You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This page is holding information about requirements for Certificate Transparency (CT) operations, in terms of required infrastructure and resources.

RESPONSIBLE: Information provided here is initially populated by the development team (during the transition phase), and revised based on the need or in a yearly service check by Certificate Transparency (CT) Service Manager.

Infrastructure Requirements

Indicate requirements for VMs, grouping the requirements for multiple VMs in one column. Add as many columns as necessary, adding the sensible distinguisher for each group that will make it easier for later reference. 

VM requirementsFrontendSigningMerge
Description of usage Frontend nodeSigning nodeMerge node
Number of VMs with same specification 522
Hardware requirements (CPU, RAM, disk space) 8xCPU; 16G RAM; 2x1TB SSD1xCPU; 4G RAM; 20G HDD4xCPU; 16G RAM; 2x1TB SSD
Network connection requirements

1 Gpbs

1 Gbps

 

1 Gbps
IP addressing requirements (IPv4, IPv6, public routable)

1 x IPv4 + 1 x IPv6 public

1 x IPv4 + 1 x IPv6 private (note 2)

 1 x IPv4 + 1 x IPv6 private (note 2)1 x IPv4 + 1 x IPv6 private (note 2)

Naming requirements1

  
Applicable if DNS records maintenance is required (naming scheme and type of records)
(note 2) reachable from the rest of the nodes and management network

Indicate other specific-to-your-service resources requirements. Add as many columns as necessary, adding the sensible distinguisher for each group that will make it easier for later reference. 
Other resource requirementsFrontend
Load balancing service
HTTP cache service
TLS termination service
 
Onion service

Infrastructure hosting requirements

Indicate requirements for infrastructure hosting, scoping by the above indicated infrastructure elements, as necessary. 

 

Hosting requirements

Applying to add_distinguisher

Applying to add_distinguisher

Availability

  

Backup (what, frequency, retention period)

  

Monitoring and alerting1

  

Measuring and Reporting2

  

Log retention3

  

Security policy for access and usage4

  

1 At minimum network accessibility (outside of LAN) and hardware resource usage must be monitored. Indicate if some of this resources can be deemed critical so that adequate thresholds for alerting are implemented. Additional, indicate which specific applications uptime and operational health must be monitored and alerting implemented.

2Define what should be measured, how and with what period in order to deliver appropriate reporting relating to KPIs, usage, etc.  

3Define which logs should be kept in order to have debugging data and data in case of misuse of the service, and how long logs should be retained

4Define the policy for limiting accessing to the infrastructure piece and where it should be implemented (system level, network level etc.)

System and Application maintenance requirements

Indicate requirements for system and application maintenance, scoping by the indicated infrastructure elements, as necessary. 

 

System and Application Requirements

Applying to add_distinguisher

Applying to VM add_distinguisher

Operating system

  

Applications1

  
Maintenance hours2  

Configuration management3

  

1 List the applications installed on a system, and add corresponding licenses where applicable.

Define window appropriate for regular maintenance. /give some recommendations

Applies for automatized configuration management. Describe system used.

Human resources requirements

Indicate requirements both in skills and manpower needed, for personnel needed for devops team (that maintains service specific applications) and for L2 support.

Human resources requirements

add_distinguisher

add_distinguisher

Description

  

Manpower

  
Recommended number of persons (considering backups)  
Skills  

 





  • No labels