Versions Compared

Old Version 1

changes.mady.by.user user-c2913

Saved on

compared with

New Version Current

changes.mady.by.user Ryan Abbott

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

version 1.1

Current as of:  


Info
iconfalse

This template is to be used as a guide for performing ESDIS Review Gates of applications within the Earthdata Cloud

...

<add rows as needed>
DateArtifactPOCNotesAction Items

 

Jira
serverEarthdata Ticketing System
columnIdsissuekey,summary,issuetype,created,updated,duedate,assignee,reporter,priority,status,resolution
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId9a2ac141-7181-31f1-a247-ccbc66e20158
keySDRT-1112

user-c2913 

Ryan Abbott 

This feature was requested by ESDIS and the most desirable solution was to leverage a new version of the Earthdata Access application.

 

View file
nameESDIS Review Gate - Access.pptx
height250

user-c2913 

Slide deck for ERG

Anticipated Public Release Date

DateNotesAction Items

 

SIT DNS cutover. Pushed back due to Platform over-allocation.

 

UAT DNS cutover

 

Prod DNS Cutover<add rows as needed>

Earthdata Cloud AWS account info

CloudTamer Project NameCloudTamer OUPrimary RegionNotesAction Items
esdis-application-edsc-sit-8022ESDIS-EDSCus-east-1Available to Earthdata VPN
esdis-application-edsc-uat-8982ESDIS-EDSCus-east-1Available to public internet
esdis-app-edsc-prod-7557ESDIS-EDSCus-east-1Available to public internet
<add rows as needed>



Application References

DNS EntriesCloudFront URLsAWS Endpoints (URL / ARN)AART RegistrationNotesAction Items
https://access.sit.earthdata.nasa.gov

https://d1ezh9g2wah3jd.cloudfront.net/

NASD-2639https://aart.nasa.gov/entities/1325187DNS entry currently point to on-prem application. NASD-2723
https://access.uat.earthdata.nasa.govNASD-2637NASD-2640https://aart.nasa.gov/entities/1463111DNS entry currently point to on-prem application. NASD-2724
https://access.earthdata.nasa.govNASD-2638NASD-2641https://aart.nasa.gov/entities/1286711DNS entry currently point to on-prem application. NASD-2725
<add rows as needed>





...

Points of Contact

...

Security POC
NameRoleEmailNotesAction Items
Mark ReeseProduct Ownermreese@element84.com

Ryan AbbottTechnical POCryan@element84.com

Mark ReeseOperations POCmreese@element84.comTemporary while we try to backfill the position.
<add rows as needed>



EDC Platform Operations

<add rows as needed>
NameRoleEmailNotesAction Items
Radhika GunturProduct Ownerradhika.guntur@nasa.gov

Radhika GunturOperations Lead

Scrum Master

radhika.guntur@nasa.gov

Ben WilliamsPlatform Train Product Managerbenjamin.j.williams@nasa.gov

ESDIS Financial Management

NameRoleEmailNotesAction Items
Valerie DixonApp Admin<add rows as needed>valerie.dixon@nasa.gov

ESDIS Security Management

NameRoleEmailNotesAction Items
Chris MishagaESDIS Security<add rows as needed>christopher.a.mishaga@nasa.gov

Rob Andersen

ESDIS Securityrobert.h.andersen@nasa.gov

Rajiv Gunja

ESDIS Securityrajiv.g.gunja@nasa.gov

...

Application Functionality within EDC

...

Validation ItemCompleted
(Y / N)		Reference Artifact, Link, or Comment if neededNotesAction Items
Has application team conducted end-to-end testing within the EDC and confirmed existing EDC services are sufficient to meet application needs?N

Waiting on NASD-2636 & NASD-2639


Has application team confirmed that existing in-cloud networking (ex: NGAP managed App-VPC) is sufficient to meet application needs?Y


Has application team conducted network connectivity testing for any data ingest flows and confirmed existing ingest options are sufficient to meet application needs?N/A


Has application team confirmed that system administrator connectivity options are sufficient to meet application needs? <add rows as needed>Y


NGAP References: 

...

