Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Operations Procedures"

From EGIWiki
Jump to navigation Jump to search
(22 intermediate revisions by 5 users not shown)
Line 57: Line 57:
|-
|-
| [[PROC07|PROC 07]] <!-- Procedure number -->  
| [[PROC07|PROC 07]] <!-- Procedure number -->  
| [[PROC07|Adding new probes to SAM]] <!-- Title -->  
| [[PROC07|Adding new probes to ARGO]] <!-- Title -->  
| Addition of new OPS Nagios probes to the SAM release. <!-- Comment -->  
| Addition of new OPS Nagios probes to ARGO. <!-- Comment -->  
| Availability and Monitoring <!-- Area -->  
| Availability and Monitoring <!-- Area -->  
| Resource Centre Administrators, Operations Centres, Operations <!-- Relevant to -->  
| Resource Centre Administrators, Operations Centres, Operations <!-- Relevant to -->  
Line 152: Line 152:
| Resource Centre Management  
| Resource Centre Management  
| Resource Centre Administrator, VO&nbsp;managers  
| Resource Centre Administrator, VO&nbsp;managers  
| Draft
| Approved
|-
| [[PROC21|PROC 21]]
| [[PROC21|Resource Centre suspension]]<br>
| The document describes the process of Resource Centre suspension in EGI infrastructure
| Resource Centre Management
| Resource Centre Administrator, VO&nbsp;managers
| Approved
|-
|-
| [[PROC21|PROC 21]]
| [[PROC22|PROC 22]]  
| Resource Centre suspension<br>
| [[PROC22|Support for CVMFS replication across the EGI Infrastructure]]<br>  
| The document describes the process of Resource Centre suspension in EGI infrastructure
| The procedure describes the process of creating a repository within the EGI CVMFS infrastructure for an EGI VO.
| Resource Centre Management  
| Resource Centre Management  
| Resource Centre Administrator, VO&nbsp;managers  
| Resource Centre Administrator, VO&nbsp;managers  
| Draft
| DRAFT
|-
| [[PROC23|PROC23]]
| Production tools release and deployment process
| The procedure describes the process of release and deployment in EGI&nbsp;production infrastructure for Production tools
| Production tools
|
| APPROVED
|-
| [[PROC24|PROC24]]
| Major incident handling
| The procedure describes the process of handling major incidents<br>
| Production tools
|
| DRAFT
|-
| [[PROC25|PROC25]]
| UMD and CMD software release procedure
| The procedure describes the process of adding a new produc release to the software provisioning process and releasing it in UMD/CMD. <br>
| Middleware software for HTC/Cloud deployed in multiple resource centres in EGI.
|
| DRAFT
|-
| [[PROC26|PROC26]]
| Verify helpdesk Support Units are working and perform a periodic review of them
| The document describes the process for verifying that the support teams are still able to follow-up the GGUS tickets assigned to their Support Unit. Moreover it is defined a criteria for decommissioning the SUs that don't work any more.
| Ticket Management
|
| Approved
|}
|}


Line 175: Line 210:
| '''Relevant to'''
| '''Relevant to'''
|-
|-
| SEC 01  
| [[SEC01|SEC 01]]
| [https://documents.egi.eu/document/710 EGI Security Incident Handling]  
| [[SEC01|EGI Security Incident Handling]]  
| The "Security Incident Handling Procedure" define site and incident coordinator responsibilities when handling Grid-related security incident. ALL EGI sites are required to follow this procedure to report and handle Grid-related security incident.  
| The "Security Incident Handling Procedure" define site and incident coordinator responsibilities when handling Grid-related security incident. ALL EGI sites are required to follow this procedure to report and handle Grid-related security incident.  
| ''approved'', July 2010 (MS405)
| Approved March 2016<br>
| Security  
| Security  
| Resource Centres, EGI CSIRT
| Resource Centres, EGI CSIRT
|-
|-
| SEC 02 <!-- number -->  
| [[SEC02|SEC 02]] <!-- number -->  
| [https://documents.egi.eu/document/717 EGI Vulnerability issue handling process] <!-- title and wiki link -->  
| [https://documents.egi.eu/secure/ShowDocument?docid=3145 EGI Vulnerability issue handling process] <!-- title and wiki link -->  
| The process used to report and resolve Grid Software vulnerabilities in the EGI Inspire project. <!-- comment-->  
| This procedure is used to handle vulnerabilities in Software relevant to the EGI infrastructure. <!-- comment-->  
| ''approved'', July 2010 (MS405) <!-- status, date of approval -->  
| ''approved'', Nov 2017 <!-- status, date of approval -->  
| Security <!-- area -->  
| Security <!-- area -->  
| Resource Centres, Risk Assessment Team, Technology Providers, SVG <!-- Relevant to -->
| Resource Centres, Risk Assessment Team, Technology Providers, SVG <!-- Relevant to -->
|-
|-
| SEC 03 <!-- number -->  
| [[SEC03|SEC 03]] <!-- number -->  
| [https://documents.egi.eu/document/283 Critical Vulnerability Operational Procedure] <!-- title and wiki link -->
| [[SEC03|EGI-CSIRT Critical Vulnerability Handling]]  
| After a problem has been assessed as critical, and a solution is available, then sites are required to take action. This document primarily defines the procedure from this time, where sites are asked to take action, and what steps are taken if they do not respond or do not take action. If a site fails to take action, this may lead to site suspension. <!-- comment-->
| After a problem has been assessed as critical, and a solution is available, then sites are required to take action. This document primarily defines the procedure from this time, where sites are asked to take action, and what steps are taken if they do not respond or do not take action. If a site fails to take action, this may lead to site suspension.  
| ''approved'', March 15 2011 <!-- status, date of approval -->
|  
| Security <!-- area -->
''approved'',  
| Resource Centres, Operations Centres, EGI-CSIRT, SVG <!-- Relevant to -->
 
