Most of our time goes into making sure that the sites which host the services that the users use are humming smoothly. The ROC directly operates certain core services which enable infrastructure interoperability between Africa, Europe and other regional infrastructures. These include information, identity, workload and data management, monitoring, accounting, and more. The main role of the ROC is to ensure infrastructure interoperability and a stable platform for research.

AAROC is DevOps

The team of experts develops and tests the code necessary to configure services at sites. Site operators customise these recipes and execute the configuration and orchestration, based on the local resources. We provide deployment guides and software-defined infrastructure for e-Infrastructure services.

For most of the services, the ROC maintains Ansible roles which express the correct site-independent service configuration. Other services are provided as Puppet manifests, or other forms of configuration management.

Grid Site

Guides and playbooks for deploying HTC and HPC services at Africa-Arabia ROC sites.

Grid Core

Guides and playbooks for deploying core infrastructure services.

Identity Services

Guides and playbooks for deploying federated identity providers
"ROD (Regional Operator on Duty) is a role which oversees the smooth operation of EGI infrastructure in the respective NGI."
The ROD is a central role provided by certain members of the ROC, in order to perform the agreed procedures and monitoring the agreed policies associated with interoperating with EGI infrastructure.
More information :

Site Status

ARGO stuff.

Standard Operating Procedures

See EGI Wiki for Standard Operating Procedures.

Reporting issues

See EGI Wiki for managing issues.

Troubleshooting

See EGI Wiki for troubleshooting

Operational Security

Security is taken very seriously in the federation, at all levels - network, application and operational. Network security is usually in the domain of the relevant NREN; since the ROC spans several countries, there is some liaison with the regional RENS in Africa - ASREN, WACREN and the Ubuntunet Alliance in order to coordinate network security.

Application and Middleware Security

Overall, the infrastructure services are secured via Public Key Infrastructure; all hosts are issued digital x.509 certificates from trusted Certificate Authorities. These CA's form part of the International Global Trust Federation (IGTF). Authentication and Authorisation is usually done via some form of X.509 proxy - either of a personal certificate or of a robot certificate from a SAML delegation. All in all, there is a very small attack surface on the core grid infrastucture and computational, data and other services at the sites.

Security Incidents

There are always bad people out there who want to do bad things, so inevitably there are security incidents at sites. Since an attack on one site is potentially an attack on all, there is strong coordination between the sites, the ROC and the CSIRT to identify, diagnose and address vulnerabilities in a proactive manner.

Security Advisories, Incidents and Campaigns

Maintaining operational security is not a once-off affair, it is a continuous labour of ... well, not quite love, but one gets the idea ! The ROC ensures a smooth flow and coordination of information coming from security researchers at and CSIRTs. In particular, advisories from the EGI CSIRT are communicated to the site security contacts as they arise, and vice-versa sites are encouraged to report incidents

ROD Security

EGI maintains a list of procedures for various security incidents. See ROD Security for more information.

Hey, nobody can remember everything all the time

... and google is only as smart as the questions you ask

Here are a few links to information which site admins need on a daily basis.