Cloud Service for Research Survey

  1. Basic Background

a.

What do you call your cloud service for researchers?

 

b.

Is there a public landing page or documentation? If so, would you provide a link?

 

c.

On what date did initially go live in production?

 

d.

Which cloud platforms do you offer in your service?

 

e.

How many AWS accounts, GCP projects, or Azure subscriptions do you have?

 

f.

How many research teams are you serving?

 

g.

How many individual users of the service do you have?

 

 

2. End User Service Characteristics

a.

How do your users engage the service to get an account, project, or subscription?

 

b.

Do your end users perform self-service, automated provisioning of accounts, projects, or subscriptions? Why or why not?

 

c.

Do you end users perform self-service, automated deprovisioning of accounts, projects, or subscriptions when they are done with accounts, projects, or subscriptions? Why or why not?

 

d.

Do you provide users with rules of behavior they must follow when using the service? Do users need to agree to these terms to use the service? Why or why not?

 

e.

Do your end users provision their own cloud infrastructure and applications into their accounts, project, or subscriptions? Are security reviews or other reviews required? If so, do these happen before the users provision infrastructure into their accounts, projects, or subscriptions or after?

 

f.

Do you prevent your end users from purchasing cloud accounts, projects, or subscriptions on their own? If yes, how do you prevent them from purchasing external cloud resources?

 

g.

Do you restrict your end users to a set of approve VM images and application stacks or do you allow them to launch whatever images and stacks are available on the cloud platform?

 

h.

How do users and service administrators manage who owns each account, project, or subscription and which users are associated with each account, project, or subscription? Where is that data stored and managed?

 

i.

How to end users place firewall rule exceptions to expose cloud resources to the Internet and on-premises clients?

 

j.

How do end users view their charges and bills? Do they view these on the cloud provider platform or in the institutional financial system? Both?

 

3. Technical Architecture and Service Administration

a.

Do you route all traffic to and from the cloud VPCs or VNets through your on premises network?

 

b.

Do you use cloud-based or on-prem next gen firewalls like Palo Alto, Cisco, and Juniper to protect resources in your VPCs and VNets? Which? Or do you use cloud platform provider controls exclusively?

 

c.

Do you automate any provisioning with Terraform, CloudFormation, Deployment Manager, Azure Resources Templates, etc.? Can you share those templates with the RHEDcloud project?

 

d.

Do you automate any network provisioning (like VPNs, transit gateway association, shared VPC, static NAT, etc.)? If so, which?

 

e.

Do you automate any security provisioning or administration like firewall rule exceptions? If so, which?

 

f.

Do you automate any billing integration with your organizational financial accounting system?

 

g.

Do you employ any detective controls that scan accounts, projects, or subscriptions for specific forbidden configurations or conditions that are not or cannot be prohibited by policy. If so, how are these implemented?

 

h.

Do you use platform-provided security overwatch, thread detection, and intelligence such as AWS GuardDuty, Azure Advanced Security, GCP Cloud Armor?

 

 

4. RHEDcloud Project Participation

a.

Has your organization deployed and existing RHEDcloud code in the form of web apps, web services, policy definitions, or tests?

 

b.

Has your organization contributed any code to the RHEDcloud project? If so, to which repos?

 

c.

Do you participate in any RHEDcloud committees? If so, which?

 

d.

Have you used any RHEDcloud security risk assessments to inform the controls and guardrails you implemented in the cloud? If so, which ones?

 

e.

Have you contributed and security risk assessments to the RHEDcloud project and reviewed them with the Security Risk Assessment Committee?

 

f.

What have been the most useful aspect(s) of participating in the RHEDcloud Project?

 

g.

What does RHEDcloud Project NOT do or focus on that you wish it did?

 

h.

Roughly how many people from your organization participate in RHEDcloud meetings, events, or code projects?

 

 

5. Professional Services

a.

Has your organization engaged any professional services to help implement cloud solutions for research? If so, whom have you engaged and for what? (they may be potential RHEDcloud collaborators)

 

b.

Do you have a need for additional professional services to evolve or accelerate cloud solutions for research? If so, what are the top services you would like to see from providers?

 

c.

What is your toughest problem related to cloud computing for research that you would like to solve?