Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | irene-wiggins |
View: | 216 times |
Download: | 4 times |
Internet2 Overview: Engagement, Network and Services
Fall 2007 Member Meeting
October 8, 2007
2
Agenda
• Internet2 Overview - Marianne Smith• Internet2 Network Services - Heather Martinson• Middleware and Security - Renee’ Frost
Discipline Communities - Ann Doyle
Cyberinfrastructure Initiatives - Russ Hobby
3
Internet2 Mission and Goals
Internet2 Mission
• Develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow’s Internet.
Internet2 Goals Enable new generation of applications Re-create leading edge R&E network capability Transfer technology and experience to the global
production Internet
4
What We Do……
• We provide our members with an “Advanced Networking Environment” to use for research and education• Internet2 network backbone• Circuit Networks• Network research• HOPI• IPv6, Multicast• End-to-End Performance Initiative• Applications and Services – e.g. Commons and InCommon• Middleware• Security
5
What We Do………
• We provide our members with an environment for partnerships and collaborations in advanced networking:• Among themselves and with faculty and research
peers• With other partners: International, Federal
agencies, K20 School networks, the Quilt• Applications Collaborations: high energy physicists,
arts & humanities, health science, teaching and learning
Internet2 MembershipA Wealth of Diversity
7
Internet2 Partnerships
Internet2 fosters the partnerships and collaboration that spurred the development of the Internet.
• Academia
• Industry
• Government
• International
8
Internet2 Membership
• Affiliate - 46 Members• Non-profit research or education organizations
• Corporate - 60 Members• For-profit companies
• Research and Education Network -30Members• Network infrastructure providers to R & E community
• University – 209 Members• United States institutions of higher education
http://members.internet2.edu/
9
Internet2 Universities209 University Members
http://members.internet2.edu/university/universities.cfm
10
Internet2 Corporate Members• Focused on Realizing the Potential that advanced
Networking, Middleware and Applications hold for Research and Education and Opportunity to Shape the Future of the Global Internet
Broad Range of Industries: - Technology Providers - Content Providers
- Technology Consumers
http://members.internet2.edu/corporate/
11
Internet2 Corporate Partners
12
Internet2 Corporate Sponsors
• Arbor Networks
• Campus Televideo
• Codian, Inc.
• Foundry Networks
• IOCOM
• Polycom Worldwide
• RADVISION
• TANDBERG
• VBrick Systems
13
Internet2 Corporate Members• ADVA Optical Networking• Alcatel-Lucent Technologies• Apparent Networks• Arbinet-thexchange, Inc.• Arootz• Caterpillar, Inc.• Cdigix• Cedar Point Communications• Comcast Cable Communications, Inc.• C-SPAN• CommuniGate Systems• EBSCO Information Services• Education Networks of America, Inc.• EKINOPS• Fujitsu Laboratories of America• Global Crossing• Google• HaiVision Systems, Inc• IntelePeer, Inc.
• Johnson & Johnson• KDDI Corporation• LifeSize Communications• Media Links, Inc.• Napster, LLC• Nippon Telephone and Telegraph (NTT)• Northrop Grumman Information Technology• OCLC Online Computer Library Center• OpVista, Inc.• RIAA• Red Hat, Inc.• Ruckus Network, Inc.• Schlumberger• Soapstone• Steelcase, Inc.• The Thomson Corporation• Verizon Business• Video Furnance, Inc.• Vidyo• Warner Bros.
14
Internet2 Affiliate Members
• Federal labs • Federal agencies• Fine arts institutions•Health care institutions• Performing arts organizations
http://members.internet2.edu/affiliate/affiliates.cfm
15
Internet2 Affiliate Members• Acuta• Altarum• American Distance Education Consortium• Association of Universities for Research in
Astronomy (AURA)• CERN• Charles R. Drew University• Children’s Hospital of Philadelphia• Cleveland Institute of Music• Cleveland Museum of Art• Coalition for Networked Information (CNI)• Department of Veteran Affairs• Desert Research Institute• EDUCAUSE
• ESnet• Healthcare Information and Management
Systems Society (HIMSS)• Howard Hughes Medical Institute• Indiana Higher Education
Telecommunications System (IHETS)• Inter-American Development Bank• Internet Educational Equal Access
Foundation• Jet Propulsion Laboratory• Lawrence Berkeley National Laboratory• The Library of Congress• Los Alamos National Laboratory• Manhattan School of Music
Internet2 Affiliate Members Con’d
• NASA Goddard Space Flight Center• NASA Marshall Space Flight Center• National Archives and Records
Administration• National Institute of Standards and
Technology (NIST)• National Institutes of Health• NOAA – Washington, D.C.• National Science Foundation• New World Symphony• Oak Ridge National Laboratory• OSTN (Open Student Television
Network)• Pacific Northwest National Laboratory• PeachNet• Ruth Lily Health Education Center
