Difference between revisions of "Virtual Machine Image Endorsement"
Line 1: | Line 1: | ||
= Goal | = Description = | ||
== Goal == | |||
Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is ''well-configured, secure and up-to-date''. | Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is ''well-configured, secure and up-to-date''. | ||
= Members = | == Members == | ||
*Enol Fernandez [EF] | *Enol Fernandez [EF] | ||
*Vincenzo Spinoso [VS] | *Vincenzo Spinoso [VS] | ||
== Contacts == | |||
SSO group available: vm-image-endorsement@mailman.egi.eu | |||
= Image types = | = Image types = | ||
Line 58: | Line 64: | ||
'''ACTION NEEDED''' : link to external wiki containing hardening guidelines from CSIRT | '''ACTION NEEDED''' : link to external wiki containing hardening guidelines from CSIRT | ||
= Procedures for EGI images = | = Procedures for EGI images = |
Revision as of 14:16, 9 June 2015
Description
Goal
Set up a process assuring that a Virtual Machine Image (VMI)/ Virtual Appliance (VA) published in AppDB is well-configured, secure and up-to-date.
Members
- Enol Fernandez [EF]
- Vincenzo Spinoso [VS]
Contacts
SSO group available: vm-image-endorsement@mailman.egi.eu
Image types
Type | Description | Managed by |
---|---|---|
EGI | General purpose images. Based on largely used Oses | EGI |
VO-specific | VO specific images, available to a specific VO and customized for specific purposes | VO-expert |
Activities and workflow
Activity | Description |
---|---|
A1. Image setup |
Set up an image ready to be used by a Resource Provider |
A2. Image hardening |
Procedure that provides first configuration, security and updates to a given image output of A1 |
A3. Image publishing |
Procedure that takes and image ready from A2 and makes it available on AppDB with proper tags, metadata, links |
Documents and Policies
Policies are defined by the SPG group and are published in the https://wiki.egi.eu/wiki/SPG:Documents
It is particularly relevant the Security Policy for the Endorsement and Operation of Virtual Machine Images and a draft of a Virtualisation Policy.
Hardening guidelines
ACTION NEEDED : link to external wiki containing hardening guidelines from CSIRT
Procedures for EGI images
Activity | Initial activity | Ongoing activity |
---|---|---|
A1. Image setup | Set up the procedure for a given image [EF] | Apply the procedure to maintain the image up to date according to a given policy (on security issue, on request, every X days… ) [VS] |
A2. Image hardening | Apply VMI hardening procedure to a given image [VS] | Apply VMI hardening procedure to a given image [VS] |
A3. Image publishing | Publish the image on AppDB [VS] | Publish the image on AppDB [VS] |
Ubuntu
Setup
Hardening
CentOS7
Setup
Hardening
Procedures for VO images
The procedure is similar as to EGI images, but a VO expert (endorser) is fully responsible for the process of the endorsement of a specific VM. For the fedcloud.egi.eu VO the VO expert will get special help from EGI experts.