Network Performance Issues at the University of Utah. Draft for Review
|
|
- Crystal Dorsey
- 8 years ago
- Views:
Transcription
1 Network Performance Issues at the University of Utah Overview of Issues: Draft for Review The University of Utah (UoU) is experiencing network performance issues that are severely degrading the abilities of various disciplines to accomplish scientific, artistic and other research goals in a timely manner. Examples of network performance issues are: 50Megabit/second transfers from the Texas Advanced Computer Center, 12Mbit/sec transfers from Fermi National Labs, and 6.7Mb/s transfers from Oak Ridge National Labs. These performance issues are also preventing the University of Utah from fully realizing the significant investments it is making in network infrastructure, both on the campus and at Utah Education Network (UEN). The Utah Education Network maintains a 10 Gigabit/second connection to the Internet2 backbone. The University of Utah maintains (2) 10 Gigabit/second connections to the Utah Education Network. For single box, single user, single application flows utilizing the IPv4 protocol, the University of Utah is only able to utilize.08% to 6% of the network connectivity to the Internet2 backbone. As the University of Utah looks to the next generation of Internet Protocol, IPv6, the performance is worse,.08% to 2% of the network connectivity to the Internet2. For multiple box, multiple user, multiple application flows, the Univ. of Utah is hitting ceilings of 20-30% of the available network bandwidth. Utilizing its current security/network configuration, the University of Utah is NOT able to maximize its significant investment in network infrastructure. Staff at the Center for High Performance Computing, campus Network Operations Center and the Utah Education Network have investigated and optimized the network and the campus Wide Area Network (WAN) firewall to the extent possible. At this time, the fundamental limitation is the campus WAN firewall. Staff have created a bypass of this firewall for a single measurement device and been able to achieve a near line rate of 8.9Gigabits/second rate out of the University. For large data transfers in IPv6, the firewall vendor has explicitly stated that the firewall should not sustain any large IPv6 flows through the firewall. Firewalls have traditionally been limitations to high performance transfers and other applications that are extremely network intensive. Even the "latest and greatest" in firewall technology often only keeps up for 1 to 2 years. Enterprises often need to amortize firewalls over 3-5 years. The University of Utah s current firewall is seven years old. The University of Utah and UEN have 10Gig connectivity today to the national research backbone. Over the next year and a half, the national Internet2 Research and Education backbone will implement 100Gig/s. The University of Utah and UEN will not go immediately to a large connection of this size, but will increase as the network usage increases. Several University staff and faculty have collaborated in order to execute a large number of tests over the past year. These tests have involved several scenarios and tests from locations around the United States. The final sets of tests concluded in
2 March 2011 with a test machine with 10Gig/sec connectivity bypassing the campus WAN firewalls. This test machine sat very close to a baseline server which has been collecting data through the firewalls for over one year. Figure 1 shows a summary of these tests, specifically the average incoming data to the University of Utah. Figure 1: Summary graph of average incoming data to CHPC from various locations around the United States, both with a firewall and without a firewall. The results of these tests of various scenarios to the University of Utah have led to a set of recommendations that the University of Utah might potentially consider: Recommendations: 1. Upgrade campus WAN firewalls as soon as possible a. Project Costs: approx $200,000 Already exists as a UPlanIT Portfolio project for Create and segment a Performance Node/Science Demilitarized Zone (DMZ) similar to the trend happening in the national computational laboratories (see Eli Dart's slides: a. Establish trial setup with a collaboration of the Center for High Performance Computing, Information Security Office and the campus Network Operations Center Proposed project in UPlanIT Cyberinfrastructure Portfolio waiting for approval and detail, proof-of concept prototype $50-$75k b. Investigate various long term architectural options see Architectural Options Appendix 3. Create a goal and plan for the University of Utah to: "Move a TeraByte between the University of Utah and most large research institutions in the US in around 8 hours." 4. Implement security options in front of "Performance Node/Science DMZ" to give proactive and reactive protection
3 a. Establish trial setup with a collaboration of the Center for High Performance Computing, Information Security Office and the campus Network Operations Center i. Example 1: BRO implementation at LBL ( (Prototype would require optical taps, equipment, scripting and part-time FTE from ISO and from CHPC - $50-100k, if chosen) ii. Example 2: Modification of University of Utah "autoshun" routines to work with non-production router; (Prototype would require scripting and part-time FTE from ISO and from CHPC - $50-$100k, if chosen) b. Implement project which would leverage as much of the existing campus licenses, hardware, and tap infrastructure as possible. (At this time, however, the existing infrastructure cannot handle current University of Utah IT loads. Upgrades to this infrastructure are awaiting the completion of a Security Gap Analysis project in the UPlanIT Infrastructure Portfolio and the allocation of $250k-$500k in budget.) c. Implement project which would leverage the DNS Blacklisting project, Firewall Protection project and other related security projects entering into the UPlanIT Infrastructure Portfolio. 5. Create a campus performance initiative with corresponding plans in UPlanIT for segmenting appropriate networks to the Performance Node/Science DMZ a. Identify and document tuning requirements for networks, hosts and applications (CHPC has some information already available). b. Define performance requirements and process for segmenting appropriate networks including confidential data identification and mitigation controls. (See Security Zone Appendix) 6. Setup and maintain an Active Network Measurement infrastructure that continually validates performance requirements a. Prototype implemented/funded by CHPC work completed with collaboration from UEN, campus NOC and SCI b. Full implementation including University of Utah and key state higher education partners will require approximately $70k-$100k, depending on equipment leveraged by collaborators Detail: Quantification of Network Impact of University of Utah Wide Area Network firewall The University of Utah, Utah Education Network and their collaborators (i.e. BYU, USU, etc.) pay $525,000 per year for 10 Gigabits/second connectivity to the Internet2 backbone. Of this amount, the University of Utah has a pro-rated share of $262,500/year. This connectivity allows the University of Utah, other institutions in the state and other collaborators to directly access the Internet2 backbone, peer research university institutions, national labs (i.e. Lawrence Livermore National Lab,