• SURA• TOPIX• U.S. Census Bureau• United Nations System of Organizations• United States Antarctic Program• United States Dept. of Commerce
Boulder Labs• United States Holocaust Memorial
Museum• University Corporation for Atmospheric
Research• University of North Carolina General
Administration• University of Texas Medical Branch• The World Bank
16
17
Research and Education Network Members
US-based non-profit organization that has a principal mission to provide network infrastructure and services primarily to the research and education community
18
Internet2 R&E Network Members•3ROX•CENIC•CEN•CIC OmniPoP•CPE•FLR•GPN•Indiana•KanREN•LEARN•LONI•MAGPI•MAX•MCNC•Merit Network
•MOREnet•MREN•NJEDge.Net•Northern Lights•NOX•NYSERNet•Oregon GigaPoP•OSCnet•OneNet•OSHEAN•OneNet•PNWG•PeachNet•SOX•UEN•WiscNet
K20 Initiative
20
K20 Initiative
Brings together Internet2 member institutions and innovators from primary and secondary schools, colleges and universities, libraries, and museums to extend new technologies, applications, middleware, and content to all educational sectors
http://k20.internet2.edu/
21
Lewis and Clark: Then and Now
http://ali.apple.com/lewisandclark/
22
JASON
http://www.jason.org/
23
Digital Learning Commons
http://www.learningcommons.org/
24
NEPTUNE
http://www.neptune.washington.edu/
25
An Asset for the Community
Universities
Researchers
Regional Networks
K-12
Industry
International
An Asset for the Community
Universities
Researchers
Regional Networks
K-12
Industry
International
Internet2 Member Community
27
Strengthening Community:Member Engagement Opportunities
• Join working groups, special interest groups and advisory groups• http://www.internet2.edu/working-groups.html#Advisory
• Find collaborators for discipline and institutional projects and grants
• Foster applications development and faculty outreach
• Be an early adopter of new technologies and tools
28
Strengthening Community:Member Engagement Opportunities
• Advisory Councils• Projects and Initiatives• Working Groups• Collaborative grant efforts • Member Meetings• SIGs and BoFs• Presentations• Program Committee
29
Strengthening Community:Supporting member engagement
• Middleware Architecture Committee for Education (MACE)
• Salsa: Security Advisory Group• K20 Initiative Advisory Committee• Health Sciences Advisory Group• Arts & Humanities Advisory Groups• Working Groups• Special Interest Groups
30
Strengthening Community:Supporting member activities and events
• Provide event planning expertise and resources• Provide speakers• Provide equipment• Provide PR and communications for member
events• Spotlight member organizations and individuals• Provide printed materials and signage
31
Additional Workshops
• Arts & Humanities Performance Workshop• Dynamic Circuit Services • High-Energy Nuclear Physicists
(Large Hadron Collider)• IPv6• Multicast• Network Performance• Real Time Collaboration Tools
(Internet2 Commons)
32
Strengthening Community: Member Accomplishments
• Advanced applications development, broad and deep
• Development and deployment of middleware capabilities, locally and nationally
• Creation and support of national high-performance networks, including next generation optical networks
• Strong partnerships with international networking organizations
• Focused efforts on end-to-end performance, and network and host security
33
Strengthening Community:Internet2 Governance
• Creation of four new Councils that are heterogeneous, defined by operational function and more tightly connected to the membership:
• Architecture and Operations Advisory Council (AOAC)• Applications, Middleware, and Services Advisory Council
(AMSAC)• Research Advisory Council (RAC)• External Relations Advisory Council (ERAC)
34
Strengthening Community:Internet2 Governance
• Each Council has three seats from each of these constituency groups:• CIO Representatives • Regional Network Representative • Researcher Representative • Industry Representative
http://www.internet2.edu/about/governance/
Internet2 Network OverviewHeather Martinson, Sr. Program Manager2007 Fall Member MeetingSan Diego, California
Internet2 Network
Outline• Network Community
• Network Overview
• Services
Slide 36
•Connector – maintains direct connection to Internet2 Network; provide connections and network services to Internet2 members
•Participant – a Member of Internet2 that has entered into an Internet2 Network Participation Agreement
•Sponsored Participant – an individual non-Internet2 member educational institution that is sponsored by one or more Internet2 University Members• Includes K20 schools, museums, libraries, hospitals, zoos; can be
not-for-profit or for-profit within these categories •Sponsored Education Group Participant (SEGP) – an
aggregate of one or more networks serving educational and education-related organizations and state/local government institutions within the same state
Internet2 Network
Network Affiliations
Slide 37
Internet2 Network
Internet2 Communities04/07 Member Community 10/07
209 University Members 209
12 Corporate Partners 12
11 Corporate Sponsors 9
34 Corporate Members 35
46 Affiliate Members 46
19 Regional Network Members 30
54 International MoU Partners (reaching 80+ networks) 56
Network Community
32 Connectors 22
246 Participants 245
153 Sponsored Participants 155
38 Sponsored Education Group Participants 38Slide 38
Internet2 Network
Network Community•New Participants• Thomson Corporation• NIST• Northrop Grumman• Dept. of Veterans Affairs (pending)• Philadelphia Orchestra (pending)
•New Sponsored Participants• Speed Art Museum• Louisville Medical Center Network (LMCnet)• College of Charleston • Fernbank Science Center
Slide 39
Internet2 Network
SEGP – 38 States
Slide 40
Internet2 Network
International Connectivity
Slide 41
http://international.internet2.edu/
- Europe Middle EastAustria (ACOnet)Belgium (BELNET)Croatia (CARNet)Czech Rep. (CESNET)Cyprus (CYNET)Denmark (Forskningsnettet)Estonia (EENet)Finland (Funet)France (Renater)Germany (G-WIN)Greece (GRNET)Hungary (HUNGARNET)Iceland (RHnet)Ireland (HEAnet)Israel (IUCC)Italy (GARR)Latvia (LATNET)Lithuania (LITNET)
-Asia Pacific AmericasArgentina (RETINA)Brazil (RNP2/ANSP)Canada (CA*net)Chile (REUNA)Mexico (Red-CUDI)United States (Abilene)Peru (RAAP)Venezuela (REACCIUN-2)
Last updated: April 2005
M Luxembourg
(RESTENA) alta (Univ. Malta)Netherlands (SURFnet) Norway (UNINETT)Poland (POL34)Portugal (RCTS2)Qatar (Qatar FN)Romania (RoEduNet)Russia (RBnet)Slovakia (SANET)Slovenia (ARNES)Spain (RedIRIS)Sweden (SUNET)Switzerland (SWITCH)United Kingdom (JANET)Turkey (ULAKBYM)*CERN
Australia (AARNET)China (CERNET, CSTNET, NSFCNET)Hong Kong (HARNET)Japan (SINET, WIDE, JGN2)Korea (KOREN, KREONET2)Singapore (SingAREN)Philippines (PREGINET)Taiwan (TANet2, ASNet)Thailand (UNINET, ThaiSARN)
Algeria (CERIST)Egypt (EUN/ENSTIN)Morocco (CNRST)Tunisia (RFR)South Africa (TENET)
Central Asia AfricaArmenia (ARENA)Georgia (GRENA)Kazakhstan (KAZRENA)Tajikistan (TARENA)Uzbekistan (UZSCI)
Internet2 Network
International Connectivity
Slide 42
Internet2 Network
International Connectivity
Slide 43
T640
T640
T640
T640
T640
T640
T640
T640
T640
PacWave: TANet2/TWAREN, AARnet, KOREN/KREONet2, CA*Net4, GEMNET, REANNZ, TransPac2
GLORIAD, France Telecom (v6), TANet2/TWAREN, HARNET, CERNStarLight: KOREN/KREONet2, CA*Net4, ASNet, CERN, JGN2, SINET NGIX-Ames:
AARnet
PacWave: UNINET, SINET, QatarFN, APAN/TransPac2 TANet2/TWAREN, SingAREN
redCLARA, CUDI via CALREN/PacWave
CUDI via UTEP / UT
AMPATH: RNP2, ANSP, REACCIUN-2
GEANTNGIX-East: CLARAAtlWave: FIU
MAN LAN: TANet2/TWAREN, TENET, MCIT/ENERGI, QatarFN, CA*Net4, SURFNet, CERN, GEANT (2), SINET, NetherLight/IEEAF
Internet2 Network
Federal Peering
Slide 44
T640
T640
T640
T640
T640
T640
T640
T640
T640
PacWave: DREN, NREN, ESnet
StarLight: TeraGrid, NREN, DREN, NISN, USGS, ESNet
NGIX-Ames: NREN, DREN, NISN, USGS
DC: DRAGONNGIX-East: DREN, NISN, NREN, USGS, ESNet
New York: ESnet
Internet2 Network
Outline• Network Community
• Network Overview
• Services
Slide 45
• Built on dedicated fiber from Level(3) Communications – 13,000+ mile footprint
• Deployed and configured over 300 Infinera Network Elements• Day 1 capacity of 100Gbps• Built 27 custom collocation suites representing 3,365 sqft of space
including:• 91 Racks - Internet2, ESnet, third-parties• 60 Individual bulk cables with 48 & 96 fiber count
• Internet2 and ESNet NOCs get same, real-time feeds as the Level(3) NOCs in Atlanta & Denver
• Developed the Virtual Network Operations Center – Provisioning and Troubleshooting Dashboard
Internet2 Network
By the Numbers
Slide 46
Internet2 Network
Slide 47
Internet2 Network
Outline
Slide 48
• Network Community
• Network Overview
• Services
Slide 49
Internet2 Network
MAN LAN• Manhattan Landing in New York City
• Partnership with NYSERNet, Indiana University, Internet2 & the IEEAF
• High performance exchange facility for R&E networks• Located at 32 AoA in NYC - easy interconnection to many
national and international carriers and other R&E networks• Peerings with Atlantic Wave international peering fabric
• Peering model is open and bilateral• Cost recovery model - minimal connection charges for
layer 2 facility, none for layer 1 connections
Internet2 Network
Network Services• Best-Effort High-Speed IP Service• Research IP• Commercial Peering Service
• WaveCo Point-to-Point Transport Services• Dynamic Circuit Network• Physical Connection• 1 or 10 Gigabit Ethernet• OC-192 SONET
Slide 50
Internet2 Network
IP Network Services• Carrier class IP service (what is commonly thought of as “Internet2” or
“Abilene” service) • Natively supports IPv4 and IPv6, as well leading edge features of IP including multicast for
both IPv4 and IPv6.
