May 2002 Status report

Goals this month

Develop configurations for new Remote RMs

Develop configurations for LDAP publishing Directory

Deployed new UI for service

Finish Version 2 of CP

Update the PMA guidelines document

Equipment status

New RA request from iVDGL

Achievements

Develop configurations for new Remote RM

Dhiva has developed a RPM (Redhat Package manager) for a Remote RM. This is to support NERSC's desire to run a Remote Registration Manager. NERSC has begun experimenting with it. We will be updating the RPM with the new UI in June. The process is for the remote site to install the Registration Manager from Iplanet CMS. The RPM then can be applied and will install our updates.

Develop an LDAP directory to publish, subscriber certificates, CRLs, etc

We have been working with EDG to determine the Schema requirements for our LDAP Directory. A version is being tested now. We have some open issues. Dhiva noticed that the publishing module of CMS will overwrite the certificate entry if it exists. This creates a problem when you renew your certificate early. We need to be able to have a multi-valued certificate attribute to handle this case. Also, we need this for hosts with multiple certificates.

Finish Version 2 of CP

The PMA met via phone and reviewed version 2.0. It was approved by the PMA and went into effect 5/15/2002 . There are a number of defects that are still open issues (http://envisage.es.net/pages/openissues.htm). Some of these issues are minor and can be included in a new version, others will take some time to resolve.

Develop the PMA guidelines document

Updated the PMA guidelines document with comments that came out of the PMA meeting and email. This document reflects our current pratices for managing the certificate service. Addition work is needed. We are going to work on creating a new working group at the GGF to work on a reference version of this document. That way we can use the GGF community to help design a solution to managing a PMA.

Equipment status

We are waiting on Racks to build out new servers. The current configuration is meeting our customer requirements. We will deploy service as our community requires.

New RA request from iVDGL

We received a request from Ewa Deelman [deelman@ISI.EDU] to allow iVDGL to join our RA community. Inclusion of this community as been approved by MICS. We are waiting on Deelman to identify their RA and develop their appendix to our CP.

System design

Current ESnet Data Center design:

Schedule

Item

Date

Comments

Install Hosts

Oct, 23

3 Systems have been racked

Root CA

November, 30

No significant work in December

Travel, vacation and laboratory seasonal closer.

RA for PPDG and NFC

January 15, 2002

Order equipment, servers etc.

February 8, 2002

Done - This is for the secure build out of the PKI in Room 2275.

RA for PNNL

February 15, 2002

Done

Beta PPDG, NFC & PNNL certificates

February 15, 2002

Done

Hire developer

March 1, 2002

Done

Add a RM and Directory server to development environment March 15, 2002 Done

EDG participation

April 1, 2002

Done

Deploy separate CM and RM services April 10, 2002 Done - these are evaluation services and will be deployed as the community requires

New UI for service April 15, 2002 Done - New UI based on V2 CP requirements. Under eval by PMA, will be deployed as appropriate.

RPM for RM April 22, 2002 First version is done - working with NERSC to finalize details of process.

Deploy LDAP service April 29, 2002 Done - this service is in eval and will be deployed as appropriate

Version 2.0 of CP/CPS April 30, 2002 Done - Written needs PMA approval

Start adding new RAs as appropriate.

May 15, 2002

Pending iVDGL approval and inclusion

CP/CPS – sign off

June 1, 2002

Done PMA approved 2.0 May 3

Migrate Beta CA/RAs systems to match final CP.

July 15, 2002

Issue EDG acceptable Certificates for Test Bed 2

July 1, 2002

Order secure Racks Aug 30, 2002 Task was postponed to research alternative method for managing information from the security software: i.e. replace MSFT DB

General release of service

October 1, 2002

System support staff take over daily operation

Problems

No significant issues open. We do need to find a way to handle the security information for the Secure racks. Currently they require us to run MSFT SQL - this is a more expensive then the product itself.

Item	Date	Comments
Install Hosts	Oct, 23	3 Systems have been racked
Root CA	November, 30
No significant work in December		Travel, vacation and laboratory seasonal closer.
RA for PPDG and NFC	January 15, 2002
Order equipment, servers etc.	February 8, 2002	Done - This is for the secure build out of the PKI in Room 2275.
RA for PNNL	February 15, 2002	Done
Beta PPDG, NFC & PNNL certificates	February 15, 2002	Done
Hire developer	March 1, 2002	Done
Add a RM and Directory server to development environment	March 15, 2002	Done
EDG participation	April 1, 2002	Done
Deploy separate CM and RM services	April 10, 2002	Done - these are evaluation services and will be deployed as the community requires
New UI for service	April 15, 2002	Done - New UI based on V2 CP requirements. Under eval by PMA, will be deployed as appropriate.
RPM for RM	April 22, 2002	First version is done - working with NERSC to finalize details of process.
Deploy LDAP service	April 29, 2002	Done - this service is in eval and will be deployed as appropriate
Version 2.0 of CP/CPS	April 30, 2002	Done - Written needs PMA approval
Start adding new RAs as appropriate.	May 15, 2002	Pending iVDGL approval and inclusion
CP/CPS – sign off	June 1, 2002	Done PMA approved 2.0 May 3
Migrate Beta CA/RAs systems to match final CP.	July 15, 2002
Issue EDG acceptable Certificates for Test Bed 2	July 1, 2002
Order secure Racks	Aug 30, 2002	Task was postponed to research alternative method for managing information from the security software: i.e. replace MSFT DB
General release of service	October 1, 2002	System support staff take over daily operation