Difference between revisions of "How To Join As A Resource Provider"

From EGIWiki
Jump to: navigation, search
(Overview)
(General requirements)
Line 17: Line 17:
 
* agreements and policies
 
* agreements and policies
 
For being part of the EGI infrastructure, a resource centre will have to comply with a series of operational and security requirements by signing an [https://documents.egi.eu/public/ShowDocument?docid=31 Operational Level Agreement] (OLA), a document that defines the minimum set of operational services and the respective quality parameters that a Resource Centre is required to provide in EGI, and accepting the [https://documents.egi.eu/document/86 Grid Security Policy], the [https://documents.egi.eu/document/75 Grid Resource Centre Operations Policy], the [https://documents.egi.eu/document/76 Resource Centre Registration Security Policy] and in general all the [https://wiki.egi.eu/wiki/SPG:Documents EGI security policies].
 
For being part of the EGI infrastructure, a resource centre will have to comply with a series of operational and security requirements by signing an [https://documents.egi.eu/public/ShowDocument?docid=31 Operational Level Agreement] (OLA), a document that defines the minimum set of operational services and the respective quality parameters that a Resource Centre is required to provide in EGI, and accepting the [https://documents.egi.eu/document/86 Grid Security Policy], the [https://documents.egi.eu/document/75 Grid Resource Centre Operations Policy], the [https://documents.egi.eu/document/76 Resource Centre Registration Security Policy] and in general all the [https://wiki.egi.eu/wiki/SPG:Documents EGI security policies].
* support the X509 certificates
+
* support the X509 certificates and/or federated AAI
 
The resource centres belonging to the EGI infrastructure have to properly configure the provided services with the EGI AAI: this means that the IGTF trust anchors CAs distribution to enable the X509 authentication have to be updated in a timely manner. Usually a new CAs release is available every month.
 
The resource centres belonging to the EGI infrastructure have to properly configure the provided services with the EGI AAI: this means that the IGTF trust anchors CAs distribution to enable the X509 authentication have to be updated in a timely manner. Usually a new CAs release is available every month.
 +
EGI is also implementing user authentication through the CheckIn AAI platform. CheckIn is able to provide authentication information in SAML and OIDC, as an alternative to X.509.
 
* monitoring and accounting
 
* monitoring and accounting
 
The services provided by a resource centre have to run interfaces that allow their monitoring, in order to constantly check their functioning and periodically produce reports on the quality of service offered; at the same time the measurement of resources usage have to be allowed, through the properly tools provided by EGI.
 
The services provided by a resource centre have to run interfaces that allow their monitoring, in order to constantly check their functioning and periodically produce reports on the quality of service offered; at the same time the measurement of resources usage have to be allowed, through the properly tools provided by EGI.

Revision as of 12:23, 18 July 2017

Overview

As of June 2017, the European Grid Infrastructure (EGI) connects more than X resource centres to X users across Europe and beyond. EGI is always looking to expand the number of providers and invites unaffiliated resource centres to join in. If you are the representative of a resource centre or a cluster interested in joining the infrastructure, we invite you to go through the following steps:

  • CASE 1: your country is already part of EGI
    • Please contact the resource provider in your country and they will assist you in the process (see the general requirements at the bottom of the page).
  • CASE 2: your country is not on the list of EGI resource providers https://www.egi.eu/federation/data-centres/
    • If you are a representative from a resource centre / site / cluster, being part of EGI is still possible. Please send an e-mail to the EGI.eu Operations team (operations AT egi.eu) which can help you to become part of the infrastructure, and will assist you through the different steps, from resource centre registration to certification (see the requirements at the bottom of the page)
    • If you are a representative from a National Grid Initiative or other Resource Infrastructure Provider, please send an e-mail to the EGI.eu Operations team (operations AT egi.eu) which will assist you during the integration process. Please note that new resource infrastructure providers must first be accredited by the EGI Council. To do so non-European resource infrastructure providers can start a formal collaboration with EGI.eu through a Memorandum of Understanding.

Either your country is already part of EGI or not, the integration process is described step by step in the Resource Centre Registration and Certification procedure: the registration makes the EGI infrastructure aware of the new resources you offer, while the certification takes care of validating the registration itself and testing the services work correctly. In the context of the registration, you will become part of a Resource Infrastructure such as a National Grid Initiative (NGI), an EIRO, or a multi-country Resource Infrastructure.

General requirements

  • agreements and policies

For being part of the EGI infrastructure, a resource centre will have to comply with a series of operational and security requirements by signing an Operational Level Agreement (OLA), a document that defines the minimum set of operational services and the respective quality parameters that a Resource Centre is required to provide in EGI, and accepting the Grid Security Policy, the Grid Resource Centre Operations Policy, the Resource Centre Registration Security Policy and in general all the EGI security policies.

  • support the X509 certificates and/or federated AAI

The resource centres belonging to the EGI infrastructure have to properly configure the provided services with the EGI AAI: this means that the IGTF trust anchors CAs distribution to enable the X509 authentication have to be updated in a timely manner. Usually a new CAs release is available every month. EGI is also implementing user authentication through the CheckIn AAI platform. CheckIn is able to provide authentication information in SAML and OIDC, as an alternative to X.509.

  • monitoring and accounting

The services provided by a resource centre have to run interfaces that allow their monitoring, in order to constantly check their functioning and periodically produce reports on the quality of service offered; at the same time the measurement of resources usage have to be allowed, through the properly tools provided by EGI.

  • daily operations

All the EGI middleware campaigns aim at implementing service provisioning best practices and common requirments. Mitigate security vulnerabilities and update unsupported operating systems and softwares are part of the activities of a resource centre: EGI and the Operations Centres coordinate these activities in order to have them implemented in a timely manner.

Questions and answers

Do I lose control on who can access my resources if I join the EGI infrastructure?

No

EGI uses the concept of Virtual Organisation (VO) to group users. The resource provider has complete control on the VOs accessing to the resources and on the quotas or restrictions to assign to each VO. Although not recommended, you can even restrict the automatic access of users within a VO and manually enable individual members.

How many components do I have to install?

The minimum required set of functional capabilities to provide is described in the RC OLA.

In general, there are components for:

  • Cloud Computing
  • File Transfer
  • Storage Management
  • Data Access
  • Metadata Catalogue
  • HTC Compute
  • additional Information Discovery capability

A typical resource centre comprises components for HTC Compute, Storage Management, and Information discovery capabilities; but depending on the needs of the user communities that are mainly using your resources, the type of services exposed may vary.

How my daily operational activities will change?

For the most part daily operations will not change.

An administrator of a resource centre part of the EGI infrastructure, hence supporting international communities, has to act proactively for maintaining its services working and up-to-dated, and for providing support through the EGI official channels. This means following up GGUS tickets submitted through helpdesk.egi.eu, including either requests from user communities or tickets triggered by failures detected by the monitoring infrastructure: a team of operators checks daily the monitoring system, promptly notifying the resource centres about the occurrence of failures and providing at the same time help for solving the problems. As previously written, other requests can regard the upgrade or decommission of unsupported software, and the fixing of security vulnerabilities when discovered.

In conclusion, most of the site activities that are coordinated by EGI and the NGIs are already part of the work plan of a well-maintained resource centre: the additional task for a site manager is to acknowledge to EGI that the requested action has been performed.