A Possible Approach for Big Data Access to Support Climate Science
|
|
- Elinor Fox
- 8 years ago
- Views:
Transcription
1 A Possible Approach for Big Data Access to Support Climate Science Mark Foster Hugh LaMaster NASA Ames Research Center ESNet/Internet2 Focused Technical Workshop: Improving Mobility & Management for International Climate Science July 15, 2014
2 Workshop Presentation Context This presentation is to facilitate the exchange of ideas related to Big Data access and constraints that can arise: Trusted Internet Exchange Security Bandwidth This presentation does not represent any type of Agency policy, project, or endorsement Diagrams and notes within this presentation are not planned for implementation, they are for discussion within this workshop
3 Summary/Overview NASA Supercomputing NAS and NCCS resources select transfer characteristics existing challenges TIC Trusted Internet Connection goals, motivation (driven by DHS for all federal agencies) what does this mean for current and near term science data xfers? Science DMZ and Data Transfer Nodes friction free xfers for large datasets sit at boundary of inside/outside express for approved traffic, regular path for default static: use/user designations known in advance (proactive) dynamic: traffic types(reactive) an opportunity for dynamic flow management w/ SDN Futures clouds with clear skies internal clusters, external clusters constrained/specific user community vs unrestricted access
4 Computing, Communications Environment Evolving Growing performance of Wide Area Networks (WANs) 10/40/100 Gbps WAN host-to-host performance has exceeded FireWall (FW) appliance performance consistently for last 10 years TIC mandate specifies required elements of border Requires SBU data processing/storage elements to be inside/behind TIC Growing sophistication of security threats Threat environment requires Defense-in-Depth, hardening user hosts and servers; firewall appliances can t protect against all threats OMB mandate to use commercial cloud computing and storage where possible for low/moderate-security data Cloud resources are available over WAN; external cloud use for internal computing increases pressure on LAN/WAN border security elements FedRAMP compliant commercial services brought inside NASA auth boundary still have monitoring/border protection requirements
5 NASA major supercomputing Distributed access: facilities: NAS and NCCS Earth and Space Science datasets from widely distributed sources Results transferred back to widely distributed sites Some data at supercomputing facilities for processing; many sets stored elsewhere NCCS facility at NASA Goddard Space Flight Center: major weather/climate/oceanographic modeling and data assimilation worldwide climate research approx 590 TeraFLOPS computing, 4 PetaBytes of online storage. NAS facility at NASA Ames Research Center: premier NASA supercomputing facility since 1983, focus on simulation for aerospace (CFD) and science (weather, climate, space science/solar dynamics/astrophysics) approx 4 PetaFLOPS computing, 14 PetaBytes of online storage.
6 Climate Related Data Remote Sensing Data Assimilated Datasets (validation data) Model Output Climate Projections Web portals: access to this data provided by tools and distributed systems that hold the data sets. A useful start. Growth in types and sizes presents access challenges.
7 EOSDIS Portal
8 NASA Earth Exchange Portal
9 Science/High Performance Computing Requirements in a Nutshell Science datasets moving over WANs often 10 s to 100 s of TeraBytes Large science flows are typically earth science, astro- and solar physics; these flows are sometimes referred to as elephant flows Network Round Trip Time (RTT) ranges from 1-2 ms (UC Berkeley, Stanford), 8 ms (JPL), 68 ms (NCSA), 200 ms (University of Oslo) Good network performance over large RTT requires end-to-end network and host tuning, zero packet loss, optimizations like Jumbo Frames Consumer and commercially oriented desktop/laptop/handheld device networks and security appliances are engineered for a massive number of tiny to small flows ( mouse flows ) Consumer/commercial switches/appliances often drop packets/have far too small, ill-behaved buffers to work well on elephant flows
10 Example Elephant Flows Top: all traffic (2 days) via NREN => NAS Bottom: same 2-day time, NCSA => NAS 700 Mbps average over 48 hours 5 minute peaks to ~2.4 Gbps Roughly 14 TB dataset in ~32 hours Elephant flow was ~70% of total volume during that 2 day interval Network has necessary headroom to handle these peaks (of roughly 5 Gbps) Application: astrophysics/solar physics
