Data Transfer Network (TPN)
|
|
- Jocelin Debra Lester
- 3 years ago
- Views:
Transcription
1 The Science DMZ: A Network Design Pa8ern for Data- Intensive Science Jason Zurawski zurawski@es.net Science Engagement Engineer, ESnet Lawrence Berkeley National Laboratory New Mexico Technology in EducaCon (NMTIE) November 19 th, 2014
2 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons Science DMZ Security User Engagement Wrap Up 2 ESnet Science Engagement (engage@es.net) - 11/19/14
3 SC Supports Research at More than 300 Institutions Across the U.S ESnet at a Glance High- speed naconal network, opcmized for DOE science missions: conneccng 40 labs, plants and facilices with >100 networks $32.6M in FY14, 42FTE older than commercial Internet, growing twice as fast $62M ARRA grant for 100G upgrade: Universities DOE laboratories The Office of Science supports: 27,000 Ph.D.s, graduate students, undergraduates, engineers, and technicians 26,000 users of open-access facilities 300 leading academic institutions 17 DOE laboratories transicon to new era of opccal networking world s first 100G network at concnental scale 8 Culture of urgency: 4 awards in past 3 years R&D100 Award in FY13 5 out of 5 for customer sacsfaccon in last review Dedicated staff to support the mission of science 3 ESnet Science Engagement (engage@es.net) - 11/19/14
4 4 ESnet Science Engagement - 11/19/14
5 Network as Infrastructure Instrument US R&E (DREN/Internet2/NLR) CANADA (CANARIE) ASIA-PACIFIC (ASGC/Kreonet2/ TWAREN) RUSSIA AND CHINA (GLORIAD) CANADA (CANARIE) LHCONE FRANCE (OpenTransit) CERN (USLHCNet) ASIA-PACIFIC (KAREN/KREONET2/ NUS-GP/ODN/ REANNZ/SINET/ TRANSPAC/TWAREN) SEATTLE PNNL RUSSIA AND CHINA (GLORIAD) ASIA-PACIFIC (BNP/HEPNET) AUSTRALIA (AARnet) LATIN AMERICA CLARA/CUDI SUNNYVALE ASIA-PACIFIC (ASCC/KAREN/ KREONET2/NUS-GP/ ODN/REANNZ/ SINET/TRANSPAC) LBNL SACRAMENTO SLAC BOISE US R&E (DREN/Internet2/ NASA) US R&E (NASA/NISN/ USDOI) DENVER US R&E (DREN/Internet2/ NISN/NLR) AMES CHICAGO KANSAS CITY FNAL ANL BOSTON BNL NEW YORK PPPL WASHINGTON DC JLAB US R&E (Internet2/ NLR) CERN CANADA (CANARIE) EUROPE (GÉANT/ NORDUNET) ASIA-PACIFIC (SINET) ORNL AUSTRALIA (AARnet) ALBUQUERQUE NASHVILLE EUROPE (GÉANT) ATLANTA LATIN AMERICA (AMPATH/CLARA) LATIN AMERICA (CLARA/CUDI) El PASO HOUSTON US R&E (DREN/Internet2/ NISN) Vision: ScienCfic progress will be completely unconstrained by the physical locacon of instruments, people, computaconal resources, or data. 5 ESnet Science Engagement (engage@es.net) - 11/19/14
6 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons Science DMZ Security User Engagement Wrap Up 6 ESnet Science Engagement (engage@es.net) - 11/19/14
7 Mo8va8on Networks are an essencal part of data- intensive science Connect data sources to data analysis Connect collaborators to each other Enable machine- consumable interfaces to data and analysis resources (e.g. portals), automacon, scale Performance is criccal ExponenCal data growth Constant human factors Data movement and data analysis must keep up EffecCve use of wide area (long- haul) networks by sciencsts has historically been difficult 7 ESnet Science Engagement (engage@es.net) - 11/19/14
8 Tradi8onal Big Science 8 ESnet Science Engagement (engage@es.net) - 11/19/14
9 Big Science Now Comes in Small Packages 9 ESnet Science Engagement (engage@es.net) - 11/19/14
10 Understanding Data Trends 100PB 10PB 1PB Small collaboration scale, e.g. light and neutron sources Medium collaboration scale, e.g. HPC codes A few large collaborations have internal software and networking organizations Data Scale 100TB 10TB Large collaboration scale, e.g. LHC 1TB 100GB 10GB Collaboration Scale 10 ESnet Science Engagement (engage@es.net) - 11/19/14
11 Data Mobility in a Given Time Interval This table available at: 11 ESnet Science Engagement (engage@es.net) - 11/19/14
12 The Central Role of the Network The very structure of modern science assumes science networks exist: high performance, feature rich, global scope What is The Network anyway? The Network is the set of devices and applicacons involved in the use of a remote resource This is not about supercomputer interconnects This is about data flow from experiment to analysis, between facilices, etc. User interfaces for The Network portal, data transfer tool, workflow engine Therefore, servers and applicacons must also be considered What is important? Ordered list: 1. Correctness 2. Consistency 3. Performance 12 ESnet Science Engagement (engage@es.net) - 11/19/14
13 TCP Ubiquitous and Fragile Networks provide conneccvity between hosts how do hosts see the network? From an applicacon s perspeccve, the interface to the other end is a socket CommunicaCon is between applicacons mostly over TCP TCP the fragile workhorse TCP is (for very good reasons) Cmid packet loss is interpreted as congescon Packet loss in conjunccon with latency is a performance killer Like it or not, TCP is used for the vast majority of data transfer applicacons (more than 95% of ESnet traffic is TCP) 13 ESnet Science Engagement (engage@es.net) - 11/19/14
14 A small amount of packet loss makes a huge difference in TCP performance Local (LAN) With loss, high performance beyond metro distances is essentially impossible InternaConal Metro Area Regional ConCnental Measured (TCP Reno) Measured (HTCP) Theoretical (TCP Reno) Measured (no loss) 14 ESnet Science Engagement (engage@es.net) - 11/19/14
15 Working With TCP In Prac8ce Far easier to support TCP than to fix TCP People have been trying to fix TCP for years limited success Like it or not we re stuck with TCP in the general case PragmaCcally speaking, we must accommodate TCP Sufficient bandwidth to avoid congescon Zero packet loss Verifiable infrastructure Networks are complex Must be able to locate problems quickly Small footprint is a huge win small number of devices so that problem isolacon is tractable 15 ESnet Science Engagement (engage@es.net) - 11/19/14
