itsrm report erez etzion accu meeting june 15, 2012
TRANSCRIPT
ITSRM
• “ ..Structured communications channels between the user community and the IT.
• Deals with the highest levels of IT strategy that impact the services offered to the users.
• Receives input on user requirements as well as coordinate necessary changes.
• Not an operational meeting although review important operational issues.
• The IT department then translates the decisions into actions .. “
ACCU Meeting ITSRM report, Erez Etzion 2
ACCU Meeting ITSRM report, Erez Etzion 3
Members:
Chairman: Sergio Bertolucci
IT (Frederic Hemmer and 10 representatives) ,
Representatives: Beams, Finance & Procurement, Engineering,
General Infrastructure Services, Human Resources,
PH: (+experiments) Technology,
ACCU
Secretary.
ITSRM 10 - Agenda
1. IT Technical Users Meeting2. Ipad and Iphone support3. Security4. Mail and file system 5. Common issue Tracking Services6. IPv6 plans
ACCU Meeting ITSRM report, Erez Etzion 4
Ipad and Iphone Proposal
• Establish community support for iPhones and iPads– For users on how to purchase, use the devices with CERN infrastructure and
share experiences– For developers to discuss application toolkits and techniques
• Investigate potential areas where IT can assist– Extend usage of the Apple support contract to handle issues around integration
with CERN infrastructure– Testing of web applications such as Indico, webcast, CDS, Drupal, EDH,
Phonebook etc. Solutions or workarounds to be documented where available.– Enable content such as custom CDS content podcasts for iPad/iPhone.– Assess a CERN app-store for easy installation and distribution of locally written
applications without requiring Apple approval/license for each application
• We would be interested to understand related projects in the departments to see how we can assist further
ITSRM report, Erez Etzion ACCU Meeting 6
Security
ITSRM report, Erez Etzion
• New Security Baseline for Industrial Embedded Devices• Security Course Campaign• Data Protection on DFS• Life Cycle for Centrally Managed Web Sites• Move to Real SSO• Regular Validation of Firewall Openings • Default Administrator Accounts on Windows PCs• New Password Rules• Forgot Your Password? A Password Reset Portal• New Interim CERN Policy for the Use of Webcams
ACCU Meeting 7
ITSRM report, Erez Etzion
Mail and filesystem quota
• AFS and DFS service definitions will be aligned– New non-home space requests will be allocated as workspaces
• All space is backed up consistently– 6 months retention
• All requests will be self service with automatic approval– Costs covered by IT budget assuming reasonable growth
Service Initial Self-Service Limit
Mailboxes 2GB (was 100MB) 10GB (was 2GB)
Home Directories 2GB (was 100MB) 10GB (was 1GB)
Workspace 20GB 100GB
ACCU Meeting 8
ITSRM 11 - Agenda
1. IT Technical Users Meeting2. Vidyo conferencing services3. Migration of CErnVM FS
ACCU Meeting ITSRM report, Erez Etzion 9
Video Conferencing• Since 2007 EVO is a payed service.• Vidyo was selected as an alternative, pilot started on
2010. (Numerous awards; “the next big thing”)• IT to offer a Video Conferencing service– Centrally funded and operated– For all CERN collaborators• Videoconference meetings: Point-to-point and Multi-point• From - Desktop machines, Tablets, Smart phones, H323/SIP-equipped
meeting rooms, Traditional phones• Possibility to –Webcast, Record
• Transition Plan– To be finished before June 2012– As a transition buffer Maintain existing support for EVO for 2012
ACCU Meeting 10ITSRM report, Erez Etzion
CVMFS A http-based distribution mechanism for read-only files in directory
structures• Designed for distributing LHC experiments’ software releases• Viable alternative to standard file systems commonly used for software
releases– AFS, NFS, …– CVMFS proved significantly more scalable
• Interesting for other read-only data as well • -E.g. conditions’ data files
• …IT CVMFS deployment fully integrated into service management– Functional element in service catalogue:
https://cern.service-now.com/service-portal/function.do?name=cvmfs&s=cvmfs
ACCU Meeting ITSRM report, Erez Etzion 11
ITSRM 12 - Agenda
ACCU Meeting ITSRM report, Erez Etzion 12
• IT technical Users meeting• IPv6 plans• Data protection , Firewall• CVMFS updates
ITSRM report, Erez Etzion
From IPb4 to IPv6- Internet moves to IPv6, part of it will
only work on v6 (virtualization, clouds, mobile devices)
At CERN IPv6 is necessary to reach all CERN remote users and deploy new large scale services
- Implementation already started
- It will require significant effort
- New operational problems will arise
- Everybody is concerned
- More http://cern.ch/ipv6-
ACCU Meeting 13
Do we lack a Data Protection Policy?
~/.ssh/FILE like~/.ssh/id_dsa~/.ssh/identity~/.ssh/id_rsa
~/.globus/FILE~/.gnupg/FILE~/.mozilla/FILE
~/.cvspass~/.gitconfig~/.*htpass* ~/*htpass*~/.netrc~/.pine.pwd
~/.gnome2/keyrings ~/.kde/share/apps/kwallet/~/.subversion/auth/simple/
~/privateACCU Meeting ITSRM report, Erez Etzion 14
Data Protection Policy (DPP)Data Classification Policy (DCP) The general classification scheme for all data that
are stored and/or processed in electronic form.
Data Storage Policy (DSP) The rules under which data must be stored.Data Access Policy (DAS) The rules under which data can be accessed.Data Transfer Policy (DTP) The rules under which data can be (digitally)
transferred between data stores.
Data Destruction Policy (DDP) The rules under which digital media must be wiped or destroyed such that any trace of data has disappeared from that media.
Next: Data Classification Policy Done: Data Destruction Policy
ACCU Meeting ITSRM report, Erez Etzion 15
ITSRM 13, 15
ACCU Meeting ITSRM report, Erez Etzion 16
• Last two meeting canceled .. No issues were brought other than from IT direction
• Next meeting (September 13th) discuss the scope and future of IT SRM
• If there is any issues that you think should be discussed or bring to the attention of the ITSR, please let me know.