11 NCSA=>NAS 8 hours at Gbps 9000-byte packets NAS=>UCSC About 40 mins at Gbps 1500-byte packets Example Elephant Flows (2)
12 DHS TIC Architecture Requirements SBU data processing/storage elements to be inside/behind TIC All traffic monitored (e.g. via optical splitter) Limited WAN border/tic locations Science external connectivity is unusual to DHS Most civilian Federal agency connectivity looks similar to business IT
13 DHS TIC Architecture Requirements (continued) Ingress and egress data flows of all (TCP/UDP) connections must be routed through the same physical TIC location (Symmetric Routing through TICs). TIC links leading to local client-computer LANs have to be configured such that a stateful firewall appliance or stack (w/ IDS, IPS, web proxy, VPN, etc.) may be inserted in the path Packet capture and retention requirements 24 hour full packet capture at link capacity is requirement access to previous 24 hrs req d Centralized response management Ability of centralized agency directive to block an address (or address range) and have it take effect immediately
14 Enterprise Routing (notional) external peers external peers External Peering Network TIC Boundary TIC-1 TIC-n symmetric ingress/egress Internal Wide Area Network BP BP LAN LAN TIC-n Trusted Internet Connection #n BP Center Border Protection Services (FW, IDS, Content Filter)
15 Science Border/WAN Architectural Goals and Designs DTN Science DMZ Special border DMZ data transfer hosts optimized for WAN performance Many supercomputer/big data centers implement this now Requires close cooperation w/ Security to get both performance and security On-demand path reservation ESnet OSCARS provides VLAN-based reservations today within ESnet Goal: signal end-to-end path from DTN host across LAN, I2, ESnet, transport nets OSCARS connection via NREN provides path across ESnet for augmented access for NEX today Improved ease-of-data-access among partners Integrated Globus access with DTN/Science DMZ; integrate PIV/token authentication Improved data exportation (Who can read data? Who can change it? Reexportation?) Cloud storage architecture and high-speed access: both external commercial and FedRAMP compliant that is inside auth perimeter
16 Reference Science DMZ Architecture Site:
17 A Possible Science DMZ Architecture within the TIC context WAN external partners Science net exchange fabric SciDMZ switch/router IDS IDS External Peering Network perfsonar FW FW TIC Boundary TIC-n Internal Wide Area Network FW science project resources DTN This diagram does not reflect a NASA plan or architecture. It is for discussion purposes only.
18 Science DMZ/Data Transfer Node Operational problems it solves: Inability to control features and defaults that supercomputing vendors support Inability to control end-users environment, both network and host Effort required to coordinate all system configurations and parameters in the supercomputing environment Science DMZ border nodes can be configured for optimal WAN transfers Improved utilization of underlying WAN (E2E Jumbo Frames, big buffers) May also integrate easier external user authentication (Globus, PIV) May also integrate end-to-end reservations; additional security features
19 Desired access among partners Globus Online/GridFTP users would like to use their Globus credentials PIV card users would like to use PIV single-sign-on capability Users would like to allow easier data sharing between supercomputers and other facilities that they use Security issues to be resolved Re-exportation of data Third-party control of sharing of semi-confidential data Trust among Globus user communities Implementation on Science DMZ would allow limited trust of credentials without expanding trust to high-value internal resources Establish coordination via Identity, Credential, and Access Management group (ICAM)
20 On demand path reservation Multiple approaches Software Defined Networking (SDN) with OpenFlow, ESnet OSCARS (assisted setup of VLAN paths), manually provisioned VLANs, policybased routing OSCARS used to support NEX <-> EDC path NASA Ames/CET lab has access to experimental 40/100G capabilities but not yet equipped to provide SDN switching capability at those speeds Possible test partners include CENIC, Internet2, NSF CC-NIE recipients, ESnet Establish how to provision paths without endangering operational traffic Integrate with end-user system (probably Science DMZ server) Enable Science DMZ users to easily establish more optimal path end-to-end