16 PuMng A Solu8on Together EffecCve support for TCP- based data transfer Design for correct, consistent, high- performance operacon Design for ease of troubleshoocng Easy adopcon is criccal Large laboratories and universices have extensive IT deployments DrasCc change is prohibicvely difficult Cybersecurity defensible without compromising performance Borrow ideas from tradiconal network security TradiConal DMZ Separate enclave at network perimeter ( Demilitarized Zone ) Specific locacon for external- facing services Clean separacon from internal network Do the same thing for science Science DMZ 16 ESnet Science Engagement (engage@es.net) - 11/19/14
17 The Science DMZ Superfecta Engagement Partnerships EducaCon & ConsulCng Resources & Knowledgebase Engagement with Network Users Data Transfer Node High performance Configured for data transfer Proper tools Dedicated Systems for Data Transfer Performance TesCng & Measurement perfsonar Enables fault isolacon Verify correct operacon Widely deployed in ESnet and other networks, as well as sites and facilices Network Architecture Science DMZ Dedicated locacon for DTN Proper security Easy to deploy - no need to redesign the whole network 17 ESnet Science Engagement (engage@es.net) - 11/19/14 17 ESnet Science Engagement 2014, (engage@es.net) Energy Sciences - Network 11/19/14
18 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons Science DMZ Security User Engagement Wrap Up 18 ESnet Science Engagement - 11/19/14
19 Abstract or Prototype Deployment Add- on to exiscng network infrastructure All that is required is a port on the border router Small footprint, pre- produccon commitment Easy to experiment with components and technologies DTN prototyping perfsonar tescng Limited scope makes security policy excepcons easy Only allow traffic from partners Add- on to produccon infrastructure lower risk 19 ESnet Science Engagement (engage@es.net) - 11/19/14
20 Science DMZ Design PaPern (Abstract) Border Router perfsonar Enterprise Border Router/Firewall WAN 10G 10GE perfsonar Clean, High-bandwidth WAN path 10GE Site / Campus access to Science DMZ resources Science DMZ Switch/Router 10GE Site / Campus LAN 10GE High performance Data Transfer Node with high-speed storage Per-service security policy control points perfsonar 20 ESnet Science Engagement (engage@es.net) - 11/19/14
21 Local And Wide Area Data Flows Border Router perfsonar Enterprise Border Router/Firewall WAN 10G 10GE perfsonar Clean, High-bandwidth WAN path 10GE Site / Campus access to Science DMZ resources Science DMZ Switch/Router 10GE Site / Campus LAN 10GE High performance Data Transfer Node with high-speed storage Per-service security policy control points perfsonar High Latency WAN Path Low Latency LAN Path 21 ESnet Science Engagement (engage@es.net) - 11/19/14
22 Support For Mul8ple Projects Science DMZ architecture allows mulcple projects to put DTNs in place Modular architecture Centralized locacon for data servers This may or may not work well depending on insctuconal policcs Issues such as physical security can make this a non- starter On the other hand, some shops already have service models in place On balance, this can provide a cost savings it depends Central support for data servers vs. carrying data flows How far do the data flows have to go? 22 ESnet Science Engagement (engage@es.net) - 11/19/14
23 Mul8ple Projects Border Router Enterprise Border Router/Firewall WAN 10G 10GE perfsonar Clean, High-bandwidth WAN path 10GE Site / Campus access to Science DMZ resources Science DMZ Switch/Router 10GE Site / Campus LAN Project A DTN Project B DTN Per-project security policy control points perfsonar Project C DTN 23 ESnet Science Engagement (engage@es.net) - 11/19/14
24 Supercomputer Center Deployment High- performance networking is assumed in this environment Data flows between systems, between systems and storage, wide area, etc. Global filesystem oqen Ces resources together PorCons of this may not run over Ethernet (e.g. IB) ImplicaCons for Data Transfer Nodes Science DMZ may not look like a discrete encty here By the Cme you get through interconneccng all the resources, you end up with most of the network in the Science DMZ This is as it should be the point is appropriate deployment of tools, configuracon, policy control, etc. Office networks can look like an aqerthought, but they aren t Deployed with appropriate security controls Office infrastructure need not be sized for science traffic 24 ESnet Science Engagement (engage@es.net) - 11/19/14
25 Supercomputer Center Border Router Firewall WAN Routed perfsonar Offices perfsonar Virtual Circuit Core Switch/Router Front end switch Front end switch perfsonar Data Transfer Nodes Supercomputer Parallel Filesystem 25 ESnet Science Engagement - 11/19/14
26 Supercomputer Center Data Path Border Router Firewall WAN Routed perfsonar Offices perfsonar Virtual Circuit Core Switch/Router Front end switch Front end switch perfsonar Data Transfer Nodes Supercomputer Parallel Filesystem High Latency WAN Path Low Latency LAN Path High Latency VC Path 26 ESnet Science Engagement - 11/19/14
27 Development Environment One thing that oqen happens is that an early power user of the Science DMZ is the network engineering group that builds it Service prototyping Deployment of test applicacons for other user groups to demonstrate value The produccon Science DMZ is just that produccon Once users are on it, you can t take it down to try something new Stuff that works tends to a8ract workload Take- home message: plan for mul=ple Science DMZs from the beginning at the very least you re going to need one for yourself The Science DMZ model easily accommodates this 27 ESnet Science Engagement (engage@es.net) - 11/19/14
28 Science DMZ Flexible Design PaPern The Science DMZ design pa8ern is highly adaptable to research Deploying a research Science DMZ is straighrorward The basic elements are the same Capable infrastructure designed for the task Test and measurement to verify correct operacon Security policy well- matched to the environment, applicacon set is strictly limited to reduce risk Connect the research DMZ to other resources as appropriate The same ideas apply to supporcng an SDN effort Test/research areas for development TransiCon to produccon as technology matures and need dictates One possible trajectory follows 28 ESnet Science Engagement (engage@es.net) - 11/19/14
29 Science DMZ Separate SDN Connec8on Border Router perfsonar Enterprise Border Router/Firewall WAN High performance routed path Site / Campus access to Science DMZ resources perfsonar SDN Science DMZ Switch/Router SDN SDN Path Production Science DMZ Switch/Router Site / Campus LAN perfsonar Research DTN Per-service security policy control points Science DMZ Connections perfsonar Production DTN 29 ESnet Science Engagement (engage@es.net) - 11/19/14
30 Science DMZ Produc8on SDN Connec8on Border Router perfsonar Enterprise Border Router/Firewall WAN perfsonar Research Science DMZ Switch/Router SDN High performance routed path SDN Path Site / Campus access to Science DMZ resources Production SDN Science DMZ Switch/Router Site / Campus LAN perfsonar Research DTN Per-service security policy control points Science DMZ Connections perfsonar Production DTN 30 ESnet Science Engagement (engage@es.net) - 11/19/14
31 Science DMZ SDN Campus Border Border Router perfsonar Enterprise Border Router/Firewall WAN perfsonar Research Science DMZ Switch/Router High performance multi-service path Site / Campus access to Science DMZ resources Production SDN Science DMZ Switch/Router Site / Campus LAN perfsonar Research DTN Per-service security policy control points Science DMZ Connections perfsonar Production DTN 31 ESnet Science Engagement (engage@es.net) - 11/19/14
32 Common Threads Two common threads exist in all these examples AccommodaCon of TCP Wide area porcon of data transfers traverses purpose- built path High performance devices that don t drop packets Ability to test and verify When problems arise (and they always will), they can be solved if the infrastructure is built correctly Small device count makes it easier to find issues MulCple test and measurement hosts provide mulcple views of the data path perfsonar nodes at the site and in the WAN perfsonar nodes at the remote site 32 ESnet Science Engagement (engage@es.net) - 11/19/14
33 Mul8ple Ingress Flows, Common Egress Hosts will typically send packets at the speed of their interface (1G, 10G, etc.) Instantaneous rate, not average rate If TCP has window available and data to send, host sends uncl there is either no data or no window Hosts moving big data (e.g. DTNs) can send large bursts of back- to- back packets This is true even if the average rate as measured over seconds is slower (e.g. 4Gbps) On microsecond Cme scales, there is oqen congescon Router or switch must queue packets or drop them 10GE 10GE DTN traffic with wire-speed bursts Background traffic or competing bursts 10GE 33 ESnet Science Engagement - 11/19/14
34 Router and Switch Output Queues Interface output queue allows the router or switch to avoid causing packet loss in cases of momentary congescon In network devices, queue depth (or buffer ) is oqen a funccon of cost Cheap, fixed- config LAN switches (especially in the 10G space) have inadequate buffering. Imagine a 10G data center switch as the guilty party Cut- through or low- latency Ethernet switches typically have inadequate buffering (the whole point is to avoid queuing!) Expensive, chassis- based devices are more likely to have deep enough queues Juniper MX and Alcatel- Lucent 7750 used in ESnet backbone Other vendors make such devices as well - details are important Thx to Jim: h8p://people.ucsc.edu/~warner/buffer.html This expense is one driver for the Science DMZ architecture only deploy the expensive features where necessary 34 ESnet Science Engagement (engage@es.net) - 11/19/14
35 Output Queue Drops Common Loca8ons WAN Site Border Router Site Core Switch/Router 10GE 10GE Inbound data path Outbound data path Department Core Switch Department uplink to site core constrained by budget or legacy equipment 1GE 1GE Common locations of output queue drops for traffic outbound toward the WAN Wiring closet switch Common location of output queue drops for traffic inbound from the WAN Cluster data transfer node 10GE 10GE Outbound data path 1GE 1GE 1GE Department cluster switch 1GE 1GE 1GE Workstations 32+ cluster nodes 35 ESnet Science Engagement - 11/19/14
36 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons Science DMZ Security User Engagement Wrap Up 36 ESnet Science Engagement - 11/19/14
37 Performance Monitoring Everything may funccon perfectly when it is deployed Eventually something is going to break Networks and systems are complex Bugs, mistakes, SomeCmes things just break this is why we buy support contracts Must be able to find and fix problems when they occur Must be able to find problems in other networks (your network may be fine, but someone else s problem can impact your users) TCP was intenconally designed to hide all transmission errors from the user: As long as the TCPs concnue to funccon properly and the internet system does not become completely parcconed, no transmission errors will affect the users. (From RFC793, 1981) 37 ESnet Science Engagement (engage@es.net) - 11/19/14
38 SoX Network Failures Hidden Problems Hard failures are well- understood Link down, system crash, soqware crash TradiConal network/system monitoring tools designed to quickly find hard failures Soq failures result in degraded capability ConnecCvity exists Performance impacted Typically something in the path is funcconing, but not well Soq failures are hard to detect with tradiconal methods No obvious single event SomeCmes no indicacon at all of any errors Independent tescng is the only way to reliably find soq failures 38 ESnet Science Engagement - 11/19/14
39 Sample SoX Failures Rebooted router with full route table normal performance Gradual failure of optical line card Gb/s degrading performance repair one month 39 ESnet Science Engagement - 11/19/14
40 Tes8ng Infrastructure perfsonar perfsonar is: A widely- deployed test and measurement infrastructure ESnet, Internet2, US regional networks, internaconal networks Laboratories, supercomputer centers, universices A suite of test and measurement tools A collaboracon that builds and maintains the toolkit By installing perfsonar, a site can leverage over 1100 test servers deployed around the world perfsonar is ideal for finding soq failures Alert to existence of problems Fault isolacon VerificaCon of correct operacon 40 ESnet Science Engagement (engage@es.net) - 11/19/14
41 perfsonar Deployment Footprint 41 ESnet Science Engagement - 11/19/14
42 Lookup Service Directory Search: hpp://stats.es.net/servicesdirectory/ 42 ESnet Science Engagement - 11/19/14
43 perfsonar Dashboard: hpp://ps- dashboard.es.net 43 ESnet Science Engagement - 11/19/14
44 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons Science DMZ Security User Engagement Wrap Up 44 ESnet Science Engagement - 11/19/14
45 Dedicated Systems Data Transfer Node The DTN is dedicated to data transfer Set up specifically for high- performance data movement System internals (BIOS, firmware, interrupts, etc.) Network stack Storage (global filesystem, Fibrechannel, local RAID, etc.) High performance tools No extraneous soqware Limita=on of scope and func=on is powerful No conflicts with configuracon for other tasks Small applicacon set makes cybersecurity easier 45 ESnet Science Engagement - 11/19/14
46 Data Transfer Tools For DTNs Parallelism is important It is oqen easier to achieve a given performance level with four parallel conneccons than one conneccon Several tools offer parallel transfers, including Globus/GridFTP Latency interaccon is criccal Wide area data transfers have much higher latency than LAN transfers Many tools and protocols assume a LAN Workflow integracon is important Key tools: Globus Online, HPN- SSH 46 ESnet Science Engagement (engage@es.net) - 11/19/14
47 Data Transfer Tool Comparison In addicon to the network, using the right data transfer tool is criccal Data transfer test from Berkeley, CA to Argonne, IL (near Chicago). RTT = 53 ms, network capacity = 10Gbps. Tool Throughput scp: 140 Mbps HPN patched scp: 1.2 Gbps qp 1.4 Gbps GridFTP, 4 streams 5.4 Gbps GridFTP, 8 streams 6.6 Gbps Note that to get more than 1 Gbps (125 MB/s) disk to disk requires properly engineered storage (RAID, parallel filesystem, etc.) 47 ESnet Science Engagement (engage@es.net) - 11/19/14
48 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons Science DMZ Security User Engagement Wrap Up 48 ESnet Science Engagement - 11/19/14
49 Science DMZ Security Goal disentangle security policy and enforcement for science flows from security for business systems RaConale Science data traffic is simple from a security perspeccve Narrow applicacon set on Science DMZ Data transfer, data streaming packages No printers, document readers, web browsers, building control systems, financial databases, staff desktops, etc. Security controls that are typically implemented to protect business resources oqen cause performance problems SeparaCon allows each to be opcmized 49 ESnet Science Engagement (engage@es.net) - 11/19/14
50 Performance Is A Core Requirement Core informacon security principles ConfidenCality, Integrity, Availability (CIA) Oqen, CIA and risk micgacon result in poor performance In data- intensive science, performance is an addiconal core mission requirement: CIA à PICA CIA principles are important, but if performance is compromised the science mission fails Not about how much security you have, but how the security is implemented Need a way to appropriately secure systems without performance compromises 50 ESnet Science Engagement (engage@es.net) - 11/19/14
51 Placement Outside the Firewall The Science DMZ resources are placed outside the enterprise firewall for performance reasons The meaning of this is specific Science DMZ traffic does not traverse the firewall data plane Packet filtering is fine just don t do it with a firewall Lots of heartburn over this, especially from the perspeccve of a convenconal firewall manager Lots of organizaconal policy direccves mandacng firewalls Firewalls are designed to protect converged enterprise networks Why would you put criccal assets outside the firewall??? The answer is that firewalls are typically a poor fit for high- performance science applicacons 51 ESnet Science Engagement (engage@es.net) - 11/19/14
52 Firewall Capabili8es and Science Traffic Firewalls have a lot of sophisccacon in an enterprise se}ng ApplicaCon layer protocol analysis (HTTP, POP, MSRPC, etc.) Built- in VPN servers User awareness Data- intensive science flows typically don t match this profile Common case data on filesystem A needs to be on filesystem Z Data transfer tool verifies credencals over an encrypted channel Then open a socket or set of sockets, and send data uncl done (1TB, 10TB, 100TB, ) One workflow can use 10% to 50% or more of a 10G network link Do we have to use a firewall? 52 ESnet Science Engagement (engage@es.net) - 11/19/14
53 Firewalls As Access Lists When you ask a firewall administrator to allow data transfers through the firewall, what do they ask for? IP address of your host IP address of the remote host Port range That looks like an ACL to me! No special config for advanced protocol analysis just address/port Router ACLs are be8er than firewalls at address/port filtering ACL capabilices are typically built into the router Router ACLs typically do not drop traffic permi8ed by policy 53 ESnet Science Engagement (engage@es.net) - 11/19/14
54 Security Without Firewalls Data intensive science traffic interacts poorly with firewalls Does this mean we ignore security? NO! We must protect our systems We just need to find a way to do security that does not prevent us from ge}ng the science done Key point security policies and mechanisms that protect the Science DMZ should be implemented so that they do not compromise performance Traffic permi8ed by policy should not experience performance impact as a result of the applicacon of policy 54 ESnet Science Engagement (engage@es.net) - 11/19/14
55 Firewall Performance Example Observed performance, via perfsonar, through a firewall: Almost 20 Cmes slower through the firewall Observed performance, via perfsonar, bypassing firewall: Huge improvement without the firewall 55 ESnet Science Engagement (engage@es.net) - 11/19/14
56 If Not Firewalls, Then What? Intrusion DetecCon Systems (IDS) One example is Bro h8p://bro- ids.org/ Bro is high- performance and ba8le- tested Bro protects several high- performance naconal assets Bro can be scaled with clustering: h8p:// ids.org/documentacon/cluster.html Other IDS solucons are available also Nerlow and IPFIX can provide intelligence, but not filtering Openflow and SDN Using Openflow to control access to a network- based service seems pre8y obvious This could significantly reduce the a8ack surface for any authenccated network service This would only work if the Openflow device had a robust data plane 56 ESnet Science Engagement (engage@es.net) - 11/19/14
57 If Not Firewalls, Then What? (2) Aggressive access lists More useful with project- specific DTNs If the purpose of the DTN is to exchange data with a small set of remote collaborators, the ACL is pre8y easy to write Large- scale data distribucon servers are hard to handle this way (but then, the firewall ruleset for such a service would be pre8y open too) LimitaCon of the applicacon set One of the reasons to limit the applicacon set in the Science DMZ is to make it easier to protect Keep desktop applicacons off the DTN (and watch for them anyway using logging, nerlow, etc take violacons seriously) This requires collaboracon between people networking, security, systems, and sciencsts 57 ESnet Science Engagement (engage@es.net) - 11/19/14
58 Collabora8on Within The Organiza8on All stakeholders should collaborate on Science DMZ design, policy, and enforcement The security people have to be on board Remember: security people already have policcal cover it s called the firewall If a host gets compromised, the security officer can say they did their due diligence because there was a firewall in place If the deployment of a Science DMZ is going to jeopardize the job of the security officer, expect pushback The Science DMZ is a strategic asset, and should be understood by the strategic thinkers in the organizacon Changes in security models Changes in operaconal models Enhanced ability to compete for funding Increased insctuconal capability greater science output 58 ESnet Science Engagement (engage@es.net) - 11/19/14
59 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons Science DMZ Security User Engagement Wrap Up 59 ESnet Science Engagement - 11/19/14
60 Challenges to Network Adop8on Causes of performance issues are complicated for users. Lack of communicacon and collaboracon between the CIO s office and researchers on campus. Lack of IT expercse within a science collaboracon or experimental facility User s performance expectacons are low ( The network is too slow, I tried it and it didn t work ). Cultural change is hard ( we ve always shipped disks! ). ScienCsts want to do science not IT support The Capability Gap 60 ESnet Science Engagement (engage@es.net) - 11/19/14
61 Requirements Reviews h8p:// requirements/network- requirements- reviews/ The purpose of these reviews is to accurately characterize the near- term, medium- term and long- term network requirements of the science conducted by each program office. The reviews a8empt to bring about a network- centric understanding of the science process used by the researchers and sciencsts, to derive network requirements. We have found this to be an effec=ve method for determining network requirements for ESnet's customer base. 61 ESnet Science Engagement (engage@es.net) - 11/19/14
62 High Energy Physics Biological and Environmental Research Photo courtesy of LBL Photo courtesy of JGI Photo courtesy of NIST Advanced ScienCfic CompuCng Research Basic Energy Science Photo courtesy of LBL Nuclear Physics Fusion Energy Sciences Photo courtesy of SLAC Photo courtesy of PPPL 62 ESnet Science Engagement - 11/19/14
63 How do we know what our scien8sts need? Each Program Office has a dedicated requirements review every three years Two workshops per year, a8endees chosen by science programs Discussion centered on science case studies Instruments and FaciliCes the hardware Process of Science science workflow Collaborators Challenges Network requirements derived from science case studies + discussions Reports contain requirements analysis, case study text, outlook 63 ESnet Science Engagement (engage@es.net) - 11/19/14
64 2013 BER Sample Findings: Environmental Molecular EMSL frequently needs to ship physical copies of media to users when Sciences data sizes exceed a few GB. More often than not, this is due to lack of Laboratory bandwidth or storage resources at the user's home institution. (EMSL)
65 Overview ESnet Overview Science DMZ MoCvaCon and IntroducCon Science DMZ Architecture Network Monitoring Data Transfer Nodes & ApplicaCons On the Topic of Security User Engagement Wrap Up 65 ESnet Science Engagement - 11/19/14
66 Wrapup The Science DMZ design pa8ern provides a flexible model for supporcng high- performance data transfers and workflows Key elements: AccommodaCon of TCP Sufficient bandwidth to avoid congescon Loss- free IP service LocaCon near the site perimeter if possible Test and measurement Dedicated systems Appropriate security Support for advanced capabilices (e.g. SDN) is much easier with a Science DMZ 66 ESnet Science Engagement (engage@es.net) - 11/19/14
67 The Science DMZ in 1 Slide Consists of three key components, all required: FricCon free network path Highly capable network devices (wire- speed, deep queues) Virtual circuit conneccvity opcon Security policy and enforcement specific to science workflows Located at or near site perimeter if possible Dedicated, high- performance Data Transfer Nodes (DTNs) Hardware, operacng system, libraries all opcmized for transfer Includes opcmized data transfer tools such as Globus Online and GridFTP Performance measurement/test node perfsonar Engagement with end users Details at h8p://fasterdata.es.net/science- dmz/ 2013 Wikipedia 67 ESnet Science Engagement (engage@es.net) - 11/19/14
68 Links ESnet fasterdata knowledge base h8p://fasterdata.es.net/ Science DMZ paper h8p:// final.pdf Science DMZ list h8ps://gab.es.net/mailman/liscnfo/sciencedmz perfsonar h8p://fasterdata.es.net/performance- tescng/perfsonar/ h8p:// 68 ESnet Science Engagement - 11/19/14
69 Thanks! Jason Zurawski Science Engagement Engineer, ESnet Lawrence Berkeley National Laboratory New Mexico Technology in EducaCon (NMTIE) November 19 th, 2014
The Science DMZ: A Network Design Pa8ern for Data- Intensive Science
The Science DMZ: A Network Design Pa8ern for Data- Intensive Science Jason Zurawski zurawski@es.net Science Engagement Engineer, ESnet Lawrence Berkeley National Laboratory Southern Partnership in Advanced
More informationCampus Network Design Science DMZ
Campus Network Design Science DMZ Dale Smith Network Startup Resource Center dsmith@nsrc.org The information in this document comes largely from work done by ESnet, the USA Energy Sciences Network see
More informationAchieving the Science DMZ
Achieving the Science DMZ Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2012 Baton Rouge, LA January 22, 2012 Outline of the Day Motivation Services Overview Science DMZ
More informationScience DMZ Security
Science DMZ Security Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2013 Honolulu, HI January 15, 2013 Outline Quick background Firewall issues Non-firewall security options
More informationSoftware Defined Networking for big-data science
Software Defined Networking for big-data science Eric Pouyoul Chin Guok Inder Monga (presenting) SRS presentation November 15 th, Supercomputing 2012 Acknowledgements Many folks at ESnet who helped with
More informationFundamentals of Data Movement Hardware
Fundamentals of Data Movement Hardware Jason Zurawski ESnet Science Engagement engage@es.net CC-NIE PI Workshop April 30 th 2014 With contributions from S. Balasubramanian, G. Bell, E. Dart, M. Hester,
More informationSoftware Defined Networking for big-data science
Software Defined Networking for big-data science Eric Pouyoul Chin Guok Inder Monga (presenting) TERENA Network Architects meeting, Copenhagen November 21 st, 2012 ESnet: World s Leading Science Network
More informationESnet Support for WAN Data Movement
ESnet Support for WAN Data Movement Eli Dart, Network Engineer ESnet Science Engagement Group Joint Facilities User Forum on Data Intensive Computing Oakland, CA June 16, 2014 Outline ESnet overview Support
More informationThe Science DMZ and the CIO: Data Intensive Science and the Enterprise
The Science DMZ and the CIO: Data Intensive Science and the Enterprise Eli Dart & Jason Zurawski ESnet Science Engagement Lawrence Berkeley National Laboratory RMCMOA Workshop @ Westnet Conference Tempe,
More informationThe Science DMZ: A Network Design Pa8ern for Data- Intensive Science
The Science DMZ: A Network Design Pa8ern for Data- Intensive Science Jason Zurawski zurawski@es.net Science Engagement Engineer, ESnet Lawrence Berkeley National Laboratory KINBER Webinar March 4 th 2015
More informationOptimizing Data Management at the Advanced Light Source with a Science DMZ
Optimizing Data Management at the Advanced Light Source with a Science DMZ Eli Dart, Network Engineer ESnet Network Engineering Group GlobusWorld 2013 Argonne, Il April 17, 2013 Outline Science DMZ background
More informationperfsonar Overview Jason Zurawski, ESnet zurawski@es.net Southern Partnerships for Advanced Networking November 3 rd 2015
perfsonar Overview Jason Zurawski, ESnet zurawski@es.net Southern Partnerships for Advanced Networking November 3 rd 2015 This document is a result of work by the perfsonar Project (http://www.perfsonar.net)
More informationThe Science DMZ. Eli Dart, Network Engineer Joe Metzger, Network Engineer ESnet Engineering Group. LHCOPN / LHCONE meeting. Internet2, Washington DC
The Science DMZ Eli Dart, Network Engineer Joe Metzger, Network Engineer ESnet Engineering Group LHCOPN / LHCONE meeting Internet2, Washington DC June 13 2011 Overview Science Needs Data Deluge, new science
More informationThe Science DMZ: Introduction & Architecture
The Science DMZ: Introduction & Architecture Eli Dart, Lauren Rotman, Brian Tierney, Jason Zurawski,, Eric Pouyoul ESnet Science Engagement Operating Innovative Networks (OIN) Berkeley, CA Februrary 27
More informationImproving Scientific Outcomes at the APS with a Science DMZ
Improving Scientific Outcomes at the APS with a Science DMZ Jason Zurawski zurawski@es.net Science Engagement Engineer, ESnet Lawrence Berkeley National Laboratory GlobusWorld 2015 April 15 th, 2015 Outline
More informationScience DMZs Understanding their role in high-performance data transfers
Science DMZs Understanding their role in high-performance data transfers Chris Tracy, Network Engineer Eli Dart, Network Engineer ESnet Engineering Group Overview Bulk Data Movement a common task Pieces
More informationLHCONE Site Connections
LHCONE Site Connections Michael O Connor moc@es.net ESnet Network Engineering Asia Tier Center Forum on Networking Daejeon, South Korea September 23, 2015 Outline Introduction ESnet LHCONE Traffic Volumes
More informationIntroduc)on & Mo)va)on
Introduc)on & Mo)va)on This document is a result of work by the perfsonar Project (hdp://www.perfsonar.net) and is licensed under CC BY- SA 4.0 (hdps://crea)vecommons.org/licenses/by- sa/4.0/). Event Presenter,
More informationIntroduction & Motivation
Introduction & Motivation WACREN Network Monitoring and Measurement Workshop Antoine Delvaux a.delvaux@man.poznan.pl perfsonar developer 30.09.2015 This document is a result of work by the perfsonar Project
More informationSDN for Science Networks
SDN for Science Networks Inder Monga Eric Pouyoul, Chin Guok and Eli Dart Energy Sciences Network, Scientific Networking Division Disclaimer Two Prime Requirements 1. Data Mobility Long latencies (RTT)
More informationEngagement Strategies for Emerging Big Data Collaborations
Engagement Strategies for Emerging Big Data Collaborations Lauren Rotman, lauren@es.net ESnet Science Engagement Group Lead Lawrence Berkeley National Laboratory APAN 39 th Conference Global Collaborations
More informationEVALUATING NETWORK BUFFER SIZE REQUIREMENTS
EVALUATING NETWORK BUFFER SIZE REQUIREMENTS for Very Large Data Transfers Michael Smitasin Lawrence Berkeley National Laboratory (LBNL) Brian Tierney Energy Sciences Network (ESnet) [ 2 ] Example Workflow
More informationGlobus Research Data Management: Endpoint Configuration and Deployment. Steve Tuecke Vas Vasiliadis
Globus Research Data Management: Endpoint Configuration and Deployment Steve Tuecke Vas Vasiliadis Presentations and other useful information available at globusworld.org/tutorial 2 Agenda Globus Connect
More informationperfsonar: End-to-End Network Performance Verification
perfsonar: End-to-End Network Performance Verification Toby Wong Sr. Network Analyst, BCNET Ian Gable Technical Manager, Canada Overview 1. IntroducGons 2. Problem Statement/Example Scenario 3. Why perfsonar?
More informationNUIT Tech Talk: Trends in Research Data Mobility
NUIT Tech Talk: Trends in Research Data Mobility Pascal Paschos NUIT Academic & Research Technologies, Research Computing Services Matt Wilson NUIT Cyberinfrastructure, Telecommunication and Network Services
More informationAddressing research data challenges at the. University of Colorado Boulder
Addressing research data challenges at the University of Colorado Boulder Thomas Hauser Director Research Computing University of Colorado Boulder thomas.hauser@colorado.edu Research Data Challenges Research
More informationEMERGING AND ENABLING GLOBAL, NATIONAL, AND REGIONAL NETWORK INFRASTRUCTURE TO SUPPORT RESEARCH & EDUCATION
EMERGING AND ENABLING GLOBAL, NATIONAL, AND REGIONAL NETWORK INFRASTRUCTURE TO SUPPORT RESEARCH & EDUCATION Dave Pokorney CTO, Director of Engineering Florida LambdaRail NOC UCF Research Computing Day
More informationDeploying distributed network monitoring mesh
Deploying distributed network monitoring mesh for LHC Tier-1 and Tier-2 sites Phil DeMar, Maxim Grigoriev Fermilab Joe Metzger, Brian Tierney ESnet Martin Swany University of Delaware Jeff Boote, Eric
More informationThe Science DMZ: A Network Design Pattern for Data-Intensive Science
The Science DMZ: A Network Design Pattern for Data-Intensive Science Eli Dart Energy Sciences Network Lawrence Berkeley National Laboratory Berkeley, CA 94720 eddart@lbl.gov Mary Hester Energy Sciences
More informationESnet Planning for the LHC T0-T1 Networking. William E. Johnston ESnet Manager and Senior Scientist Lawrence Berkeley National Laboratory
Planning for the LHC T0-T1 Networking William E. Johnston Manager and Senior Scientist Lawrence Berkeley National Laboratory 1 Science Data Network (SDN) core Australia CA*net4 Taiwan (TANet2) Singaren
More informationA Possible Approach for Big Data Access to Support Climate Science
A Possible Approach for Big Data Access to Support Climate Science Mark Foster Hugh LaMaster NASA Ames Research Center ESNet/Internet2 Focused Technical Workshop: Improving Mobility & Management for International
More informationANI Network Testbed Update
ANI Network Testbed Update Brian Tierney, ESnet, Joint Techs, Columbus OH, July, 2010 ANI: Advanced Network Initiative Project Start Date: September, 2009 Funded by ARRA for 3 years Designed, built, and
More informationEnhanced Research Data Management and Publication with Globus
Enhanced Research Data Management and Publication with Globus Vas Vasiliadis Jim Pruyne Presented at OR2015 June 8, 2015 Presentations and other useful information available at globus.org/events/or2015/tutorial
More informationESnet On-demand Secure Circuits and Advance Reservation System (OSCARS)
ESnet On-demand Secure Circuits and Advance Reservation System (OSCARS) Chin Guok Presented by Joe Metzger Energy Sciences Network Lawrence Berkeley National Laboratory Internet2 Spring Member Meeting
More informationTier3 Network Issues. Richard Carlson May 19, 2009 rcarlson@internet2.edu
Tier3 Network Issues Richard Carlson May 19, 2009 rcarlson@internet2.edu Internet2 overview Member organization with a national backbone infrastructure Campus & Regional network members National and International
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationVMWARE WHITE PAPER 1
1 VMWARE WHITE PAPER Introduction This paper outlines the considerations that affect network throughput. The paper examines the applications deployed on top of a virtual infrastructure and discusses the
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationNetwork performance monitoring Insight into perfsonar
Network performance monitoring Insight into perfsonar Szymon Trocha, Poznań Supercomputing and Networking Center E-infrastructure Autumn Workshops, Chisinau, Moldova 9 September 2014 Agenda! Network performance
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationInformation Technology Security Guideline. Network Security Zoning
Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning
More informationThe Science DMZ: A network design pattern for data-intensive science 1
Scientific Programming 22 (2014) 173 185 173 DOI 10.3233/SPR-140382 IOS Press The Science DMZ: A network design pattern for data-intensive science 1 Eli Dart a,,laurenrotman a, Brian Tierney a, Mary Hester
More informationNetwork futures: AARNet4, Science DMZ, SDN
Network futures: AARNet4, Science DMZ, SDN Network futures: AARNet4, Science DMZ, SDN David Wilde David Wilde Network futures: AARNet4, Science DMZ, SDN THETA // QuestNet 12 May 2015 David Wilde Network
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationFirewall Security. Presented by: Daminda Perera
Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network
More informationNetwork Management and Monitoring Software
Page 1 of 7 Network Management and Monitoring Software Many products on the market today provide analytical information to those who are responsible for the management of networked systems or what the
More informationLustre Networking BY PETER J. BRAAM
Lustre Networking BY PETER J. BRAAM A WHITE PAPER FROM CLUSTER FILE SYSTEMS, INC. APRIL 2007 Audience Architects of HPC clusters Abstract This paper provides architects of HPC clusters with information
More informationCampus Research Network Overview
Campus Research Network Overview Chris Griffin Chief Network Architect University of Florida & Florida LambdaRail 5/6/2013 Agenda Research Networking at UF A brief history CRNv2 Florida LambdaRail What
More informationThis document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.
This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks. Copyright 2009 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationBusiness Cases for Brocade Software-Defined Networking Use Cases
Business Cases for Brocade Software-Defined Networking Use Cases Executive Summary Service providers (SP) revenue growth rates have failed to keep pace with their increased traffic growth and related expenses,
More informationSmall Business Server Part 2
Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP director@ciaops.com Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS
More informationSOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS. Jason Kleeh September 27, 2012
SOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS Jason Kleeh September 27, 2012 What if you could Build your next data center optimized for highest demands in flexibility, reliability, and
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationChapter 1 Reading Organizer
Chapter 1 Reading Organizer After completion of this chapter, you should be able to: Describe convergence of data, voice and video in the context of switched networks Describe a switched network in a small
More informationChapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.
Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component
More informationLarge Scale Science, The Science DMZ, SDN/OpenFlow, Security and Cyberinfrastructure Architectures
Large Scale Science, The Science DMZ, SDN/OpenFlow, Security and Cyberinfrastructure Architectures Joe St Sauver, Ph.D. (joe@internet2.edu or joe@uoregon.edu) Internet2 Nationwide Security Programs Manager
More informationTRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing
TRUFFLE Broadband Bonding Network Appliance A Frequently Asked Question on Link Bonding vs. Load Balancing 5703 Oberlin Dr Suite 208 San Diego, CA 92121 P:888.842.1231 F: 858.452.1035 info@mushroomnetworks.com
More informationInternet Services. Amcom. Support & Troubleshooting Guide
Amcom Internet Services This Support and Troubleshooting Guide provides information about your internet service; including setting specifications, testing instructions and common service issues. For further
More informationConfiguring an efficient QoS Map
Configuring an efficient QoS Map This document assumes the reader has experience configuring quality of service (QoS) maps and working with traffic prioritization. Before reading this document, it is advisable
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationDon t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure
Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure Security studies back up this fact: It takes less than 20
More informationData Center SDN. ONF SDN Solutions Showcase Theme Demonstrations SDN SOLUTIONS SHOWCASE
Data Center ONF Solutions Showcase Theme Demonstrations Data Center -Enabled Science- DMZ Demonstration Brocade & Indiana University Adaptive Traffic Forwarding for Large Data Flows Using SciPass 2014
More informationNetwork Monitoring with the perfsonar Dashboard
Network Monitoring with the perfsonar Dashboard Andy Lake Brian Tierney ESnet Advanced Network Technologies Group TIP2013 Honolulu HI January 15, 2013 Overview perfsonar overview Dashboard history and
More informationSOFTWARE DEFINED NETWORKING
SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology
More informationRestorable Logical Topology using Cross-Layer Optimization
פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical
More informationSymantec Enterprise Firewalls. From the Internet Thomas Jerry Scott
Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are
More informationWAN Virtualization Looking beyond Point to Point Circuits
WAN Virtualization Looking beyond Point to Point Circuits Inder Monga Chief Technologist & Area Lead Energy Sciences Network Lawrence Berkeley National Lab Special Symposia on Cloud Computing II. Network
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationChapter 7: Distributed Systems: Warehouse-Scale Computing. Fall 2011 Jussi Kangasharju
Chapter 7: Distributed Systems: Warehouse-Scale Computing Fall 2011 Jussi Kangasharju Chapter Outline Warehouse-scale computing overview Workloads and software infrastructure Failures and repairs Note:
More informationFlexible SDN Transport Networks With Optical Circuit Switching
Flexible SDN Transport Networks With Optical Circuit Switching Multi-Layer, Multi-Vendor, Multi-Domain SDN Transport Optimization SDN AT LIGHT SPEED TM 2015 CALIENT Technologies 1 INTRODUCTION The economic
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationLayer 3 Network + Dedicated Internet Connectivity
Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for
More informationNetwork Performance Issues at the University of Utah. Draft for Review
Network Performance Issues at the University of Utah Overview of Issues: Draft for Review The University of Utah (UoU) is experiencing network performance issues that are severely degrading the abilities
More information100 Gigabit Ethernet is Here!
100 Gigabit Ethernet is Here! Introduction Ethernet technology has come a long way since its humble beginning in 1973 at Xerox PARC. With each subsequent iteration, there has been a lag between time of
More informationCS 91: Cloud Systems & Datacenter Networks Networks Background
CS 91: Cloud Systems & Datacenter Networks Networks Background Walrus / Bucket Agenda Overview of tradibonal network topologies IntroducBon to soeware- defined networks Layering and terminology Topology
More informationFirewall Environments. Name
Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting
More informationEnterprise Smartphone and Mobile Device Management
Enterprise Smartphone and Mobile Device Management Corporate Overview Leadership founded Manha0an Associates (NASDAQ: MANH) Provide wireless and mobility solucons to 1000 global customers Leaders in Smartphone
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationAgenda. Distributed System Structures. Why Distributed Systems? Motivation
Agenda Distributed System Structures CSCI 444/544 Operating Systems Fall 2008 Motivation Network structure Fundamental network services Sockets and ports Client/server model Remote Procedure Call (RPC)
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationSAN Conceptual and Design Basics
TECHNICAL NOTE VMware Infrastructure 3 SAN Conceptual and Design Basics VMware ESX Server can be used in conjunction with a SAN (storage area network), a specialized high speed network that connects computer
More informationExploration of adaptive network transfer for 100 Gbps networks Climate100: Scaling the Earth System Grid to 100Gbps Network
Exploration of adaptive network transfer for 100 Gbps networks Climate100: Scaling the Earth System Grid to 100Gbps Network February 1, 2012 Project period of April 1, 2011 through December 31, 2011 Principal
More informationThe LHC Open Network Environment Kars Ohrenberg DESY Computing Seminar Hamburg, 10.12.2012
The LHC Open Network Environment Kars Ohrenberg DESY Computing Seminar Hamburg, 10.12.2012 LHC Computing Infrastructure > WLCG in brief: 1 Tier-0, 11 Tier-1s, ~ 140 Tier-2s, O(300) Tier-3s worldwide Kars
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationComputer Networking Networks
Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office
More informationIntel DPDK Boosts Server Appliance Performance White Paper
Intel DPDK Boosts Server Appliance Performance Intel DPDK Boosts Server Appliance Performance Introduction As network speeds increase to 40G and above, both in the enterprise and data center, the bottlenecks
More informationMEASURING WORKLOAD PERFORMANCE IS THE INFRASTRUCTURE A PROBLEM?
MEASURING WORKLOAD PERFORMANCE IS THE INFRASTRUCTURE A PROBLEM? Ashutosh Shinde Performance Architect ashutosh_shinde@hotmail.com Validating if the workload generated by the load generating tools is applied
More informationUsing Linux Traffic Control on Virtual Circuits J. Zurawski Internet2 zurawski@internet2.edu February 25 nd 2013
Using Linux Traffic Control on Virtual Circuits J. Zurawski Internet2 zurawski@internet2.edu February 25 nd 2013 1. Abstract Research and Education (R&E) networks have experimented with the concept of
More informationConvergence: The Foundation for Unified Communications
Convergence: The Foundation for Unified Communications Authored by: Anthony Cimorelli, Senior Product Marketing Manager Onofrio Norm Schillaci, Principal Sales Engineer Michelle Soltesz, Director, Marketing
More information10 Gigabit Ethernet: Scaling across LAN, MAN, WAN
Arasan Chip Systems Inc. White Paper 10 Gigabit Ethernet: Scaling across LAN, MAN, WAN By Dennis McCarty March 2011 Overview Ethernet is one of the few protocols that has increased its bandwidth, while
More informationBeyond Monitoring Root-Cause Analysis
WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based
More informationChallenges of Sending Large Files Over Public Internet
Challenges of Sending Large Files Over Public Internet CLICK TO EDIT MASTER TITLE STYLE JONATHAN SOLOMON SENIOR SALES & SYSTEM ENGINEER, ASPERA, INC. CLICK TO EDIT MASTER SUBTITLE STYLE OUTLINE Ø Setting
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationHIGH-SPEED BRIDGE TO CLOUD STORAGE
HIGH-SPEED BRIDGE TO CLOUD STORAGE Addressing throughput bottlenecks with Signiant s SkyDrop 2 The heart of the Internet is a pulsing movement of data circulating among billions of devices worldwide between
More informationEnterprise QoS. Tim Chung Google Corporate Netops Architecture Nanog 49 June 15th, 2010
Enterprise QoS Tim Chung Google Corporate Netops Architecture Nanog 49 June 15th, 2010 Agenda Challenges Solu5ons Opera5ons Best Prac5ces Note: This talk pertains to Google enterprise network only, not
More informationChapter 1 Instructor Version
Name Date Objectives: Instructor Version Explain how multiple networks are used in everyday life. Explain the topologies and devices used in a small to medium-sized business network. Explain the basic
More informationDeploying 10/40G InfiniBand Applications over the WAN
Deploying 10/40G InfiniBand Applications over the WAN Eric Dube (eric@baymicrosystems.com) Senior Product Manager of Systems November 2011 Overview About Bay Founded in 2000 to provide high performance
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More information