eduroam Managed IdP service should transition from its pilot under the JRA3, into the SA2 production operations. The exit pilot gate was approved by the PLM on 25th of June , officially marking the start of transition.
Relation to pilot The pilot is running on testing-level virtual machines (Okeanos). A continuation on those VMs is not foreseen. The production system is an installation "from scratch". Accounts created in the pilot installation remain valid until their expiry, or 01 Dec 2018 (whichever comes FIRST; expiry date of intermediate CA). For the RADIUS authentication of these pilot-phase accounts, there are two options:
We have to keep the management UI and the OCSP responder online until 01 Dec 2018 so that activities such as revocation are still possible. However, pilot-phase IdP administrators should not create new accounts on the pilot system when the production one is available. |
The transition generally consist of the following areas of work:
...
No | Work item | Responsible | Comment | Status | Start date | End date | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Preparation of documentation - based on the SA2 Service Template | |||||||||||
| Service Description | -Development team prepares -SM signs off | See section 1 of eduroam Managed IdP Service Description | IN PROGRESS (DEV TEAM DONE, awaiting sign-off) | 09 July 2018 | ||||||||
Service policy (Terms of use, SLA) | -Development team prepares -GEANT T&I operation support/Core team signs off | Separte policies for NROs, eduroam Managed IdP administrators and end users are described at eduroam Managed IdP Service Policy. GEANT should sign it off as a legal body that is responsible for the service. | IN PROGRESS (dev team done, awaiting sign-off) | 09 July 2018 | ||||||||
| Branding and Visibility | -Development team prepares -SM signs off | Web page text at https://www.eduroam.org/eduroam-managed-idp/ | IN PROGRESS (dev team done, awaiting sign-off) | 09 July 2018 | ||||||||
| Operational Requirements | -Development team prepares -SM and core team sign off | documented here | IN PROGRESS (dev team done, awaiting sign-off) | Feb 2018 | ||||||||
| OLA | -Development team prepares -SM and GEANT T&I operation support/Core team sign off | There is no OLA template at the moment, but potentially Nicole's core team can help out. | ||||||||||
| Operational documentation | -Development team prepares -SM signs off, test team can validate | Dev team prepared this in the corresponding Wiki page | IN PROGRESS (dev team done, awaiting sign-off) | 10 July 2018 | ||||||||
| Operational processes | -Development team prepares -SM signs off, test team can validate | Need to define: service order (what happens from point of interest to service availability for a customer) and support process. Marina sent the questionnaire prepared by the Task 4 to Stefan to provide the info and Task 4 can draw the flow charts. The questionnaire is here. | IN PROGRESS (dev team done, awaiting sign-off) | 10 July 2018 | ||||||||
| User documentation | -Development team prepares -SM signs off, test team can validate | IN PROGRESS | 11 July 2018 | |||||||||
| User support | -Development team prepares -SM signs off, test team can validate | Prepare the FAQ for the first level support. List is available here. Add them to the current FAQ that service desk uses + enable service desk to check by themselves if a user's IdP is managed eduroam IdP | IN PROGRESS (dev team done, awaiting sign-off) | 10 July 2018 | ||||||||
| GDPR - data inventory, privacy notice, DPA | -Development team prepares -GDPR accountable and SM signs off | Data inventory prepared as part of the eduroam one | IN PROGRESS (dev team done, awaiting sign-off) | June 2018 | ||||||||
| 2 | Test and validation | |||||||||||
| Make a test plan | Development team and Test team prepares | Testing of the code was done Penetration testing on the production deployment before "cutting the ribbon" | ||||||||||
| 3 | IPR compliance checking | |||||||||||
| IPR compliance | IPR accountable Route the request through GEANT T&I operation support/Core team | Define with Stefan and Miro on what needs to go through the IPR check and send a request to Nicole to field through GEANT. Stefan Winter prepared the IPR request (what are the software components, libraries, tools used) on this page. | IN PROGRESS | 11 July 2018 | ||||||||
| 4 | GDPR compliance checking | GDPR accountable | ||||||||||
| Data inventory and mapping | Data inventory is already prepared; with Nicole and Ana to carry out assessment |
| ||||||||||
| Update the privacy notice | Update the eduroam privacy notice to include the managed eduroam IdP as well. Publish once the production gate is passed. | |||||||||||
| Prepare the data processing agreement | ||||||||||||
| 5 | Operational team establishment | |||||||||||
| Appoint service manager | Operations accountable | It comes under the eduroam service family and existing service manager. |
| |||||||||
| Define roles, skills, manpower needed | Development team | |||||||||||
Appoint operational team members | SM | It could be done by the Srce & Maja/Tomasz team - for GN4-2, for GN4-3 it should be defined and clarified. (Dubravko could be Radius, Dragan for the system upgrades). The development support will be needed by Stefan&Tomasz | IN PROGRESS | |||||||||
| 6 | Operational team training | |||||||||||
| Training the operational team | Development team prepares eduroam-OT is trained | TBD,over couple of VC should suffice | ||||||||||
| 7 | Support team establishment | |||||||||||
| Establish the support team | Level 1 will done by the SD, L2 will be over the eduroam-ot, L3 will be via the development team |
| ||||||||||
| 8 | Support team training | |||||||||||
| Training of the support team | Development team prepares eduroam-OT is trained | TBD,over couple of VC should suffice | ||||||||||
| 9 | Deployment in production environment | |||||||||||
| Central monitoring set up | GEANT T&I operation support/Core team | Plan A : monitoring core team Plan B can be covered by Miro - Nagios by Srce Specific monitoring need to be scribed by the development team |
| |||||||||
| Back up and restore | core team |
| ||||||||||
| Resource inventory configured | core team |
| ||||||||||
| VM provision | GEANT T&I operation support/Core team | Plan A: GEANT IT VMs (if in place till the end of July) Plan B: Cloud VMs (if in place till end of August) Plan C: SURFNet | ||||||||||
| Installation of the components |
| |||||||||||
| Raspberry Pi for the root CA | Development team GEANT T&I operation support/Core team | Needs to be procured - Stefan will buy over Restena and claim over the project JRA3 / SA2 GEANT T&I operation support/Core team: can organise the root CA creation ceremony, and safe offline storing og the Raspberry PI (in a safe) | IN PROGRESS orderedshipped, awaiting shipmentdetails for key ceremony | 13 July 2018 | ||||||||
| stefan/miro needs to write up this in details ... | ||||||||||||
| 10 | Service Promotion | |||||||||||
| Web site update | PR team Development team to provide the text Marina can share a narrative template Justin to check with Karl what is prepared | Prepare all in the eduroam PR site, but publish when the production gate is passed. Web page draft at https://www.eduroam.org/eduroam-managed-idp/ A new page describing the service offering (similar to CAT). Link that new page from the NRO page and Institution page. | IN PROGRESS | |||||||||
| Add the service to the partner services portfolio | Justin | Talk to Nathalie/Silvie Francisci silvie.Francisci@geant.org about the Partner Portal and getting the service in there. Note with partner portal that it also shows what services NRENs have taken, so whenever an NREN adopts the service the partner relations team should be updated so they can update the NREN's specific portal page. Promotion via the eduroam-SG, by the service manager | Emailed Nathalie 10.07.18 | |||||||||
| Contact the people/NRENs who took part in the infoshare to update them on service availability | Partner Relations | Justin will co-ordinate with Nathalie. Two communications: First to the participants who joined the infoshare to say that the gate is passed and service is coming, and note 10,000 user cap and free of charge. Second upon launch to the GEANT partner list. | ||||||||||
Slide deck from the infosahres that can be sent out by Parter Relations to partner NRENs when service is live Update the eduoam flyer with the managed service element | Silvie | |||||||||||
| Training/info video to put on the website | Karl | Lower priority. | ||||||||||
| Article for CONNECT | Justin and Karl | Need to register interest with Paul Maurice by 27th July, and provide final copy and images by 24th August. | ||||||||||
| Launch announcement in Tryfon's weekly email when reached | Justin and Tryfon | |||||||||||
| Twitter #lovetoeduroam upon launch | Karl |
...