TERENA Technical Committee Meeting
5 Nov 2014
Minutes : taken by Licia Florio
Agenda
Participants
Valter North (VN)
David Groep (DG)
Peter Schober (PSc)
Vincente Goyanes (VG)
Yannis Mitsos (YM)
Valentino Cavalli (VC)
Licia Florio (LC)
John Dyer (JD)
Peter Szegedi (PSz)
Nicole Harris (NH)
Alessandra Scicchitano (AS)
Apologies
Laura Durnford (LD)
Rob Evans (RE)
Minutes
1. Welcome and agenda bashing
VN welcomed the participants. The agenda was approved.
2. Approval of Minutes
The minutes of last meeting were approved. The updated list of actions is shown below.
| Reference | Who | Action | Status |
|---|---|---|---|
20140219-5 | VN | Seek input for the vacant sixth position on the TTC. | CLOSED - Suggestions for an additional member to complement the current TTC expertise are welcome. |
20140219-6 | TTC | In early 2015, re-consider a joint task force meeting in 2016 | OPEN to be revisited in 2015 |
20140701-1 | TERENA Secretariat | Secretariat to identify opportunities for TFs to improve on communication by using (TERENA) social media channels in a coordinated way | UPDATED - The whole communication strategy are being revisited in line with the merger. This topic will be covered in the next communication plan. The TTC suggested to disseminate the results of the TFs via social medias as much as possible to attract new comers. Two actions were proposed: 1. a strategy to reach the unknowns (Comms staff - John to share some ideas during the next TTC); 2. a way to make the outcome of the community work easy to read for everybody (PDO-comms). Each PDO is encouraged to share the main results of the TFs via social medias. |
20140701-4 | PSc | ask Christian Panigl to draw up a document to circulate to the community on the exchange of IPV4 address space | CLOSED - The document was not produced; there was a question as to whether the TTC is the best place to address this topic. |
20140929-1 | TTC | Terms of Reference of the Technical Programme need to be updated in the coming year to reflect the organisational changes. | CLOSED - The Terms or Reference are being discussed in light of the merger. The TTC will have an opportunity to look at the new version and comment on it. |
20140929-2 | BS | Formally announce the closure of the TF-EMC2. | CLOSED - BS sent an email to the list. |
20140929-3 | AS | ISM SIG to provide updated charter with more clearly defined and elaborated objectives for the November TTC meeting. | Ongoing under discussion within the group. AS asked to push this to the next TTC meeting. |
20140929-4 | AS | Explore NREN views on the charging model for the new TCS | CLOSED - See the discussion on the agenda item on TCS |
20140929-5 | MN | Explore an alternative VC meeting system that satisfies the disparate systems that the TTC members use. | Ongoing |
1. (Future) Services
1.1 TCS New Service (DigiCert) – Alessandra Scicchitano
AS gave an update on the status of the new service, which will be delivered by DigiCert. The new service is more expensive than the old one. It will includes EV certificates as part of the contract (this was not covered in the contract with COMODO, although they were provided). VC noted that the board approved the proposed new service cost.
The contract is under negotiation; VC felt that the green light from the board will speed up the negotiation process. AS noted that most of the issues have been clarified, so she expect the contract to be ready for the signature fairly soon.
Most of the NRENs have already accepted the proposed costs; Malta and Cyprus felt the increased cost is not advantageous for small countries. The board however felt this was not an issue to require a change to the overall business model of TCS at this point in time.
AS explain that the service will be delivered according in three different phases:
- Phase1: testing limited to a group of experts to check server and personal certs. No charging related for that
- Phase2: bigger group to test the APIs etc; no charging for that
- Phase3: all NRENs will be invited to use/test the service but a charge will apply.
The new TCS will start officially on 1st July 2015 (the contract with COMODO ends in June 2015).
There are no precise timelines, in relation to the phases. The target is to sign the contract by end of November, therefore phase 1 could start as early as beginning of December.
Action: AS to invite YM and SP for phase 2.
