perfSONAR Operations Meeting (03 Oct 2014)
Chaired by: Dr. McKee, Shawn; Babik, Marian

Attending: Shawn McKee, Frederique Chollet, Joel Closier, Jason Zurawski, Frederic Schaer, Ian Gable, Andreas Petzhold, Alessandro de Salvo, Laurent Caillat-Vallet, Romain Wartel
at CERN: John Shade, Felix Lee, Marian Babik

The meeting purpose was to:

Doodle for next meeting:

List of actions (to be added to WG JIRA):


Marian presented an overview of the current deployment and proposed several changes (see slides).

John asked if we plan to keep supporting the current maddash.

The plan is to migrate the current maddash, so it uses perfSONAR data store as its main source (as opposed to contacting all perfSONAR MAs to get the information).

On iptables/firewall rules:

Frederic commented that he would prefer to close port 80 to all incoming traffic and only keep 443 open (this can be restricted to site's internal subnet and infrastructure monitoring). He also suggested that by using the iptables statistics we can determine if the central/campus firewall is blocking the access (to be followed up with perfSONAR dev team). Marian commented that we will document detailed instructions on how we would sites to setup iptables, this will be sent to the mailing list for comments.

On shellshock vulnerability:

Romain commented that the support from our side was excellent and that he no longer sees any issues with the European sonars, there might be still issues in US - to be followed up with Shawn. We have also agreed to create wlcg-perfsonar-security and communicate it to the infrastructure security teams (Marian, Shawn and Jason will participate initially).