21 MyESnet (/) Existing SDN in the WAN supports OSCARS (/oscars) / es.net-4003 (/oscars/es.net-4003) Login (/user/login/) Register (/user /register/) NASA Earth Exchange es.net-4003 GPN - NASA, VLAN 3025, 200M To OSCARS Circuit Existing static OSCARS VLAN path NAS-NREN-(ESnet VLAN)-EDC NEX data fetch EDC => HEC 200 Mbps, occasionally 650M/1000M Avoids low performance default route, long RTT SDN goal for WAN allow project DTN host-host signaling through multiple domains ESnet OSCARS traffic EDC => NAS 14 TB/2 days 650 Mbps avg RTT 43ms NASA Traffic A to Z Delivered Z to A Delivered ( ( ( 9/1/ to_sacr-cr5_ip-a to_sunn-cr5_ip-a to_denv-cr5_ip-a days 7 days 24 hours Last hour Refresh 19:09 to_sacr-cr5_ip-a FAQ (/help/faq) Site Updates (/help/update) to_kans-cr5_ip-a to_denv-cr5_ip-a sunn-cr5 sacr-cr5 denv-cr5 kans-cr5 10/1/5.3025
22 Possible Futures Clouds, etc. Internal vs External Clusters; clustered Science DMZ DTNs Cluster Federation (identity, authorization, access) among participating organizations Virtualized network services on VM clouds SDX software defined exchange: coordinated access to clusters and distributed storage capabilities
LHCONE Site Connections
LHCONE Site Connections Michael O Connor moc@es.net ESnet Network Engineering Asia Tier Center Forum on Networking Daejeon, South Korea September 23, 2015 Outline Introduction ESnet LHCONE Traffic Volumes
More informationTier3 Network Issues. Richard Carlson May 19, 2009 rcarlson@internet2.edu
Tier3 Network Issues Richard Carlson May 19, 2009 rcarlson@internet2.edu Internet2 overview Member organization with a national backbone infrastructure Campus & Regional network members National and International
More informationAchieving the Science DMZ
Achieving the Science DMZ Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2012 Baton Rouge, LA January 22, 2012 Outline of the Day Motivation Services Overview Science DMZ
More informationCampus Network Design Science DMZ
Campus Network Design Science DMZ Dale Smith Network Startup Resource Center dsmith@nsrc.org The information in this document comes largely from work done by ESnet, the USA Energy Sciences Network see
More informationScience DMZ Security
Science DMZ Security Eli Dart, Network Engineer ESnet Network Engineering Group Joint Techs, Winter 2013 Honolulu, HI January 15, 2013 Outline Quick background Firewall issues Non-firewall security options
More informationScience DMZs Understanding their role in high-performance data transfers
Science DMZs Understanding their role in high-performance data transfers Chris Tracy, Network Engineer Eli Dart, Network Engineer ESnet Engineering Group Overview Bulk Data Movement a common task Pieces
More informationSDN for Science Networks
SDN for Science Networks Inder Monga Eric Pouyoul, Chin Guok and Eli Dart Energy Sciences Network, Scientific Networking Division Disclaimer Two Prime Requirements 1. Data Mobility Long latencies (RTT)
More informationNUIT Tech Talk: Trends in Research Data Mobility
NUIT Tech Talk: Trends in Research Data Mobility Pascal Paschos NUIT Academic & Research Technologies, Research Computing Services Matt Wilson NUIT Cyberinfrastructure, Telecommunication and Network Services
More informationperfsonar Overview Jason Zurawski, ESnet zurawski@es.net Southern Partnerships for Advanced Networking November 3 rd 2015
perfsonar Overview Jason Zurawski, ESnet zurawski@es.net Southern Partnerships for Advanced Networking November 3 rd 2015 This document is a result of work by the perfsonar Project (http://www.perfsonar.net)
More informationOptimizing Data Management at the Advanced Light Source with a Science DMZ
Optimizing Data Management at the Advanced Light Source with a Science DMZ Eli Dart, Network Engineer ESnet Network Engineering Group GlobusWorld 2013 Argonne, Il April 17, 2013 Outline Science DMZ background
More informationSwitchOn Workshop São Paulo October 15-16, 2015
Managing Data Intensive Challenges with a Science DMZ SwitchOn Workshop São Paulo October 15-16, 2015 Julio Ibarra Florida International University Data Intensive Challenges Many Disciplines Need Dedicated
More informationApplication Defined E2E Security for Network Slices. Linda Dunbar (Linda.Dunbar@huawei.com) Diego Lopez (diego.r.lopez@telefonica.
