulations or infrastructure constraints. Example: 25 is usually not available for security reasons (used 587 instead).
- port configuration requests method: how the site allows to fulfill port reconfiguration requests. Examples: GGUS, Horizon, other ways.
- users requests: please mention here any special requests come from users in the past and that you have worked in order to make a specific use case run on your site.
- comments: if you have any comments to report here that could help us in improving this page.
Site-specific configuration
default network name | default network type | public network name | port default firewall policy | ports firewall configuration | ports default CMF policy | ports policy on CMF | mandatory closed ports | port configuration requests method | users requests | comments | |
---|---|---|---|---|---|---|---|---|---|---|---|
100IT | private | private | public | all open | all closed | none | OpenStack Horizon, GGUS | ||||
BEgrid-BELNET | /network/1 | public | /network/1 | all closed | 22, ICMP | GGUS ticket | 80, 8080, 443 | some users have requested to limit access to their VMs to a given list of source IPs | |||
BIFI | all closed | 22,ICMP open | GGUS,email | 8080, 8081 8888, 9443, 61616 (Training VO) to be opened | |||||||
CESGA | |||||||||||
CESNET-MetaCloud | |||||||||||
CLOUDIFIN | |||||||||||
CYFRONET-CLOUD | |||||||||||
FZJ | |||||||||||
GoeGrid | |||||||||||
HG-09-Okeanos-Cloud | |||||||||||
IFCA-LCG2 | |||||||||||
IISAS-FedCloud | |||||||||||
IISAS-Nebula | |||||||||||
IISAS-GPUCloud | |||||||||||
IN2P3-IRES | |||||||||||
INFN-CATANIA-STACK | |||||||||||
INFN-PADOVA-STACK | |||||||||||
RECAS-BARI | |||||||||||
SCAI | |||||||||||
TR-FC1-ULAKBIM | |||||||||||
UPV-GRyCAP | |||||||||||
NCG-INGRID-PT |