How the ersa Problem became the ersa Solu3on. Why a network and network security is impera3ve for ersa s NeCTAR cloud. Paul Bartczak Infrastructure

Transcription

1 How the ersa Problem became the ersa Solu3on. Why a network and network security is impera3ve for ersa s NeCTAR cloud. Paul Bartczak Infrastructure Manager

2 About ersa eresearch SA is a collabora3ve joint venture between the University of Adelaide, Flinders University, and the University of South Australia. eresearch SA is the South Australian provider of high- performance compu3ng, data management and storage, research collabora3on, and visualisa3on services for researchers in SA.

3 Our Infrastructure History Tradi3onal HPC Shop Provided: HPC Storage mostly HPC Custom Hos3ng Services Physical and Virtual User training and support Solu3on Design and Development

4 Our Infrastructure History Hosted by University of Adelaide - ~80% usage ScaVered across various loca3ons Disparate networking capability Network and Security managed by University of Adelaide ITS - Gateway Downstream Firewalls School DIY

5 Project Infrastructure Opportuni3es NeCTAR A federated Research Cloud with virtualised research applica3ons that operate in a secure and shared environment, connected to major instruments RDSI Data storage infrastructure connected to the AREN by a high bandwidth connec.on, funded and constructed under the Super Science Na3onal Research Networks (NRN) Project. Including dedicated high speed connec4ons between major nodes

6 Our New User Base The University of Adelaide Student enrolment ~25,000 Mostly hard science and engineering research

7 Our New User Base University of South Australia Student enrolment ~38,000 More so_ science and social science research

8 Our New User Base Flinders University Student enrolment ~18,000 More so_ science and social science research

9 Ground 0 Tech Team Minions 1 Sys Admin.5 Helpdesk +.5 Other 1 Storage Admin -.5 Other

10 The Problem What infrastructure capability does ~$4.5M of funding buy? Huge Services real estate poten3al Massive network performance problems Mul3tenant / Public avack target NeCTAR ~2990 vcpu Cloud ~5 PB of Storage 2 x 10 Gbps Internet - redundant 2 x 10 Gbps DaShNet Science DMZ - redundant

11 Services Mo3va3on Need to cater for all research prac3ces! Secure high performance Infrastructure Flexible Heterogeneous Infrastructure is key: HPC Cloud VMs and HTC Storage Systems and Tiering Various OS and App Flavors Custom Solu3ons

12 Resource Criteria Staff resources with exper3se in relevant technical areas Cloud Storage Networking High Performance Network Network Security

13 Missing Pieces Data Centre Space & Environmental Network to support Cloud, Big Data movement and storage dependence Last Mile challenges 100Mb Security: Various Self Service Opera3ng Systems Inter twined networks Significant ins3tu3onal exposure

14 The Sit Down Formed working par3es with all Unis re RFP s Cloud and Storage architecture Networking and Security Limited IT resource capacity to support opera3onal aspira3ons

15 Issues and Risks 2 Data Centers required Space & Environmental Bridged networks Locally Public Internet Security Exposure Science DMZ Na3onal network bridge

16 Soul Searching I am sure I have done this before Employ a network consultant to design the network Vendor RFQ?

17 RFQ Reality Big Friendly Giant $ prohibi3ve There has to be a more cost effec3ve way Network your problems and reach out for Help! Dell PowerConnect?

18 Solu3on Proposal

19 Solu3on Review Solu3on Comparison Footprint Performance; N- S vs. N, E, S, W traffic Affordable Scalability 2x 40 Gbps CORE Tradi3onal vs. Next Genera3on Firewall Cost Licensing & Availability (HA) Support and Training

20 Solu3on Decision BFG = Telco and Corporate Kit Dell: Network Hardware suppor3ng CERN Next Genera3on Firewall 40/10 Gbps

21 Force10 Overview

22 SonicWall Overview

23 Resource Ra3onalisa3on Seek Dell Professional Services to finalise the Network Design and installa3on Employ a Networking resource to manage the network and work with the vendor for ops purposes Ensure Network Management can be rela3vely self servicing and no more than.5 FTE

24 Outcomes Secure High Performance Network Ethernet, IB, iscsi, FCoE, FCIP All Service Capability transparently integrated 39.5 Gbps out of 40 LACP Not easy to achieve (NeCTAR) Backbone scaling by 40 Gbps Host connec3vity scaling by 10 Gbps Redundant Data Centre(s) connec3vity = 160 Gbps SABRENet

25 Network Architecture

26 There s More Standalone Research Network for SA u3lising SABRENet Universi3es SAHMRI SA Government Hospitals Any Research Ins3tu3on!

27

28

29 Service Considera3ons Predominantly Self Service Cloud Infrastructure Requiring best support effort and up3me = 8 x 5 Not Commercial IT, but just as important Most usage ac3vity is 24/7-365 Mixture of opera3ng systems, applica3ons - none more secure than the other Intertwined / Nested Networks Data Integrity and Security MaVers auto safeguard ~90%

30 Security Stats

31 Thus Far = Happy Team Ques3ons?