1 / 14

OPeNDAP at the National Oceanographic Data Center

OPeNDAP at the National Oceanographic Data Center. Status Lessons Learned Recommendations. NODC Service Components. An Operational Component of the “Federal Backbone” Data Archive and Metadata Management Identity tracking Version tracking Integrity tracking

hija
Download Presentation

OPeNDAP at the National Oceanographic Data Center

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OPeNDAP at the National Oceanographic Data Center Status Lessons Learned Recommendations

  2. NODC Service Components • An Operational Component of the “Federal Backbone” • Data Archive and Metadata Management • Identity tracking • Version tracking • Integrity tracking • Ocean Climate Data Record Development • Peer reviewed quality assessment • Physical, Chemical Biological Observations • Data archeology, Ocean heat and productivity climate records • Coastal Data Access Support • Data documentation, discovery, retrieval, exchange • Coastal resource management target • NOAA Central Library • Information services • Data

  3. NODC • Transitioning to an Open Archival Information System Reference Model (OAIS) – ISO 14721:2002 • Goal  Preserve data/information over the long term • Changing technologies • Changing support media and formats • Changing user communities and expectations • Basic Precept – Must preserve combination of data and its representation information

  4. The NODC Operational Environment • Committed to Online Accession and Delivery of Data, Products & Metadata • Approximately 400 Major IT Systems Supporting ~1 TB Data, ocean satellite data a recent entry • 15 IT Staff equally split between Federals and Contractors • Mandated Federal IT Security Requirements & Oversight • NOAA • Department of Commerce • Office of Management and Budget • Office of Inspector General • In this Environment, Enterprise-level Management Essential

  5. OPeNDAP Installation at NODC • Default installation in open environment seems to work “right out of the box” • Installation within structured, secure environment is a different story

  6. NODC Secure Operational Environment – Normal Precautions … and then Some • Network firewall • Multiple zones with separate firewall policies • IP Filtering & access controls on exposed hosts • Aggressive patching schedule • Credentials for remote access require “strong encryption” • Public server code reviewed “line by line” • Public web & FTP servers chrooted, limiting access • Public web content is “Read Only” • All CGI scripts reside on “Read Only” file systems • CGI Privilege escalation disabled • “Hot Backup” systems, hardware and content in place

  7. NODC Operations Summary

  8. Data Transport Protocols Supported • HTTP • FTP • JDBC (SQL Database access) • DODS / OPeNDAP • Command Line (NRL TOWAN access) • ArcSDE (Java API) • HTTPS • TEDS (Navy's Tactical Environmental Data Server) • OpenGIS • Java and C++ programs enabled protocols • In place • In progress

  9. Overview of NODC Secure Operational Environment(RED identifies OPeNDAP installation challenges) • Network firewall • Multiple zones & firewall policies • IP Filtering & access controls on exposed hosts • Aggressive patching schedule • Credentials for remote access require “strong encryption” • Public server code reviewed “line by line” • Public web & FTP servers chrooted, limiting access • Public web content is “Read Only” • All CGI scripts reside on “Read Only” file systems • CGI Privilege escalation disabled • “Hot Backup” systems and content in place

  10. Lessons Learned - OPeNDAP Installation In Operational Secure Environment • Default installation & existing documentation not yet adequate to secure installations • Challenges enterprise approach to system management • Command line and Perl modules installed by default in the CGI-Bin, allowing remote user to invoke and compromise system • Multiple interdependencies found among PERL modules, configuration files, and scripts • Elected detailed review of voluminous code due to lack of familiarity and availability of security information resource base • Level of documentation hindered trouble shooting • Many issues resolved after “tech assist” visit, some still remain

  11. Observations & Recommendations • OPeNDAP offers a powerful data transport capability, particularly suited for aggregated data transport into applications (e.g., models) • In its present form OPeNDAP required expert levels of support (Operationally ready and sustainable?) • Independent security testing and evaluation needed • Life cycle (and reduced costs) support will be needed in similar operational environment implementations • Data discovery (metadata enabled) and aggregation are challenges and critical IOOS requirements • From a practical point of view, some decisions have been made based on resource allocation tradeoffs with respect to “return on investment” in comparison to existing, alternative data transport protocols already in use (e.g., FTP, HTTP, emerging OpenGIS protocols, etc.) • IOOS DMAC needs to address these and other user identified issues in its next phase

  12. Looking Ahead • NODC OPeNDP Server awaiting final validation • Early data sets identified and groomed () for OPeNDAP publication • WOCE Ver 3 • NOAA AVHRR reprocessed Pathfinder SST record • World Ocean Atlas • Global Temperature Salinity Profiling Program (GTSPP) • NOAA Shipboard Environmental Data Acquisiton (SEAS) data • OPeNDAP will be one of several data transport protocols used by NODC

More Related