August 2002 Status report

Goals this month

  1. Review Hardware Security Modules - update
  2. Equipment status
  3. Approve ESG application for RA
  4. Certificate service Statistics as of end of August
  5. System Architecture - 10/15
  6. Data center design
  7. Project Schedule
  8. Problems

Achievements

The project has begun the last leg of deliverables.  The October 15th goal is to: 

  1. complete the data center build out of servers, racks and other equipment
  2. deploy HSMs
  3. deploy new naming
  4. update the CP/CPS with new naming, etc
  5. update the PMA charter, based on GGF efforts

Review Hardware Security Modules

Mike Helm and Dhiva continue to evaluate products from: Rainbow, Chrysalis and Ncipher. The HSM is a requirement for the project, to meet the security requirement of EDG.  Evaluations of the 3 systems is mostly complete. In early September, Dhiva and Mike plan to do a presentation on the systems to the support staff of ESnet.  Selection of the final product should be finished in early September so orders can be placed in time for our October milestone.

Equipment status

Stan's group has been working with Plant engineering to get the ESnet Data Center racks secured and powered. Blueprints for the efforts are now done and plant will begin the work shortly.  If plans go as planed it looks very likely that we can meet our October milestone.  If the work is delayed we can temporarily deploy the PKI system in standard racks in the Data Center.     

Approve Earth System Grid II application for RA

We finished the vetting process of ESG in August.  They are now a full member of our PMA and PKI. Their section of the CP and contact information can be found on their web page: http://www.doegrids.org/pages/RAesg.htm

Certificate service Statistics as of 8/31

Certs per month issued ~ 40 – 80
Total Certificates issued:  387
Certificates revoked:   40
People Certificates  161
Services Certificates  167
Host (internal usage)    13
Requests in Queue:     6

System Architecture

Current ESnet Data Center design:

Project Schedule

Item

Date

Comments

Install Hosts

Oct, 23

3 Systems have been racked

Root CA

November, 30

 

No significant work in December

 

Travel, vacation and laboratory seasonal closer.

RA for PPDG and NFC

January 15, 2002

Done 

Order equipment, servers etc.

February 8, 2002

Done - This is for the secure build out of the PKI in Room 2275.

RA for PNNL

February 15, 2002

Done  

Beta PPDG, NFC & PNNL certificates

February 15, 2002

Done

Hire developer

March 1, 2002

Done

Add a RM and Directory server to development environment March 15, 2002 Done

EDG participation

April 1, 2002

Done  

Deploy separate CM and RM services April 10, 2002 Done - these are evaluation services and will be deployed as the community requires
New UI for service April 15, 2002 Done - New UI based on V2 CP requirements. Under eval by PMA, will be deployed as appropriate.
RPM for RM April 22, 2002 First version is done - working with NERSC to finalize details of process.
Deploy LDAP service April 29, 2002 Done - this service is in eval and will be deployed as appropriate. The service is now available on the website
Version 2.0 of CP/CPS April 30, 2002 Done - Written needs PMA approval

Start adding new RAs as appropriate.

May 15, 2002

Pending iVDGL approval and inclusion

CP/CPS – sign off

June 1, 2002

Done PMA approved 2.0 May 3

Issue EDG acceptable Certificates for Test Bed 2

July 1, 2002

Done - this requires EDG now to use it.

New naming structure September 30, 2002 Need PMA to approve new naming and DIT.
Roll out plan for version 2 architecture September 30, 2002 We need to maintain current PKI1 and deploy PKI2 to the community
Advance email notifications September 15, 2002 Add additional information to the email request notifications
Add additional information to the Directory listings of certificates October 1, 2002 Add information from the CSR to the directory listing of certificate.
     
Secure Racks October 1, 2002 The Racks have arrived and are being installed. This will take some time, as it requires Plant engineer to approve and do the electrical...

General release of service

October 15, 2002

System support staff take over daily operation

Problems

No significant issues open.