Date

Attendees

Goals

Discussion items

TimeItemWhoNotes

Firewall On Demand (FoD)
  • (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
  • FoD v1.6 = FoD with automated rule proposal from RepShield
  • FoD v1.5 Pilot UAT testing
        • Pilot evaluation survey which was of used for FoD v1.1 has to be reviewed and updated for v1.5
        • Enhancements made based on UAT user feedback are packaged via a new rpm to be installed on UAT test machine so that pilot users can test them: updated on UAT machine so pilot users can test enhancements
        • UAT phase ended 15.03.2018, evaluation survey sent to pilot users, time to answer until end 23.03.2018
        • pilot report writing is in progress
  • FoD v1.5 development/enhancement
        • Tomáš' investigation about DatePicker for increased expiration limit and zooming in statistic graphs is in progress
  • FoD v1.5 production service documents
      • Existing user documentation (as presentation document, especially regarding rule control REST API) should be extended to a proper document, e.g. to be used in future user trainings
      • Now for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan
      • Especially for the operative documents this will be done in close cooperation of Evangelos
      • For most PLM documents, this will be done by filling the FoD service template wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) which David started to fill
      • Evangelos will check the service template to get acquainted with it
  • FoD v1.6 (with RepShield) development/testing/pilot:
        • Started to work on FirewallRuleUpdater and
        • need to update FoD's rule API:
            • allow admin user to create rule on behalf of another user (changing rules did already work)
            • querying of rules should allow a user to see all rules for which he has IP destination prefixed registered associated to him (not only which were created by his very account)
            • check possibility to extend rule concept to allow multiple IP source prefixes handled together by a single FoD rule (which will be mapped to multiple BGP FlowSpec rules internally)

DDoS Detection/Mitigation (D/M) WG
  • Arbor and Radware PoC in progress
  • particularly, TMS (Arbor washing machine) and Radware SpartAP (mirroring feature for detection on any layer)
  • Detailed report will follow

T6 Code on Github
  • Nicole Harris granted write permission to Tomáš, Václav and David to publish code on GEANT Github
  • => Václav still has issues, will contact Nicole

GDPR Compliance

Certificate Transparency (CT)
  • Close to v1.0
  • Maybe DFN Cert can test it, especially documentation
  • TNC session: Magnus tries to clarify whether he could present and demo CT there

Next VC

In 2 weeks: 04.04.2018, 14:15-15:15 CE(S)T

Action items


  • No labels