Difference between revisions of "CNMCyber Usable"
(→Farms' security) |
|||
Line 109: | Line 109: | ||
|+Authorized endeavors related to security of the Farms | |+Authorized endeavors related to security of the Farms | ||
|Progress | |Progress | ||
− | ![[for CNM Farms|(work)]]!![[for CNM Farms|(work)]]!![[for Lab|(work)]]!![[for Opplet|Opplet (work)]] | + | ![[iptables for CNM Farms|iptables (work)]]!![[fail2ban for CNM Farms|fail2ban (work)]]!![[for Lab|(work)]]!![[for Opplet|Opplet (work)]] |
|- | |- | ||
![[Business requirement]]s | ![[Business requirement]]s |
Revision as of 15:26, 31 December 2022
CNM Cloud Usable (in the Russian-language version, known as Работы над Облаком) is the fourth, current, phase of the CNM Cloud Project. CNM Cloud (hereinafter - the Cloud) is a set of technologies that supports CNM Cyber. This very wikipage presents the primary list of those endeavors that are included in that phase. CNM Cyber Coordinators (hereinafter, the Coordinators) are invited to organize work on its endeavors.
Trivia
Projects vs operations
- The endeavors include:
- Projects undertaken to develop new systems to be deployed at the Cloud.
- Operations undertaken to sustain productive functions of deployed systems of the Cloud.
Cloud layers
- CNM Farms. The Cloud infrastructure or, in other words, ecosystem of computing servers and cloud OS to support both Opplet and CNM apps.
- Opplet. The enterprise-wide utility software that supports CNM apps regardless of their location of those applications in the Cloud.
- CNM apps. End-user applications of the Cloud.
Farms
CNM Farms (hereinafter, the Farms) present the infrastructure for the functioning of both the CNM apps and Opplet that serves those apps. The Farms include:
- CNM Bureau Farm.
- CNM Campus Farm.
- CNM Lab Farm. Campus Farm Lab, Bureau Farm Lab, Opplet Farm Lab
- Opplet Farm.
The Farms are assembled using commercial off-the-shelf (COTS) software only.
Farms' administration
- For the purposes of this wikipage, the Farms' administration refers to those endeavors that are utilized or can be used on several rather than one individual Farm.
Authorized endeavors related to administration of the Farms Progress Integration (work) Configuration (work) Statistics (work) Farmwork (overall) Business requirements Done Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed Integration (product) Configuration (product) Statistics (product) CNM Farms Software under consideration Jenkins, Kafka, OpenVPN Terraform, Ansible ZooKeeper N/A
Farms' monitoring
- For the purposes of this wikipage, the Farms' monitoring refers to those systems that monitor one or more Farms.
Authorized endeavors related to monitoring of the Farms Progress Grafana (work) Zabbix (work) Nagios (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM Grafana CNM Zabbix CNM Nagios Software under consideration Grafana Zabbix Nagios
Farms' security
- For the purposes of this wikipage, farms' security refers to clusters of nodes that are utilized or can be used to build the Farms. The four Farms are made up of clustered nodes. Each cluster must have at least one (a) DNS entry point, which for highly available Farms includes a load balancer on a public web address, (b) synchronization of resources of common individual nodes, at least databases, (c) monitoring, ( d) security, including firewalls; and (e) backup and recovery systems.
Authorized endeavors related to security of the Farms Progress iptables (work) fail2ban (work) (work) Opplet (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM iptables CNM fail2ban (farm) Opplet (farm) Software under consideration [[]] [[]] [[]] [[]]
Farms' recovery
- For the purposes of this wikipage, farms' security refers to clusters of nodes that are utilized or can be used to build the Farms. The four Farms are made up of clustered nodes. Each cluster must have at least one (a) DNS entry point, which for highly available Farms includes a load balancer on a public web address, (b) synchronization of resources of common individual nodes, at least databases, (c) monitoring, ( d) security, including firewalls; and (e) backup and recovery systems.
Authorized endeavors related to recovery of the Farms Progress (work) (work) (work) Opplet (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM mysqldump CNM Mariabackup Bureau Backup Server Opplet (farm) Software under consideration [[]] [[]] [[]] [[]]
Database management
- For the purposes of this wikipage, database management refers to those endeavors that are related to databases of the Cloud.
Authorized endeavors related to database management Работы MariaDB (work) PostgreSQL (work) OppletDB (work) Ceph (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM MariaDB CNM PostgreSQL OppletDB CNM Ceph Software under consideration MariaDB PostgeSQL Cassandra, MuleESB, Hadoop Ceph
DNS management
- For the purposes of this wikipage, DNS management refers to those endeavors that are utilized or can be used to manage DNS of the Cloud.
Authorized endeavors related to DNS management Progress CDN (work) DNSSEC (work) Geocast (work) IPv6 (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CDN (product) DNSSEC (product) Geocast (product) IPv6 (product) Software under consideration N/A N/A N/A N/A
Farm platforms
- For the purposes of this wikipage, farm platforms refer to clusters of nodes that are utilized or can be used to build the Farms. The four Farms are made up of clustered nodes. Each cluster must have at least one (a) DNS entry point, which for highly available Farms includes a load balancer on a public web address, (b) synchronization of resources of common individual nodes, at least databases, (c) monitoring, ( d) security, including firewalls; and (e) backup and recovery systems.
Authorized endeavors related to farm platforms Progress ProxmoxVE (work) HAProxy (work) Lab (farmwork) Opplet (farmwork) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM ProxmoxVE CNM HAProxy Lab (farm) Opplet (farm) Software under consideration ProxmoxVE HAProxy OpenStack CloudStack
Support tools
- For the purposes of this wikipage, support tools refer to those software development and sysadmin administrative tools that are (a) listed at https://github.com/kahun/awesome-sysadmin and (b) not mentioned in other sections of the endeavors.
