Document control
Procedure reviews
The following table is updated after every review of this procedure.
Table of contents
Overview
Certification is a verification process for a Resource Centre (aka site) to become part of a Resource Infrastructure such as a National Grid Initiative (NGI), an EIRO, or a multi-country Resource Infrastructure.
This procedure applies to Grid and/or Cloud Resource Centres.
This document describes the steps required to
- register and certify a new Resource Centre,
- re-certify a Resource Centre which has been suspended.
A separate document provides the process for decommissioning a Resource Centre.
Through its parent Resource Infrastructure, a certified Resource Centre becomes a member of the EGI Resource Infrastructure to make resources available to international user communities.
The main difference between a certified Resource Centre and an uncertified or test Resource Centre is that a certified Resource Centre provides and guarantees a minimum quality of service of the resources (currently expressed in terms of monthly availability and reliability). All the requirements can be found in the Resource Centre OLA.
Definitions
Please refer to the EGI Glossary for the definitions of the terms used in this procedure.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
Entities involved in the procedure
Resource Centre Operations Manager: A person who is responsible for initiating the certification process by applying for membership to a Resource Infrastructure (e.g site administrator).
Resource Infrastructure Operations Manager: A person who is responsible for approving the integration of a new Resource Centre into the respective Infrastructure (e.g. NGI manager).
EGI Resource infrastructure Providers are listed on the EGI website.
Operations Centre (Resource Infrastructure): An entity which is technically responsible for carrying out the Resource Centre certification part of the procedure, once the membership is approved.
A list of EGI Operations Centres with their respective contact information is available from the GOCDB (access restricted - grid certificate needed)
EGI CSIRT (Computer Security Incident Response Team): EGI entity which is technically responsible for carrying out the security certification.
The Resource Infrastructure Operations Manager can determine with the Resource Centre Operations Manager the level of involvement of other actors.
Prerequisites and responsibilities
Resource Centre Operations Manager
Resource Center Operations Manager is:
- responsible for all Resource Centres within its respective jurisdiction. For this reason, the Resource Centre Operations Manager is REQUIRED to
- contact the respective Operations Center if the Resource Centre is located in Europe,
- contact the respective Resource infrastructure Provider active in a relevant geographical area if the Resource Centre is outside Europe.
- If needed, EGI Operations can assist the Resource Centre Operations Manager to get in contact with the relevant partner.
- REQUIRED to provide the necessary Resource Centre information needed to complete the registration process, and he/she is responsible for its accuracy and maintenance.
- on a yearly basis, he/she has to review the information registered on GOC-DB regarding his/her Resource Centre, in particular:
- telephone numbers
- CSIRT E-Mail
- people and roles
- service endpoints
- on a yearly basis, he/she has to review the information registered on GOC-DB regarding his/her Resource Centre, in particular:
- responsible for reading, understanding and accepting:
- the Resource Centre Operational Level Agreement (the obligations of a Resource Centre)
- the e-Infrastructure Security Policy
- the Service Operations Security Policy
- all other policies prepared by Security Policy Group (SPG) for all EGI participants, available at the EGI Federation Policies and Procedures Home.
To become Site administrator go through following steps.
Resource Infrastructure Operations Manager
Resource Infrastructure Operations Manager:
- is REQUIRED to be responsible for all Resource Centres within its respective jurisdiction.
- MUST attend Resource Centre certification applications and MUST provide feedback to the requesting partners in a timely manner to accept or reject the requests received.
- is responsible for keeping records of the Resource Centre Operations Manager OLA agreement, as deemed suitable by the Resource infrastructure Provider
- for example, through a signed e-mail agreement, a collection of signatories on a paper copy of the OLA, or other means.
Operations Centre
The Operations Centre:
- is responsible for registering (if applicable) and certifying the Resource Centre.
- (In the case of re-certification) MUST ensure that the issue that caused the suspension has been resolved
- (After suspension for security reason) MUST contact the EGI CSIRT to verify that all requested repair operations have been successfully applied to fix the issue.
- is responsible for maintaining accurate the information registered on GOC-DB regarding the NGI itself and the RCs:
- on a yearly basis, he/she is requested to review in particular:
- ROD E-Mail
- Security E-Mail
- people and roles
- the status of the "not certified" RCs, in according to the RC Status Workflow
- Service Groups
- on a yearly basis, he/she is requested to review in particular:
Resource Center status Workflow
The general status flow that a Resource Centre is allowed to follow is illustrated by the following diagram.
Information on Resource Centre status and on how to manipulate it is available from GOCDB Documentation.
