Changes between Initial Version and Version 1 of GeniOmisGEC3Notes

12/09/08 22:52:09 (14 years ago)
Mike Patton



  • GeniOmisGEC3Notes

    v1 v1  
     1= Notes from OMIS meeting at GEC!#3 =
     2== October 30, 2008 ==
     6=== Introduction ===
     8Heidi Picher Dempsey, WG Chair, introduced the session.
     10The [ agenda] as posted to the mailing list:
     11 10:00-10:30::
     12  GENI Meta Operations Center -  Jon-Paul Herron, Indiana University
     13 10:30-11:00::
     14  GENI Security Architecture - Stephen Schwab, SPARTA, Inc.
     15 11:00-11:15::
     16  GENI at Four-Year Colleges  - Pierre Tiako, Langston University
     17 11:15-11:30::
     18  GENI 2008 Operations Security Internship summary and call for   
     19  participation - Ketly Jean-Pierre, Howard University
     20 11:30-12:00::
     21  Spiral 1 Integration Plans and OMIS working group deliverables- Mike 
     22  Patton and Heidi Picher Dempsey,  GPO
     23 12:00-12:30::
     24  Discussion and Lightning talks.
     26The only agenda bashing was to note that Steve Schwab was sick and couldn't attend.  So, rather than a presentation, we'll have some general security discussion in that slot.
     28=== Project presentations ===
     30==== GENI Meta Operations Center ====
     32Jon-Paul Herron, with the GRNOC at Indiana University, presented the plan for the GMOC project.  Presentation listed several networks that the GRNOC has experience from, including Internet2, NLR, HOPI and now, GMOC.  See [ his slides] for details.
     34There was some discussion:
     35 * Mike Patton asked about managing historical data, especially dealing with changing formats, etc. over the expected GENI lifetime.  Response: operational data should be small enough that bulk conversion should be feasable.
     36 * ~~Name Missed~~ asked if there was an allowance for experiments generating additional data.  In discussion it seemed like an interesting idea, but it was unclear what operational data might need to be exported.
     37    In the discussion it was brought up that both of these will be big concerns in GIMS in the long run, but possibly less critical in operational data.
     38 * Ted Faber argued strongly for defining "Minimalist datasets" to lower the hurdle for contributing components, among other things.
     39 * There was some discussion of allowing for recording intentional (or experimentally induced) outages.  Response: This seems like a fairly straight forward extension of the standard operational distinction of administratively up/down vs. operationally up/down.
     42==== Security ====
     44Since Stephen Schwab, SPARTA, Inc. was unable to attend, Heidi Picher Dempsey led an open discussion of Rules, Policies, and Procedures that might apply to GENI.  Should there be a Recommended Usage Policy (variant AUP)?  This kicked off some discussion...
     46 * Karl Evans, NSF asked "do we allow live malware?"  Which triggered the most interesting discussion.
     47  * Ted Faber wasn't worried about existing malware, but New Ideas in malware could be Dangerous...
     48  * Mike Patton: Do we need to distinguish real Malware from experiments gone berserk?
     49  * Aaron Falk: Policy on Malware depends on research agenda being formulated by NetSE
     50  * Matt Mathis: Policies may need to make a distinction for different site types: e.g. Firewalled vs Open
     51  * Ted Faber: This applies to more than just malware...
     52      Possible policy: Experimenters can't do anything that killing their slice won't stop.
     53  * ~~Name Missed~~: Don't overly constrain what experiments can be run
     54  * Kemp(?): Don't be naive.  Use enforceable penalties for behaving badly.  Russian Business making profits from behaving badly given as an example.
     55  * Ted Faber: Need nuances in the policies
     56  * Jonathan Turner: Would it help to have a Mini-GENI to clear experiments?  Not clear...
     57  * Aaron Falk: With contributions from multiple parties, there will be a range of AUPs  (Should the AUP be in resource discovery?)
     58  * Ted Faber: Idea for a Mini-GENI: run it in an emulab? or roll one up.
     59  * Heidi Picher Dempsey: Adopt the "test first" policy from Planetlab?
     60  * Jonathan Turner: Maybe provide closed, isolated, staging
     61  * Aaron Falk: What to provide so that experimenters can DTRT
     63==== GENI at 4yr colleges ====
     65Pierre Tiako, Langston University presented [ some slides] on his project to explore ways that four year colleges might use and/or contribute to GENI.
     67=== GENI 2008 Operations Security Internship summary and call for participation ===
     69Ketly Jean-Pierre, Howard University, presented some [ref? initial status] from her summer internship looking at operational security for GENI.  Ketly reviewed her work preparing draft security policies for use on GENI.  She developed drafts for both internal GPO and external GENI policies and usage guidelines. She also installed and experimented with monitoring tools such as SNORT that can be useful to people connecting laboratories or other infrastructure to GENI, who are already knowledgable about computers and software.  Ketly would like inputs from other people in OMIS on what tools they have used successfully and what recommendations they have for graduate and undergraduate students participating in GENI who want to design and implement security procedures and tools for their labs and classes.
     73=== OMIS SE report ===
     75Mike Patton, the OMIS WG System Engineer, gave a presentation on early plans around integration for Spiral 1 and what the OMIS WG deliverables were.  The presentation included some diagrams showing multiple options for integration and how they might work together.
     79=== Lightning Talks ===
     81For our first lightning talk, Karl Levitt (NSF) talked (and moderated discussion) on some pointed security questions:
     82 1 What does it mean to "make GENI secure"?
     83    * Protecting GENI
     84     * Slice shutdown important
     85     * How will the experiment use its resources?
     86    * Protecting Opt-In Users
     87    * Protecting the Internet
     88 2 What experiments can be run in security
     89    * Understanding worms/botnets/etc.
     90    * Run games between attacker and defender..
     91    * Run "The Internet" inside GENI and experiment with what would take it all down.
     93In the discussion Aaron Falk said: Don't make it too high a hurdle to run experiments.
     97The second lightning talk was a NetFPGA update from John Lockwood.  The first run of 500 have been deployed, faster than expected.  They are now sold out, next batch ships around Nov 17.  Expected cost $500.  See details on [].