• Carried over a dedicated 10 Gbps backbone wave on the Internet2 Network infrastructure.
• 40Gbps and 100Gbps are potential future enhancements.• Backhaul to the nearest router is included in the IP connection fee. If a
connector would like to go to a different router, they may incur additional fees.
• A connector may obtain, at an additional fee, a geographically diverse connection into the network for redundancy; however, this connection is viewed as a backup and the aggregate traffic flow over the primary and redundant circuit must not exceed that of the primary circuit.
• An additional IP circuit with no such restriction is also available. [Pricing available on request ]
Slide 51
Internet2 Network
Commercial Peering Service• Direct connection between Internet traffic
generators or data aggregators and carriers:• Yahoo, Google, YouTube, etc. - traffic generators• PAIX, Equinix, etc. - point of data
aggregation/exchange• large backbone carriers such as tier one providers
• Settlement-free• neither party pays the other
• voluntary• provides mutual benefit
Slide 52
Internet2 Network
Commercial Peering Service
Slide 53
Join the growing list of CP Service participants
• Members leverage their existing Internet2 Network investments• included in Connectors base network connection
fee at no additional cost• savings from reductions in commodity Internet traffic
costs• enhanced network performance• net neutral connection
Slide 54
Internet2 Network
Commercial Peering Service
• Uses the Internet2 Network• Best in class traffic engineering, filtering, and
performance monitoring• Platform based on Juniper T640 routers
• Supported through the Internet2 Network Operation Center at Indiana University• World class 7 * 24 * 365 operations• Proven record – responsive for over 9 years
Slide 55
Internet2 Network
Commercial Peering Service
Slide 56
Additional peering connections are being evaluated• these will continue to
improve and diversify our commercial network peering structure
Internet2 Network
Commercial Peering Service
If you are a Internet2 Network Connector• Contact the Internet2 NOC• the NOC will step you through the process• establish a second BGP session over a separate vLAN• tune performance• [email protected]• (317)-278-6622
Slide 57
Internet2 Network
Commercial Peering Service
If you are an R&E member institution• Internet2 offers this service to all Internet2 Network
Connectors, who in turn offer it to individual Internet2 R&E member institutions at their discretion• contact your Internet2 Network Connector to discuss your
request • A list of Connectors is available at
www.internet2.edu/renm/member.cfm
• For more info go to www.internet2.edu/network/cp.htmlor send an e-mail to [email protected]
Slide 58
Internet2 Network
Commercial Peering Service
Internet2 Network
Dynamic Circuit Network• The DC (Dynamic Circuit) Network automatically provisions
circuits across the network, among participants in the dynamic networking control plane and protocol
• Supported by connections into the Ciena CoreDirectors• Circuits are created by a control plane in which all DCN
connectors must participate.• Circuits can have any bandwidth across the Internet2
infrastructure from 50Mbps to 10Gbps• Circuit setup on the DCN is subject to blocking based on available
capacity• Circuits are short in duration, no longer than 2 weeks• Circuits are currently not protected• Circuit connections are available to Connectors, members and
peersSlide 59
Internet2 Network
WaveCo Static Circuit Services• Static Circuits refers to circuits that have two fixed endpoints
across the Internet2 circuit infrastructure• Are currently set up manually by the Internet2 NOC• Can have any bandwidth from 50Mbps to a full 10Gbps wave or
multiple 10G waves • Can be provisioned directly over the Infineras (waves) or through
the Cienas (sub-rate circuits)• Circuits can be offered both as protected and unprotected; if
protected, they may be subject to additional fees• Can be ordered for a period of weeks up to years: 30 Day billing
minimum; can be reserved up to one year in advance• Have a fee for service that is based on distance, bandwidth,
duration and protection scheme
Slide 60
Slide 61
For more information:
http://www.internet2.edu/network/
http://i2net.blogspot.com [email protected]
Thank you!
