Grid Security & IGCA. C-DAC Knowledge Park

Similar documents
Garuda : The National Grid Computing Initiative - the platform for collaboration and innovation

Garuda : The National Grid Computing Initiative Of India. Natraj A.C, CDAC Knowledge Park, Bangalore.

GARUDA - The National Grid Computing Initiative of India

Seasonal forecast modeling application on the GARUDA Grid infrastructure

GARUDA USER MANUAL. Version 2.0. SOA Group Centre for Development of Advanced Computing Knowledge Park, Bangalore (C-DAC KP)

Understanding HTTPS CRL and OCSP

SLCS and VASH Service Interoperability of Shibboleth and glite

Outline 18/12/2014. Accessing GROMACS on a Science Gateway. GROMACS in a nutshell. GROMACS users in India. GROMACS on GARUDA

KISTI Grid CA Status Report

Security and Certificates

Certification Authority

New open source CA development as Grid research platform.

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

AUDIT PROCEDURES. for REGISTRATION AUTHORITY OFFICE

Hardware Tokens in META Centre

Signe Certification Authority. Certification Policy Degree Certificates

Deploying the TeraGrid PKI

FPKIPA CPWG Antecedent, In-Person Task Group

e-sign and TimeStamping

TATA CONSULTANCY SERVICES LIMITED CERTIFYING AUTHORITY REQUEST FORM FOR CLASS-2 CERTIFICATE FOR FOREIGN DIRECTORS.

Pittsburgh Supercomputing Center MyProxy Certificate Authority Short Lived Credential Service (PSC MyProxy CA)

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

ODYSSEY. cryptic by intent. Odyssey Certrix FAQs. Odyssey Technologies Ltd

crypto ca authenticate through crypto ca trustpoint

EU Policy Management Authority for Grid Authentication in e-science Charter Version 1.1. EU Grid PMA Charter

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

This help covers the ordering, download and installation procedure for Odette Digital Certificates.

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

The IRISGrid Infrastructure Seamless Support for VOs. JRES2005, Marseille

EXPERIENCE WITH PKI IN A LARGE-SCALE DISTRIBUTED ENVIRONMENT

JOB SUBMISSION ON GRID

Introduction to Grid Infrastructures

Digital Certificate Operation in a Complex Environment PKI ARCHITECTURE QUESTIONNAIRE

AAI in EGI Current status

Creating a Secure Distribution Cross-Portlet system for Sharing Electronic Documents

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Odette CA Help File and User Manual

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

CertDigital Certification Services Policy

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

GÉANT: Supporting R&E Collaboration

Public. Atos Trustcenter. Server Certificates + Codesigning Certificates. Version 1.2

The CHAIN-REDS Project

SONERA MOBILE ID CERTIFICATE

Please the completed POL to the following address:

Participant User Guide, Version 2.6

CERTIFICATE POLICY CIGNA PKI Certificates

How to complete your Accessibility Compliance Report. A guide for designated public sector organizations

Apple Inc. Certification Authority Certification Practice Statement

1 Motivation Frontend Fine-Tuning Parameters Location On Windows On Linux... 5

TELIA MOBILE ID CERTIFICATE

Technical Trust Policy

Cisco Collaborative Knowledge

dataedge CA Certificate Issuance Policy

Mavenir Systems Inc. SSX-3000 Security Gateway

GlobalSign Integration Guide. GlobalSign Enterprise PKI (EPKI) and VMware Workspace ONE UEM (AirWatch)

CILogon Project

Integrating Federations in the International Grid Trust Fabric

e-authentication guidelines for esign- Online Electronic Signature Service

MAGNUM-SDVN Security Administration Manual

Network Security Essentials

Set Up Certificate Validation

CERN Certification Authority

Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

PROJECT: NEW JERSEY WATER QUALITY DATA EXCHANGE WQX REPORTER USER S GUIDE. Prepared for New Jersey Department of Environmental Protection

Enterprise Certificate Console. Simplified Control for Digital Certificates from the Cloud

The University of Oxford campus grid, expansion and integrating new partners. Dr. David Wallom Technical Manager

esign - Evolving Opportunities and Applications C E N T R E F O R D E V ELOPMENT O F A D VANCED C O MPUTING N O V E M B E R 1 5,

Configuring Certificate Authorities and Digital Certificates

Apple Inc. Certification Authority Certification Practice Statement

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

SSL Certificates Certificate Policy (CP)

Single Secure Credential to Access Facilities and IT Resources

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

The safe share project John Chapman, Deputy head, information security, Jisc

SMKI Code of Connection

Configuring Secure Socket Layer HTTP

Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

Public-key Infrastructure Options and choices

Configuring Secure Socket Layer HTTP

User Authentication Principles and Methods

by Cisco Intercloud Fabric and the Cisco

Configuring SSL CHAPTER

A GUIDE FOR ADMINISTRATORS

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

HPC Solution. Technology for a New Era in Computing

Security Digital Certificate Manager

CertAgent. Certificate Authority Guide

University Health Network (UHN)