8. Sept. 2015
 
| Security  
| Resource Centres, Operations Centres, EGI-CSIRT, SVG
|-
|-
| SEC 04  
| [[SEC04|SEC 04]]
| [https://documents.egi.eu/document/1018 Compromised Certificates and Central Security Emergency suspension]  
| [https://documents.egi.eu/document/1018 Compromised Certificates and Central Security Emergency suspension]  
| This procedure describes what should be done in the event of a compromised identity certificate, including long lived certificates and proxies. This applies to robot certificates and service certificates as well as user certificates. Certificates are considered to be compromised if they are exposed outside intended policy, or linked to security incidents or malicious jobs. This procedure also addresses usage of Central Security Emergency suspension. The implications of a CA compromise are also briefly described.  
| This procedure describes what should be done in the event of a compromised identity certificate, including long lived certificates and proxies. This applies to robot certificates and service certificates as well as user certificates. Certificates are considered to be compromised if they are exposed outside intended policy, or linked to security incidents or malicious jobs. This procedure also addresses usage of Central Security Emergency suspension. The implications of a CA compromise are also briefly described.  
Line 204: Line 243:
|-
|-
| [[SEC05|SEC 05]]  
| [[SEC05|SEC 05]]  
| [[EGI_CSIRT:Security_Resource_Centre_Certification_Procedure| Security Resource Centre Certification Procedure]]
| [[SEC05|Security Resource Centre Certification Procedure]]  
| Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities.  
| Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities.  
| ''approved'', November 27 2014 <!-- status, date of approval -->
| ''approved'', November 27 2014  
| Security  
| Security  
| Resource Centres, Operations Centres, EGI-CSIRT
| Resource Centres, Operations Centres, EGI-CSIRT
Line 213: Line 252:
[[EGI CSIRT:Policies#EGI_Operational_Security_Procedures|More information]]
[[EGI CSIRT:Policies#EGI_Operational_Security_Procedures|More information]]


See all [[SPG:Documents|EGI policies and procedures]]  
= Security Policies =
See EGI Security [[SPG:Documents|Policies]]  


[[Category:Operations_Procedures|*]]
[[Category:Operations_Procedures|*]]

Revision as of 15:05, 17 December 2019

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators



Operations

EGI Operational Procedures are prescriptive documents that describe step-by-step processes involving several partners. The purpose of a procedure is define the related workflow. Procedures are approved by the OMB and are periodically reviewed.

Number Title Comment Area Relevant to Status
PROC 01 EGI Infrastructure Oversight Escalation Operations ticket escation Ticket Management Resource Centre Administrators, Operations Centres, Operations Approved
PROC 02 Operations Centre Creation Step-by-step instructions on how to create a new Operations Centre Operations Centre Management Operations Centres, Operations Approved
PROC 03 Operations Centre decommissioning Step-by-step instructions on how to decommission an Operations Centre Operations Centre Management Operations Centres, Operations Approved
PROC 04 Quality verification of monthly availability and reliability statistics Instructions RODs and Operations Centres on how to handle justification for poor monthly performance Availability and Monitoring Resource Centre Administrators, Operations Centres, Operations Approved
PROC 05 Validation of Operations Centre Nagios This procedure is part of the Operations Centre creation procedure. Availability and Monitoring Operations Centres, Operations Approved
PROC 06 Setting a Nagios test status to OPERATIONS A Nagios probe is set to OPERATIONS when its results are used to generate notifications for the Operations Dashboard. This procedure details the steps to turn a Nagios test to OPERATIONs. Availability and Monitoring Operations Centres, Operations Approved
PROC 07 Adding new probes to ARGO Addition of new OPS Nagios probes to ARGO. Availability and Monitoring Resource Centre Administrators, Operations Centres, Operations Approved
PROC 08 Management of the EGI OPS Availability and Reliability Profile Request of a OPS EGI Availability and Reliability profile. A change in the profile is needed every time a new Nagios test needs to be added/removed to/from the profile, in order to have its results included/removed in/from Availability and Reliability monthly statistics. Availability and Monitoring Resource Centre Administrators, Operations Centres, Operations Approved
PROC 09 Resource Centre Registration and Certification Registration of a new Resource Centre Resource Centre Management Resource Centre Administrator, Operations Centres Approved
PROC 10 Recomputation of monitoring results and availability statistics Notification of problems with the monitoring results gathered by SAM and to request a recomputation of results and the related availability and reliability statistics Availability and Monitoring Resource Centre Administrators, Operations Centres Approved
PROC 11 Resource Centre Decommissioning Decommissioning of a Resource Centre before it is turned into CLOSED in GOCDB Resource Centre Management Resource Centre Administrator, Operations Centres Approved
PROC 12 Production Service Decommissioning Decommissioning of a EGI production service Resource Centre Management Resource Centre Administrator, Operations Centres Approved
PROC 13 VO Deregistration Decommissioning of a Virtual Organization supported by the European Grid Infrastructure VO Management VO Managers, Operations Manager Approved
PROC 14 VO Registration Registration of a Virtual Organization to the European Grid Infrastructure VO Management VO Managers, Operations Manager Approved
PROC 15 Resource Center renaming A procedure for changing name of a Resource Center. Resource Centre Management Resource Centre Administrator, Operations Centres Approved
PROC 16 Decommissioning of unsupported software A procedure for removal of unsupported software from production infrastructure. Resource Centre Management Resource Centre Administrator, Operations Centres Approved
PROC 17 Decommissioning of service type A procedure for removal of service type from production infrastructure. Resource Centre Management Resource Centre Administrator, Operations Centres Approved
PROC 18 Temporary Cloud Resource Centre Registration and Certification A Temporary procedure for registration of a new Cloud Resource Centre. Also apples to certified Resource Centers which introduce cloud resources for the first time. Resource Centre Management Resource Centre Administrator, Operations Centres Deprecated
PROC 19 Introducing new cloud stack and grid middleware in EGI Production Infrastructure A procedure for the steps to introduce new stack (Cloud platform) or middleware (Grid Platform) in EGI Production Infrastructure. Resource Centre Management Resource Centre Administrator, Operations Centres Draft
PROC 20
Support for CVMFS replication across the EGI and OSG CVMFS services The document describes the process of enabling the replication of CVMFS spaces across OSG and EGI CVMFS infrastructures Resource Centre Management Resource Centre Administrator, VO managers Approved
PROC 21 Resource Centre suspension
The document describes the process of Resource Centre suspension in EGI infrastructure Resource Centre Management Resource Centre Administrator, VO managers Approved
PROC 22 Support for CVMFS replication across the EGI Infrastructure
The procedure describes the process of creating a repository within the EGI CVMFS infrastructure for an EGI VO. Resource Centre Management Resource Centre Administrator, VO managers DRAFT
PROC23 Production tools release and deployment process The procedure describes the process of release and deployment in EGI production infrastructure for Production tools Production tools APPROVED
PROC24 Major incident handling The procedure describes the process of handling major incidents
Production tools DRAFT
PROC25 UMD and CMD software release procedure The procedure describes the process of adding a new produc release to the software provisioning process and releasing it in UMD/CMD.
Middleware software for HTC/Cloud deployed in multiple resource centres in EGI. DRAFT
PROC26 Verify helpdesk Support Units are working and perform a periodic review of them The document describes the process for verifying that the support teams are still able to follow-up the GGUS tickets assigned to their Support Unit. Moreover it is defined a criteria for decommissioning the SUs that don't work any more. Ticket Management Approved

Structure template for new procedures

Security

Number Title Comment Status Area Relevant to
SEC 01 EGI Security Incident Handling The "Security Incident Handling Procedure" define site and incident coordinator responsibilities when handling Grid-related security incident. ALL EGI sites are required to follow this procedure to report and handle Grid-related security incident. Approved March 2016
Security Resource Centres, EGI CSIRT
SEC 02 EGI Vulnerability issue handling process This procedure is used to handle vulnerabilities in Software relevant to the EGI infrastructure. approved, Nov 2017 Security Resource Centres, Risk Assessment Team, Technology Providers, SVG
SEC 03 EGI-CSIRT Critical Vulnerability Handling After a problem has been assessed as critical, and a solution is available, then sites are required to take action. This document primarily defines the procedure from this time, where sites are asked to take action, and what steps are taken if they do not respond or do not take action. If a site fails to take action, this may lead to site suspension.

approved,

8. Sept. 2015

Security Resource Centres, Operations Centres, EGI-CSIRT, SVG
SEC 04 Compromised Certificates and Central Security Emergency suspension This procedure describes what should be done in the event of a compromised identity certificate, including long lived certificates and proxies. This applies to robot certificates and service certificates as well as user certificates. Certificates are considered to be compromised if they are exposed outside intended policy, or linked to security incidents or malicious jobs. This procedure also addresses usage of Central Security Emergency suspension. The implications of a CA compromise are also briefly described. approved, September 27 2013 Security EGI CSIRT
SEC 05 Security Resource Centre Certification Procedure Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities. approved, November 27 2014 Security Resource Centres, Operations Centres, EGI-CSIRT

More information

Security Policies

See EGI Security Policies