63
Integrated Systems Model
64
65
Middleware Infrastructure
• Focus:• Inter-institutional collaboration• Scalable authenticated/authorized access to
remote resources
• Internet2 role:
• Defining/creating architecture: Shibboleth• Tools to implement: Shibboleth, Grouper, Signet• Infrastructure/Services to scale: InCommon,
USHER
66
Internet2 Middleware:Key Concepts
• Use federated administration as the lever - enterprise brokers most services (authentication, authorization, resource discovery, etc.) in inter-realm interactions
• Develop a consistent directory infrastructure within R&E• Provide security while not degrading privacy• Foster inter-realm trust fabrics: federations and virtual
organizations • Leverage campus expertise and build rough consensus• Influence the marketplace; develop where necessary• Support for heterogeneity and open standards
67
MACE (Middleware Architecture Committee for Education)
• Purpose - to provide advice, create experiments, foster standards, etc.; create working groups
• Membership - Bob Morgan (UW) Chair, Tom Barton (Chicago), Scott Cantor (Ohio State), Steven Carmody (Brown), Michael Gettes (Internet2), Keith Hazelton (Wisconsin), Paul Hill (MIT), Jim Jokl (Virginia), Scotty Logan (Stanford), Mark Poepping (CMU), David Wasley (retired Univ California), Von Welch (Grid)
• International members - Brian Gilmore (Edinburgh), Leif Johansson (Sweden), Diego Lopez (Spain), Rodney McDuff (Australia), Ton Verschuren (Netherlands)
68
National Science Foundation Middleware Initiative (NMI)
• NSF program to support & deploy middleware for R & E• Two types of awards• System Integrators - widely used tools & services
• EDIT – Internet2, EDUCAUSE, SURA• Grids – ISI, Wisconsin, Argonne, Michigan, Indiana
• Other awards - academic pure research components• Issued periodic NMI releases of software, services,
architectures, object classes and best practices • Three rounds of awards – 2001, 2003, and 2007
69
Core Middleware Scope(aka Identity Management functions)
• Identity and Identifiers – namespaces, identifier mappings, real world levels of assurance, etc.
• Authentication – campus technologies and policies, inter-realm interoperability via PKI, Kerberos, etc.
• Directories – enterprise directory services architectures and tools, standard object classes, inter-realm and registry services
• Authorization – permissions and access controls, delegation, privacy management, etc.
• Integration Activities – open management tools, use of virtual, federated and hierarchical organizations, enabling common applications with core middleware
70
Landmark Work
• Consensus standards – eduPerson, eduOrg, eduMember, eduCourse, commObject (H.350)
• Best Practices and Deployment Strategies – LDAP Recipe, Group Management, Metadirectories, Enterprise Directory and Authentication Implementation Roadmaps
• Tools – KX.509, LDAP Analyzer, LOOK
Landmark Work
• Software systems – OpenSAML, Shibboleth, Signet, Grouper
• Outreach – CAMPs, presentations, publications, case studies, Extending the Reach program
• Services – InCommon Federation, USHER (PKI)
73
Federated Identity Model•Leverages enterprise identity for inter-realm purposes • Uses local authentication• Allows variety of authentication options
•Passes agreed upon authentication and attributes (identifiers, affiliations, memberships, entitlements)
•Based on privacy, security, and trust as critical issues
•More scalable
74
What is a Federation?A coalition of collaborating organizations• supporting agreed upon policies• leveraging existing identity and resource
management technologies
to permit fine-grained• privacy control for online individuals and• resource protection for a wide variety of online
services and information.
Offers flexible, largely scalable privacy- preserving Identity Management infrastructure
75
Federation Fundamentals• Members sign a contract to join• Members must still create Business Relationships
with each other• Bilateral relationships can impose additional policy• The Federation does NOT• Collect or assert anything, except the necessary
metadata about member signing keys, etc.• Authenticate end users• Provide services, though it may be associated with
groups or buying clubs
Home
Circle University
Anonymous ID#
Dr. Joe Oval
Psych Prof.
SSN 456.78.910
Circle University
Dr. Joe Oval
Psych Prof.
SSN 456.78.910
AffiliationEPPNGiven/SurNameTitleSSN
Password #1
Circle University
ID # 123-321
Dr. Joe Oval
Psych Prof.
SSN 456.78.910
!
Role of the Federation
1. Agreed upon Attribute Vocabulary & Definitions: EduPerson: Member of, Role, Unique Identifier, …
2. Criteria for IdM practices (user accounts, credentialing, etc.), personal information stewardship, interoperability standards, technologies
3. Digital Certificates
4. Trusted “notary” for all universities and partners
5. and… Metadata
VerifiedBy the
Federation
VerifiedBy the
Federation
VerifiedBy the
Federation
VerifiedBy the
Federation
77
International Research & Education Federations
• Mature in many countries ,including UK, France, Germany, Switzerland, Netherlands, Norway, Sweden, Spain, Denmark, Australia, etc.
• Most are Shibboleth-based; some use other federation products
• Scope is usually higher ed, but some are broader (UK, Spain, Netherlands)
• Use cases range from content access to collaboration support to learning management systems to wireless roaming to. .
InCommon Federation
• US Research & Education Federation, an LLC• Addresses legal, LOA, shared attributes,
business proposition, etc issues• Participants are universities, service providers,
government agencies• Uses range from popular & academic content
access to administrative services to wiki & list control to accessing NIH applications to . .
www.incommonfederation.org
Key aspects of InCommon
• Federation software - Shib v1.3 (open-source, standards-based, privacy-preserving federating software - v2.0 targeted for release this fall)
• Shared attributes & schema - eduPerson based• Lever of authentication• Participant Operational Practices (POP) for LOA today• Bronze and Silver will map to LOA 1 & 2
• Governance/Management• Steering Committee • Operations by Internet2
0
10
20
30
40
50
60
70
2004 Pilot
2005
2006
InCommon Participation Growth
64 Current InCommon Participants
• Higher Education Participants (46)
• Sponsored Participants (17)
• Government and NonProfit Laboratories, Research Centers, and Agencies (1)
82
USHER
U.S. Higher Education Root (USHER)Certificate Authority • A public key infrastructure (PKI) supported
by the higher education community for emerging deployments in research, education, and transactions in higher education that require PKI.