Indeed Card Management Smart card lifecycle management system

Integration of Agilent UV-Visible ChemStation with OpenLAB ECM

IBM. Security Digital Certificate Manager. IBM i 7.1

CHAPTER VII IMPLEMENTATION DETAILS OF THE PROPOSED MODELS AND AN ANALYTICAL CASE STUDY

International Grid Trust Federation

LAWtrust AeSign CA Certification Practice Statement (LAWtrust AeSign CA CPS)

ECA Trusted Agent Handbook

Quality Austria Central Asia

Higher Education PKI Initiatives

Transcription:

Grid Security & IGCA Shikha Mehrotra C-DAC Knowledge Park Bangalore

Why security a major concern? Because both customer data and program are residing in resource Provider Premises. One of the biggest security concerns about cloud/grid computing is that when you move your information into the cloud/grid, you lose control of it. The service gives you access to the data, but you have no way of ensuring no one else has access to the data.

Some important terms What is authentication? An system is how you identify yourself to the computer. The goal behind an authentication system is to verify that the user is actually who they say they are. What is authorization? Authorization checks that authentic user have proper permission or not to access that particular services.

What is the role of CERTIFICATES in grid? What is the role of CERTIFICATES in grid?

Some important terms Certificate: A certificate is a digital document that certifies that a certain public key is owned by a particular user. This document is signed by Certificate Authority (CA). Certificate/Certification Authority (CA) Certification authority (CA) is an entity that issues digital certificates for use by other parties. Revoked Certificate An certificate is said to be invalid once it is revoked.

Registration Authority (RA) A Registration Authority (RA) is an authority in a network that verifies user request for a digital certificate and tells the Certificate Authority (CA) to issue certificate. Verifies applicant & photo identity in Face to Face meeting Approve/Reject the application.

So, who will issue the grid certificate?

IGCA Indian Grid Certification Authority located at C- DAC, Knowledge Park, Bangalore, India. IGCA is the accredited member of APGridPMA. Issues X.509 Certificates t to support tthe secure environment in Grid. (for GARUDA, institutes that t do research in grid from India and foreign institutes that collaborates with GARUDA).

IGCA Registration Process Communication ca.garudaindia.in Web Repository R A IGCA Manager 5 Verifies RA signature To ensure it is not 2 Online CSR generation CSR Ser rial No. Face to face meeting 3 4 Mail/Fax the application form with the photo id igca@cdac.in tempered 6 Files the application i form & Hands over to CAO user 1 CAO 7 Fill application form for certificate request Mail to download certificate 8 Issues the certificate

How long my certificate t is valid?

Walkthrough Homepage http://ca.garudaindia.in/ di i / User Certificate Request process http://ca.garudaindia.in/index.php/certificate/request-a-new-certificate/ di i /i d h / ifi / ifi / Host Certificate Request process http://ca.garudaindia.in/index.php/certificate/host-certificate-request- di i /i d h / tifi t /h t tifi t t process/ RA enrollment process http://ca.garudaindia.in/index.php/ra/establish-ra/ Video Tutorials http://ca.garudaindia.in/index.php/information/faq/video-guides/ IGCA contact igca@cdac.in

Few examples.

What is Grid Proxy? Short Lived Certificate. Derived from public & private keys.

Garuda SLCS

Garuda SLCS Website: http://labs.garudaindia.in The purpose of GARUDA SLCS is to provide grid users with an instant access to GARUDA grid for a trial period of 30days. The fully automated process of SLCS will help users such as beginners and workshop participants to get a quick access and experience of GARUDA before using the operational grid.

Highlights: Get an access in less than 5mins. Service over the internet. Targeted for beginners to get the feel of GARUDA

Virtual Organization Definition : A virtual organization or company is one whose members are geographically apart, usually working by computer while appearing to others to be a single, unified organization with a real physical location. For e.g. a set of bioinformaticians at the University of Oxford may be working closely with a group at Harvard and they wish to share their computational resources, services and/or applications.

VOMS VOMS Virtual Organization Management/Membership Service VOMS is a system to classify users that are part of a Virtual Organization (VO) on the Set of attributes that will be granted to them upon request. include that information inside Globus-compatible proxy certificates

VO Registration http://voms.garudaindia.in/

VO Registration

VO Registration

Thank You

List of support queues in Garuda Sl. No. Project Name Support queue E-mail 1 Any grid related problem GDeployment grid-help@cdac.in 2 GidP Grid Portal tl Portal rt-gp@cdac.in @d 3 Service Oriented Architecture SOA rt-soa@cdac.in 4 GARUDAVOMS Voms voms@cdac.in 5 Grid IDE Tool GridIDE rt-gide@cdac.in 6 OSDD OSDD rt-osdd@cdac.in d 7 Garuda Network Related Netops netops@cdac.in 8 GARUDA SRM GDS rt-gds@cdac gds@cdac.in 9 Not sure about the queue Other rt@cdac.in 25

Phone support Grid Support: 080-66116511 080-66116472 080-66116474 Network Support: 080-66116510 080-66116473 Grid Portal: 080-66116493 080-66116494 080-66116459 GSRM: 080-66116692 080-66116457 26