Application Defined E2E Security for Network Slices Linda Dunbar (Linda.Dunbar@huawei.com) Diego Lopez (diego.r.lopez@telefonica.com ) Into the Inter-connected World Internet Mobile Internet Internet of
More informationIP Telephony Management
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
More informationEVALUATING NETWORK BUFFER SIZE REQUIREMENTS
EVALUATING NETWORK BUFFER SIZE REQUIREMENTS for Very Large Data Transfers Michael Smitasin Lawrence Berkeley National Laboratory (LBNL) Brian Tierney Energy Sciences Network (ESnet) [ 2 ] Example Workflow
More informationEMERGING AND ENABLING GLOBAL, NATIONAL, AND REGIONAL NETWORK INFRASTRUCTURE TO SUPPORT RESEARCH & EDUCATION
EMERGING AND ENABLING GLOBAL, NATIONAL, AND REGIONAL NETWORK INFRASTRUCTURE TO SUPPORT RESEARCH & EDUCATION Dave Pokorney CTO, Director of Engineering Florida LambdaRail NOC UCF Research Computing Day
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationTransform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
More informationData Center SDN. ONF SDN Solutions Showcase Theme Demonstrations SDN SOLUTIONS SHOWCASE
Data Center ONF Solutions Showcase Theme Demonstrations Data Center -Enabled Science- DMZ Demonstration Brocade & Indiana University Adaptive Traffic Forwarding for Large Data Flows Using SciPass 2014
More informationAddressing research data challenges at the. University of Colorado Boulder
Addressing research data challenges at the University of Colorado Boulder Thomas Hauser Director Research Computing University of Colorado Boulder thomas.hauser@colorado.edu Research Data Challenges Research
More informationCisco Network Switches Juniper Firewall Clusters
Cisco Network Switches Juniper Firewall Clusters Cisco Network Infrastructure Cisco Network Infrastructure Core Network Consists of 4 Cisco 4506 switches 10 Gig E Fiber Optic Connections between switches
More informationLayer 3 Network + Dedicated Internet Connectivity
Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for
More informationFundamentals of Windows Server 2008 Network and Applications Infrastructure
Fundamentals of Windows Server 2008 Network and Applications Infrastructure MOC6420 About this Course This five-day instructor-led course introduces students to network and applications infrastructure
More informationThe Bomgar Appliance in the Network
The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.
More informationUse of Alternate Path WAN Circuits at Fermilab
Use of Alternate Path WAN Circuits at Fermilab Phil DeMar, Andrey Bobyshev, Matt Crawford, Vyto Grigaliunas Fermilab, PO BOX 500, Batavia, IL 60510, USA demar@fnal.gov Abstract. Fermilab hosts the American
More informationZentera Cloud Federation Network for Hybrid Computing
Zentera Cloud Federation Network for Hybrid Computing The New Era of Hybrid Computing Cloud computing technology, the next computing paradigm after client-server, will shift enterprise IT to a new era
More informationESnet Support for WAN Data Movement
ESnet Support for WAN Data Movement Eli Dart, Network Engineer ESnet Science Engagement Group Joint Facilities User Forum on Data Intensive Computing Oakland, CA June 16, 2014 Outline ESnet overview Support
More informationUsing Linux Traffic Control on Virtual Circuits J. Zurawski Internet2 zurawski@internet2.edu February 25 nd 2013
Using Linux Traffic Control on Virtual Circuits J. Zurawski Internet2 zurawski@internet2.edu February 25 nd 2013 1. Abstract Research and Education (R&E) networks have experimented with the concept of
More informationHow To Orchestrate The Clouddusing Network With Andn
ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -
More informationThe LHC Open Network Environment Kars Ohrenberg DESY Computing Seminar Hamburg, 10.12.2012
The LHC Open Network Environment Kars Ohrenberg DESY Computing Seminar Hamburg, 10.12.2012 LHC Computing Infrastructure > WLCG in brief: 1 Tier-0, 11 Tier-1s, ~ 140 Tier-2s, O(300) Tier-3s worldwide Kars
More informationEnhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More informationHow To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN
How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN Applicable Version: 10.6.2 onwards Overview Virtual host implementation is based on the Destination NAT concept. Virtual
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationHybrid network traffic engineering system (HNTES)
Hybrid network traffic engineering system (HNTES) Zhenzhen Yan, Zhengyang Liu, Chris Tracy, Malathi Veeraraghavan University of Virginia and ESnet Jan 12-13, 2012 mvee@virginia.edu, ctracy@es.net Project
More informationThe New Infrastructure Virtualization Paradigm, What Does it Mean for Campus?
