Summary notes and actions from OSCT-1, CERN, June 21st 2006

All presentations are available on the OSCT-1 agenda page

No meeting minute-taker was found so the following is a summary of the actions and decisions made by the Chair.

During the meeting it was proposed and agreed that -

OSCT membership and lists etc.

  • The operational core of the OSCT is composed of 2 individuals (prime contact and deputy/alternate) from each ROC.
  • Each ROC will provide a generic mailing list in which (at least) the 2 core contacts will be registered.
  • Whilst generic mail addresses should be used for the majority of communications it is recognised that for security matters personal contact is important so the names and contact details of the prime and alternate contacts will be gathered and circulated within the OSCT core members.
  • The ROC generic mailing lists will be used to populate the mailing list project-lcg-security-support@cernNOSPAMPLEASE.ch. (alias project-egee-security-support@cernNOSPAMPLEASE.ch)
  • The security-support mail list will be (is now) registered in GGUS to receive Security Support (security-support) tickets.

General OSCT support responsibilities and process

  • If a ticket is raised and assigned to security-support the OSCT contact for the affected ROC is responsible for coordinating a solution to the problem. The action necessary to solve the problem may be required by a site, user or VO but the OSCT contact responsible must check that appropriate action is taken in an appropriate time and the ticket is set to solved.
  • The responsible OSCT contact should assign the ticket to themselves to indicate acceptance of the responsibility and 'involve' the OSCT-DC (see below) for information.
  • In case the responsibility is not clear or other factors prevent assignment we introduce the concept of OSCT duty contact (OSCT-DC).
  • At any point in time the OSCT-DC contact point is in the ROC as defined in the rotating ROC-on-duty schedule published on the CIC portal https://cic.in2p3.fr/index.php?id=cic. A backup OSCT-DC is defined in the same manner which role is expected to cover situations such as prolonged unexpected network outage with the Lead site.
  • The geographical co-location of the OSCT-DC with Lead and Backup sites in the operations management process may be expected to assist in communications.
  • The OSCT-DC should monitor the security-support tickets and make appropriate assignment if not already done.
  • The OSCT-DC should attend the weekly operations meeting and report or follow-up as appropriate within the OSCT.
  • No timeframes for assignment are agreed but it is expected that ticket priority, operational impact and common sense be factors in decision of the OSCT-DC to be involved.
  • The OSCT-DC should attend the weekly operations meeting and be responsible for any reporting or routing of actions that may be necessary from that meeting.
  • It is emphasised that it is not the OSCT-DC role to solve all tickets during the duty period, rather to ensure that tickets are assigned and followed.

Site contact management

  • Site security contacts are gathered during the site registration process and managed through the GOCDB. However there are many missing entries. (Action: Eddie Aronovich to coordinate completion of contact details.)

OSCT responsibilities in the LCG/EGEE Incident Handling Process

The Incident Response Guide requires that all incidents be reported to the project-lcg-security-csirts@in2p3NOSPAMPLEASE.fr. The Incident Response Guide, "Depending upon the severity, complexity, duration, and scope of an incident", defines a requirement for a Team Leader to be appointed. The team leader will be appointed as described below in manner similar to the ticket assignment process described above. None of the following is designed to change the progress of an incident according to The Incident Response Guide.

  • OSCT contacts monitor the incident reporting list.
  • When an incident is reported, the OSCT contact for the ROC responsible for the affected/reporting site will have prime responsibility to evaluate the requirement for an incident handling team and ensure the team leader is appointed.
  • The OSCT-DC and backup should monitor the situation and assume responsibility to coordinate in an appropriate timeframe depending on the severity of the incident.
  • The designated Leader should be announced to the OSCT.
  • This does not mean that the OSCT contacts will be always the Team Leader but they do have the responsibility to ensure the leader is clearly designated and team is formed as efficiently as possible.
  • It is expected that the co-location of OSCT contacts and ROC sites will assist in making technical expertise available to join the incident handling team.
  • This does not mean that the responsible OSCT contact makes such decisions and coordination actions in isolation. To assist in this process the OSCT will register, maintain and periodically test the following contact details -
  • Email addresses. Although email signature and encryption is not required initially, exchange of certificates and/or pgp keys should take place the be tested.
  • Telephone numbers.
  • Telephone conference Each ROC contact should ensure that facilities are available and the process published to the OSCT to set up and join such a telephone conference.
  • Instant Messenging. Each ROC contact should ensure that facilities are available to connect to the OSCT IM conference room.
  • Communications facilities above should be tested regularly. It is suggested this could be simply done weekly as a 'hand-over' of OSCT-DC.

Reporting during incident handling

  • During incident handling the Team Leader and/or OSCT contact responsible should make daily (or as appropriate) reports to the security contacts list and management as appropriate.

Other items

  • Action: Ian Neilson to put involvement of VOs in IR process at least on agenda for next meeting
  • Action: Pal Anderssen to follow-up/register tickets related to jobmanager logging issues from debrief of SSC1
  • Action: ALL to submit ideas for future service challenges

OSCT meetings

  • Approx every 6 months.

-- Main.ineilson - 26 Jun 2006

Edit | Attach | Watch | Print version | History: r11 < r10 < r9 < r8 < r7 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r11 - 2009-06-26 - CarlosFuentes
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback