version 1.1
Current as of:
ESDIS Review Gates serve to ensure application success upon launch within the Earthdata Cloud. The following template is meant to guide discussion among application stakeholders to:
Completed templates are maintained in the review register for future reference and revision as necessary
ESDIS Review Gate is the first in a two-stage review process that focuses on cloud-specific issues such as:
End-to-End System Readiness is the second review in the two-stage process prior to public release and is focused on mission and business readiness considerations.
Tables below should be filled out prior to or during the ESDIS Review Gate.
BLUE highlighted cells should capture the collected team inputs and reference information.
GREEN highlighted cells are provided at each step to capture notes and action items related to the item in question.
<please fill out> | <please fill out> | <use if needed> |
Readiness Review Results | Notes | Action Items |
---|---|---|
<to be completed at conclusion of review> |
Please provide slides, links, or other reference materials to provide context for the application / mission for which this review is being conducted.
Please include a data-flow diagram in these artifacts.
Examples may include:
Date | Artifact | POC | Notes | Action Items |
---|---|---|---|---|
| This feature was requested by ESDIS and the most desirable solution was to leverage a new version of the Earthdata Access application. | |||
| Slide deck for ERG |
Date | Notes | Action Items |
---|---|---|
| SIT DNS cutover. Pushed back due to Platform over-allocation. | |
| UAT DNS cutover | |
| Prod DNS Cutover |
CloudTamer Project Name | CloudTamer OU | Primary Region | Notes | Action Items |
---|---|---|---|---|
esdis-application-edsc-sit-8022 | ESDIS-EDSC | us-east-1 | Available to Earthdata VPN | |
esdis-application-edsc-uat-8982 | ESDIS-EDSC | us-east-1 | Available to public internet | |
esdis-app-edsc-prod-7557 | ESDIS-EDSC | us-east-1 | Available to public internet | |
<add rows as needed> |
DNS Entries | CloudFront URLs | AWS Endpoints (URL / ARN) | AART Registration | Notes | Action Items |
---|---|---|---|---|---|
https://access.sit.earthdata.nasa.gov | NASD-2639 | https://aart.nasa.gov/entities/1325187 | DNS entry currently point to on-prem application. NASD-2723 | ||
https://access.uat.earthdata.nasa.gov | NASD-2637 | NASD-2640 | https://aart.nasa.gov/entities/1463111 | DNS entry currently point to on-prem application. NASD-2724 | |
https://access.earthdata.nasa.gov | NASD-2638 | NASD-2641 | https://aart.nasa.gov/entities/1286711 | DNS entry currently point to on-prem application. NASD-2725 | |
<add rows as needed> |
Name | Role | Notes | Action Items | |
---|---|---|---|---|
Mark Reese | Product Owner | mreese@element84.com | ||
Ryan Abbott | Technical POC | ryan@element84.com | ||
Mark Reese | Operations POC | mreese@element84.com | Temporary while we try to backfill the position. | |
<add rows as needed> |
Name | Role | Notes | Action Items | |
---|---|---|---|---|
Radhika Guntur | Product Owner | radhika.guntur@nasa.gov | ||
Radhika Guntur | Scrum Master | radhika.guntur@nasa.gov | ||
Ben Williams | Platform Train Product Manager | benjamin.j.williams@nasa.gov |
Name | Role | Notes | Action Items | |
---|---|---|---|---|
Valerie Dixon | App Admin | valerie.dixon@nasa.gov |
Name | Role | Notes | Action Items | |
---|---|---|---|---|
Chris Mishaga | ESDIS Security | christopher.a.mishaga@nasa.gov | ||
Rob Andersen | ESDIS Security | robert.h.andersen@nasa.gov | ||
Rajiv Gunja | ESDIS Security | rajiv.g.gunja@nasa.gov |
Earthdata Cloud provides tenants with direct access to Cloud Service Provider resources, services, and functionality. Various guard-rails have been implemented to provide assurance of compliance with NASA/ESDIS policies and limit risk of compromise or cost overruns. Applications must perform adequate pre launch testing to validate proper functionality within the guard-rails established by EDC.