The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus? Jean-Marc Uzé Juniper Networks juze@juniper.net TNC2008, Brugge, May 19 th, 2008 Copyright 2008 Juniper Networks, Inc. www.juniper.net
More informationCampus Network Best Practices: Core and Edge Networks
Campus Network Best Practices: Core and Edge Networks Dale Smith Network Startup Resource Center dsmith@nsrc.org This document is a result of work by the Network Startup Resource Center (NSRC at http://www.nsrc.org).
More informationExperiences with TCP Acceleration Services. Dave Hartzell CSC / NASA Advanced Supercomputing David.hartzell@nasa.gov
Experiences with TCP Acceleration Services Dave Hartzell CSC / NASA Advanced Supercomputing David.hartzell@nasa.gov Goal Understand if Enterprise WAN acceleration products can assist with user file transfers
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationDeltaV System Health Monitoring Networking and Security
DeltaV Distributed Control System White Paper DeltaV System Health Monitoring Networking and Security Introduction Emerson Process Management s DeltaV System Health Monitoring service enables you to proactively
More informationvcloud Air - Virtual Private Cloud OnDemand Networking Guide
vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationVM-Series Firewall Deployment Tech Note PAN-OS 5.0
VM-Series Firewall Deployment Tech Note PAN-OS 5.0 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Supported Topologies... 3 Prerequisites... 4 Licensing... 5
More informationThe Science DMZ: A Network Design Pattern for Data-Intensive Science
The Science DMZ: A Network Design Pattern for Data-Intensive Science Eli Dart Energy Sciences Network Lawrence Berkeley National Laboratory Berkeley, CA 94720 eddart@lbl.gov Mary Hester Energy Sciences
More informationAPPENDIX 8 TO SCHEDULE 3.3
EHIBIT Q to Amendment No. 60 - APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT Q to Amendment No.
More informationThe Science DMZ. Eli Dart, Network Engineer Joe Metzger, Network Engineer ESnet Engineering Group. LHCOPN / LHCONE meeting. Internet2, Washington DC
The Science DMZ Eli Dart, Network Engineer Joe Metzger, Network Engineer ESnet Engineering Group LHCOPN / LHCONE meeting Internet2, Washington DC June 13 2011 Overview Science Needs Data Deluge, new science
More informationHow To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (
UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet
More informationAPPENDIX 8 TO SCHEDULE 3.3
APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE
More informationHow To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On
Transport and Security Specification 15 July 2015 Version: 5.9 Contents Overview 3 Standard network requirements 3 Source and Destination Ports 3 Configuring the Connection Wizard 4 Private Bloomberg Network
More informationInstallation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure
Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure August 2015 Table of Contents 1 Introduction... 3 Purpose... 3 Products... 3
More informationNEN Community REANNZ. Design Statement: NEN Edge Device
TO FROM NEN Community REANNZ DATE June 2010 SUBJECT Design Statement: NEN Edge Device Background This National Education Network (NEN) design statement was developed by REANNZ with input from the relevant
More informationCampus Network Best Practices: Core and Edge Networks
Campus Network Best Practices: Core and Edge Networks Dale Smith University of Oregon/NSRC dsmith@uoregon.edu This document is a result of work by the Network Startup Resource Center (NSRC at http://www.nsrc.org).
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationSecurity Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More informationBest Practices: Pass-Through w/bypass (Bridge Mode)
Best Practices: Pass-Through w/bypass (Bridge Mode) EdgeXOS Deployment Scenario: Bridge Pass-Through This document is designed to provide an example as to how the EdgeXOS appliance is configured based
More informationThinkTel ITSP with Registration Setup Quick Start Guide
January 13 ThinkTel ITSP with Registration Setup Quick Start Guide Author: Zultys Technical Support This configuration guide was created to assist knowledgeable vendors with configuring the Zultys MX Phone
More informationCampus Research Network Overview
Campus Research Network Overview Chris Griffin Chief Network Architect University of Florida & Florida LambdaRail 5/6/2013 Agenda Research Networking at UF A brief history CRNv2 Florida LambdaRail What
More informationThe New Dynamism in Research and Education Networks
a s t r at egy paper fr om The New Dynamism in Research and Education Networks Software-defined networking technology delivers network capacity and flexibility for academic users brocade The New Dynamism
More informationFederal Aviation Administration
Federal Aviation Administration Current Contract Security Capabilities Prepared by: FAA Telecommunications Infrastructure (FTI)-2 Program Office, AJM-3170 Date: October 5, 2015 1 Table of Contents 1.0
More informationMANAGED SHAREPOINT SOLUTIONS
Page 0 2015 SOLUTION BRIEF MANAGED SHAREPOINT SOLUTIONS Private SharePoint 2013 SharePoint 2013 with Office apps NET ACCESS LLC 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationUnderstand Wide Area Networks (WANs)
Understand Wide Area Networks (WANs) Lesson Overview In this lesson, you will review: Dial-up Integrated services digital networks (ISDN) Leased lines Virtual private networks (VPN) Wide area networks
More informationINTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1)
INTERCONNECTING CISCO NETWORK DEVICES PART 1 V2.0 (ICND 1) COURSE OVERVIEW: Interconnecting Cisco Networking Devices, Part 1 (ICND1) v2.0 is a five-day, instructor-led training course that teaches learners
More informationAny-to-any switching with aggregation and filtering reduces monitoring costs
Any-to-any switching with aggregation and filtering reduces monitoring costs Summary Physical Layer Switches can filter and forward packet data to one or many monitoring devices. With intuitive graphical
More informationSILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE
VSPEX IMPLEMENTATION GUIDE SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE Silver Peak Abstract This Implementation Guide describes the deployment of Silver Peak
More informationSR-IOV In High Performance Computing
SR-IOV In High Performance Computing Hoot Thompson & Dan Duffy NASA Goddard Space Flight Center Greenbelt, MD 20771 hoot@ptpnow.com daniel.q.duffy@nasa.gov www.nccs.nasa.gov Focus on the research side
More informationProfessional Services
Professional Services convergence portfolio of services Introduction Today, the mission of the convergence team is to continually evaluate emerging technologies, evolve our skill sets and offerings, and
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationThe Science DMZ: A network design pattern for data-intensive science 1
Scientific Programming 22 (2014) 173 185 173 DOI 10.3233/SPR-140382 IOS Press The Science DMZ: A network design pattern for data-intensive science 1 Eli Dart a,,laurenrotman a, Brian Tierney a, Mary Hester
More informationCisco Certified Security Professional (CCSP)
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Cisco Certified Security Professional (CCSP) Program Summary This instructor- led program with a combination
More informationGlobus Research Data Management: Endpoint Configuration and Deployment. Steve Tuecke Vas Vasiliadis
Globus Research Data Management: Endpoint Configuration and Deployment Steve Tuecke Vas Vasiliadis Presentations and other useful information available at globusworld.org/tutorial 2 Agenda Globus Connect
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationOutline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering
Institute of Computer and Communication Network Engineering Institute of Computer and Communication Network Engineering Communication Networks Software Defined Networking (SDN) Prof. Dr. Admela Jukan Dr.
More informationHow To Switch In Sonicos Enhanced 5.7.7 (Sonicwall) On A 2400Mmi 2400Mm2 (Solarwall Nametra) (Soulwall 2400Mm1) (Network) (
You can read the recommendations in the user, the technical or the installation for SONICWALL SWITCHING NSA 2400MX IN SONICOS ENHANCED 5.7. You'll find the answers to all your questions on the SONICWALL
More informationNext-Generation Networking for Science
Next-Generation Networking for Science ASCAC Presentation March 23, 2011 Program Managers Richard Carlson Thomas Ndousse Presentation
More informationExperiences with Dynamic Circuit Creation in a Regional Network Testbed
This paper was presented as part of the High-Speed Networks 2011 (HSN 2011) Workshop at IEEE INFOCOM 2011 Experiences with Dynamic Circuit Creation in a Regional Network Testbed Pragatheeswaran Angu and
