EOSC-hub TSs and CCs

This training session will provide an overview of the various integration workflows in support of resource providers’ needs for federated access through the EOSC-hub AAI. These workflows build on standards and open technologies, including SAML 2.0, OpenID Connect, and OAuth 2.0, in order to support the integration of web-based services. The session will also cover more advanced workflows for addressing non-web-based access use cases (e.g. command line and API). In this context techniques for obtaining credentials on behalf of the end-user using OAuth tokens and X509 proxy certificates through online authorities will be presented.

The main objective of this session is to show how EOSC services can be used for managing active research data (i.e. data transfer, storage, and sharing) and for preserving final research data (i.e. data archiving and publishing). During this training, we will give a brief overview of the EUDAT Services in the data life cycle and demonstrate how these services operate and integrate with each other to meet the data management requirements of research communities and comply with the FAIR principles - which require the data to be properly documented, annotated, archived, published and accessible to the wider community.

DEEP-Hybrid-DataCloud project aims to promote the integration of specialized, and expensive, hardware under a Hybrid Cloud platform, so it can be used on-demand by researchers of different communities.

XDC project aims at address high-level topics ranging from the federation of storage resources with standard protocols, the policy driven data management based on Quality of Service, data lifecycle management, metadata handling and manipulation, data preprocessing and encryption during ingestion, and smart caching solutions among remote locations.

This training session will provide practical overview on the solutions implemented both at the level of IaaS, PaaS and SaaS within the projects: INDIGO-DataCloud, eXtreme DataCloud (XDC) and DEEP-HybridDataCloud.

T Service Management is a discipline that helps provide services with a focus on customer needs and in a professional manner. It is widely used in the commercial and public sectors to manage IT services of all types, but current solutions are very heavyweight with high barriers to entry.

FitSM is an open, lightweight standard for professionally managing services. It brings order and traceability to a complex area and provides simple, practical support in getting started with ITSM. FitSM training and certification provide crucial help in delivering services and improving their management. It provides a common conceptual and process model, sets out straightforward and realistic requirements and links them to supporting materials.

FitSM is the reference framework being used in both EOSC-hub and EOSCpilot projects, among other research infrastructures as well. Through FitSM, the EOSC-hub project aims at conducting effective IT service management in a federated environment and achieving a baseline level of ITSM that can act in support of ‘management interoperability’ in federated environments where disparate organisations must cooperate to manage services. 

In addition, participants have an opportunity to receive a formal certification backed by certification authority ICO-Cert for anyone successfully passing the exam (20 multiple choice questions, 13 required to pass). Both the costs of the training and the exam is covered and offered by the EOSC-hub project for free.

The training is co-located with the 2nd EOSC-hub Week taking place on Tuesday 9 April 2019, ensuring no overlap with the main programme.

EGI CSIRT provides operational security to distributed compute infrastructures coordinated by EGI. One of EGI CSIRTs activities is to assess the overall incident response capabilities, which is done through security exercises, so called Security Service Challenges (SSCs). Operational security in an agile environment with different job management systems, logging information at different locations and entities coordination of the involved security teams is key.

The used services need to provide sufficient traceability of user actions as well as interfaces to the systems that offer methods needed to contain an incident, i.e. suspending of credentials found in activities violating approved security policies.

In an assessment of the overall incident response capabilities one of the core aspects will be the junctions between the acting security teams, each having a different view on the situation and different tools available to contain the incident.

To be able to run Security Service Challenges (SSCs) targeting multiple Resource Centres (RCs) and Workload Management Systems (WMS) a framework, the SSC-Monitor, was developed, that allows for central management of the malicious activities as well as for recording and evaluating the expected actions of the participating CSIRTs. This SSC-Monitor was already used for earlier SSCs. While large parts of this framework remains constant several adoptions are needed to implement the Virtual Organisations WMS. Also to be able to measure the incident response of the participants various metrics have to be developed and made available to the SSC-Monitor, and in order to realistically hide the malicious activities, alternative methods for getting the payload to the compute nodes had to be researched and implemented into the SSC-Monitor. Details are presented in separate contribution to this conference.

