[OSGeoLive] OSGeoLive Cloud -- (was Budget 2019)

Hildebrandt, John johnhild at amazon.com
Wed Jan 16 14:29:39 PST 2019 

I always encourage customers to make security a priority.

One very simple thing you would be able to do when running up such an AMI for research and learning purposes would be to lockdown the Security Group around the EC2 instance to only accept incoming traffic from your laptop/workstation that you are connecting from.
See https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

Regards
John

From: Cameron Shorter <cameron.shorter at gmail.com>
Sent: Tuesday, 15 January 2019 10:50 PM
To: osgeolive at lists.osgeo.org
Cc: Bruce Anger <bruceanger at gmail.com>; Hildebrandt, John <johnhild at amazon.com>
Subject: Re: [OSGeoLive] OSGeoLive Cloud -- (was Budget 2019)


During the FOSS4G Oceania community day, Bruce Anger and John Hildebrandt made great progress toward running OSGeoLive in AWS.

Bruce's notes are here: https://docs.google.com/document/d/12Hix3gAlOkbpyBj9EjOza-JLMEvS6l135Z-Hpuw7ZlU/edit?ts=5bf77367

James, your points are valid when considering setting up a production server. However, if we initially limit the target use case to a workshop/demo type setting, with nothing on the VM to be considered of value, then I assume security should be able to be ignored.

(A future iteration could address security).

Brian, I probably should have been more specific about the use case I was suggesting.

Cheers, Cameron
On 15/1/19 4:09 am, James Klassen wrote:
Technically, I suspect it would be relatively easy to convert the OSGeoLive VM image into the formats accepted by various cloud providers.

My main concern is that historically OSGeoLive has been setup prioritizing ease of use on a single user machine to let a new user explore and learn the software with as few hurdles as possible.  This seems in fundamental conflict with best practices for putting a server on the open internet (in the cloud or otherwise).

For example, we have easily guessable and well documented passwords, generally permissive permissions in applications and on the filesystem, unrestrictive firewall, way more than the minimum software installed than is needed for any given task (increasing attack surface area), ...

I think we would need to put some serious thought into how to secure an OSGeoLive cloud image and what that might mean for usability.

On Sun, Jan 13, 2019, 20:04 Brian M Hamlin <maplabs at light42.com<mailto:maplabs at light42.com> wrote:

Hi All --



> creating a "OSGeoLive in the Cloud" instance



  It might be said that OSGeoLive is ...



- a flagship for OSGeo dot org

- a proof-of-work for UbuntuGIS integration

- a service to all of the member software projects, incubated or others

    literally multiplying the leverage of interoperable data toolchains when combined

- a service to all of the science communities worldwide, in all major human languages

- a service to students of all kinds, in all places touched by technology

  ... others not mentioned



So, what might a "cloud" OSGeoLive be ?   news flash, many long-standing projects now

included on OSGeoLive are quite active in the cloud and continue to be..



Major cloud players say - Ubuntu OS is the most popular cloud service OS by number of customers

OSGeoLive is already an Ubuntu platform project. so ....



companies handling geospatial data chains are already using directly, UbuntuGIS PPA to build...

Some.. but another fact .. Docker technology easily runs Ubuntu PPA systems on a RedHat base, today.

The Docker container shares the kernel only with the host, while the rest of the OS layers are Debian/Ubuntu.



Is there an economic arguement to be made, with respect to a "cloud" OSGeoLive ?

I find many economic arguements to be badly self-contradicting, when viewed broadly..



The OSGeoLive project has continuity and serious utility.. beyond that, opinions vary widely..

Is a "cloud" OSGeoLive the right move ?  with what resources ?  open questions



  best regards from Berkeley, California

 -Brian M Hamlin     darkblue_b  dbb





On Sun, 13 Jan 2019 20:23:28 +1100, Cameron Shorter <cameron.shorter at gmail.com<mailto:cameron.shorter at gmail.com>> wrote:
I'm really hopeful that we'll see some people follow through with
creating a "OSGeoLive in the Cloud" instance which could be spun up and
used during training sessions. (This could be a great Google Season of
Code topic). I think this could be done with free developer AWS
instances, but it would be good to have access to budget if required to
support a first deployment.

Also, it would be good to have discretionary funding to pay for
OSGeoLive USBs for conferences that ask for it during the year. Maybe do
a print run of 500 to 1000 USBs (That would be 50 to 100 USBs at an
OSGeo table at a conference/workshop/code sprint, for 10 to 20 events).

On 13/1/19 3:11 am, Astrid Emde (OSGeo) wrote:
> Hello folks,
>
> yes - it is time to think about the budget for 2019.
>

--
Cameron Shorter
...

--
Brian M Hamlin
OSGeo California
blog.light42.com<http://blog.light42.com>


_______________________________________________
osgeolive mailing list
osgeolive at lists.osgeo.org<mailto:osgeolive at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/osgeolive



_______________________________________________

osgeolive mailing list

osgeolive at lists.osgeo.org<mailto:osgeolive at lists.osgeo.org>

https://lists.osgeo.org/mailman/listinfo/osgeolive

--

Cameron Shorter

Technology Demystifier

Open Technologies and Geospatial Consultant



M +61 (0) 419 142 254
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/osgeolive/attachments/20190116/a724f234/attachment-0001.html>

More information about the osgeolive mailing list