More informationMPLS is the enabling technology for the New Broadband (IP) Public Network
From the MPLS Forum Multi-Protocol Switching (MPLS) An Overview Mario BALI Turin Polytechnic Mario.Baldi@polito.it www.polito.it/~baldi MPLS is the enabling technology for the New Broadband (IP) Public
More informationCloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds
- The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds February 2011 1 Introduction Today's business environment requires organizations
More informationStanford SDN-Based Private Cloud. Johan van Reijendam (jvanreij@stanford.edu) Stanford University
Stanford SDN-Based Private Cloud (jvanreij@stanford.edu) Stanford University Executive Summary The Web and its infrastructure continue to make phenomenal progress, allowing the creation and scaling of
More informationANI Network Testbed Update
ANI Network Testbed Update Brian Tierney, ESnet, Joint Techs, Columbus OH, July, 2010 ANI: Advanced Network Initiative Project Start Date: September, 2009 Funded by ARRA for 3 years Designed, built, and
More informationFundamentals of Data Movement Hardware
Fundamentals of Data Movement Hardware Jason Zurawski ESnet Science Engagement engage@es.net CC-NIE PI Workshop April 30 th 2014 With contributions from S. Balasubramanian, G. Bell, E. Dart, M. Hester,
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationDREAMER and GN4-JRA2 on GTS
GTS Tech+Futures Workshop (Copenhagen) GTS Tech+Futures Workshop (Copenhagen) DREAMER and GN4-JRA2 on GTS CNIT Research Unit of Rome University of Rome Tor Vergata Outline DREAMER (Distributed REsilient
More informationSOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT
BROCADE SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT Rajesh Dhople Brocade Communications Systems, Inc. rdhople@brocade.com 2012 Brocade Communications Systems, Inc. 1 Why can t you do these things
More informationSecuring Local Area Network with OpenFlow
Securing Local Area Network with OpenFlow Master s Thesis Presentation Fahad B. H. Chowdhury Supervisor: Professor Jukka Manner Advisor: Timo Kiravuo Department of Communications and Networking Aalto University
More informationESnet SDN Experiences. Roadmap to Operating SDN-based Networks Workshop July 14-16, 2015 Berkeley, CA C. Guok, B. Mah, I. Monga, E.
ESnet SDN Experiences Roadmap to Operating SDN-based Networks Workshop July 14-16, 2015 Berkeley, CA C. Guok, B. Mah, I. Monga, E. Pouyoul Things We Have Tried Multi-Layer SDN Layer1 / Layer 2 modeling
More informationThe Science DMZ: Introduction & Architecture
The Science DMZ: Introduction & Architecture Eli Dart, Lauren Rotman, Brian Tierney, Jason Zurawski,, Eric Pouyoul ESnet Science Engagement Operating Innovative Networks (OIN) Berkeley, CA Februrary 27
More informationNEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
More informationSDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network
SDN AND SECURITY: Why Take Over the s When You Can Take Over the Network SESSION ID: TECH0R03 Robert M. Hinden Check Point Fellow Check Point Software What are the SDN Security Challenges? Vulnerability
More informationWorkflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015
Workflow Guide Establish Site-to-Site VPN Connection using RSA Keys For Customers with Sophos Firewall Document Date: November 2015 November 2015 Page 1 of 10 Establish Site-to-Site VPN Connection using
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and
More informationNMS300 Network Management System
NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate
More informationSDN Overview. Southern Partnership in Advanced Networking John Hicks, jhicks@internet2.edu November 3, 2015
SDN Overview Southern Partnership in Advanced Networking John Hicks, jhicks@internet2.edu November 3, 2015 Slide material excerpted from presentations at the OIN workshop series and other sources. Acknowledgement
More informationThe Evolution of the Central Office
The Gateway to Learning an All IP Network The Evolution of the Central Office -Where did all the DS-1s go? Presented by: Steven Senne, P.E. APRIL 27-30, 2014 ACE/RUS SCHOOL AND SYMPOSIUM 1 The New Central
More informationCarrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable
Brocade Flow Optimizer Making SDN Consumable Business And IT Are Changing Like Never Before Changes in Application Type, Delivery and Consumption Public/Hybrid Cloud SaaS/PaaS Storage Users/ Machines Device
More information100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)
100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.
More informationConference. Smart Future Networks THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF EVERYTHING
Conference THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF Smart Future Networks www.internet-of-things.no EVERYTHING Patrick Waldemar Vice President Telenor Research and Future
More informationOptimum Business SIP Trunk Set-up Guide
Optimum Business SIP Trunk Set-up Guide For use with IP PBX only. SIPSetup 07.13 FOR USE WITH IP PBX ONLY Important: If your PBX is configured to use a PRI connection, do not use this guide. If you need
More information