Validation ItemCompleted
(Y / N)		Reference Artifact, Link, or Comment if neededNotesAction Items
Has the application team conducted network connectivity and performance testing for any data egress flows and confirmed existing egress options are sufficient to meet application needs?YEgress from Access is extremely minimal. Given that use of Access is limited and the nature of the application, there will be almost no discernable change in egress as a result of deploying Access to NGAP.

Has the application team conducted testing to ensure application continues to operate while in a bandwidth throttled mode? 

(not mandatory but recommended for high volume S3 distributors)

N



Is application team aware of AUTOMATED egress related cost monitoring, alerting, and enforcements?
  • Egress cut-off at egress cap
  • Bandwidth throttling over throttling threshold
  • Automated egress alerts subscriptions via NGAP provided AWS SNS topics
  • Per account egress consumption metrics via AWS CloudWatch Metrics
Y


Have both application team and platform team received approved egress cap and throttling threshold values from ESDIS?

Y


<add rows as needed>



NGAP References: 

...

Validation ItemCompleted
(Y / N)		Reference Artifact, Link, or Comment if neededNotesAction Items
Does application team have an ESDIS approved Cost-Model on file? Y


Does target EDC account(s) have sufficient funds allocated in CloudTamer for anticipated cloud costs?Y


Is application team aware of AUTOMATED AWS account level cost monitoring, alerting, and enforcements? 
  • Budget alert email notices at various cloud spend percentages?
  • Freeze-Spend at 90% cloud spend
    • no new services can be spawned
  • Circuit-Breaker at 95% cloud spend
    • existing services will be shut down, but not deleted

Manual actions to delete resources will be considered above Freeze-Spend and Circuit Breaker levels

Y


Are CloudTamer budget-based notifications configured to send emails to all desired app-team individuals? YNASD-2736 filed to enable this.

Is application team aware of AWS options for monitoring and alerting on cloud costs expenditures specific to their account and use-case

  • AWS Cost Explorer
  • AWS Budget Alerts
Y


Does application team have a process to monitor / audit cloud expenditures and take action if required? Y


<add rows as needed>



NGAP References: 

...

Operations

Validation ItemCompleted
(Y / N)		Reference Artifact, Link, or Comment if neededNotesAction Items
Does application team have processes in place to address operations issues that arise with their application in the EDC? Y


Do application team and platform team have a common understanding of the shared operational responsibilities between:

  • Cloud Service Provider (AWS): foundational cloud services
  • EDC Platform Teams (NGAP, ENS, etc.): EDC platform-specific services
  • Application Team: mission application
Y


Does application team have any "critical" functionality requiring 24/7 on-call platform support? 

"Critical" is scoped to items where the loss of functionality will irrevocably harm science data retention. (Ex: satellite data will be lost with no means of recovery) 		N


Is application team aware of and familiar with NGAP Service Desk (NASD): NASD LinkY


Is application team aware of and familiar with AWS Enterprise SupportY


Is application team aware of and subscribed to NGAP Announcements: Subscribe to the NGAP Announcements Mailing ListY


Is application team aware of NGAP / Security Office Hours? Office Hours LinkY


<add rows as needed>



...

Compliance

Validation ItemCompleted
(Y / N)		Reference Artifact, Link, or Comment if neededNotesAction Items
Has the application team reviewed the EDC Tenant Run Rules and confirmed they are able to operate within those rules? Earthdata Cloud Tenant Run RulesY


Has the application team noted any needed exceptions / waivers from EDC Tenant Run Rules? If so, have those requests been approved? YNone needed

Does the application team have an approved Operational Security Agreement (OSA) on file with ESDIS Security? OSA Template HandbookY(can post OSA here if allowed)Sent to Rajiv 10/10/2021.


Is application team leveraging EDC CICD for deployments or alternative mechanisms? 

(NOTE: not required, just for record keeping)

Y


Is application team aware of software vulnerability scanning and reporting requirements?

Y


Is Has application team aware of, or been made aware of via the ESDIS Security of , any known vulnerabilities. Are known vulnerabilities addressed, mitigated, or residual risk within acceptable levels? N


Does the application team have processes in place to identify, assess, and address security vulnerabilities if they occur? Y


<add rows as needed>



...

Other Notes and Action Items

...