http://www.usherca.org/
83
Public Key Infrastructure (PKI)• Key Pair: Private Key, Public Key• Certificate: Public Key bound to an identity,
with usage criteria and validation mechanisms• Hierarchical chain: Rooted trust• Uses:
1. True Digital Signatures
2. Credentials (Authentication of Individuals)
3. Encryption (Privacy)
4. Authentication of Digital Objects
84
USHER Status
• Internet2 operates the USHER Root CA• Relatively high Level of Assurance (LoA) • Issuing campus Authority Certificates since June 2007
• Subscriber Agreement posted• 9 Expected Practices: CA management
and current policy/practice of campus identity management
85
Recent Middleware Activities• Authentication - Federation Interoperability
InCommon with federal gov’t e-auth federation
InCommon with state & national federations• Authorization – Grouper and Signet• Middleware Diagnostics – EDDY toolkit• PKI, USHER• Collaboration Tools, CO-Manage• Virtual Organization Support• Workflow Support
Collaboration Tools/Platform
• Collaboration = key to academic life, especially for researchers
• Over abundance of new collaboration tools
• Integration of middleware/IAM tools in support of collaboration (enterprise user database, group management, and privilege management)
Collaboration Management
• CO-Manage • Commonly and transparently manage which
identities and attributes can use capabilities of collaboration tools • Can offer delegation, privacy management,
and maybe even diagnostics• Goal – to develop “platform” for handling
identity management aspects of many different collaboration tools
88
Security
Relationship between Middleware and Security
• Middleware = well-defined infrastructure layer
• Security = more like an attitude, not crisply defined, spans all layers
90
Integrated Systems Model
91
Security
• Much of the middleware work, in its identity management and access control areas, is also a large part of the security space
• Security for Internet2 services• Salsa as the point for member engagement• Development of new security capabilities• Short time horizon• Medium time horizon• Long time horizon
92
Federated Identity Management
• Federated identity leverages institutional Identity Management in inter-institutional settings
• By itself, federated identity can provide significant security value – enables flexible LOAs, improves privacy, etc.
• As a new layer of infrastructure, it can be leveraged to provide new security services• Improved guest access usability & accountability• Privilege management for virtual organizations
CAMP Workshop: Bridging Security & Identity Mgmt Tempe, Arizona February 13-15, 2008
93
Security for Internet2 Services
• Internet2 Network – network operational security practices for continuous evaluation and improvement
• Securely providing trust• InCommon Federation• USHER
94
Salsa
• Advisory on issues, priorities, directions
• Charters working groups
• 10-12 members representing R&E expertise, chaired by Mark Poepping, CMU
• Works in collaboration with the EDUCAUSE/Internet2 Security Task Force
• Facilitates member engagement
95
Near-term Initiatives Computer Security Incidents (CSI2)• A development working group, chaired by Chris
Misra, UMass • Working closely with REN-ISAC at Indiana U• Funded in part by Dept of Justice grant• Facilitating secure exchange of real-time security
information; aimed at incident handlers• Augmenting the diminishing value of signature
analyses (due to encrypted attacks) with statistical analyses
96
Near-term Initiatives CSI2 Working Group (cont)
Requirements include:• Taxonomy, syntax & semantics of security events• A protocol for the exchange (IODEF)• Trusted parties for the transmission• Third party facilitation for “ripple effects” and
statistical analyses, working with the REN-ISAC• Policy cover
Outcomes to date:• RENOIR reporting system for sharing information
regarding security incidents within an inter-institutional trust community
• Shared Darknets project - wide aperture analyses
97
Near-term InitiativesDisaster Planning & Recovery
• Explore • contingency planning; • developing & testing recovery plans, policies, &
procedures; • Warm/hot site strengths, weaknesses, potential
pitfalls; • contractual & SLA models and guidance for
• Develop set of best practices & services
Chaired by Don McLeod, Cornell
98
Near-term Initiatives
• DNSSEC - advisory group on adopting DNSSEC; has begun a cross-signing project, to sign at least one of their zones and exchange trust anchors to mutually validate their DNS records.
• NetGuru - a periodic meeting of senior network and security engineers; a forum to engage in discussion of timely topics.
99
Mid-term Security Initiatives
• Netauth – improving the act of network connection• Effective mechanisms• Safely including isolation and remediation
• FWNA – federated wireless network access• Using local authentication and attributes to
connect the roaming user• Intends to tie in with eduroam –
www.eduroam.nl
100
Long-term Security InitiativesReconnections
• Identifying issues in managing advanced academic networks• Workshop October 2005• Report at
http://security.internet2.edu/rtp/docs/internet2-reconnections-proceedings-200603.html/• Follow-up interactions with GENI & other efforts• Engagement with next-generation protocols• Engagement with vendors on silent failures,
integration of identity management, etc.