1.2 TCS COMODO - Nicole Harris
NH reported on the introduction on SHA2, which is now available on all TERENA sub-CAs. For more information please refer to the report circulated to the TTC list. It will still be possible to issue SHA1 certificates. VN noted that not all systems will use SHA2 (i.e. Windows 7 will still use SHA1), so users should be aware of that. SHA1 certs are still available via COMODO.
NH noted a discussion with COMODO should take place in the next 6 months to ensure COMODO is clear on what they are expected to offer after the contract ends.
1.3 TF-CSIRT Membership - Nicole Harris
NH reported on TF-CSIRT membership model. TF-CSIRT is a rather different TF compared to the others, not only regarding the size but also regarding the participation.
The re-chartering in 2012 introduced the concept of TF-CSIRT membership to bring the task force closer with the security services associated to it, namely TRANSIT and Trusted Introducer (TI). The revision of the proposed model that took place in 2013 showed a misalignment between Trusted Introducer as a service and TF-CSIRT as a membership organisation. NH noted that currently only members of TI can become members of TF-CSIRT; however only full member (accredited CSIRTS) do pay for TI, whilst the liaison members (aka listed CSIRTS) do not.
NH also noted that GEANT project, as for all TERENA’s TFs, covers the cost for the secretary and occasionally the additional meeting costs that cannot be covered by the host.
In 2014 the new TI service has been re-procured which resulted in higher costs with the same providers. This cause some unhappiness with some of the paying members.
The TF-CSIRT steering committee has looked at different ways to ensure the sustainability of the TF. Three main recommendations are being put forward for the next TF-CSIRT meeting:
9.30 - 9.40 Welcome and agenda bashing
9.40 - 9.50 Approval of minutes and update on the actions (slides with the updated list of actions will be shared with the TTC members)
9.50 - 11:10 (Future) Services
- TCS new service for INFORMATION, Alessandra Scicchitano, 25 min
- TCS current service for INFORMATION, Nicole Harris, 5 minutes
- Trusted Introducer and related price model for INFORMATION, Nicole Harris 15 min
- Quick update on the Greenhouse for DISCUSSION, Nicole 10 min
- OpenCloudMesh Peter Szegedi 10 min
11.10 - 11.25 BREAK
11.25 - 12.30 Updates on Task Forces/SIGs
- TF-WebRTC, for APPROVAL, Peter Szegedi
- TF-MNM, for INFORMATION, Nicole Harris
- TF-NOC, for INFORMATION, Peter Szegedi
- TF-MSP for INFORMATION, John Dyer
12.30 - 13.30 LUNCH
13.30 - 14.45 Updates from the TTC
- Round table updates from the TTC members - ALL TTC members
- Experience in deploying and operating IaaS Services, Yannis Mitsos
14.45 - 15.00 BREAK
15.00 - 16.30 Updates on Global Initiatives
- GLIF for INFORMATION, Peter Szegedi
- REFEDS for INFORMATION, Licia Florio
- eduroam global, for INFORMATION, Brook Schofield
- A.o.B. AARC technical annex
Participants
Valter North (VN)
David Groep (DG)
Peter Schober (PSc)
Vincente Goyanes (VG)
Yannis Mitsos (YM)
Valentino Cavalli (VC)
Licia Florio (LC)
John Dyer (JD)
Peter Szegedi (PSz)
Sigita Jurkynaite (SJ)
Nicole Harris (NH)
Alessandra Scicchitano (AS)
Apologies
Laura Durnford (LD)
Brook Schofield (BS)
Rob Evans (RE)
Minutes
1. Welcome and agenda bashing
VN welcomed the participants. The agenda was approved.
2. Approval of Minutes
The minutes of last meeting were approved. The updated list of actions is shown below.
| Reference | Who | Action | Status |
|---|---|---|---|
20140219-5 | VN | Seek input for the vacant sixth position on the TTC. | CLOSED - Suggestions for an additional member to complement the current TTC expertise are welcome. |
20140219-6 | TTC | In early 2015, re-consider a joint task force meeting in 2016 | OPEN to be revisited in 2015 |
20140701-1 | TERENA Secretariat | Secretariat to identify opportunities for TFs to improve on communication by using (TERENA) social media channels in a coordinated way | UPDATED - The whole communication strategy are being revisited in line with the merger. This topic will be covered in the next communication plan. The TTC suggested to disseminate the results of the TFs via social medias as much as possible to attract new comers. Two actions were proposed: 1. a strategy to reach the unknowns (Comms staff - John to share some ideas during the next TTC); 2. a way to make the outcome of the community work easy to read for everybody (PDO-comms). Each PDO is encouraged to share the main results of the TFs via social medias. |
20140701-4 | PSc | ask Christian Panigl to draw up a document to circulate to the community on the exchange of IPV4 address space | CLOSED - The document was not produced; there was a question as to whether the TTC is the best place to address this topic. |
20140929-1 | TTC | Terms of Reference of the Technical Programme need to be updated in the coming year to reflect the organisational changes. | CLOSED - The Terms or Reference are being discussed in light of the merger. The TTC will have an opportunity to look at the new version and comment on it. |
20140929-2 | BS | Formally announce the closure of the TF-EMC2. | CLOSED - BS sent an email to the list. |
20140929-3 | AS | ISM SIG to provide updated charter with more clearly defined and elaborated objectives for the November TTC meeting. | Ongoing under discussion within the group. AS asked to push this to the next TTC meeting. |
20140929-4 | AS | Explore NREN views on the charging model for the new TCS | CLOSED - See the discussion on the agenda item on TCS |
20140929-5 | MN | Explore an alternative VC meeting system that satisfies the disparate systems that the TTC members use. | Ongoing |
1. (Future) Services
1.1 TCS New Service (DigiCert) – Alessandra Scicchitano
AS gave an update on the status of the new service, which will be delivered by DigiCert. The new service is more expensive than the old one. It will includes EV certificates as part of the contract (this was not covered in the contract with COMODO, although they were provided). VC noted that the board approved the proposed new service cost.
The contract is under negotiation; VC felt that the green light from the board will speed up the negotiation process. AS noted that most of the issues have been clarified, so she expect the contract to be ready for the signature fairly soon.
Most of the NRENs have already accepted the proposed costs; Malta and Cyprus felt the increased cost is not advantageous for small countries. The board however felt this was not an issue to require a change to the overall business model of TCS at this point in time.
AS explain that the service will be delivered according in three different phases:
- Phase1: testing limited to a group of experts to check server and personal certs. No charging related for that
- Phase2: bigger group to test the APIs etc; no charging for that
- Phase3: all NRENs will be invited to use/test the service but a charge will apply.
The new TCS will start officially on 1st July 2015 (the contract with COMODO ends in June 2015).
There are no precise timelines, in relation to the phases. The target is to sign the contract by end of November, therefore phase 1 could start as early as beginning of December.
Action: AS to invite YM and SP for phase 2.
1.2 TCS COMODO - Nicole Harris
NH reported on the introduction on SHA2, which is now available on all TERENA sub-CAs. For more information please refer to the report circulated to the TTC list. It will still be possible to issue SHA1 certificates. VN noted that not all systems will use SHA2 (i.e. Windows 7 will still use SHA1), so users should be aware of that. SHA1 certs are still available via COMODO.
NH noted a discussion with COMODO should take place in the next 6 months to ensure COMODO is clear on what they are expected to offer after the contract ends.
1.3 TF-CSIRT Membership - Nicole Harris
NH reported on TF-CSIRT membership model. TF-CSIRT is a rather different TF compared to the others, not only regarding the size but also regarding the participation.
The re-chartering in 2012 introduced the concept of TF-CSIRT membership to bring the task force closer with the security services associated to it, namely TRANSIT and Trusted Introducer (TI). The revision of the proposed model that took place in 2013 showed a misalignment between Trusted Introducer as a service and TF-CSIRT as a membership organisation. NH noted that currently only members of TI can become members of TF-CSIRT; however only full member (accredited CSIRTS) do pay for TI, whilst the liaison members (aka listed CSIRTS) do not.
NH also noted that GEANT project, as for all TERENA’s TFs, covers the cost for the secretary and occasionally the additional meeting costs that cannot be covered by the host.