4 Argonne National Lab, Oak Ridge National Lab, etc.), research instrumentation and other key government, research and collaborative institutions. Though 10Gigabits/second is available to Internet2, the University of Utah is only able to utilize a small average percentage of the available Internet2 bandwidth for single user/single application/single flow (<6%). For multiple users/multiple applications/multiple flows, the University of Utah is able to utilize the bandwidth somewhat more effectively but still not to its full availability. Staff and faculty of the University of Utah have collaborated to create and graph transfers between the University of Utah and the various Internet2 Points of Presence (PoPs), as well as several of the national labs. These transfers have revealed various bottlenecks at the labs and the University of Utah campus. Staff and faculty have worked with the national labs and the technology on campus to either remove or optimize the throughput in/out of the University. Even after optimizing technology, the bandwidth out of the University still suffers dramatically. The average bandwidth from a device in CHPC with a 10Gig/s interface to an equivalent device in Houston with a 10Gig/sec interface is 144Megabit/s and the average bandwidth from Houston back to CHPC is 88.54Mb/s. Transfers between the University of Utah and an Internet2 measurement box in New York reveal a similar story. The average bandwidth from CHPC to New York is Megabits/sec and the average bandwidth from New York to CHPC is Megabits/sec through the 10Gigabits/sec connection. Graphs of transfers between the University of Utah and the Internet2 measurement box located at the Level 3 Point of Presence within Salt Lake City show an average bandwidth of Mb/s from the University to the I2 device and Mb/s from the I2 device to the University. In the Salt Lake City scenario, the latency is approximately 1ms or less and the location is so close, that packet drops, buffer sizes, etc. play less of a factor. Comparatively, Houston is over 30ms away in network latency and over a thousand miles away in terms fiber, multiple pieces of equipment, etc. All of these factors serve to impact data transfers, as well as magnify existing problems. In order to isolate the major impediment to the data transfers in and out of the University of Utah, University staff set up another equivalent test box with a logical bypass of the campus Wide Area Network (WAN) firewall. The test box resides a couple of racks away from the original test box and traverses the same network infrastructure as the original test box. Staff then re-ran similar tests to the same destination points. In direct comparisons, the CHPC measurement box that bypasses the campus firewall produced numbers closer to those expected for a 10Gig/sec circuit. Transfers from CHPC to the Internet2 Houston measurement box produced an average bandwidth of 5.11Gig/sec, while the average bandwidth from Houston back to CHPC is 4.46Gig/sec. Transfers from CHPC to the Internet2 New York measurement device produced an average bandwidth of 4.18Gig/sec while the average bandwidth on the return trip is 4.93Gig/sec. Transfers between CHPC and the Internet2 device in Salt Lake produced close to line rate on the 10Gig circuit. The average bandwidth from CHPC to the Salt Lake device is 8.18Gig/sec while the average bandwidth of the Salt Lake to CHPC transfer is 8.32Gig/sec. The results of these tests conclusively proved that the major impediment to traffic in and out of the University was and is the WAN firewall. See graph detail appendix for several of the graphs of the data transfers to the various sites.
5 Qualification of need to balance performance and protection Many dynamic, opposing tensions continue to exist in balancing performance, security and new research investigations. Enterprise firewalls necessarily have long amortization schedules due to the significant costs and complexity of the devices. Long amortization schedules typically translate into a lag in cutting edge features and performance as time progresses. Technologies for cutting edge research continue to evolve quickly, especially in areas that are network intensive. Performance needs continue to increase rapidly as vendors, staff and researchers identify bottlenecks and remove them. Enterprise firewalls and computer security require full time focus as well as ongoing training and education. Researchers require speed but also desire some protection. Researchers do not want to become security experts. In fact, for them to be experts in their field, they CANNOT become experts in the security field. All of these opposing factors create dynamic tensions which are difficult to solve. Based on the data that staff and faculty of the University have accumulated, the existing campus WAN firewalls are severely impacting the ability to perform various types of research. However, without these firewalls or some alternative security strategies, the various types of research and University intellectual property are at risk. Upgrading these firewalls is a necessary step in enabling certain fields of research to progress in a timely fashion. University of Utah researchers are now moving data sets on the order of several Terabytes daily and weekly. With maximum bandwidth available, moving one Terabyte of data takes 30 hours on a 100Mb/s network, 3hours on a 1Gb/s network and 20min on a 10Gb/s ( Researchers are typically moving the data from a resource where they gathered the data to a resource where they will process the data. While waiting, researchers are not able to move forward on certain aspects of their investigations. Many of the national labs and the networks that support them have agreed that a minimum should exist. As of 2011, that minimum is: "Moving a TeraByte between most large research institutions in the US should only take around 8 hours. This assumes an end-to-end path with a capacity of 1 Gbps or higher, and that only 1/3 of the capacity is used, leaving room for other users traffic." ( With a network infrastructure that compares to most of its peer institutions and some of the national labs in terms of bandwidth and capabilities, this minimum is one that the University of Utah could realistically strive for and obtain. How does the University strive for this goal and still balance the needs of the enterprise for tight security? National science labs and national research/education and government backbones have wrestled with the balance of national security projects and supporting large volumes of specialized science. The approaches have varied. Current approaches involve a mix of very expensive high-end firewalls, dedicated gateway transfer machines and the ideas of "science demilitarized zones (DMZ)". Dedicated gateway machines involve staging of data by researchers from one location to another in order for it to transfer to yet a third location. This process is very time consuming and resource intensive from a researcher perspective. The idea of a "science DMZ"
6 allows a segregation of networks that places those with high performance and other specialized needs outside the firewall from the core enterprise or high security projects. -- (link to Eli Dart's slides: This approach usually utilizes alternative methods of providing dynamic border control lists and routing to mitigate the most egregious of risks. This approach allows full bandwidth and network resources to whole specific network segments and also protection. A leading example of an alternative method is the implementation of Bro at Lawrence Berkeley National Lab (LBNL). Software engineers at LBNL have created an intrusion detection system and instrumented it to make changes at the WAN border in response to attacks. The intrusion detection system is not "in-line" and, therefore, operates in a non-interfering and passive manner. By operating in this "out-of-band" manner, the intrusion detection allows full access to the internet and yet maintains protection from those attacking the networks. The University of Utah could utilize the Bro implementation or choose to leverage hardware/software that it already maintains. With the purchase of additional hardware and software licenses, the University of Utah could leverage the existing commercial product QRadar for its intrusion detection and monitoring. By scripting and building off of this platform, the University could potentially create a similar environment to that of LBNL. For maintaining optimum performance, networks, end-hosts and file systems require tuning. These tuning activities are sometimes not ideal for the populace at large. An example is the configuration of deep buffers on a switch which may increase large transfers but negatively impact many small short transactions. Different security policies are also necessary for specific projects. How does one meet these requirements of research and still support the day to day operations of the enterprise? Again, segmentation along with alternative security mechanisms enables the fast moving fields of research to progress in a timely fashion today and tomorrow. Segmentation with traditional security mechanisms provides the security of the enterprise to meet the compliance requirements of today and tomorrow. Checks and balances - Creating an Active Measurement infrastructure In order to efficiently calibrate the network and maintain a proactive stance towards bandwidth intensive and latency sensitive applications, Active Measurement is necessary. An Active Measurement infrastructure is necessary to provide constant data regarding the network. An Active Measurement infrastructure also enables engineers to proactively diagnose across the local infrastructure and the Active Measurement infrastructure deployed across Internet2, Energy Sciences Network (ES-Net - home of most of the labs), and to peer institutions. The perfsonar package developed by groups in ES-net, Internet2, GEANT, etc. allows entities to deploy a consistent measurement infrastructure that allows the necessary testing and proactive troubleshooting. This infrastructure creates a convenient "checks and
7 balances" setup with the existing network, what vendors claim and what actually is happening on the network, often unbeknown to the engineers. Recommendations/Conclusions: 1. Upgrade campus WAN firewalls as soon as possible The University of Utah has created a Next Generation Firewall project within the UPlanIT Portfolio Management system. -> Infrastructure -> Next Generation Firewall This project is for the 2012 Fiscal Year with a budget request of approximately $200,000. The first portion of the project will investigate different vendor firewalls to determine the best performance and feature set combination. The next generation of firewalls has a large breadth of performance and feature set support. The price points of the vendors vary widely. Full line rate support at 10Gigabit/second with a large firewall feature set comes at a premium. The University will attempt to balance the proper feature set/performance/price for the greatest amount of the constituents. 2. Create and segment a Performance Node/Science Demilitarized Zone (DMZ) similar to the trend happening in the national computational laboratories Several of the large National Labs are collaborating with the Department of Energy and Sciences Network (ES-NET) to create strategic performance nodes/science Demilitarized Zones (DMZs). These Performance Networks/Science DMZs support the large data transfers and unique traffic flows necessary for various research disciplines while still protecting the administrative and compliance needs of the federal government and its collaborators (see Eli Dart's slides: ) This segmentation allows alternative security options in front of the high performance non-classified areas. The University of Utah Center for High Performance Computing (CHPC) and the campus Network Operations Center (NOC) have prototyped the ability to logically segment a network and bypass the firewall for performance purposes. This segment supported a single machine and allowed staff to collect the data necessary to create the graphs shown in the Graph Detail Appendix. For this network segment to be of real use to the University, the basic prototype must include realistic security options and tests. Security MUST go hand in hand with explorations of network performance. The Performance Architecture Testbed project within the Cyberinfrastructure Portfolio of UPlanIT will allow for explorations of network performance, unique network flows and various security options. The project url is: -> Cyberinfrastructure -> Performance Architecture Test Bed
8 This project will require additional details and approval. The project will also require at least $50k-$75k of funding for security proof of concept. In the past year through collaborative efforts, the University of Utah was able to create a simple logical bypass of the firewall for minimal costs. The University accomplished this task by leveraging existing technologies, focused time from various staff, and equipment that was not yet in production. Going forward, the University will need to make an investment in additional labor and some equipment in order to implement very basic security prototypes. These prototypes will help prove the feasibility of various ideas for implementation. 3. Create a goal and plan for the University of Utah to: "Move a TeraByte between the University of Utah and most large research institutions in the US in around 8 hours." The various national labs, national research/education/government backbones and others have created this goal of transfer speeds based on the usage of a standard Gigabit connection. See This goal assumes an end-toend path with a capacity of 1 Gbps or higher, and that only 1/3 of the capacity is used, leaving room for other users traffic. The University of Utah should create a plan with a focused end date that ensures that any Gigabit attached machine should be able to obtain these speeds to remote sites which are capable. For 10Gig capable machines, the University should strive to maintain the same ratio through its network and security infrastructure. This ratio would imply at least 3Gigabit/second on 10Gig capable machines, which in turn, would imply a Terabyte moved within an hour. For reference, the chart at Expectations/Data-Transfer-Rates.pdf shows the bandwidth requirements for various data set sizes and times. Note that the goal is an attempt to balance high performance use and other simultaneous use of the Wide Area Network, as well as the research network connectivity. 4. Implement options in front of "Performance Node/Science DMZ" to give proactive and reactive protection As discussed in recommendation 2, the Security models MUST walk hand-in-hand with the needs of performance and unique traffic flows. Staff from the Center for High Performance Computing, Information Security Office and the campus Network Operations Center will need to collaborate to investigate different security models that match these requirements and then implement the appropriate models. Two examples of potential implementation models are: a) the BRO implementation at LBL ( and b) the modification of University of Utah "autoshun" routines to work with existing QRadar implementation. Both implementation models utilize similar ideas of monitoring, comparing to rules and crafting Access Control Lists or Border Gateway Protocol (BGP) route injections to reject attackers. Both implementations utilize passive optical tap infrastructure which bleed part of the light signal into dedicated analysis boxes. These analysis boxes analyze the data against rule sets and then craft the necessary response. Network flows from the routers also provide information to the analysis boxes. Both implementations would require optical tap
9 infrastructure, server hardware, personnel resources, and scripting. The Bro (or something similar) implementation has no license fees since it is open source. However, the package brings in yet another tool which security personnel would have to learn and maintain. An implementation based on QRadar leverages existing commercial packages that the University owns and operates currently. These commercial packages provide a lot of extra features and commercial support. However, these packages come with steep license fees based on the amount of monitored data and/or number of traffic flows (term has multiple meanings depending on software context). For high performance networks, this licensing scheme may become problematic. The security infrastructure at the University of Utah is currently not adequate to support the existing needs of the University. Part of the infrastructure has reached End of Life status while part of the infrastructure requires significant upgrades in hardware, software and software licenses. The University has a Security Gap Analysis project in the UPlanIT Infrastructure Portfolio to address this situation. Upgrades will require a rough budget of $250,000-$500,000, depending on the scope. These upgrades will be necessary in order to provide any ongoing enterprise security and to provide any security implementation for a performance node/science DMZ. The performance node/science DMZ will leverage the upgraded security infrastructure and potentially share some of the cost. Since security has multiple facets and is evolving constantly, the final implementation model will also leverage other security projects of the University. One example is the DNS Blacklisting Project. This project exists in the UPlanIT Infrastructure Portfolio with detail at the url: -> Infrastructure -> DNS Blacklisting This project will utilize various source feeds from REN-ISAC for known malicious domains and then redirect or disallow DNS requests to these known malicious sites/domains. Another example project is the Firewall Protection Project. This project exists in the UPlanIT Infrastructure Portfolio with detail at the url: -> Infrastructure ->Firewall Protection This project leverages Border Gateway Protocol (BGP) injections and router Access Control Access Lists in order to block malicious traffic. This project allows scripts to automatically install BGP null routes on border routers in order to redirect certain malicious traffic to nowhere. Leveraging the various projects allows better utilization of these investments. The Cyberinfrastructure Portfolio Performance Network Testbed intiative will require a proof of concept security implementation. This proof of concept will leverage time from existing staff and incur up to $50-75,000 in hardware costs. These costs may drop if the University can leverage pre-production server hardware and existing spare router hardware. This proof of concept will allow the validation of the ideas for implementation purposes. This proof of concept will require the temporary repurposing of staff to modify existing scripts to work with this endeavor.
10 5. Create a campus performance initiative with corresponding plans in UPlanIT for segmenting appropriate networks to the Performance Node/Science DMZ Once the network segment and final security implementation is in place, the University Network Operations Center (NOC) will need to work with constituents to plan the migration of identified networks into the Performance Node/Science DMZ. Staff will identify and document tuning requirements for networks, hosts and applications in order to best utilize the network. The Center for High Performance Computing (CHPC) is already attempting to document some of this information as a part of its day to day operations. Groups that require networks to connect to this Performance Node/Science DMZ will need to work closely with the University NOC and Information Security Office (ISO) staff to define the performance requirements/expectations and to define the process for segmenting the appropriate networks. Special care will be necessary to verify that only appropriate networks move into this network segment. Mitigation controls will need to be in place to prevent any undue risk or potential leak of confidential data. 6. Setup and maintain an Active Network Measurement infrastructure that continually validates performance requirements Active Network Measurement is a crucial part of maintaining, monitoring and troubleshooting performance expectations. Active Network Measurement capabilities come in several forms. The University of Utah Center for High Performance Computing (CHPC) has partially funded and partially implemented a local perfsonar ( active measurement infrastructure prototype that collaborates with the national and international perfsonar infrastructure. This infrastructure will need to grow and enhance in order to provide good troubleshooting tools and research data. A full implementation that would provide multiple points within the campus, at the new data center and at strategic points around the state would cost $70k-$100k, depending on how much hardware the project can leverage by collaborators.
11 Graph Detail Appendix Figure GraphDetail.1: Summary graph of average incoming data to CHPC from various locations around the United States, both with a firewall and without a firewall. Figure GraphDetail.2: Transfers between CHPC and Internet2 Salt Lake Point of Presence through University of Utah WAN firewall
12 Figure GraphDetail.3: Transfers between CHPC and Internet2 Salt Lake Point of Presence bypassing University of Utah WAN firewall Figure GraphDetail.4: Transfers between CHPC and Internet2 Los Angeles Point of Presence through University of Utah WAN firewall
13 Figure GraphDetail.5: Transfers between CHPC and Internet2 Los Angeles Point of Presence bypassing University of Utah WAN firewall
14 Figure GraphDetail.6: Transfers between CHPC and Internet2 Houston Point of Presence through University of Utah WAN firewall Figure GraphDetail.7: Transfers between CHPC and Internet2 Houston Point of Presence bypassing University of Utah WAN firewall
15 Figure GraphDetail.8: Transfers between CHPC and Internet2 Washington, D.C. Point of Presence through University of Utah WAN firewall Figure GraphDetail.9: Transfers between CHPC and Internet2 Washington, D.C. Point of Presence bypassing University of Utah WAN firewall
16 Figure GraphDetail.10: Transfers between CHPC and Internet2 New York Point of Presence through University of Utah WAN firewall Figure GraphDetail.11: Transfers between CHPC and Internet2 New York Point of Presence bypassing University of Utah WAN firewall
17 Figure GraphDetail.12: Multiple user/multiple application/multiple flow use of the Campus WAN connection through the firewall
18 Security Zone Appendix The Security Zones diagram shows the architectural discussion of the Security Zones of the University of Utah. This segmentation breaks out large mostly homogenous groups in terms of different security models. Specific security controls should govern the traffic between zones. The Performance Node/Science Demilitarized Zone (DMZ) model has characteristics of zone 2 and zone 4. Some minimal protection is necessary from the raw Internet and the zone will have both servers and some special requirement clients. Some protection is also necessary from this grouping of servers and clients to more secure areas of the University such as Hospital and clinical, administrative services and other mission critical services to the University. Figure SecZone.1: University of Utah Security Zone Diagram
19
20 Architectural Options Appendix The following diagrams show the current Wide Area Network (WAN) firewall replacement and outline various options for creating a Performance Node/Science DMZ. The University can use the various options as discrete options from which to choose or actual architectural phases through which it can morph the network and security alternatives as use becomes greater. Figure ArchOptions.1: Current WAN Firewall Replacement Figure ArchOptions.2 shows a logical bypass of the WAN firewalls utilizing the technology of Multiprotocol Label Switching (MPLS). Various departments would feed logical Virtual Local Area Networks (VLANs) to the campus distribution nodes and the campus would logically take the traffic around the firewalls via MPLS. This technique allows a very minimal cost to segmenting the network. This logical bypass would terminate at a point where optical taps could capture the traffic and feed it back to a security device. Network flows from the terminating router could also feed back to a security device. Scripts on the security device would modify security Access Control Lists (ACLs) or Border Gateway Protocol (BGP) injections on the router.
21 Figure ArchOptions.2: MPLS Firewall Bypass with Alternate Security Figure ArchOption.3 shows a physical distribution node with a logical MPLS firewall bypass. This architectural option shows the physical segmentation of the Performance Node/Science DMZ. The physical segmentation allows departmental groups to bring VLANs physically to a dedicated performance distribution node. This physical node could have different characteristics tuned toward performance or other special protocols than other campus distribution nodes. The egress from this physical node would utilize an aggregate MPLS logical tunnel to bypass the firewall. The alternative security options would be the same as those of Architectural Option 2. Figure ArchOption.3: Performance Node with firewall bypass but same WAN connectivity (includes Alternate
22 Security) Figure ArchOptions.4 shows a completely physical segmentation of the Performance Node/Science DMZ architectural concept. A physical Performance node, Internet Border router and additional connectivity to the Utah Education Network comprise this approach. The physical equipment allows specialized tuning and performance parameters that are unique to the performance and special flow environments. This approach uses the same alternative security options as ArchOptions.2. Though this approach is the most costly, this approach allows the greatest risk mitigation too. This approach physically isolates high performance requirements and/or special protocol requirements from negatively impacting the WAN ingress egress that serves the non-performance based research, academic, hospital and administrative portions of the University. This approach stays within the overall campus network architecture and supports the campus as a whole, but also tailors to the special needs of certain research segments. Figure ArchOptions.4: Performance Node with additional dedicated WAN connectivity (includes Alternate Security)
23
University of Utah backbone is fully redundant with one or more 10Gb/s connecting each distribution node to a redundant core which connects to a
1 * Dave Pershing 2 University of Utah backbone is fully redundant with one or more 10Gb/s connecting each distribution node to a redundant core which connects to a redundant WAN which connects to redundant
More informationCampus Network Design Science DMZ
Campus Network Design Science DMZ Dale Smith Network Startup Resource Center dsmith@nsrc.org The information in this document comes largely from work done by ESnet, the USA Energy Sciences Network see
More informationScience DMZs Understanding their role in high-performance data transfers
Science DMZs Understanding their role in high-performance data transfers Chris Tracy, Network Engineer Eli Dart, Network Engineer ESnet Engineering Group Overview Bulk Data Movement a common task Pieces
More informationLHCONE Site Connections
LHCONE Site Connections Michael O Connor moc@es.net ESnet Network Engineering Asia Tier Center Forum on Networking Daejeon, South Korea September 23, 2015 Outline Introduction ESnet LHCONE Traffic Volumes
More informationNetworking Topology For Your System
This chapter describes the different networking topologies supported for this product, including the advantages and disadvantages of each. Select the one that best meets your needs and your network deployment.
More informationAchieving the Science DMZ
Achieving the Science DMZ Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2012 Baton Rouge, LA January 22, 2012 Outline of the Day Motivation Services Overview Science DMZ
More informationNEN Community REANNZ. Design Statement: NEN Edge Device
TO FROM NEN Community REANNZ DATE June 2010 SUBJECT Design Statement: NEN Edge Device Background This National Education Network (NEN) design statement was developed by REANNZ with input from the relevant
More informationperfsonar Overview Jason Zurawski, ESnet zurawski@es.net Southern Partnerships for Advanced Networking November 3 rd 2015
perfsonar Overview Jason Zurawski, ESnet zurawski@es.net Southern Partnerships for Advanced Networking November 3 rd 2015 This document is a result of work by the perfsonar Project (http://www.perfsonar.net)
More informationAny-to-any switching with aggregation and filtering reduces monitoring costs
Any-to-any switching with aggregation and filtering reduces monitoring costs Summary Physical Layer Switches can filter and forward packet data to one or many monitoring devices. With intuitive graphical
More informationEnhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More informationState of Texas. TEX-AN Next Generation. NNI Plan
State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...
More informationDisaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
More informationMicrosoft s Cloud Networks
Microsoft s Cloud Networks Page 1 Microsoft s Cloud Networks Microsoft s customers depend on fast and reliable connectivity to our cloud services. To ensure superior connectivity, Microsoft combines globally
More informationEMERGING AND ENABLING GLOBAL, NATIONAL, AND REGIONAL NETWORK INFRASTRUCTURE TO SUPPORT RESEARCH & EDUCATION
EMERGING AND ENABLING GLOBAL, NATIONAL, AND REGIONAL NETWORK INFRASTRUCTURE TO SUPPORT RESEARCH & EDUCATION Dave Pokorney CTO, Director of Engineering Florida LambdaRail NOC UCF Research Computing Day
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationDiagnosing the cause of poor application performance
Diagnosing the cause of poor application performance When it comes to troubleshooting application performance issues, there are two steps you can take to make diagnosis easier, faster and more accurate.
More informationA Link Load Balancing Solution for Multi-Homed Networks
A Link Load Balancing Solution for Multi-Homed Networks Overview An increasing number of enterprises are using the Internet for delivering mission-critical content and applications. By maintaining only
More informationSuperAgent and Siebel
SuperAgent and Siebel Executive summary Siebel Systems provides a comprehensive family of multichannel ebusiness applications services, all within a single architecture. The Siebel architecture is an n-tier
More informationIntegration Guide. EMC Data Domain and Silver Peak VXOA 4.4.10 Integration Guide
Integration Guide EMC Data Domain and Silver Peak VXOA 4.4.10 Integration Guide August 2013 Copyright 2013 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate
More informationApplication Performance Testing Basics
Application Performance Testing Basics ABSTRACT Todays the web is playing a critical role in all the business domains such as entertainment, finance, healthcare etc. It is much important to ensure hassle-free
More informationNetwork Management and Monitoring Software
Page 1 of 7 Network Management and Monitoring Software Many products on the market today provide analytical information to those who are responsible for the management of networked systems or what the
More informationDiagnosing the cause of poor application performance
Diagnosing the cause of poor application performance When it comes to troubleshooting application performance issues, there are two steps you can take to make diagnosis easier, faster and more accurate.
More informationTransform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationDescription: Objective: Upon completing this course, the learner will be able to meet these overall objectives:
Course: Building Cisco Service Provider Next-Generation Networks, Part 2 Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,750.00 Learning Credits: 38 Description: The Building Cisco Service Provider
More informationCampus Network Best Practices: Core and Edge Networks
Campus Network Best Practices: Core and Edge Networks Dale Smith University of Oregon/NSRC dsmith@uoregon.edu This document is a result of work by the Network Startup Resource Center (NSRC at http://www.nsrc.org).
More informationMITEL. NetSolutions. Flat Rate MPLS VPN
MITEL NetSolutions Flat Rate MPLS VPN A Comprehensive, Intelligent Network-based Solution Businesses today demand an ever-evolving list of requirements of their networks. From connecting branch locations
More informationA Simulation Study of Effect of MPLS on Latency over a Wide Area Network (WAN)
A Simulation Study of Effect of MPLS on Latency over a Wide Area Network (WAN) Adeyinka A. Adewale, Samuel N. John, and Charles Ndujiuba 1 Department of Electrical and Information Engineering, Covenant
More informationHow To Write A Privacy Policy For Annet Network And Exchange Point (Nnet) Network (Netnet)
Document name: Data and Privacy Policy Implications and Privacy Principles Author(s): James Williams and Dale Finkleson Contributor(s): GNA Technical Group Date: 26 October 2015 Version: 0.9P Data and
More informationSaisei and Intel Maximizing WAN Bandwidth
Intel Network Builders Saisei Solution Brief Intel Xeon Processors Saisei and Intel Maximizing WAN Bandwidth Introduction Despite the increased capacity available on WAN links1, service providers and enterprises
More informationCisco Bandwidth Quality Manager 3.1
Cisco Bandwidth Quality Manager 3.1 Product Overview Providing the required quality of service (QoS) to applications on a wide-area access network consistently and reliably is increasingly becoming a challenge.
More informationFlexibility in Services. Simplicity in Implementation. Lintasarta Managed WAN Optimizer
Lintasarta Managed WAN Optimizer Lintasarta Managed WAN Optimizer services will help enterprises to speed up application and data delivery, in a simple, flexible and convenient solution. Our solution utilizes
More informationImproving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008
Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008 When you buy a broadband Wide Area Network (WAN) you want to put the entire bandwidth capacity to
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationCisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time
Essential Curriculum Computer Networking II Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Chapter 1 Networking in the Enterprise-------------------------------------------------
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationThe rise of the hybrid network model
The rise of the hybrid network model Hybrid networks offer the promise of greater flexibility and capacity, improved application performance and cheaper price points than traditional Wide Area Networks
More informationThis chapter covers the following topics:
This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E
More informationAPPENDIX 8 TO SCHEDULE 3.3
EHIBIT Q to Amendment No. 60 - APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT Q to Amendment No.
More informationHow To Provide Qos Based Routing In The Internet
CHAPTER 2 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 22 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 2.1 INTRODUCTION As the main emphasis of the present research work is on achieving QoS in routing, hence this
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationThe term Virtual Private Networks comes with a simple three-letter acronym VPN
Application Brief Nortel Networks Virtual Private Networking solutions for service providers Service providers addressing the market for Virtual Private Networking (VPN) need solutions that effectively
More informationCampus Network Best Practices: Core and Edge Networks
Campus Network Best Practices: Core and Edge Networks Dale Smith Network Startup Resource Center dsmith@nsrc.org This document is a result of work by the Network Startup Resource Center (NSRC at http://www.nsrc.org).
More informationRedundancy for Corporate Broadband
Redundancy for Corporate Broadband WHITE PAPER December, 2012 Introduction Over the past twenty years, broadband service providers have been using different mediums to deliver their services. From wireless
More informationCisco Wide Area Application Services Software Version 4.1: Consolidate File and Print Servers
Cisco Wide Area Application Services Software Version 4.1: Consolidate File and Print Servers What You Will Learn This document describes how you can use Cisco Wide Area Application Services (WAAS) Software
More informationImproving the Microsoft enterprise. network for public cloud connectivity
Improving the Microsoft enterprise cloud network for public cloud connectivity Page 1 Improving network performance between Microsoft and the public Situation As Microsoft IT located more of its line-ofbusiness
More informationPlanning the transition to IPv6
Planning the transition to IPv6 An Allstream White Paper 1 Table of contents Why transition now? 1 Transition mechanisms 2 Transition phases 2 IPv6 transition challenges 3 Taking advantage of IPv6 benefits
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationAn illustration of a company transforming to complete data security in 15 minutes
Network Security Best Practices: 15 Minutes to Complete Data Protection An illustration of a company transforming to complete data security in 15 minutes Table of Contents Table of Contents... 2 Protecting
More informationDeploying Silver Peak VXOA with EMC Isilon SyncIQ. February 2012. www.silver-peak.com
Deploying Silver Peak VXOA with EMC Isilon SyncIQ February 2012 www.silver-peak.com Table of Contents Table of Contents Overview... 3 Solution Components... 3 EMC Isilon...3 Isilon SyncIQ... 3 Silver Peak
More informationBest Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications
Best Effort gets Better with MPLS Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications A White Paper on Multiprotocol Label Switching October,
More informationEvaluation guide. Vyatta Quick Evaluation Guide
VYATTA, INC. Evaluation guide Vyatta Quick Evaluation Guide A simple step-by-step guide to configuring network services with Vyatta Open Source Networking http://www.vyatta.com Overview...1 Booting Up
More informationWhy an Intelligent WAN Solution is Essential for Mission Critical Networks
Why an Intelligent WAN Solution is Essential for Mission Critical Networks White Paper Series WP100135 Charles Tucker Director of Marketing June 1, 2006 Abstract: Reliable Internet connectivity is now
More informationHuawei esight Brief Product Brochure
Huawei esight Brief Product Brochure esight Integrated Enterprise NMS As the network scales and the number of enterprise network applications continue to grow, so does the number of devices, such as multi-service
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationFirewall Security. Presented by: Daminda Perera
Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network
More informationWhite Paper. Using VLAN s in Network Design. Kevin Colo
White Paper Using VLAN s in Network Design Kevin Colo December, 2012 1. Background To this day, end users still ask if VLANs (Virtual LANs) are a fundamentally secure technique for isolating networks.
More information4 Internet QoS Management
4 Internet QoS Management Rolf Stadler School of Electrical Engineering KTH Royal Institute of Technology stadler@ee.kth.se September 2008 Overview Network Management Performance Mgt QoS Mgt Resource Control
More informationThe Importance of High Customer Experience
SoftLayer Investments Drive Growth and Improved Customer Experience A Neovise Vendor Perspective Report 2010 Neovise, LLC. All Rights Reserved. Executive Summary Hosting and datacenter services provider
More informationEfficient Network Monitoring Access
Abstract Organizations that rely on the reliability, security, and performance of their networks can no longer afford to wait for outages or security breaches to occur before installing test access points.
More informationOpenFlow Based Load Balancing
OpenFlow Based Load Balancing Hardeep Uppal and Dane Brandon University of Washington CSE561: Networking Project Report Abstract: In today s high-traffic internet, it is often desirable to have multiple
More informationMPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud
MPLS WAN Explorer Enterprise Network Management Visibility through the MPLS VPN Cloud Executive Summary Increasing numbers of enterprises are outsourcing their backbone WAN routing to MPLS VPN service
More informationRedefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance
White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,
More informationFRCC NETWORK SERVICES REQUEST FOR PROPOSAL
FRCC NETWORK SERVICES REQUEST FOR PROPOSAL January 2013 TABLE OF CONTENTS A. INTRODUCTION AND INSTRUCTIONS TO VENDORS... 1 A.1 Introduction... 1 A.2 Background Information... 1 A.3 General Conditions...
More informationThe changing face of global data network traffic
The changing face of global data network traffic Around the turn of the 21st century, MPLS very rapidly became the networking protocol of choice for large national and international institutions. This
More informationProvider Managed Network Products
Provider Managed Network Products Service Description and Prices LAST UPDATED: 7 July 2014 VERSION 1 Contents 1 Overview... 3 2 Definitions... 3 3 Managed Network Connection... 4 3.1 Features... 4 3.2
More informationSecurity Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationRadware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International. www.radware.
Radware s Smart IDS Management FireProof and Intrusion Detection Systems Deployment and ROI North America Radware Inc. 575 Corporate Dr. Suite 205 Mahwah, NJ 07430 Tel 888 234 5763 International Radware
More informationAnalysis of IP Network for different Quality of Service
2009 International Symposium on Computing, Communication, and Control (ISCCC 2009) Proc.of CSIT vol.1 (2011) (2011) IACSIT Press, Singapore Analysis of IP Network for different Quality of Service Ajith
More informationArchitecture de Réseaux et Dimensionnement du Trafic
Architecture de Réseaux et Dimensionnement du Trafic Isocore Europe Paris, France Téléphone : 33 (0) 1 72 81 34 09 www.isocore.com Bijan Jabbari, PhD bjabbari@isocore.com Sommaire/Outline Architecture
More informationDemonstrating the high performance and feature richness of the compact MX Series
WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table
More informationVideo Conferencing and Security
Video Conferencing and Security Using the Open Internet and Encryption for Secure Video Communications & Guidelines for Selecting the Right Level of Security for Your Organization 1 Table of Contents 1.
More informationSecure networks are crucial for IT systems and their
ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential
More informationBest Practices for VoIP in the Contact Center Part 2: Important Steps for a Successful Implementation BY LORI BOCKLUND AND BRIAN HINTON
JUNE 2008 Best Practices for VoIP in the Contact Center Part 2: Important Steps for a Successful Implementation BY LORI BOCKLUND AND BRIAN HINTON Voice over Internet Protocol (VoIP) has reached a new level
More informationAPPENDIX 8 TO SCHEDULE 3.3
APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE
More informationNetwork Simulation Traffic, Paths and Impairment
Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating
More informationAPPLICATION NOTE 211 MPLS BASICS AND TESTING NEEDS. Label Switching vs. Traditional Routing
MPLS BASICS AND TESTING NEEDS By Thierno Diallo, Product Specialist Protocol Business Unit The continuing expansion and popularity of the Internet is forcing routers in the core network to support the
More informationProven techniques and best practices for managing infrastructure changes
Proven techniques and best practices for managing infrastructure changes When a business expands an existing facility, adds a new location, incorporates an influx of new users, or upgrades an existing
More informationColt IP VPN Services. 2010 Colt Technology Services Group Limited. All rights reserved.
Colt IP VPN Services 2010 Colt Technology Services Group Limited. All rights reserved. Agenda An introduction to IP VPN Colt IP VPN Hybrid Networking Workforce Mobility Summary 2 Drivers behind IP VPN
More informationSecure Access Complete Visibility
PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE Intrusion Detection Switch TAP Data Recorder VoIP Analyzer Switch Secure Access Complete Visibility Web
More informationCisco NetFlow Generation Appliance (NGA) 3140
Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance
More informationOpen Networking User Group SD-WAN Requirements Demonstration Talari Test Results
Open Networking User Group SD-WAN Requirements Demonstration Talari Test Results May 13, 2015 Talari 550 South Winchester Suite 550 San Jose, CA 95128 www.talari.com Defining the Software Defined WAN The
More informationTRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing
TRUFFLE Broadband Bonding Network Appliance A Frequently Asked Question on Link Bonding vs. Load Balancing 5703 Oberlin Dr Suite 208 San Diego, CA 92121 P:888.842.1231 F: 858.452.1035 info@mushroomnetworks.com
More informationMesh VPN Link Sharing (MVLS) Solutions
XROADS NETWORKS WHITE PAPER Mesh VPN Link Sharing (MVLS) Solutions XROADS NETWORKS - WHITE PAPER Mesh VPN Link Sharing (MVLS) Solutions The purpose of this paper is to provide an understanding of how XRoads
More informationMPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans
MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans Contents Overview 1 1. L2 VPN Padding Verification Test 1 1.1 Objective 1 1.2 Setup 1 1.3 Input Parameters 2 1.4 Methodology 2 1.5
More informationIPv6 Integration in Federal Government: Adopt a Phased Approach for Minimal Disruption and Earlier Benefits
IPv6 Integration in Federal Government: Adopt a Phased Approach for Minimal Disruption and Earlier Benefits Abstract U.S. federal government agencies are required to integrate IPv6 into their network infrastructures,
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationSwiftStack Global Cluster Deployment Guide
OpenStack Swift SwiftStack Global Cluster Deployment Guide Table of Contents Planning Creating Regions Regions Connectivity Requirements Private Connectivity Bandwidth Sizing VPN Connectivity Proxy Read
More informationNetwork Architecture Validated designs utilizing MikroTik in the Data Center
1-855-MIKROTIK Network Architecture Validated designs utilizing MikroTik in the Data Center P R E S E N T E D B Y: K E V I N M Y E R S, N E T W O R K A R C H I T E C T / M A N AG I N G PA R T NER I P A
More informationSite2Site VPN Optimization Solutions
XROADS NETWORKS WHITE PAPER Site2Site VPN Optimization Solutions XROADS NETWORKS - WHITE PAPER Site2Site VPN Optimization Solutions The purpose of this paper is to provide an understanding of how XRoads
More informationSE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane
SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed
More informationIT Sample Duties and Responsibilities Statements BAND B POSITION CONCEPT: JOURNEYWORKER / WORKING SUPERVISOR / LEAD WORKER
BAND B POSITION CONCEPT: JOURNEY / WORKING SUPERVISOR / LEAD Multi-user System Administration Systems & Services Administration Installs, configures, and optimizes operating systems. Installs, tests, and
More informationIVCi s IntelliNet SM Network
IVCi s IntelliNet SM Network Technical White Paper Introduction...2 Overview...2 A True ATM Solution End to End...2 The Power of a Switched Network...2 Data Throughput:...3 Improved Security:...3 Class
More informationTRUFFLE Broadband Bonding Network Appliance BBNA6401. A Frequently Asked Question on. Link Bonding vs. Load Balancing
TRUFFLE Broadband Bonding Network Appliance BBNA6401 A Frequently Asked Question on Link Bonding vs. Load Balancing LBRvsBBNAFeb15_08b 1 Question: What's the difference between a Truffle Broadband Bonding
More informationThe Application Front End Understanding Next-Generation Load Balancing Appliances
White Paper Overview To accelerate download times for end users and provide a high performance, highly secure foundation for Web-enabled content and applications, networking functions need to be streamlined.
More information