DISCIPLINE COMMUNITIESAnn Doyle
101
102
High Energy and Nuclear Physics (HENP)
• Physicists are generating Terabytes of data (1,000,000,000,000 or 1x1012) per experiment from the CERN lab in Switzerland
• Types of network usage:• Bulk data transfers• multicast and low-latency/jitter
networks for effective video conferencing
103
NEES – Earthquake Research
• Remote control of computer simulations
• Video is crucial for conferencing and as scientific data
• Types of network usage:• Remote control of resources• Bulk data transfer and distributed
data storage• Video as data
104
VLBI
• Astronomers collect data about a star from earth based antennae.
• End goal is to send data at 1Gb/s from over 20 antennae located around the globe.
Types of network usage:•Long time duration data streaming•Distributed data storage, real-time dynamic retrieval, and distributed processing
105
University of Southern California
•A 180 terabyte multimedia archive of Holocaust testimonies•Currently being accessed by
• University of Southern California• Rice University• Yale University• University of Michigan
Shoah Foundation InstituteFor Visual History and Education
106
Master Classes
Active involvement…• Columbia University• Manhattan School of Music• Cleveland Institute of Music• New World Symphony• Curtis Institute of Music• University of Michigan• Eastman School of Music• University of Oklahoma• Florida State University• Wayne State University• Indiana University• And many others……
Michael Tilson Thomas
Pinchas Zukerman
107
Bradley University: The Adding Machine
(Elmer Rice's 1923 classic play)
•Bradley University•University of Central Florida•University of Waterloo •Multicast DVTS
108
Key Health Science Members
• 112 Academic Medical Colleges (AAMC) and their medical centers• 130 Health Science related colleges
• Public Health, Nursing, Dentistry, Pharmacy • Affiliate Members
• NIH, NSF, NASA, NOAA• Howard Hughes Medical Institute
• Pharmaceutical Companies • Johnson & Johnson, Pfizer, Eli Lilly
• Industry• Cisco, IBM, Microsoft, SUN, Polycom, Haivision
• Partnership with Health Information Management Systems Society (HIMSS)
109
Biotech Data's BIG BANG
It's like Moore's Law on steroids:
The total volume of biological data worldwide,having doubled every 18 months in recent years,is now doubling every half a year to three months.And this isn't a momentary spike, but a long-term trend that may require new ways to measure, analyze and mine biological databases.
Chappell Brown
EE Times (04/25/2005)
110
EACH BRAIN REPRESENTS
A LOTOF DATA
Comparisons must be made across several image sets
Slide courtesy of Arthur Toga (UCLA)
111
Research Team of the Future:Cancer Biomedical Informatics Grid
• Global Cancer Research Community
• Grid deployment to Cancer Centers
• Bioinformatics infrastructure
• Public data sources
Funded by: NCI/NIH http://cabig.nci.nih.gov/
112
Cyberinfrastructure
Russ Hobby, Internet2Internet2 Member Meeting
8 October 2007
Cyberinfrastructure?
• Ask any number of people “What is Cyberinfrastructure?” and you will probably get an equal number of definitions
• We need a common understanding of CI in order to build and operate it.
Cyberinfrastructure Vision at NSF
NSF’S CYBERINFRASTRUCTURE VISION FOR 21ST CENTURY
DISCOVERY
http://www.nsf.gov/od/oci/ci-v7.pdf
The Nature of Research Today
• Discipline groups working on a common project.
• The groups are made of researchers from multiple institutions.
• They use the network in support of Virtual Organizations (VOs)
Example Researcher using CI
Jane is an environmental researcher and is going to find a solution to Global Warming. To do this she needs to collect and store data, do analysis of the data and run some simulation models to test her hypothesis. She will share ideas, data and results with her Discipline Group. Here are her steps in using CI
Control Instruments to Gather Data
Instrumentation ControlResearcher
Control
Security and Access Control
Instrumentation
Security
Control
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
Control
Security
Data Transfer and Storage
Instrumentation
Security
Control
DataGeneration
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
Control
Security
Data SetsStorage
Security
Input
Data Analysis
Instrumentation
Security
Control
DataGeneration
Computation
Analysis
Program
Security
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
ControlProgram
Security
Data SetsStorage
Security
RetrievalInput
Visualization
Instrumentation
Security
Control
DataGeneration
Computation
Analysis
Simulation
Program
Security
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
ControlProgram
ViewingSecurity
Display andVisualization
.
DisplayTools Security
DataInputSearch
Data SetsStorage
Security
RetrievalInput
Simulation and Viewing
Instrumentation
Security
Control
DataGeneration
Computation
Analysis
Simulation
Program
Security
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
ControlProgram
ViewingSecurity
3DImaging
Display andVisualization
.
DisplayTools Security
DataInputSearch
Data SetsStorage
Security
RetrievalInput
Sharing, Collaboration, Publishing and Outreach
Instrumentation
Security
Control
DataGeneration
Computation
Analysis
Simulation
Program
Security
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
ControlProgram
ViewingSecurity
3DImaging
Display andVisualization
.
DisplayTools Security
DataInput
CollabTools Publishing
HumanSupportHelp
Desk
SearchData SetsStorage
Security
RetrievalInput
SchemaMetadata
DataDirectories
Ontologies
Archive
EducationAnd
Outreach
Training
Jane goes after new grant
Instrumentation
Security
Control
DataGeneration
Computation
Analysis
Simulation
Program
Security
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
ControlProgram
ViewingSecurity
3DImaging
Display andVisualization
.
DisplayTools Security
DataInput
CollabTools Publishing
HumanSupportHelp
Desk
Policy andFunding
ResourceProviders
FundingAgencies
Campuses
SearchData SetsStorage
Security
RetrievalInput
SchemaMetadata
DataDirectories
Ontologies
Archive
EducationAnd
Outreach
Training
Cyberinfrastructure Functions and Resources
Instrumentation
Security
Control
DataGeneration
Computation
Analysis
Simulation
Program
Security
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
ControlProgram
ViewingSecurity
3DImaging
Display andVisualization
.
DisplayTools Security
DataInput
CollabTools Publishing
HumanSupportHelp
Desk
Policy andFunding
ResourceProviders
FundingAgencies
Campuses
SearchData SetsStorage
Security
RetrievalInput
SchemaMetadata
DataDirectories
Ontologies
Archive
EducationAnd
Outreach
Training
The Network is the Backplane for the Distributed CI Computer
Instrumentation
Security
Control
DataGeneration
Computation
Analysis
Simulation
Program
Security
ManagementSecurity and
Access
AuthenticationAccessControl
Authorization
Researcher
ControlProgram
ViewingSecurity
3DImaging
Display andVisualization
.
DisplayTools Security
DataInput
CollabTools Publishing
HumanSupportHelp
Desk
Policy andFunding
ResourceProviders
FundingAgencies
Campuses
SearchData SetsStorage
Security
RetrievalInput
SchemaMetadata
DataDirectories
Ontologies
Archive
EducationAnd
Outreach
Network
Training
GridOrgs
National
RegionalInternational
SupercomputerSites
ComputationStorage
SoftwareDevelopment
DisciplineSupport
CampusIT Security
ID Mang
NetworkData
Center
Researchers
StaffGrad
Students
Faculty
NetworkProviders
National
RegionalInternational
Security/Access
Coordinators
National
RegionalInternational
Cyberinfrastructure Players
CollectionsOrganizations
DisciplineGroups
PublishersLibraries Policy/Leadership/
Funding
FederalAgencies
EducationalOrganizationsOGF
Medicine
DisciplineGroups
BiologicalScience.
PhysicalScience
OtherDisciplines
Traditional Grid Computing
• Built by Supercomputer Sites or in Researcher’s Labs
• Support internal to discipline
• Campus IT generally not involved• There have been problems with facilities
in researcher’s labs (power, HVAC, network)
Moving into CI
• Disciplines new to CI are doing their planning, but expect others to provide it.
• Campus IT organizations starting to get more involved
• Supporting organizations are figuring out how to work together.
Who Worries about the Network?
• Generally not the Researchers
• Those that provide services to the researchers• The discipline IT support group• Campus IT organizations• Supercomputer sites• Grid Organizations
CI is not just for Researchers
The current focus on CI is its use by Researchers. However this is an emerging technology that will be used by all, just as the individual computer and the Internet has become a regular work tool.
CI Days Workshops
TeraGrid, Open Science Grid, NLR, Internet2, EDUCAUSE, and the IRNC have come together to try to help better understand the CI picture, and to better coordinate functions and roles in the creation of this infrastructure. One activity started by this group is “CI Days” held for campuses to assist in their CI planning. This workshop brings together players from the campus, region and nation to share information and plan how to provide CI functions for the campus. The national and regional groups will also learn the campus needs to help better direct the evolution of the services.
UC Davis CI Days
• Focused on Research use of CI
• Co-hosted by the CIO and Vice Provost for Research
• Presentations from National and Regional Organizations, Campus Colleges and IT.
• Breakout Group discussions with reports to start the planning process
• http://vpiet.ucdavis.edu/cyberinfrastructure.cfm
Regional CI Days
• Serve as a way to scale CI Days• Representatives from campuses can go
home and expand the experience for their campus environment
• What format?• Use host campus as a case study?• Just cover methodology for CI Days?
• In the queue• NYSGrid• New Mexico
Other Activities
• Presentations and Workshops
• CI Days Web/Wiki
• Collect Campus CI Plans• Let campuses share their plans with others on
the CI Days Wiki
Russ’ CI Vision
Set of tools and resources that allow:• Computation and Storage to easily allow transition
from the desktop, to the campus resource, to the regional center, to national super centers using the same software.• Data repositories in formats and locations to allow
ease of sharing among all interested disciplines (the real digital library!)• Tools to allow people to easily construct systems to
analyze, visualize and simulate their research subjects.• Collaboration tools that allow people to work together
like they are in the same room, even if they aren’t.
More Info: Membership – Marianne Smith [email protected] – Heather [email protected] – Renee’ [email protected] Communities – Ann [email protected] – Russ [email protected]
140