OPeNDAP at the National Oceanographic Data Center

• Status

• Lessons Learned

• Recommendations

NODC Service Components

An Operational Component of the “Federal Backbone”

Data Archive and Metadata Management Identity tracking Version tracking Integrity tracking

Ocean Climate Data Record Development Peer reviewed quality assessment Physical, Chemical Biological Observations Data archeology, Ocean heat and productivity climate records

Coastal Data Access Support

Data documentation, discovery, retrieval, exchange Coastal resource management target

NOAA Central Library

Information services Data

NODC

• Transitioning to an Open Archival Information System Reference Model (OAIS) – ISO 14721:2002

• Goal Preserve data/information over the long term

• Changing technologies

• Changing support media and formats

• Changing user communities and expectations

• Basic Precept – Must preserve combination of data and its representation information

The NODC Operational Environment

• Committed to Online Accession and Delivery of Data, Products & Metadata

• Approximately 400 Major IT Systems Supporting ~1 TB Data, ocean satellite data a recent entry

• 15 IT Staff equally split between Federals and Contractors

• Mandated Federal IT Security Requirements & Oversight

• NOAA• Department of Commerce• Office of Management and Budget• Office of Inspector General

• In this Environment, Enterprise-level Management Essential

OPeNDAP Installation at NODC

• Default installation in open environment seems to work “right out of the box”

• Installation within structured, secure environment is a different story

NODC Secure Operational Environment – Normal Precautions … and then Some

• Network firewall

• Multiple zones with separate firewall policies

• IP Filtering & access controls on exposed hosts

• Aggressive patching schedule

• Credentials for remote access require “strong encryption”

• Public server code reviewed “line by line”

• Public web & FTP servers chrooted, limiting access

• Public web content is “Read Only”

• All CGI scripts reside on “Read Only” file systems

• CGI Privilege escalation disabled

• “Hot Backup” systems, hardware and content in place

NODC Operations Summary

0

10

20

30

40

50

1991 1995 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007

Year

Nu

mb

er

0

50100

150

200250

300

350400

450

(# S

ys

tem

s)

FTE + Contractors Systems UnitsSystems Compromised PC Virus Attacks

Data Transport Protocols Supported

• HTTP

• FTP

• JDBC (SQL Database access)

• DODS / OPeNDAP

• Command Line (NRL TOWAN access)

• ArcSDE (Java API)

o HTTPS

o TEDS (Navy's Tactical Environmental Data Server)

o OpenGIS

o Java and C++ programs enabled protocols • In place

o In progress

Overview of NODC Secure Operational Environment(RED identifies OPeNDAP installation challenges)

• Network firewall

• Multiple zones & firewall policies

• IP Filtering & access controls on exposed hosts

• Aggressive patching schedule

• Credentials for remote access require “strong encryption”

• Public server code reviewed “line by line”

• Public web & FTP servers chrooted, limiting access

• Public web content is “Read Only”

• All CGI scripts reside on “Read Only” file systems

• CGI Privilege escalation disabled

• “Hot Backup” systems and content in place

Lessons Learned - OPeNDAP Installation In Operational Secure Environment

• Default installation & existing documentation not yet adequate to secure installations

Challenges enterprise approach to system management

Command line and Perl modules installed by default in the CGI-Bin, allowing remote user to invoke and compromise system

Multiple interdependencies found among PERL modules, configuration files, and scripts

• Elected detailed review of voluminous code due to lack of familiarity and availability of security information resource base

• Level of documentation hindered trouble shooting

• Many issues resolved after “tech assist” visit, some still remain

Observations & Recommendations

• OPeNDAP offers a powerful data transport capability, particularly suited for aggregated data transport into applications (e.g., models)

• In its present form OPeNDAP required expert levels of support (Operationally ready and sustainable?)

• Independent security testing and evaluation needed

• Life cycle (and reduced costs) support will be needed in similar operational environment implementations

• Data discovery (metadata enabled) and aggregation are challenges and critical IOOS requirements

• From a practical point of view, some decisions have been made based on resource allocation tradeoffs with respect to “return on investment” in comparison to existing, alternative data transport protocols already in use (e.g., FTP, HTTP, emerging OpenGIS protocols, etc.)

• IOOS DMAC needs to address these and other user identified issues in its next phase

Looking Ahead

• NODC OPeNDP Server awaiting final validation• Early data sets identified and groomed () for

OPeNDAP publication WOCE Ver 3 NOAA AVHRR reprocessed Pathfinder SST record World Ocean Atlas Global Temperature Salinity Profiling Program (GTSPP) NOAA Shipboard Environmental Data Acquisiton (SEAS)

data

• OPeNDAP will be one of several data transport protocols used by NODC