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Has application team conducted end-to-end testing within the EDC and confirmed existing EDC services are sufficient to meet application needs? | N | Waiting on NASD-2636 & NASD-2639 | ||
Has application team confirmed that existing in-cloud networking (ex: NGAP managed App-VPC) is sufficient to meet application needs? | Y | |||
Has application team conducted network connectivity testing for any data ingest flows and confirmed existing ingest options are sufficient to meet application needs? | N/A | |||
Has application team confirmed that system administrator connectivity options are sufficient to meet application needs? | Y |
NGAP References:
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Has the application team conducted network connectivity and performance testing for any data egress flows and confirmed existing egress options are sufficient to meet application needs? | Y | Egress from Access is extremely minimal. Given that use of Access is limited and the nature of the application, there will be almost no discernable change in egress as a result of deploying Access to NGAP. | ||
Has the application team conducted testing to ensure application continues to operate while in a bandwidth throttled mode? (not mandatory but recommended for high volume S3 distributors) | N | |||
Is application team aware of AUTOMATED egress related cost monitoring, alerting, and enforcements?
| Y | |||
Have both application team and platform team received approved egress cap and throttling threshold values from ESDIS? | Y | |||
<add rows as needed> |
NGAP References:
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Does application team have an ESDIS approved Cost-Model on file? | Y | |||
Does target EDC account(s) have sufficient funds allocated in CloudTamer for anticipated cloud costs? | Y | |||
Is application team aware of AUTOMATED AWS account level cost monitoring, alerting, and enforcements?
Manual actions to delete resources will be considered above Freeze-Spend and Circuit Breaker levels | Y | |||
Are CloudTamer budget-based notifications configured to send emails to all desired app-team individuals? | Y | NASD-2736 filed to enable this. | ||
Is application team aware of AWS options for monitoring and alerting on cloud costs expenditures specific to their account and use-case
| Y | |||
Does application team have a process to monitor / audit cloud expenditures and take action if required? | Y | |||
<add rows as needed> |
NGAP References:
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Does application team have processes in place to address operations issues that arise with their application in the EDC? | Y | |||
Do application team and platform team have a common understanding of the shared operational responsibilities between:
| Y | |||
Does application team have any "critical" functionality requiring 24/7 on-call platform support? "Critical" is scoped to items where the loss of functionality will irrevocably harm science data retention. (Ex: satellite data will be lost with no means of recovery) | N | |||
Is application team aware of and familiar with NGAP Service Desk (NASD): NASD Link | Y | |||
Is application team aware of and familiar with AWS Enterprise Support | Y | |||
Is application team aware of and subscribed to NGAP Announcements: Subscribe to the NGAP Announcements Mailing List | Y | |||
Is application team aware of NGAP / Security Office Hours? Office Hours Link | Y | |||
<add rows as needed> |
Validation Item | Completed (Y / N) | Reference Artifact, Link, or Comment if needed | Notes | Action Items |
---|---|---|---|---|
Has the application team reviewed the EDC Tenant Run Rules and confirmed they are able to operate within those rules? Earthdata Cloud Tenant Run Rules | Y | |||
Has the application team noted any needed exceptions / waivers from EDC Tenant Run Rules? If so, have those requests been approved? | Y | None needed | ||
Does the application team have an approved Operational Security Agreement (OSA) on file with ESDIS Security? OSA Template Handbook | Y | (can post OSA here if allowed) | Sent to Rajiv 10/10/2021. | |
Is application team leveraging EDC CICD for deployments or alternative mechanisms? (NOTE: not required, just for record keeping) | Y | |||
Is application team aware of software vulnerability scanning and reporting requirements?
| Y | |||
Is application team aware of, or been made aware of via the ESDIS Security, any known vulnerabilities. Are known vulnerabilities addressed, mitigated, or residual risk within acceptable levels? | N | |||
Does the application team have processes in place to identify, assess, and address security vulnerabilities if they occur? | Y | |||
<add rows as needed> |
Notes | Action Items |
---|---|