Скачать презентацию ESnet PKI Developed for the DOE Science Grid Скачать презентацию ESnet PKI Developed for the DOE Science Grid

3daabead433cbdb699165e59df636012.ppt

  • Количество слайдов: 8

ESnet PKI Developed for the DOE Science Grid and Sci. DAC ESnet PKI Developed for the DOE Science Grid and Sci. DAC

Time line of Project October 2001 Project Approved Deployment Milestone – predates approval October Time line of Project October 2001 Project Approved Deployment Milestone – predates approval October ESnet Support team builds out 3 emergency servers for Project Quick survey of Potential user requirements No R&D could be done Deployment was needed immediately DOESG Subordinate Root CA on line November 2001 January 15, 2002 start issuing “Hand Minted” certificates to initial users February - First authenticated transatlantic transactions using DOESG certificates

PKI achievements Policy Management Authority Initial PMA, currently 14 members. Membership consists of RA PKI achievements Policy Management Authority Initial PMA, currently 14 members. Membership consists of RA agents and Project leads. DOESG Virtual Organizations and Sites supported PPDG Doug Olsen (LBL), Ruth Pordes (FNAL) NFC Mary Thompson (LBL) PNNL Scott Studham ORNL Kasidit Chanchio ANL John Volmer NERSC Steve Lau, Steve Chan PPDG setting the pace First Registration Authority Agent First Trans Atlantic use of certificates with European Data Grid member European Data Grid Broad acceptance by their PKI working group Actively working with them on: PKI requirements, Certificate Policies and Directory

PKI achievements 2 Community acceptance of Architecture Single Certificate Policy Global Certificate Authority Distributed PKI achievements 2 Community acceptance of Architecture Single Certificate Policy Global Certificate Authority Distributed Registration Managers Iplanet CMS was correct choice for our community. Other International efforts Grid Forum Security and Information services WGs. Our experience is refining the Globus’ Grid Security Infrastructure implementation.

European Data Grid Efforts Data. Grid project funded by EU Next Generation Computing infrastructure… European Data Grid Efforts Data. Grid project funded by EU Next Generation Computing infrastructure… Test Beds are under Work Package 6 Test Bed 2 scheduled for summer Data. Grid CA managers CERN, Czech Republic, France, Ireland, Italy, Netherlands, Nordic countries, Portugal, Russia, Spain, UK, and now DOESG

Architecture for 5/15/02 deployment ESnet Root CA Shadow Dir Public CM Public Dir NERSC Architecture for 5/15/02 deployment ESnet Root CA Shadow Dir Public CM Public Dir NERSC RM Community RM PPNL RM Production Servers CM: Certificate Manager RM: Registration Manager Dir: LDAP based Directory Dev CM Dev RM Dev Dir Shadow CA Development Servers

ESnet’s PKI Server security ESnet’s PKI Server security

Secure cabinets - NTSG design Monitoring Cabinet Status, Cabinet Access Power conditions Environmental NOC Secure cabinets - NTSG design Monitoring Cabinet Status, Cabinet Access Power conditions Environmental NOC reporting 7/24 Access monitoring User pin codes Event times Web based management Relational DB logging and audit trail.