version 1.1
Current as of:
Info | ||
---|---|---|
| ||
This template is to be used as a guide for performing ESDIS Review Gates of applications within the Earthdata Cloud |
...
Date | Artifact | POC | Notes | Action Items | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
10/1/2021 |
| This feature was requested by ESDIS and the most desirable solution was to leverage a new version of the Earthdata Access application. | ||||||||||||||
|
| Slide deck for ERG |
Date | Notes | Action Items |
---|---|---|
11 | SIT DNS cutover. Pushed back due to Platform over-allocation. | |
| UAT DNS cutover | |
| Prod DNS Cutover |
...
CloudTamer Project Name | CloudTamer OU | Primary Region | Notes | Action Items |
---|---|---|---|---|
esdis-application-edsc-sit-8022 | ESDIS-EDSC | us-east-1 | Available to Earthdata VPN | |
esdis-application-edsc-uat-8982 | ESDIS-EDSC | us-east-1 | Available to public internet | |
esdis-app-edsc-prod-7557 | ESDIS-EDSC | us-east-1 | Available to public internet | |
<add rows as needed> |
DNS Entries | CloudFront URLs | AWS Endpoints (URL / ARN) | AART Registration | Notes | Action Items |
---|---|---|---|---|---|
https://access.sit.earthdata.nasa.gov | NASD-2639 | https://aart.nasa.gov/entities/1325187 | DNS entry currently point to on-prem application. NASD-2723 | ||
https://access.uat.earthdata.nasa.gov | NASD-2637 | NASD-2640 | https://aart.nasa.gov/entities/1463111 | DNS entry currently point to on-prem application. NASD-2724 | |
https://access.earthdata.nasa.gov | NASD-2638 | NASD-2641 | https://aart.nasa.gov/entities/1286711 | DNS entry currently point to on-prem application. NASD-2725 | |
<add rows as needed> |
...
...
Name | Role | Notes | Action Items | |
---|---|---|---|---|
Mark Reese | Product Owner | mreese@element84.com | ||
Ryan Abbott | Technical POC | ryan@element84.com | ||
Mark Reese | Operations POC | mreese@element84.com | Temporary while we try to backfill the position. | |
<add rows as needed> |
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items | |
---|---|---|---|---|---|
Has application team conducted end-to-end testing within the EDC and confirmed existing EDC services are sufficient to meet application needs? | Ongoing | N | Waiting on NASD-2636 & NASD-2639Experiencing a timeout at the moment, continuing to debug. | ||
Has application team confirmed that existing in-cloud networking (ex: NGAP managed App-VPC) is sufficient to meet application needs? | Y | ||||
Has application team conducted network connectivity testing for any data ingest flows and confirmed existing ingest options are sufficient to meet application needs? | N/A | ||||
Has application team confirmed that system administrator connectivity options are sufficient to meet application needs? | Y |
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Has the application team conducted network connectivity and performance testing for any data egress flows and confirmed existing egress options are sufficient to meet application needs? | Y | Egress from Access is extremely minimal. Given that use of Access is limited and the nature of the application, there will be almost no discernable change in egress as a result of deploying Access to NGAP. | ||
Has the application team conducted testing to ensure application continues to operate while in a bandwidth throttled mode? (not mandatory but recommended for high volume S3 distributors) | N | |||
Is application team aware of AUTOMATED egress related cost monitoring, alerting, and enforcements?
| Y | |||
Have both application team and platform team received approved egress cap and throttling threshold values from ESDIS? | Y | |||
<add rows as needed> |
NGAP References:
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Does application team have an ESDIS approved Cost-Model on file? | Y | |||
Does target EDC account(s) have sufficient funds allocated in CloudTamer for anticipated cloud costs? | Y | |||
Is application team aware of AUTOMATED AWS account level cost monitoring, alerting, and enforcements?
Manual actions to delete resources will be considered above Freeze-Spend and Circuit Breaker levels | Y | |||
Are CloudTamer budget-based notifications configured to send emails to all desired app-team individuals? | Y | NASD-2736 filed to enable this. | ||
Is application team aware of AWS options for monitoring and alerting on cloud costs expenditures specific to their account and use-case
| Y | |||
Does application team have a process to monitor / audit cloud expenditures and take action if required? | Y | |||
<add rows as needed> |
NGAP References:
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Does application team have processes in place to address operations issues that arise with their application in the EDC? | Y | |||
Do application team and platform team have a common understanding of the shared operational responsibilities between:
| Y | |||
Does application team have any "critical" functionality requiring 24/7 on-call platform support? "Critical" is scoped to items where the loss of functionality will irrevocably harm science data retention. (Ex: satellite data will be lost with no means of recovery) | N | |||
Is application team aware of and familiar with NGAP Service Desk (NASD): NASD Link | Y | |||
Is application team aware of and familiar with AWS Enterprise Support | Y | |||
Is application team aware of and subscribed to NGAP Announcements: Subscribe to the NGAP Announcements Mailing List | Y | |||
Is application team aware of NGAP / Security Office Hours? Office Hours Link | Y | |||
<add rows as needed> |
...
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Has the application team reviewed the EDC Tenant Run Rules and confirmed they are able to operate within those rules? Earthdata Cloud Tenant Run Rules | Y | |||
Has the application team noted any needed exceptions / waivers from EDC Tenant Run Rules? If so, have those requests been approved? | Y | None needed | ||
Does the application team have an approved Operational Security Agreement (OSA) on file with ESDIS Security? OSA Template Handbook | Y | (can post OSA here if allowed) | Sent to Rajiv 10/10/2021. | |
Is application team leveraging EDC CICD for deployments or alternative mechanisms? (NOTE: not required, just for record keeping) | Y | |||
Is application team aware of software vulnerability scanning and reporting requirements?
| Y | |||
Has Is application team aware of, or been made aware of via the ESDIS Security of , any known vulnerabilities. Are known vulnerabilities addressed, mitigated, or residual risk within acceptable levels? | N | |||
Does the application team have processes in place to identify, assess, and address security vulnerabilities if they occur? | Y | |||
<add rows as needed> |
...
...