Grid Support To log your support request Go to http://gridsupport.garudaindia.in Login with your GARUDA Account. Raise ticket in appropriate queue. To raise a problem ticket Select the queue Click new ticket Support request can also be sent via e-mail

Garuda RT (Request Tracker) Login page Raising a ticket

List of support queues in Garuda Sl. No. Project Name Support queue E-mail 1 Any grid related problem GDeployment grid-help@cdac.in 2 GidP Grid Portal tl Portal rt-gp@cdac.in @d 3 Service Oriented Architecture SOA rt-soa@cdac.in 4 GARUDAVOMS Voms voms@cdac.in 5 Grid IDE Tool GridIDE rt-gide@cdac.in 6 OSDD OSDD rt-osdd@cdac.in d 7 Garuda Network Related Netops netops@cdac.in 8 GARUDA SRM GDS rt-gds@cdac gds@cdac.in 9 Not sure about the queue Other rt@cdac.in

Garuda Resource List Institution Location Resources Space Application Centre Ahmedabad VSAT Terminal - 2 Nos. Indian Institute of Science Bangalore 64 cpu; POWER5; Linux Raman Research Institute Bangalore 32 cpu; Opteron; Linux Institute of Mathematical Sciences Chennai 24 cpu; Opteron cluster (Cray XD1) Madras Institute of Technology Chennai 16 cpu; P4; Linux Indian Institute of Technology Delhi 32 cpu; Opteron; Linux Jawaharlal Nehru University Delhi 32+16+16 cpu; Opteron, Opteron, Itanium; Linux Institute of Genomics and Integrative Biology Delhi 48 cpu; Xeon; Linux Indian Institute of Technology Guwahati 128 cpu; Opteron; Linux University of Hyderabad Hyderabad 32 way SMP; POWER4, AIX Indian Institute of Technology Kharagapur gp 16+16 cpu; Power PC2, Xeon; AIX, Linux Physical Research Laboratory Ahmedabad 32cpus; 64bit AMD Institute of Microbial Technology Chandigarh - University of Pune Pune -

GARUDA Partners

Virtual User Community in Garuda Group Name Bioinformatics ClimateModelling OSDD Description application of statistics and computer science to the molecular biology Deals with the dynamics of the climate system. Community dedicated to develop drugs for tropical infectious diseases like malaria, tuberculosis GeoPhysis CAE Study related to physics of the Earth and its environment in space usage of computer software to solve engineering problems IndianHeritage Focused on technology products for preserving & processing Heritage texts HealthInformatics Focused on utilizing compute power for health informatics MaterialScience Euindia interdisciplinary i field applying the properties of matter to science and engineering i The vision of a worldwide Grid for Research by both Europe and India ToolsDeveloper Forum to communicate and collaborate on developing Garuda Tools

What is CRIN Pin mail? What will I do with it? CRIN pin (Certificate Revocation Number) is mailed to user (encrypted with user public key) during his/her certificate creation time. Used for requesting certificate revocation. CRIN pin can be viewed only by decrypting with user private key, so only user can request for revocation. 33

CP/CPS Certificate, CRL Profile Security Controls Certificate Issuance,Rekey Revoke Procedural Controls Other business & legal matters OID : 1.3.1.4.1.31180.10.1.1.0 IA C- IGCACP/CPSVer. NA DA C Auditing, Logging Procedures 34

IGTF The International Grid Trust Federation (IGTF) is a body to establish common policies and guidelines between its Policy Management Authorities (PMAs) members. http://www.igtf.net/ 35

APGridPMA The APGridPMA (http://www.apgridpma.org/) is the international organization to coordinate the trust fabric for e-science in Asia-Pacific, working in close collaboration -- via the International Grid Trust Federation (IGTF) -- with the other regional peers: EuGridPMA; the Americas Grid PMA http://www.apgridpma.org 36

IGCA Roles - RA A Registration Authority (RA) is an authority in a network that verifies user request for a digital certificate and tells the Certificate Authority (CA) to issue certificate. Verifies applicant & photo identity i in Face to Face meeting Approve/Reject the application. Records events in the RA record form. Insist users to protect his/her private key Report IGCA about changes in subscribers information Request for revocation when end entity leaves organization Intimate IGCA, when RA leaves the organization. 37

IGCA Roles IGCA Manager Assist User/RA regarding the IGCA Operations Accepts the application forms & verifies RA signature. Files application form & hands over to CAO Communicates with RA securely. 38

IGCA Roles - CAO Setup & maintenance of the IGCA. Updates the CP/CPS, Operational Manual, Security document. Issue/Revoke/Re-key certificates & publish in web repository Issue CRL & Publish in web repository 39

RA A Registration Authority y( (RA) is an authority in a network that verifies user request for a digital certificate and tells the Certificate t Authority (CA) to issue certificate. t Verifies applicant & photo identity i in Face to Face meeting Approve/Reject the application. Insist st users s to protect his/her private key Report IGCA about changes in subscribers information Request for revocation when end entity leaves organization Intimate t IGCA, when RAleaves the organization. 40

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback