Difference between revisions of "CNMCyber Usable"

From CNM Wiki
Jump to: navigation, search
(Farms' security)
Line 109: Line 109:
 
|+Authorized endeavors related to security of the Farms
 
|+Authorized endeavors related to security of the Farms
 
|Progress
 
|Progress
![[for CNM Farms|(work)]]!![[for CNM Farms|(work)]]!![[for Lab|(work)]]!![[for Opplet|Opplet (work)]]
+
![[iptables for CNM Farms|iptables (work)]]!![[fail2ban for CNM Farms|fail2ban (work)]]!![[for Lab|(work)]]!![[for Opplet|Opplet (work)]]
 
|-
 
|-
 
![[Business requirement]]s
 
![[Business requirement]]s

Revision as of 15:26, 31 December 2022

CNM Cloud Usable (in the Russian-language version, known as Работы над Облаком) is the fourth, current, phase of the CNM Cloud Project. CNM Cloud (hereinafter - the Cloud) is a set of technologies that supports CNM Cyber. This very wikipage presents the primary list of those endeavors that are included in that phase. CNM Cyber Coordinators (hereinafter, the Coordinators) are invited to organize work on its endeavors.


Trivia

Projects vs operations

The endeavors include:
  • Projects undertaken to develop new systems to be deployed at the Cloud.
  • Operations undertaken to sustain productive functions of deployed systems of the Cloud.

Cloud layers

  1. CNM Farms. The Cloud infrastructure or, in other words, ecosystem of computing servers and cloud OS to support both Opplet and CNM apps.
  2. Opplet. The enterprise-wide utility software that supports CNM apps regardless of their location of those applications in the Cloud.
  3. CNM apps. End-user applications of the Cloud.

Farms

CNM Farms (hereinafter, the Farms) present the infrastructure for the functioning of both the CNM apps and Opplet that serves those apps. The Farms include:

The Farms are assembled using commercial off-the-shelf (COTS) software only.

Farms' administration

For the purposes of this wikipage, the Farms' administration refers to those endeavors that are utilized or can be used on several rather than one individual Farm.
Authorized endeavors related to administration of the Farms
Progress Integration (work) Configuration (work) Statistics (work) Farmwork (overall)
Business requirements Done      
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed Integration (product) Configuration (product) Statistics (product) CNM Farms
Software under consideration Jenkins, Kafka, OpenVPN Terraform, Ansible ZooKeeper N/A

Farms' monitoring

For the purposes of this wikipage, the Farms' monitoring refers to those systems that monitor one or more Farms.
Authorized endeavors related to monitoring of the Farms
Progress Grafana (work) Zabbix (work) Nagios (work)
Business requirements      
Prototypes      
Stakeholder requirements      
Deliverable specifications      
Work specifications      
Certainty      
Utility      
Applicability      
Controllability      
Products to be developed CNM Grafana CNM Zabbix CNM Nagios
Software under consideration Grafana Zabbix Nagios

Farms' security

For the purposes of this wikipage, farms' security refers to clusters of nodes that are utilized or can be used to build the Farms. The four Farms are made up of clustered nodes. Each cluster must have at least one (a) DNS entry point, which for highly available Farms includes a load balancer on a public web address, (b) synchronization of resources of common individual nodes, at least databases, (c) monitoring, ( d) security, including firewalls; and (e) backup and recovery systems.
Authorized endeavors related to security of the Farms
Progress iptables (work) fail2ban (work) (work) Opplet (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed CNM iptables CNM fail2ban (farm) Opplet (farm)
Software under consideration [[]] [[]] [[]] [[]]

Farms' recovery

For the purposes of this wikipage, farms' security refers to clusters of nodes that are utilized or can be used to build the Farms. The four Farms are made up of clustered nodes. Each cluster must have at least one (a) DNS entry point, which for highly available Farms includes a load balancer on a public web address, (b) synchronization of resources of common individual nodes, at least databases, (c) monitoring, ( d) security, including firewalls; and (e) backup and recovery systems.
Authorized endeavors related to recovery of the Farms
Progress (work) (work) (work) Opplet (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed CNM mysqldump CNM Mariabackup Bureau Backup Server Opplet (farm)
Software under consideration [[]] [[]] [[]] [[]]

Database management

For the purposes of this wikipage, database management refers to those endeavors that are related to databases of the Cloud.
Authorized endeavors related to database management
Работы MariaDB (work) PostgreSQL (work) OppletDB (work) Ceph (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed CNM MariaDB CNM PostgreSQL OppletDB CNM Ceph
Software under consideration MariaDB PostgeSQL Cassandra, MuleESB, Hadoop Ceph

DNS management

For the purposes of this wikipage, DNS management refers to those endeavors that are utilized or can be used to manage DNS of the Cloud.
Authorized endeavors related to DNS management
Progress CDN (work) DNSSEC (work) Geocast (work) IPv6 (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed CDN (product) DNSSEC (product) Geocast (product) IPv6 (product)
Software under consideration N/A N/A N/A N/A

Farm platforms

For the purposes of this wikipage, farm platforms refer to clusters of nodes that are utilized or can be used to build the Farms. The four Farms are made up of clustered nodes. Each cluster must have at least one (a) DNS entry point, which for highly available Farms includes a load balancer on a public web address, (b) synchronization of resources of common individual nodes, at least databases, (c) monitoring, ( d) security, including firewalls; and (e) backup and recovery systems.
Authorized endeavors related to farm platforms
Progress ProxmoxVE (work) HAProxy (work) Lab (farmwork) Opplet (farmwork)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed CNM ProxmoxVE CNM HAProxy Lab (farm) Opplet (farm)
Software under consideration ProxmoxVE HAProxy OpenStack CloudStack

Support tools

For the purposes of this wikipage, support tools refer to those software development and sysadmin administrative tools that are (a) listed at https://github.com/kahun/awesome-sysadmin and (b) not mentioned in other sections of the endeavors.
Authorized endeavors related to support tools
Progress Panels (work) Workspaces (work) Nextcloud (work) LDAP (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed Panels (product) Workspaces (product) CNM Nextcloud CNM LDAP
Software under consideration VestaCP, Cachet Eclipse Nextcloud OpenLDAP

Opplet

Opplet represents (a) enterprise-wide middleware that serves the Cloud and (b) a group of end-user applications that allows end-users to utilize it. Therefore, the Opplet's functionalities can be divided into two groups:

  1. Services for CNM apps. Those federation services that Opplet provides to CNM apps.
  2. Services for end-users. Those services that Opplet provides to its end-users.

Some endeavors that are related to Opplet are included in the Farm for Opplet project (section Farm platforms of this very wikipage) and DBs for Opplet project (section Database management). The core of Opplet is written specifically for the Cloud using Yii framework. Its periphery devices are assembled using commercial off-the-shelf (COTS) software.

App-oriented

For the purposes of this wikipage, app-oriented Opplet refers to those endeavors to build Opplet that support CNM apps rather than its end-users.
Authorized endeavors related to app-oriented Opplet
Progress WSO2 IS (work) Enrollment (work) IAM (work) Mail (work) Exams (work) Warehouse (work)
Business requirements            
Prototypes            
Stakeholder requirements            
Deliverable specifications            
Work specifications            
Certainty            
Utility            
Applicability            
Controllability            
Products to be developed WSO2 IS Enrollments IAM Mail (server) Exams Warehouse
Software under consideration WSO2 IS Yii Yii N/A Yii N/A

User-oriented

For the purposes of this wikipage, user-oriented Opplet refers to those endeavors to build Opplet that support its end-users rather than CNM apps.
Authorized endeavors related to user-oriented Opplet
Progress Interface (work) Events (work) Mailboxes (work) Newsletters (work) Calendar (work) Profile (work)
Business requirements            
Prototypes            
Stakeholder requirements            
Deliverable specifications            
Work specifications            
Certainty            
Utility            
Applicability            
Controllability            
Products to be developed Interface Events Mailboxes Newsletters Calendar Profiles
Software under consideration Yii Yii N/A N/A N/A Yii

CNM apps

CNM apps (hereinafter, the Apps) present end-user applications that are available to users of the Cloud. The Apps include:

  1. CNM stable apps that have at least 2 installations -- one is used for its target purposes and another is available for hands-on training. Any stable App needs to be able to work with our future Opplet WSO2 IS and, possibly, existing OpenLDAP. The Apps are assembled using commercial off-the-shelf (COTS) software only. Those endeavors that need to be undertaken for every stable App, must encompass (a) updating the Apps to the latest stable versions and install the latest patches if and when they become available and (b) documenting what we have and identify problems.
  2. CNM future apps that are installed on the CNM Lab Farm only. These apps represent either popular COTS packages or end-user application that can be deployed in the Cloud as CNM stable apps in the future.

This section lists both (a) those Apps that are incorporated, both CNM stable and future apps, as well as (b) some applications that may be potentially incorporated in the Cloud. Some endeavors that are related to the Apps are included in projects listed in DNS management and App-oriented sections of this very wikipage.

Utilizing MariaDB

For the purposes of this wikipage, utilizing MariaDB apps refer to those CNM stable apps that utilize MariaDB as its database management system. The Cloud incorporates at least five of them.
Authorized endeavors related to utilizing MariaDB apps
Progress AVideo (work) WordPress (work) MediaWiki (work) HumHub (work) Moodle (work)
Business requirements          
Prototypes          
Stakeholder requirements          
Deliverable specifications          
Work specifications          
Certainty          
Utility          
Applicability          
Controllability          
Products to be developed CNM AVideo CNM WordPress CNM MediaWiki CNM HumHub CNM Moodle
Software under consideration AVideo WordPress MediaWiki HumHub Moodle

Utilizing non-MariaDB

For the purposes of this wikipage, utilizing non-MariaDB apps refer to those CNM stable apps that don't utilize MariaDB as its database management system. The Cloud incorporates at least four of those Apps:
Authorized endeavors related to utilizing non-MariaDB apps
Progress GitLab (work) SuiteCRM (work) Odoo (work) Jitsi (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed CNM GitLab CNM SuiteCRM CNM Odoo CNM Jitsi
Software under consideration GitLab SuiteCRM Odoo Jitsi

Experimental

For the purposes of this wikipage, experimental apps refer to (a) CNM future apps, (b) some applications that have been installed to be analyzed and evaluated, (c) those applications that are to be utilized during short hands-on training sessions, and (d) legacy applications that are retired from CNM stable app, but are still kept as "museum" exhibits.
Authorized endeavors related to experimental apps
Progress OpenEdX (work) ProjecQtOr (work) Redmine (work) Taiga (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed CNM OpenEdX CNM ProjecQtOr CNM Redmine CNM Taiga
Software under consideration OpenEdX ProjecQtOr Redmine Taiga

Enterprise

Venture administration

For the purposes of this wikipage, venture administration refers to human administration of the Cloud enterprise.
Authorized endeavors related to enterprise administration
Progress Personnel (work) Agency (work) Finance (work) Legal (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed Personnel (product) Agency (product) Finance (product) Legal (product)

External operations

For the purposes of this wikipage, enterprise external operations refer to those endeavors that are utilized or can be used outside of the enterprise behind the Cloud.
Authorized endeavors related to enterprise external operations
Progress Industry (work) Developers (work) Technologies (work) Help Desk (work) Operators (work)
Business requirements          
Prototypes          
Stakeholder requirements          
Deliverable specifications          
Work specifications          
Certainty          
Utility          
Applicability          
Controllability          
Products to be developed Industry (product) Developers (product) Technologies (product) Help Desk (product) Operators (product)

Stakeholder groups

For the purposes of this wikipage, stakeholder groups refer to those endeavors that are utilized or can be used to manage groups of the Cloud stakeholders.
Authorized endeavors related to stakeholder groups
Progress Councils (work) Committees (work) Users (work) Sysadmins (work)
Business requirements        
Prototypes        
Stakeholder requirements        
Deliverable specifications        
Work specifications        
Certainty        
Utility        
Applicability        
Controllability        
Products to be developed Councils (product) Committees (product) Users (product) Sysadmins (product)

Name yours