In the SSC presented here we focused on the WMS Dirac developed and used by the LHCB VO. Incidents involving a VOs WMS require actions and information flow from/to the VOs security team, the RCs security teams and, eventually, additional entities providing authentication frameworks. The information flow and the orchestrated incident response activities are coordinated by EGI CSIRTs Incident Response Task Force (IRTF).

To assess the readiness of the above mentioned security teams, EGI CSIRT together with the VO LHCB created a realistic incident scenario, where valid user credentials are used to submit jobs to the infrastructure using LHCBs workload management system DIRAC as well as using generic services available for job submission directly to the sites.

In this presentation we will show the detailed incident scenario created by the SSC-Monitor, the expected actions described in the incident response procedures as well as the efficiency of the actions described in the developed metrics.

The EGI Notebooks is an 'as a Service' environment based on the Jupyter technology, offering a browser-based, scalable tool for interactive data analysis. The EGI Notebooks environment provides users with notebooks where they can combine text, mathematics, computations and rich media output. EGI Notebooks is a multi-user service and can scale to multiple servers based on the EGI cloud service.

With the Binder ‘extension’ of Jupyter one can turn a Github repository with Jupyter notebooks into an executable environment, making code, visualisation and documentation immediately reproducible and reusable by anyone, anywhere. 

This webinar will introduce the key features of the EGI Notebooks service, particularly:

• Easy access based on user authentication through EGI Check-In using institutional (eduGAIN) or social media accounts (e.g.: Google, Facebook, LinkedIn).
• Graphical environment to write and run code, analyse and visualise data.
• Persistent storage associated to each user, available in the notebooks environment.
• Customisable with new notebook environments, expose any existing notebooks to your users.
• Leverage on the EGI e-Infrastructure cloud compute and storage resources to run the notebooks.
• Sharing of notebooks through Binder for Open Science.

The EGI Notebooks are offered in two options:

• For individual users: EGI hosts and offers a JupyterHub within the Applications on Demand service. After a lightweight approval, users login, write and play notebooks using the EGI storage and compute capacity.
• For user communities: EGI offers consultancy and technology to setup a community-specific JupyterHub on top of a community VO. This comes together with community specific compute and storage.

WP11 responses for coordinating training delivery for EOSC-hub core services, Thematic services and Competence Centres services. Training delivery is largely depending on EOSC-hub service providers in WP5-8.
The topics are mainly based on WP11 drafted Guidelines and Best Practises on Training Delivery, with extended contents on training delivery techniques.

The aims of IT Security Management (ISM) include the management of security risk, the maintenance of confidentiality, integrity and availability of services and data, the handling of security incidents, the prevention of incidents by handling vulnerabilities, and the definition of best practice together with appropriate dissemination and delivery of training courses. In the world of Open Science and in view of the ever-changing landscape of security threats on the Internet, ISM is an ongoing global challenge. Experience has shown that security and trust is best tackled in a collaborative way, especially as the Infrastructure security teams have to trust each other, to allow for the proper handling of those security incidents which spread between Infrastructures.

The EOSC-hub proposes a new vision to data-driven science, where researchers from all disciplines have easy, integrated and open access to the advanced digital services, scientific instruments, data, knowledge and expertise they need to collaborate to achieve excellence in science, research and innovation.

The process towards the integration of the different security activities will be supported through the development of harmonized policies and procedures, to ensure consistent and coordinated security operations across the services provided in the catalogue.

Coordinating the Operational Security in such a broad environment is a challenge. At the same time it offers many possibilities of a closer collaboration of the already existing security teams active in the distributed infrastructures.

The expertise built, and tools developed in response to specific problems in the different infrastructures can be used in cross-infrastructure co-operations. In this presentation we will present examples for possible collaborations in: Incident Prevention Incident Handling/Coordination * Security Training and Exercises