ESnetESnetNetworking for Science
⨠MyESnet
Services

Contact Us

Technical Assistance:

1 800-33-ESnet (Inside the US)
1 800-333-7638 (Inside the US)
1 510-486-7600 (Globally)
1 510-486-7607 (Globally)

Report Network Problems:

trouble@es.net

Provide Web Site Feedback:

info@es.net

DOE Grids Service Transition

Background:

ESnet has decided to transition support and management for the certificate services provided by the DOE Grids public key infrastructure (PKI) to the Open Sciences Grid (OSG). OSG and ESnet provide service to many of the same user communities, and have long been collaborators in the areas of identity and security. ESnet and OSG have evaluated a wide variety of options to meet the requirements of the DOE research community. OSG has concluded it will either establish a replacement PKI, perhaps supported by a contract with DigiCert, a commercial PKI provider.  

Service Testing and Next Steps: 

In December 2011, OSG initiated a pilot service with included careful testing of DigiCert certificates, registration interfaces, and management APIs and use in community applications including data, job, database, and other services that virtual organizations and collaborations regularly use. 

The commercial CA pilot concluded in February 2012 and revealed no major issues. Based on the results, the team is working with the OSG Executive Team on its final anaylsis and recommendations. At the end of February 2012, ESnet, OSG and appropriate DOE program managers will meet to review and finalize next steps for transitioning the service over the next 12 months. In the next phase, OSG will undertake a detailed planning process for deployment of its new CA and commence deployment in the Spring 2012. ESnet will be working with its users and with OSG to ensure a seamless transition by the end of the 2012 calendar year. 

Upcoming informational opportunity:

OSG will be hosting a one hour session during the organization’s annual All-Hands meeting in March 2012 to present the results of the pilot, the status of the implementation plans, and give the Registration Agents (RAs) and system administrators information about what they will need to do during and after the transition. If you are interested in attending please contact Ruth Pordes (ruth@fnal.gov).

Additional Background Information

This page will be updated with information on the transition as it becomes available.  Please feel free to contact us with any questions at anytime.

Community Communications
FAQ (draft)
Important Links

 

Community Communications: 

email to DOEGrids CA customers: December 2, 2011

FAQ

 

Why is ESnet transitioning its service to OSG?

Ten years ago ESnet began offering certificate services to the DOE Office of Science. These services were at that time only in their infancy and no effective commercial solutions existing to fill this need for our community. Over the past decade, other organizations within the research and education community like OSG have begun to provide similar services to a similar and sometimes overlapping customer base. At the same time, vendor solutions have matured significantly and now provide greater cost efficiency and technical capabilities than ever before. Vendors are also more interested in partnering with the R&E community. Combined, these factors led ESnet to re-evaluate how our community would be best served for its certificate service needs into the future.    

What is the timeline for transitioning service?

It is our goal to work with all of our users and with OSG to ensure a smooth and seamless transition by the end of the 2012.  Once OSG completes its pilot and develops an implementation plan, we will share these details with you to ensure a smooth and seamless transition of services.  If you decide that you would like to explore other service providers, we would be happy to work with you to determine the best path forward.  

Why did OSG select DigiCert as its pilot service?

OSG performed a comprehensive evaluation of a wide variety of service options that could meet the unique requirements of the DOE research community. This analysis reviewed various community and commercial options on the requirements. Digicert rose to the top as potentially able to effectively meet the criteria. The current pilot service is rigorously testing all attributes of the service including the registration interfaces, and management APIs. The certificates will also be tested to ensure suitability for particular community applications including data, job, database, and other services that Virtual Organizations (VOs) regularly use.

Why did OSG decide to pilot a service with a commercial partner?

Operating a certification authority is a serious responsibility. OSG considered the options of ramping up its own skills and expertise in the area versus contracting with a well-established trusted commercial partner. There was suitable benefits to partnering, that it was worth initial exploration through the pilot, and given the success of the pilot, we believe the partnership is the best path for OSG to provide a trustworthy, user friendly, cost-effective service for its user community.

 What if our certificates expire before the end of 2012.  How should we renew these? 

We encourage you to renew your certificate as you normally would with DOEGrids CA. Your certificates will remain valid until they expire. Once OSG completes its pilot and develops an implementation plan for a production service, we will communicate these changes to you so that you may make decisions on any future certificate renewals.  

How will the service be transitioned so that service is not interrupted?

Our number one priority is to ensure no disruption of service to you.  Once OSG completes its pilot and develops an implementation plan for a production service,  we will work with you to ensure a seamless transfer of services.  

What if my organization would like to explore other options besides the OSG service?

While ESnet fully supports the OSG service as a path forward for our users, we understand that you may want to explore other certificate service options outside of this proposed solution. If this is the case, ESnet staff would be glad to work with you on a one-on-one basis to understand your needs and concerns and help identify possible solutions.

What should a customer do to find out more information about the OSG service and the DigiCert pilot?

ESnet would be happy to facilitate a one-on-one conversation with our OSG partners. Ruth Pordes, OSG Executive Director (ruth@fnal.gov) and Von Welch, OSG CA Transition Program manager (vwelch@indiana.edu) are the primary contacts at OSG.  In addition to these one-on-one conversations, OSG will be hosting a one hour session during the organization’s annual All-Hands meeting in March to present the results of the pilot, the status of the implementation plans, and give the Registration Agents (RAs) and system administrators information about what they will need to do during and after the transition. If you are interested in attending please contact Ruth Pordes (ruth@fnal.gov). 

Important Links 

OSG Certificate Service Transition website:
https://twiki.grid.iu.edu/bin/view/Security/OSGCATransition2012

OSG All-Hands Meeting information:
http://hcc.unl.edu/presentations/event.php?ideventof=5

Contact Information:

Ruth Pordes
OSG Executive Director
ruth@fnal.gov

Von Welch
OSG CA Transition Program manager
vwelch@indiana.edu 

Lauren Rotman
ESnet Partnerships & Outreach Lead
lauren@es.net