ITSRM report Erez Etzion ACCU Meeting June 15, 2012.

ITSRM report

Erez Etzion ACCU MeetingJune 15, 2012

ITSRM

• “ ..Structured communications channels between the user community and the IT.

• Deals with the highest levels of IT strategy that impact the services offered to the users.

• Receives input on user requirements as well as coordinate necessary changes.

• Not an operational meeting although review important operational issues.

• The IT department then translates the decisions into actions .. “

ACCU Meeting ITSRM report, Erez Etzion 2


Members:

Chairman: Sergio Bertolucci

IT (Frederic Hemmer and 10 representatives) ,

Representatives: Beams, Finance & Procurement, Engineering,

General Infrastructure Services, Human Resources,

PH: (+experiments) Technology,

ACCU

Secretary.

ITSRM 10 - Agenda

1. IT Technical Users Meeting2. Ipad and Iphone support3. Security4. Mail and file system 5. Common issue Tracking Services6. IPv6 plans


Ipad and IPhone usage

ITSRM report, Erez EtzionACCU Meeting 5

Ipad and Iphone Proposal

• Establish community support for iPhones and iPads– For users on how to purchase, use the devices with CERN infrastructure and

share experiences– For developers to discuss application toolkits and techniques

• Investigate potential areas where IT can assist– Extend usage of the Apple support contract to handle issues around integration

with CERN infrastructure– Testing of web applications such as Indico, webcast, CDS, Drupal, EDH,

Phonebook etc. Solutions or workarounds to be documented where available.– Enable content such as custom CDS content podcasts for iPad/iPhone.– Assess a CERN app-store for easy installation and distribution of locally written

applications without requiring Apple approval/license for each application

• We would be interested to understand related projects in the departments to see how we can assist further

ITSRM report, Erez Etzion ACCU Meeting 6

Security

ITSRM report, Erez Etzion

• New Security Baseline for Industrial Embedded Devices• Security Course Campaign• Data Protection on DFS• Life Cycle for Centrally Managed Web Sites• Move to Real SSO• Regular Validation of Firewall Openings • Default Administrator Accounts on Windows PCs• New Password Rules• Forgot Your Password? A Password Reset Portal• New Interim CERN Policy for the Use of Webcams

ACCU Meeting 7


Mail and filesystem quota

• AFS and DFS service definitions will be aligned– New non-home space requests will be allocated as workspaces

• All space is backed up consistently– 6 months retention

• All requests will be self service with automatic approval– Costs covered by IT budget assuming reasonable growth

Service Initial Self-Service Limit

Mailboxes 2GB (was 100MB) 10GB (was 2GB)

Home Directories 2GB (was 100MB) 10GB (was 1GB)

Workspace 20GB 100GB

ACCU Meeting 8

ITSRM 11 - Agenda

1. IT Technical Users Meeting2. Vidyo conferencing services3. Migration of CErnVM FS


Video Conferencing• Since 2007 EVO is a payed service.• Vidyo was selected as an alternative, pilot started on

2010. (Numerous awards; “the next big thing”)• IT to offer a Video Conferencing service– Centrally funded and operated– For all CERN collaborators• Videoconference meetings: Point-to-point and Multi-point• From - Desktop machines, Tablets, Smart phones, H323/SIP-equipped

meeting rooms, Traditional phones• Possibility to –Webcast, Record

• Transition Plan– To be finished before June 2012– As a transition buffer Maintain existing support for EVO for 2012

ACCU Meeting 10ITSRM report, Erez Etzion

CVMFS A http-based distribution mechanism for read-only files in directory

structures• Designed for distributing LHC experiments’ software releases• Viable alternative to standard file systems commonly used for software

releases– AFS, NFS, …– CVMFS proved significantly more scalable

• Interesting for other read-only data as well • -E.g. conditions’ data files

• …IT CVMFS deployment fully integrated into service management– Functional element in service catalogue:

https://cern.service-now.com/service-portal/function.do?name=cvmfs&s=cvmfs




ITSRM 12 - Agenda


• IT technical Users meeting• IPv6 plans• Data protection , Firewall• CVMFS updates


From IPb4 to IPv6- Internet moves to IPv6, part of it will

only work on v6 (virtualization, clouds, mobile devices)

At CERN IPv6 is necessary to reach all CERN remote users and deploy new large scale services

- Implementation already started

- It will require significant effort

- New operational problems will arise

- Everybody is concerned

- More http://cern.ch/ipv6-

ACCU Meeting 13

http://cern.ch/ipv6

Do we lack a Data Protection Policy?

~/.ssh/FILE like~/.ssh/id_dsa~/.ssh/identity~/.ssh/id_rsa

~/.globus/FILE~/.gnupg/FILE~/.mozilla/FILE

~/.cvspass~/.gitconfig~/.*htpass* ~/*htpass*~/.netrc~/.pine.pwd

~/.gnome2/keyrings ~/.kde/share/apps/kwallet/~/.subversion/auth/simple/

~/privateACCU Meeting ITSRM report, Erez Etzion 14

Data Protection Policy (DPP)Data Classification Policy (DCP) The general classification scheme for all data that

are stored and/or processed in electronic form.

Data Storage Policy (DSP) The rules under which data must be stored.Data Access Policy (DAS) The rules under which data can be accessed.Data Transfer Policy (DTP) The rules under which data can be (digitally)

transferred between data stores.

Data Destruction Policy (DDP) The rules under which digital media must be wiped or destroyed such that any trace of data has disappeared from that media.

Next: Data Classification Policy Done: Data Destruction Policy


ITSRM 13, 15


• Last two meeting canceled .. No issues were brought other than from IT direction

• Next meeting (September 13th) discuss the scope and future of IT SRM

• If there is any issues that you think should be discussed or bring to the attention of the ITSR, please let me know.

ITSRM report Erez Etzion ACCU Meeting June 15, 2012.

Documents

erez etzionitsrm report

erez etzionipad

erez etzionmail

furtheritsrm report

iphone usageitsrm report

operational meeting

use of webcamsaccu meeting

self service