Timelines
A Resource Centre cannot be in
- Candidate state for more than two months
- Suspended state for more than four months
After this period the Resource Centre SHOULD be closed.
Resource Centre registration
Requirements
A Resource Centre MUST
- Find a respective Resource Infrastructure which will provide operational services to the Resource Center. If a provider is not yet available for your country, then an alternative existing Operations Centre can be contacted.
Provide required information as documented below.
Notes: If a Resource Centre wishes to leave the Infrastructure or the Infrastructure decides to remove the Resource Centre, the registration information MUST be kept by GOCDB for at least the same period defined for logging in the Security Traceability and Logging Policy. Personal registration information of the Resource Centre Operations Manager and Security Contact of the Resource Centre leaving the Infrastructure MUST NOT be retained for longer than one year.
Steps
The following steps are only applicable if the Resource Centre is not already registered in GOCDB.
- Actions tagged RC are the responsibility of the Resource Centre Operations Manager.
- Actions tagged RP are the responsibility of the Resource Infrastructure Operations Manager.
- Actions tagged OC are the responsibility of the Operations Centre
# | Responsible | Action |
---|---|---|
0 | RC | Contact your Resource Infrastructure Operations Manager (contact information is available on GOCDB).
|
1 | RP | Accept or reject registration request and communicate this result back to applicant.
|
2 | OC |
Include the Operations Centre ROD, CSIRT, or help-desk teams in the step if necessary. |
3 | OC |
|
4 | RC |
|
5 | OC | Check GOC DB that the Resource Centre's information is correct.
|
6 | RC | ONLY for Cloud RCs - Security survey: follow Security Resource Centre Certification Procedure |
7 | OC | Any other Operations Centre-specific requirements (e.g. join a certain VO and/or mailing list, etc.) |
8 | OC | If all previous actions have been completed with success, notify the Resource Centre Operations Manager that the Registration is completed, and contact the Resource Infrastructure Operations Manager to notify that a new candidate Resource Centre exists and is ready to be certified. |
Resource Centre certification
Requirements
- The Resource Centre Certification procedure is only applicable for both Resource Centres in "Candidate" or "Suspended" status state in GOC DB.
- A Resource Centre can successfully pass certification only if the conditions required by the Resource Centre OLA are met.
Steps
The following is a detailed description of the steps required for the transition from the "Candidate"/"Suspended" to the "Certified" state of the Resource Centre.
- Actions tagged RC are the responsibility of the Resource Centre Operations Manager.
- Actions tagged RP are the responsibility of the Resource Infrastructure Operations Manager.
- Actions tagged OC are the responsibility of the Operations Centre
# | Responsible | Action |
---|---|---|
0 | RP | The Resource Infrastructure Operations Manager contacts the Resource Centre Operations Manager to request the subscription of the Resource Centre OLA. |
1 | RC | The Resource Centre Operations Manager notifies the Resource Infrastructure Operations Manager that the Resource Centre OLA is accepted (if the Resource Centre has not already endorsed it before for example in case of a suspended Resource Centre), and the Resource Centre is ready to start certification. |
2 | RP | The Resource Infrastructure Operations Manager contacts the Operations Centre asking to start the certification process. |
3 | OC | If the Resource Centre is in the "Candidate" or "Suspended" state, then flag the Resource Centre as "Uncertified".
|
4 | OC | Add Resource Centre contact information to any regional mailing list and provide access to regional tools as required. |
5 | OC | Check:
|
6 | OC | Check that the registered services are fully functional either by performing manual tests or by checking on the dedicated Nagios server.
Contact the Resource Centre admins if there are problems, and ensure that they fix them. Include the ROD, CSIRT and help-desk teams if necessary. Iterate this step with the Resource Centre admins until tests pass successfully. Details for manual tests can be found at Manual tests. |
7 | RC | ONLY for HTC RCs - Security monitoring: follow Security Resource Centre Certification Procedure. |
8 | OC | If all preliminary tests are passed for 3 consecutive calendar days, declare an initial maintenance downtime and switch the Resource Centre status to 'Certified'.
|
9 | OC | The downtime should not be closed until the Resource Centre
Wait at least two days after the switch to the 'Certified' status to open the ticket, the propagation of the new status to the operational tools or the publication of accounting data may take one or two days. |
10 | OC | Notify the Resource Centre Operations Manager that the Resource Centre is certified |
11 | OC | The Operation Center can broadcast that a new Resource Centre is now part of the EGI infrastructure. This step is OPTIONAL. |
After the successful completion of these steps, the Resource Centre is considered as "Certified".