In 2014 the new TI service has been re-procured which resulted in higher costs with the same providers. This cause some unhappiness with some of the paying members.
The TF-CSIRT steering committee has looked at different ways to ensure the sustainability of the TF. Three main recommendations are being put forward for the next TF-CSIRT meeting:
- continue to be funded as normal under the GN4 project as long as it is viable. It is however necessary to ensure the members are aware of this reliance and that with any project funding, long-term sustainability could be an issue.
- an increase in Trusted Introducer fees takes account of increasing the reserve held at TERENA in order to allow for any unusual issues or requests that might impact on our ability to run any given TF-CSIRT event.
- members first be consulted on whether they wish to maintain the status quo in terms to approaches to charges within the TF-CSIRT environment, or whether they wish to consider an alternative model (e.g. some charges for listing, some event fees etc.).
- continue to be funded as normal under the GN4 project as long as it is viable. It is however necessary to ensure the members are aware of this reliance and that with any project funding, long-term sustainability could be an issue.
- an increase in Trusted Introducer fees takes account of increasing the reserve held at TERENA in order to allow for any unusual issues or requests that might impact on our ability to run any given TF-CSIRT event.
- members first be consulted on whether they wish to maintain the status quo in terms to approaches to charges within the TF-CSIRT environment, or whether they wish to consider an alternative model (e.g. some charges for listing, some event fees etc.). It is recommended that the accreditation fee should be increased to 1200 euros per annum in this model, which is a significant increase. Charges would be introduced from September 2015.
...
The first service deployed is ViMA a virtual machine service that use Google ganeti; GRNET has also contribute software to that. ViMA is typically used by library, and research institutions.
The other service is Okeanos that offers both computational and storage services. Recently they disabled the ability for end-users to create VMs; VMs are now allocated to projects. Okeanos is typically used by a students, teachers and researchers.
Building cloud services is expensive; once built the operations are manpower consuming. Rough calculations indicate that the cost for a VM is about 300 eur per year, which is comparable to what is available on the market.
NRENs have embraced cloud computing a lot, but it is hard to say whether this model is better than buying similar services from the market (assuming services that can meet the requirements are available on the market).
YM said GRNET would be interested in some synergies with, for instance NORDUNET to cluster okeanos servers in Iceland for instance. The GEANT testbed as a service would be looking at resources to work with, so okeanos could be a good candidate.
e. Valter Nordh
Valter reported on the current main areas of work in Sunet:
- remote degrees – The goal is for Swedish universities to allow for distance degrees. The main issue at the moment is to define ways to enrol student remotely and to validate the identity of the students to avoid fraude.
- backup as a service - SUNET procured BaaS for unit in Sweden.
- SUNET are offering projectplace.com as a service, an online tool for managing time, deadlines, work tasks, teams and people
- some of universities are looking for network as a service, asking SUNET to run the firewall and routers. Sunet is not sure as to whether they will offer this service in the future.
4. Updates on Global Initiatives
4.1 GLIF Update - Peter Szegedi
PS reported on the last GLIF meeting held in New Zealand.
During this meeting the demonstrations took place after each session, which went very well (instead of demonstrations during the evening). Community is interested, lively discussions take place at each meeting and many technical challenges are addressed.
PS note that there is some reserve available for GLIF budget to make it possible for GLIF to run smoothly until 2016.
4.2 REFEDS Update - Licia Florio
LF reported on the latest REFEDS meeting hosted during the I2 technology exchange in the US. She said the meeting was well attending (about 80 people) and there was good discussion.
REFDS work is progressing according to the workplan. Some areas, such as the work on entity categories, are progressing very well. Reaching consensus has proven to be very hard and time consuming even when a well-defined process is in place.
Discussion is ongoing with the REFEDS SC to review the sponsorship model and to follow the GLIF model. Currently sponsors are free to offer anything they like.
LF noted the REFEDS has at this point in time a very limited reserve to date; therefore sponsorship is critical to REFEDS success.
5. Next TTC meeting and Closing Remarks
Provisional date on 10Feb to be confirmed.
