SDN, IDM, and Research Computing at Duke
Internet2 Technology Exchange - October 7, 2015 !
Mark McCahill Office of Information Technology
Duke University
ProblemResearchers need to assemble tools + resources storage compute connectivity dataset access analysis tools (code/environments) dataset “publication” & provenance
More problemsResearchers need to assemble teams and manage access for their project suite storage compute connectivity dataset access analysis tools (code/environments) dataset “publication” & provenance
SolutionsHow can we reduce friction for researchers?
• On-demand, dynamic compute/storage
• Packaged analysis environments (such as Docker containers) so analysis tools are mobile and reproducible
• Switchboard application: user-driven on-demand SDN network configuration to bypass speed bumps
Why SDN?Core campus network has speed bumps:
• firewalls • intrusion prevention/intrusion detection systems
SDN is designed for automated configuration
Self-service configurable research bypass network
Researcher access to national backbones
SDN core network bypass
switchboard
SDN controller (Ryu REST router)
SDN switch
SDN switch
SDN switch
control plane
REST configuration commands
data plane
user requests network config changes
authorization/approvals
Architecture
switchboard
SDN controller (Ryu REST router)
!switch
SDN switch
!switch
control plane
REST configuration commands
OpenFlow
authorization & approvals
SDN bypass network
Campus NetworkCampus
Network
Switchboard demo
Run your own Switchboard!
Switchboard application
https://github.com/mccahill/switchboard
Plexus SDN controller code
https://github.com/vjorlikowski/plexus
SolutionsHow can we reduce friction for researchers?
Research Toolkits application
• Allow researchers to manage groups/roles in a form they understand
• Apply the roles to tools and resource suites on a per-project basis
Research Toolkits storage
Grouper
projects = team + tool suite definitions
groups / roles (by project)
Architecture
projects
tool 1 tool 2
… tool n
tool 1 tool 2
… tool n
tool 1 tool 2
… tool n
team Cteam A team B
plug-ins for provisioning
compute
job scheduling
dataset access
SDN/Switchboard Shib/SAML
LDAP / AD
roles+rights
create an instance
service capabilities
Research Toolkits demo
Research Toolkits strategyAbstract role/group management from tools
Basic resource provisioning: storage, compute, dataset access, analysis tools
More advanced provisioning: orchestration of compute/storage and SDN network configuration
Groups/roles that span institutions - selective attribute release for cross institutional group membership?
Switchboard strategyCampus SDX (Software Defined Exchange) • campus core bypass links for science DMZ • interconnects layer 2 services (AL2S, BEN, etc.)
Start with self-service app (Switchboard)
Enable DevOps-style automation and actions/approvals/audits via Switchboard API
Integrate Research Toolkits roles with Switchboard authorizations
Summary
• Tie the rights to make SDN bypass links with Switchboard to research projects
• Tool agnostic project/team/rights management for research projects with Research Toolkits
• Integrate services with Research Toolkits and Grouper via plugin architecture
funding for this work was supplied by the National Science Foundation
Data at the Speed of Trust NSF ACI-1440588 - CC*IIE IAM
Network Infrastructure: Using Software-Defined Networking to Facilitate Data Transfer
NSF OCI-1246042 - CC-NIE
Duke ON-RAMPS: OpenFlow-Enabled Network Resource Access that is Manageable, Programmatic, and Safe
NSF CNS 1243315 - EAGER