Authorized endeavors related to support tools Progress Panels (work) Workspaces (work) Nextcloud (work) LDAP (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed Panels (product) Workspaces (product) CNM Nextcloud CNM LDAP Software under consideration VestaCP, Cachet Eclipse Nextcloud OpenLDAP
Opplet
Opplet represents (a) enterprise-wide middleware that serves the Cloud and (b) a group of end-user applications that allows end-users to utilize it. Therefore, the Opplet's functionalities can be divided into two groups:
- Services for CNM apps. Those federation services that Opplet provides to CNM apps.
- Services for end-users. Those services that Opplet provides to its end-users.
Some endeavors that are related to Opplet are included in the Farm for Opplet project (section Farm platforms of this very wikipage) and DBs for Opplet project (section Database management). The core of Opplet is written specifically for the Cloud using Yii framework. Its periphery devices are assembled using commercial off-the-shelf (COTS) software.
App-oriented
- For the purposes of this wikipage, app-oriented Opplet refers to those endeavors to build Opplet that support CNM apps rather than its end-users.
Authorized endeavors related to app-oriented Opplet Progress WSO2 IS (work) Enrollment (work) IAM (work) Mail (work) Exams (work) Warehouse (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed WSO2 IS Enrollments IAM Mail (server) Exams Warehouse Software under consideration WSO2 IS Yii Yii N/A Yii N/A
User-oriented
- For the purposes of this wikipage, user-oriented Opplet refers to those endeavors to build Opplet that support its end-users rather than CNM apps.
Authorized endeavors related to user-oriented Opplet Progress Interface (work) Events (work) Mailboxes (work) Newsletters (work) Calendar (work) Profile (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed Interface Events Mailboxes Newsletters Calendar Profiles Software under consideration Yii Yii N/A N/A N/A Yii
CNM apps
CNM apps (hereinafter, the Apps) present end-user applications that are available to users of the Cloud. The Apps include:
- CNM stable apps that have at least 2 installations -- one is used for its target purposes and another is available for hands-on training. Any stable App needs to be able to work with our future Opplet WSO2 IS and, possibly, existing OpenLDAP. The Apps are assembled using commercial off-the-shelf (COTS) software only. Those endeavors that need to be undertaken for every stable App, must encompass (a) updating the Apps to the latest stable versions and install the latest patches if and when they become available and (b) documenting what we have and identify problems.
- CNM future apps that are installed on the CNM Lab Farm only. These apps represent either popular COTS packages or end-user application that can be deployed in the Cloud as CNM stable apps in the future.
This section lists both (a) those Apps that are incorporated, both CNM stable and future apps, as well as (b) some applications that may be potentially incorporated in the Cloud. Some endeavors that are related to the Apps are included in projects listed in DNS management and App-oriented sections of this very wikipage.
Utilizing MariaDB
- For the purposes of this wikipage, utilizing MariaDB apps refer to those CNM stable apps that utilize MariaDB as its database management system. The Cloud incorporates at least five of them.
Authorized endeavors related to utilizing MariaDB apps Progress AVideo (work) WordPress (work) MediaWiki (work) HumHub (work) Moodle (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM AVideo CNM WordPress CNM MediaWiki CNM HumHub CNM Moodle Software under consideration AVideo WordPress MediaWiki HumHub Moodle
Utilizing non-MariaDB
- For the purposes of this wikipage, utilizing non-MariaDB apps refer to those CNM stable apps that don't utilize MariaDB as its database management system. The Cloud incorporates at least four of those Apps:
Authorized endeavors related to utilizing non-MariaDB apps Progress GitLab (work) SuiteCRM (work) Odoo (work) Jitsi (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM GitLab CNM SuiteCRM CNM Odoo CNM Jitsi Software under consideration GitLab SuiteCRM Odoo Jitsi
Experimental
- For the purposes of this wikipage, experimental apps refer to (a) CNM future apps, (b) some applications that have been installed to be analyzed and evaluated, (c) those applications that are to be utilized during short hands-on training sessions, and (d) legacy applications that are retired from CNM stable app, but are still kept as "museum" exhibits.
Authorized endeavors related to experimental apps Progress OpenEdX (work) ProjecQtOr (work) Redmine (work) Taiga (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed CNM OpenEdX CNM ProjecQtOr CNM Redmine CNM Taiga Software under consideration OpenEdX ProjecQtOr Redmine Taiga
Enterprise
Venture administration
- For the purposes of this wikipage, venture administration refers to human administration of the Cloud enterprise.
Authorized endeavors related to enterprise administration Progress Personnel (work) Agency (work) Finance (work) Legal (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed Personnel (product) Agency (product) Finance (product) Legal (product)
External operations
- For the purposes of this wikipage, enterprise external operations refer to those endeavors that are utilized or can be used outside of the enterprise behind the Cloud.
Authorized endeavors related to enterprise external operations Progress Industry (work) Developers (work) Technologies (work) Help Desk (work) Operators (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed Industry (product) Developers (product) Technologies (product) Help Desk (product) Operators (product)
Stakeholder groups
- For the purposes of this wikipage, stakeholder groups refer to those endeavors that are utilized or can be used to manage groups of the Cloud stakeholders.
Authorized endeavors related to stakeholder groups Progress Councils (work) Committees (work) Users (work) Sysadmins (work) Business requirements Prototypes Stakeholder requirements Deliverable specifications Work specifications Certainty Utility Applicability Controllability Products to be developed Councils (product) Committees (product) Users (product) Sysadmins (product)