opendap at the national oceanographic data center
DESCRIPTION
OPeNDAP at the National Oceanographic Data Center. Status Lessons Learned Recommendations. NODC Service Components. An Operational Component of the “Federal Backbone” Data Archive and Metadata Management Identity tracking Version tracking Integrity tracking - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/1.jpg)
OPeNDAP at the National Oceanographic Data Center
• Status
• Lessons Learned
• Recommendations
![Page 2: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/2.jpg)
![Page 3: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/3.jpg)
NODC Service Components
An Operational Component of the “Federal Backbone”
Data Archive and Metadata Management Identity tracking Version tracking Integrity tracking
Ocean Climate Data Record Development Peer reviewed quality assessment Physical, Chemical Biological Observations Data archeology, Ocean heat and productivity climate records
Coastal Data Access Support
Data documentation, discovery, retrieval, exchange Coastal resource management target
NOAA Central Library
Information services Data
![Page 4: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/4.jpg)
NODC
• Transitioning to an Open Archival Information System Reference Model (OAIS) – ISO 14721:2002
• Goal Preserve data/information over the long term
• Changing technologies
• Changing support media and formats
• Changing user communities and expectations
• Basic Precept – Must preserve combination of data and its representation information
![Page 5: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/5.jpg)
The NODC Operational Environment
• Committed to Online Accession and Delivery of Data, Products & Metadata
• Approximately 400 Major IT Systems Supporting ~1 TB Data, ocean satellite data a recent entry
• 15 IT Staff equally split between Federals and Contractors
• Mandated Federal IT Security Requirements & Oversight
• NOAA• Department of Commerce• Office of Management and Budget• Office of Inspector General
• In this Environment, Enterprise-level Management Essential
![Page 6: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/6.jpg)
![Page 7: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/7.jpg)
OPeNDAP Installation at NODC
• Default installation in open environment seems to work “right out of the box”
• Installation within structured, secure environment is a different story
![Page 8: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/8.jpg)
NODC Secure Operational Environment – Normal Precautions … and then Some
• Network firewall
• Multiple zones with separate firewall policies
• IP Filtering & access controls on exposed hosts
• Aggressive patching schedule
• Credentials for remote access require “strong encryption”
• Public server code reviewed “line by line”
• Public web & FTP servers chrooted, limiting access
• Public web content is “Read Only”
• All CGI scripts reside on “Read Only” file systems
• CGI Privilege escalation disabled
• “Hot Backup” systems, hardware and content in place
![Page 9: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/9.jpg)
NODC Operations Summary
0
10
20
30
40
50
1991 1995 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007
Year
Nu
mb
er
0
50100
150
200250
300
350400
450
(# S
ys
tem
s)
FTE + Contractors Systems UnitsSystems Compromised PC Virus Attacks
![Page 10: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/10.jpg)
Data Transport Protocols Supported
• HTTP
• FTP
• JDBC (SQL Database access)
• DODS / OPeNDAP
• Command Line (NRL TOWAN access)
• ArcSDE (Java API)
o HTTPS
o TEDS (Navy's Tactical Environmental Data Server)
o OpenGIS
o Java and C++ programs enabled protocols • In place
o In progress
![Page 11: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/11.jpg)
Overview of NODC Secure Operational Environment(RED identifies OPeNDAP installation challenges)
• Network firewall
• Multiple zones & firewall policies
• IP Filtering & access controls on exposed hosts
• Aggressive patching schedule
• Credentials for remote access require “strong encryption”
• Public server code reviewed “line by line”
• Public web & FTP servers chrooted, limiting access
• Public web content is “Read Only”
• All CGI scripts reside on “Read Only” file systems
• CGI Privilege escalation disabled
• “Hot Backup” systems and content in place
![Page 12: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/12.jpg)
Lessons Learned - OPeNDAP Installation In Operational Secure Environment
• Default installation & existing documentation not yet adequate to secure installations
Challenges enterprise approach to system management
Command line and Perl modules installed by default in the CGI-Bin, allowing remote user to invoke and compromise system
Multiple interdependencies found among PERL modules, configuration files, and scripts
• Elected detailed review of voluminous code due to lack of familiarity and availability of security information resource base
• Level of documentation hindered trouble shooting
• Many issues resolved after “tech assist” visit, some still remain
![Page 13: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/13.jpg)
Observations & Recommendations
• OPeNDAP offers a powerful data transport capability, particularly suited for aggregated data transport into applications (e.g., models)
• In its present form OPeNDAP required expert levels of support (Operationally ready and sustainable?)
• Independent security testing and evaluation needed
• Life cycle (and reduced costs) support will be needed in similar operational environment implementations
• Data discovery (metadata enabled) and aggregation are challenges and critical IOOS requirements
• From a practical point of view, some decisions have been made based on resource allocation tradeoffs with respect to “return on investment” in comparison to existing, alternative data transport protocols already in use (e.g., FTP, HTTP, emerging OpenGIS protocols, etc.)
• IOOS DMAC needs to address these and other user identified issues in its next phase
![Page 14: OPeNDAP at the National Oceanographic Data Center](https://reader035.vdocument.in/reader035/viewer/2022062322/56814881550346895db58e60/html5/thumbnails/14.jpg)
Looking Ahead
• NODC OPeNDP Server awaiting final validation• Early data sets identified and groomed () for
OPeNDAP publication WOCE Ver 3 NOAA AVHRR reprocessed Pathfinder SST record World Ocean Atlas Global Temperature Salinity Profiling Program (GTSPP) NOAA Shipboard Environmental Data Acquisiton (SEAS)
data
• OPeNDAP will be one of several data transport protocols used by NODC