Action: VN asked to have an agenda item to start the preparation for the TAC.
VN noted he liked to hear an updated from the TTC; he suggested to include this as a regular item on the agenda. Vicente offered to give a more extensive presentation.
...
and researchers.
Building cloud services is expensive; once built the operations are manpower consuming. Rough calculations indicate that the cost for a VM is about 300 eur per year, which is comparable to what is available on the market.
NRENs have embraced cloud computing a lot, but it is hard to say whether this model is better than buying similar services from the market (assuming services that can meet the requirements are available on the market).
YM said GRNET would be interested in some synergies with, for instance NORDUNET to cluster okeanos servers in Iceland for instance. The GEANT testbed as a service would be looking at resources to work with, so okeanos could be a good candidate.
e. Valter Nordh
Valter reported on the current main areas of work in Sunet:
- remote degrees – The goal is for Swedish universities to allow for distance degrees. The main issue at the moment is to define ways to enrol student remotely and to validate the identity of the students to avoid fraude.
- backup as a service - SUNET procured BaaS for unit in Sweden.
- SUNET are offering projectplace.com as a service, an online tool for managing time, deadlines, work tasks, teams and people
- some of universities are looking for network as a service, asking SUNET to run the firewall and routers. Sunet is not sure as to whether they will offer this service in the future.
4. Updates on Global Initiatives
4.1 GLIF Update - Peter Szegedi
PS reported on the last GLIF meeting held in New Zealand.
During this meeting the demonstrations took place after each session, which went very well (instead of demonstrations during the evening). Community is interested, lively discussions take place at each meeting and many technical challenges are addressed.
PS note that there is some reserve available for GLIF budget to make it possible for GLIF to run smoothly until 2016.
4.2 REFEDS Update - Licia Florio
LF reported on the latest REFEDS meeting hosted during the I2 technology exchange in the US. She said the meeting was well attending (about 80 people) and there was good discussion.
REFDS work is progressing according to the workplan. Some areas, such as the work on entity categories, are progressing very well. Reaching consensus has proven to be very hard and time consuming even when a well-defined process is in place.
Discussion is ongoing with the REFEDS SC to review the sponsorship model and to follow the GLIF model. Currently sponsors are free to offer anything they like.
LF noted the REFEDS has at this point in time a very limited reserve to date; therefore sponsorship is critical to REFEDS success.
5. Next TTC meeting and Closing Remarks
Provisional date on 10 Feb to be confirmed.
Action: VN asked to have an agenda item to start the preparation for the TAC.
VN noted he liked to hear an updated from the TTC; he suggested to include this as a regular item on the agenda. Vicente offered to give a more extensive presentation.
Action: LF to contact Rob to ask him for an overview at the next TTC.
6. Summary of the Actions
| Reference | Who | Action | Status |
|---|---|---|---|
20140219-6 | TTC | In early 2015, re-consider a joint task force meeting in 2016 | OPEN to be revisited in 2015 |
20140929-3 | AS | ISM SIG to provide updated charter with more clearly defined and elaborated objectives for the November TTC meeting. | Ongoing under discussion within the group. AS asked to push this to the next TTC meeting. |
20140929-5 | MN | Explore an alternative VC meeting system that satisfies the disparate systems that the TTC members use. | Ongoing |
20141105-01 | a) JD b) PDOs | Secretariat to identify opportunities for TFs to improve on communication by using (TERENA) social media channels in a coordinated way | UPDATED from action 20140701-1: a). a strategy to reach the unknowns (Comms staff - John to share some ideas during the next TTC); b). a way to make the outcome of the community work easy to read for everybody. Each PDO is encouraged to share the main results of the TFs via social medias. |
20141105-02 | AS | To contact YM and PSc for phase 2 of TCS |
|
20141105-03 | LF | To report on the management team decision on how to progress with the green house project | |
20141105-04 | DG | To report on the EGI pilot to ensure eduGAIN team is in the loop. | |
20141105-05 | LF | To have an agenda item for the next TTC to start the preparation for the TAC | |
| 20141105-06 | LF | To confirm the date for the next TTC |