Versions Compared

Old Version 2

changes.mady.by.user Jason Hoekstra

Saved on

compared with

New Version 3

changes.mady.by.user Jason Hoekstra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The meeting is scheduled on (tbd)

Agenda/Notes        

This SIG meeting will convene to discuss deployment at scale with a focus on learning from everyone’s experience and recommendations - what is needed to help support your operations and questions such as important security at scale and key patterns and how Ed-Fi security operations can best support partner operations? We’d like to dig into the details for enhancing value of customer solutions from Ed-Fi implementations while insuring information assurance and security as necessary within those deployments - where the patterns, techniques and best practices can be shared from generalities of lessons learned.

Items discussed from the call from its agenda:

...

...

  • Security is an implicit "must-have" in all the work we do collectively to serve K-12 information.  Ed-Fi interconnects with multiple systems of record with sensitive information contained within; those who we represent expect full information assurance and best practices from both the technology and practice aspects of our work.
  • Ed-Fi Tech Team manages annual security reviews and contracts with Praetorian, a well-known IT risk assessment and security services firm.
  • ODS/API (Platform) is primarily reviewed as part of this effort (and as core to our data interoperability work).  Admin App, as it has responsibilities for key/secret management and other system functions, is also part of our annual reviews.
  • These reports have been internal-focused to date.  From our engagements with Praetorian, we have not yet experienced high or significant findings as a result from their security audits.  Generally it has been reported by Praetorian that Ed-Fi ODS/API and Admin App are within the top 25% quartile of their clients for good code and security practices, which is received as a positive signal for today's investments in code quality, maintainability and internal practices towards security concerns.
  • 2019 report overview - guidance about Active Directory, in default configuration (i.e. "out-of-the-box"), is likely to present security risks within the environment.  Given this, as well as other community reported issues, this lead the Tech Team to migrate off of Active Directory and to the ASP.NET Identity based solutions today.  (ASP.NET Identity is also being used to extend SSO for Tools using OIDC on the 2022 roadmap.)
  • In the future, if major findings are reported from a Praetorian finding, assume that Ed-Fi would a.) work closely with Praetorian to understand full risk and resolution of the discovery in full cycle and b.) have timely communication to those that may be affected by such findings.
  • From discussion, there are opportunities for Ed-Fi to widen communications to community members who's operations overlap in these areas.

...

  • Generally the MSP community strives to keep up-to-date with Ed-Fi technology releases as much as possible.  Many factors can exist around decisions to choose particular versions of products within the Ed-Fi Tech Suite, including implementation-site data standard requirements, existing systems and so on.
  • MSPs generally either built the ODS/API from source code or pull from Azure Assets as a basis of code deployment.

...

  • Notifying - email would be more formal
  • Release cycle and hotfixing – need time to test it to be ready to use for following year especially with changes requiring database change
  • There may be more lifts - may be differences between platform and tools release cycles
  • We can continue to support trying to get it into your work faster - hot fix or whole channel redeployed?
    • Rebuild approach is better. Would want the same sort of dependency module import for the Ed-Fi code base with updates pushed out for us to auto the packages or dependencies.

...

  • One test op recommended tool used by some is https://snyk.io/ to auto identify issues (mostly open source version does dependencies) 
  • https://hub.docker.com/u/edfialliance
    • For us, an automated build or pipeline is GitHub Actions
  • Used to zip packages ++ and that build is final destination but docker possibility adds other components into that.  
  • How Google Test Software by James Whitmer - change in strategy for a lot of people but the change in structure has been recommended. 

...

  • Ed-Fi has had experience with Azure app and Key Vault - how to work in a way usable for multiple cloud providers?
    • Some are using Kubernetes environment variables and using Dev Secrets (including Manager Integrations) because unless you populate in Docker config file gets baked in image. 
    • Some are using Google Secret Manager to store config values

...

Jira Legacy
serverEd-Fi Issue Tracker
serverIde04b01cb-fd08-30cd-a7d6-c8f664ef7691
keyODS-5441

...

Jira Legacy
serverEd-Fi Issue Tracker
serverIde04b01cb-fd08-30cd-a7d6-c8f664ef7691
keyODS-5390

...

Data Import - Looking into the Future

  • Data Import exists within an ecosystem of open-source and commercial ETL solutions
    • Review to understand overlaps and what exists
    • How is Data Import preferred to these solutions?
  • Architecture implications for Data Import
    • Scale and performance
    • Running in cloud / distributed scenarios
  • Improvements in Data Import
    • Pre-processing
    • Mapping to Ed-Fi data
    • ETL Processing
    • Logging  / Data Quality Checks
    • Staying on top of reoccurring processes
  • Could anything in Data Import be used to help vendor API connections?  Reusable mappings?  Etc?