This page is holding information about requirements for eduroam Managed IdP operations, in terms of required infrastructure and resources. RESPONSIBLE: Information provided here is initially populated by the development team (during the transition phase), and revised based on the need or in a yearly service check by eduroam Managed IdP Service Manager. |
Infrastructure Requirements
Indicate requirements for VMs, grouping the requirements for multiple VMs in one column. Add as many columns as necessary, adding the sensible distinguisher for each group that will make it easier for later reference.
| VM requirements | Web Frontend | RADIUS | OCSP Responder |
|---|---|---|---|
| Description of usage | provides the web frontend functionality including creation of keys, certificates and OCSP statements. | authenticates EAP sessions. | serves OCSP statements on request of RADIUS |
| Number of VMs with same specification | 1 | 2 | 1 |
| Hardware requirements (CPU, RAM, disk space) | 2 CPU, 1G RAM, 30 GB disk | 1 CPU, 512 MB RAM, 30 GB disk | 1 CPU, 512 MB RAM, 30 GB disk |
| Network connection requirements | incoming TCP/443 (from world) | incoming TCP/2083 (from world) | incoming TCP/80 (from world) |
| IP addressing requirements (IPv4, IPv6, public routable) | yes, yes, yes | yes, yes, yes | yes, yes, yes |
Naming requirements1 | DNS name: "hosted.eduroam.org" (A/AAAA, plus matching PTR) | DNS name: "auth-1/2.hosted.eduroam.org" (A/AAAA, plus matching PTR) NAPTR: *.hosted.eduroam.org (wildcard!) SRV: _radsec._tcp.hosted.eduroam.org. | DNS name: "ocsp.hosted.eduroam.org" (A/AAAA, plus matching PTR) |
| Other resource requirements | SMS Gateway |
|---|---|
| Indicate which ones together with their specifics | needs an account on www.nexmo.com and sufficient funds to send SMSes account should be created with an email address that is read to receive "low balance" alerts, alternatively enable the feature "Auto reload" the accounts "key" and "secret" go into the product configuration ( CONFIG_CONFASSISTANT['SMSSETTINGS'] ) |
Infrastructure hosting requirements
Hosting requirements | Applying to Web Frontend | Applying to RADIUS | Applying to OCSP Responder |
|---|---|---|---|
Availability | |||
Backup (what, frequency, retention period) | |||
Monitoring and alerting1 | |||
Measuring and Reporting2 | |||
Log retention3 | |||
Security policy for access and usage4 |
1 At minimum network accessibility (outside of LAN) and hardware resource usage must be monitored. Indicate if some of this resources can be deemed critical so that adequate thresholds for alerting are implemented. Additional, indicate which specific applications uptime and operational health must be monitored and alerting implemented.
2Define what should be measured, how and with what period in order to deliver appropriate reporting relating to KPIs, usage, etc.
4Define the policy for limiting accessing to the infrastructure piece and where it should be implemented (system level, network level etc.)
System and Application maintenance requirements
System and Application Requirements | Applying to Web Frontend | Applying to RADIUS | Applying to OCSP Responder |
|---|---|---|---|
Operating system | |||
Applications1 | Apache 2, PHP7, MariaDB | FreeRADIUS 3 | Apache 2, PHP7 |
| Maintenance hours2 | |||
Configuration management3 |
1 List the applications installed on a system, and add corresponding licenses where applicable.
2 Define window appropriate for regular maintenance. /give some recommendations
3 Applies for automatized configuration management. Describe system used.
Human resources requirements
Indicate requirements both in skills and manpower needed, for personnel needed for devops team (that maintains service specific applications) and for L2 support.
Human resources requirements | add_distinguisher | add_distinguisher |
|---|---|---|
Description | ||
Manpower | ||
| Recommended number of persons (considering backups) | ||
| Skills |